#### THREAT LEVEL: Red.
For a detailed advisory, [download the pdf file here.](<https://www.hivepro.com/wp-content/uploads/2021/08/TA202129.pdf>)
Multiple vulnerabilities have been patched by Microsoft in August 2021 Patch Tuesday. Three of them have been labeled as zero-day vulnerabilities (CVE-2021-36936, CVE-2021-36942, and CVE-2021-36948). One of them (CVE-2021-36948) has already been exploited in the wild. The attacker is yet to be identified. Microsoft has classified six vulnerabilities as critical, and patches for all of them are now available.
#### Vulnerability Details
 
#### Patch Links
<https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-36948>
<https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-34530>
<https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-34534>
<https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-36936>
<https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-26432>
<https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-34480>
<https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-34535>
<https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-26424>
<https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-36942>
#### References
<https://www.bleepingcomputer.com/news/microsoft/microsoft-august-2021-patch-tuesday-fixes-3-zero-days-44-flaws/>
{"avleonov": [{"lastseen": "2021-11-26T18:43:30", "description": "Hello everyone! Yet another news episode.\n\n## Microsoft's August Patch Tuesday\n\nLet's start with Microsoft's August Patch Tuesday. I think the most interesting thing is that it contains a fix for the PetitPotam vulnerability. I talked about this vulnerability two weeks ago. At the time, Microsoft had no plans to release a patch because PetitPotam was a "classic NTLM Relay Attack". But the patch was actually released as part of August Patch Tuesday.\n\nA [quote from Rapid7](<https://www.rapid7.com/blog/post/2021/08/03/petitpotam-novel-attack-chain-can-fully-compromise-windows-domains-running-ad-cs/>): _"Tracked as CVE-2021-36942, the August 2021 Patch Tuesday security update blocks the affected API calls OpenEncryptedFileRawA and OpenEncryptedFileRawW through the LSARPC interface"_. \n\nThere are no formal signs that this vulnerability is critical other than comments from the vendors. My Vulristics tool has flagged this "Windows LSA Spoofing" as a Medium level Vulnerability. But this fix seems to be the most important thing in this Patch Tuesday. So install this patch first.\n\nSpeaking of other vulnerabilities. There was nothing critical. No vulnerabilities with public exploits. Only one vulnerability that has been exploited in the wild, CVE-2021-36948 \u2013 Windows Update Medic Service Elevation of Privilege. But this is EoP and there are no public exploits yet, so I think you can patch it as planned without hurry.\n\nSeveral potentially dangerous RCEs:\n\n * Windows Print Spooler (CVE-2021-36936, CVE-2021-36947). They look similar to PrintNightmare, but there are no details yet.\n * Windows TCP/IP (CVE-2021-26424) and Remote Desktop Client (CVE-2021-34535). Such vulnerabilities rarely get public exploits.\n * NFS ONCRPC XDR Driver (CVE-2021-26432). Nothing is clear at all.\n\nIn general, it looks like a ptetty calm Patch Tuesday. If you're interested, a link to the Vulristics report: In general, it looks like a ptetty calm Patch Tuesday. If you're interested, a link to the Vulristics report: [ms_patch_tuesday_august2021](<https://avleonov.com/vulristics_reports/ms_patch_tuesday_august2021_report_avleonov_comments.html>)\n\n## Phishers started using reCAPTCHA\n\nFunny news that I really liked. [Phishers started using reCAPTCHA](<https://threatpost.com/cyberattackers-captchas-phishing-malware/168684/>) to bypass the automatic detection of phishing sites. The script only sees the safe page with a CAPTCHA and can't solve it. But a real person just solves it without thinking, because people used to seeing and solving such CAPTCHAs, and see the complete phishing site. It's very simple and ingenious! \n\n## Scan one IP and go to the prison\n\nAnd the last will be [a local news from Russia](<https://www.rbc.ru/technology_and_media/17/08/2021/611a95059a7947e9bf954a8f>). But the case is interesting. One guy worked in the tech support of some internet provider. And he decided to scan the network of this provider, detect misconfigured routers of the clients and inform them about the found vulnerabilities. His boss knew about it. Unfortunatelly, these clients included some government scientific research-to-production facility with a mail server available on the scanned IP. This facility is a \u201ccritical infrastructure\u201d object and the actions of a support technician are classified as an attack on critical infrastructure. He can spend up to 7 years in prison. Why he personally and not his employer? That guy worked remotelly from home and scanned from his personal IP address.\n\nA pretty crazy story, but it shows the cirumstances of "penetration testing" or "bughunting" without getting all necessery formal permissions. It also shows how, in theory, a person could be easily framed as an attacker if that person's personal device is compromised. Also, I don't think port scanning or banner grabbing is actually an attack, IMHO this is normal network activity. And I don't think that checking the default passwords is always an attack, but it is a topic for discussion. In fact it doesn't matter what I or we think, it's only law enforcement practice that matters, and that practice can be pretty harsh. So keep that in mind and don't scan the unknown hosts that don't belong to you unless you want sudden problems.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 5.9}, "published": "2021-08-19T21:38:46", "type": "avleonov", "title": "Security News: Microsoft Patch Tuesday August 2021, Phishers Started Using reCAPTCHA, Scan 1 IP and Go to Jail", "bulletinFamily": "blog", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-26424", "CVE-2021-26432", "CVE-2021-34535", "CVE-2021-36936", "CVE-2021-36942", "CVE-2021-36947", "CVE-2021-36948"], "modified": "2021-08-19T21:38:46", "id": "AVLEONOV:3530747E605445686B7211B2B0853579", "href": "https://avleonov.com/2021/08/20/security-news-microsoft-patch-tuesday-august-2021-phishers-started-using-recaptcha-scan-1-ip-and-go-to-jail/", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-05-30T13:56:46", "description": "Hello everyone! This episode will be about Microsoft Patch Tuesday for May 2022. Sorry for the delay, this month has been quite intense. As usual, I'm using my [Vulristics](<https://github.com/leonov-av/vulristics>) project and going through not only the vulnerabilities that were presented on May 10th, but all the MS vulnerabilities presented by Microsoft since the previous Patch Tuesday, April 12th. \n\nAlternative video link (for Russia): <https://vk.com/video-149273431_456239089>\n\nI have set direct links in comments_links.txt for Qualys, ZDI and Kaspersky blog posts.\n \n \n $ cat comments_links.txt\n Qualys|May 2022 Patch Tuesday: Microsoft Releases 75 Vulnerabilities with 8 Critical; Adobe Releases 5 Advisories, 18 Vulnerabilities with 16 Critical|https://blog.qualys.com/vulnerabilities-threat-research/2022/05/10/may-2022-patch-tuesday\n ZDI|THE MAY 2022 SECURITY UPDATE REVIEW|https://www.zerodayinitiative.com/blog/2022/5/10/the-may-2022-security-update-review\n Kaspersky|Actively exploited vulnerability in Windows|https://www.kaspersky.com/blog/windows-actively-exploited-vulnerability-cve-2022-26925/44305/\n \n $ python3.8 vulristics.py --report-type \"ms_patch_tuesday_extended\" --mspt-year 2022 --mspt-month \"May\" --mspt-comments-links-path \"comments_links.txt\" --rewrite-flag \"True\"\n ...\n MS PT Year: 2022\n MS PT Month: May\n MS PT Date: 2022-05-10\n MS PT CVEs found: 73\n Ext MS PT Date from: 2022-04-13\n Ext MS PT Date to: 2022-05-09\n Ext MS PT CVEs found: 38\n ALL MS PT CVEs: 111\n ...\n\nLet's see the report.\n\n * All vulnerabilities: 110\n * Urgent: 0\n * Critical: 1\n * High: 27\n * Medium: 69\n * Low: 13\n\nThe most dangerous and the only critical vulnerability of this month was actually presented between Patch Tuesdays. **Memory Corruption** in Microsoft Edge/Chromium ([CVE-2022-1364](<https://vulners.com/cve/CVE-2022-1364>)). Exploitation in the wild for this vulnerability was mentioned on [AttackerKB](<https://attackerkb.com/topics/2g85mcptOV/cve-2022-1364>) website and it is also in CISA Known Exploited Vulnerabilities Catalog. "Google is aware that an exploit for this vulnerability exists in the wild". This is a first example of the [new Vulristics functionality](<https://avleonov.com/2022/05/23/vulristics-may-2022-update-cvss-redefinitions-and-bulk-adding-microsoft-products-from-ms-cve-data/>). The CVSS Base Score for this vulnerability was added from a third party site, WhiteSource, because it was not available on NVD.\n\nThe most dangerous and most hyped vulnerability among those that were presented directly on Patch Tuesday day is **Spoofing** in Windows Local Security Authority (LSA) ([CVE-2022-26925](<https://vulners.com/cve/CVE-2022-26925>)). The vulnerability can affect all Windows operating systems from Windows 7 (Windows Server 2008 for server systems) and later. It received a CVSSv3 score of 8.1. However, when chained with a new technology LAN manager (NTLM) relay attack, the combined CVSSv3 score for the attack chain is 9.8. According to the advisory from Microsoft, it has been exploited in the wild as a zero-day. An unauthenticated attacker could force domain controllers to authenticate to an attacker-controller server using NTLM. Raphael John, who has been credited by Microsoft for reporting this vulnerability revealed on Twitter that the vulnerability is actually the bug known as [PetitPotam (CVE-2021-36942)](<https://avleonov.com/2021/08/02/last-weeks-security-news-serious-sam-in-metasploit-petitpotam-zimbra-hijack-joint-advisory-top30-cves/>) from August 2021. "[The story behind CVE-2022-26925](<https://twitter.com/raphajohnsec/status/1524402300625858562>) is no advanced reverse engineering, but a lucky accident. During my pentests in January and March, I saw that PetitPotam worked against the [domain controllers]". It looks like Microsoft failed to properly fix the PetitPotam vulnerability.\n\nThere were 10 **Remote Code Execution** in Windows LDAP this month. But VM vendors specify [CVE-2022-22012](<https://vulners.com/cve/CVE-2022-22012>) and [CVE-2022-29130](<https://vulners.com/cve/CVE-2022-29130>), because of the biggest CVSS Base Scores, 9.8. An unauthenticated attacker could send a specially crafted request to a vulnerable server. Successful exploitation could result in the attacker\u2019s code running in the context of the SYSTEM account. This vulnerability is only exploitable if the MaxReceiveBuffer LDAP policy is set to a value higher than the default value. Systems with the default value of this policy would not be vulnerable.\n\n**Remote Code Execution** in Windows Network File System ([CVE-2022-26937](<https://vulners.com/cve/CVE-2022-26937>)). This vulnerability could be exploited over the network by making an unauthenticated, specially crafted call to a Network File System (NFS) service to trigger a Remote Code Execution (RCE). NFS version 4.1 is not impacted by this vulnerability and Microsoft provides the recommended workaround of disabling NFS versions 2 and 3 for those users who are not able to immediately apply the patch. Exploitability Assessment: Exploitation More Likely.\n\n**Remote Code Execution** in Windows Remote Desktop Client ([CVE-2022-22017](<https://vulners.com/cve/CVE-2022-22017>)). An attacker would have to convince a targeted user to connect to a malicious RDP server. Upon connecting, the malicious server could execute code on the victim\u2019s system in the context of the targeted user. Exploitability Assessment: Exploitation More Likely.\n\n**Elevation of Privilege** in Windows Print Spooler ([CVE-2022-29104](<https://vulners.com/cve/CVE-2022-29104>), [CVE-2022-29132](<https://vulners.com/cve/CVE-2022-29132>)). These are just the latest in a long line of EoP vulnerabilities Microsoft has addressed in Print Spooler over the last year, several of which have been exploited in attacks.\n\nAn interesting situation has developed around **Elevation of Privilege** in Kerberos ([CVE-2022-26931](<https://vulners.com/cve/CVE-2022-26931>)) and **Elevation of Privilege** in Active Directory ([CVE-2022-26923](<https://vulners.com/cve/CVE-2022-26923>)). Patches for these vulnerabilities caused [service authentication problems](<https://www.bleepingcomputer.com/news/microsoft/microsoft-may-windows-updates-cause-ad-authentication-failures/>) when deployed on Windows Server domain controllers. But within a week the problem was resolved. Microsoft released workaround and additional [updates for domain controllers](<https://docs.microsoft.com/en-us/windows/release-health/status-windows-11-21h2#you-might-see-authentication-failures-on-the-server-or-client-for-services>).\n\nAll vulnerabilities in this episode do not have a public exploit, but there are some that have a mark about "Proof-of-Concept Exploit" in the Microsoft CVSS Temporal Score. Therefore, it is more likely that exploits for them will appear soon.\n\n * **Spoofing** - Microsoft Edge ([CVE-2022-29147](<https://vulners.com/cve/CVE-2022-29147>))\n * **Denial of Service** - Windows Hyper-V ([CVE-2022-22713](<https://vulners.com/cve/CVE-2022-22713>))\n * **Information Disclosure** - Windows Clustered Shared Volume ([CVE-2022-29123](<https://vulners.com/cve/CVE-2022-29123>))\n\nThe full report is available here: [ms_patch_tuesday_may2022_report](<http://avleonov.com/vulristics_reports/ms_patch_tuesday_may2022_report_with_comments_ext_img.html>)", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-05-26T21:21:57", "type": "avleonov", "title": "Microsoft Patch Tuesday May 2022: Edge RCE, PetitPotam LSA Spoofing, bad patches", "bulletinFamily": "blog", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-36942", "CVE-2022-1364", "CVE-2022-22012", "CVE-2022-22017", "CVE-2022-22713", "CVE-2022-26923", "CVE-2022-26925", "CVE-2022-26931", "CVE-2022-26937", "CVE-2022-29104", "CVE-2022-29123", "CVE-2022-29130", "CVE-2022-29132", "CVE-2022-29147"], "modified": "2022-05-26T21:21:57", "id": "AVLEONOV:8FE7F4C2B563A2A88EB2DA8822A13824", "href": "https://avleonov.com/2022/05/27/microsoft-patch-tuesday-may-2022-edge-rce-petitpotam-lsa-spoofing-bad-patches/", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}], "threatpost": [{"lastseen": "2021-08-11T19:56:07", "description": "Microsoft has patched 51 security vulnerabilities in its scheduled August Patch Tuesday update, including seven critical bugs, two issues that were publicly disclosed but unpatched until now, and one that\u2019s listed as a zero-day that has been exploited in the wild.\n\nOf note, there are 17 elevation-of-privilege (EoP) vulnerabilities, 13 remote code-execution (RCE) issues, eight information-disclosure flaws and two denial-of-service (DoS) bugs.\n\nThe update also includes patches for three more Print Spooler bugs, familiar from the PrintNightmare saga.\n\n[](<https://threatpost.com/infosec-insider-subscription-page/>)\n\n\u201cFortunately, it was a lighter month than usual,\u201d said Eric Feldman, senior product marketing manager at Automox, in a [Patch Tuesday analysis](<https://blog.automox.com/automox-experts-weigh-in-august-patch-tuesday-2021>) from the vendor. \u201cThis represents a 56 percent reduction in overall vulnerabilities from July, and 33 percent fewer vulnerabilities on average for each month so far this year. We have also seen a similar reduction in critical vulnerabilities this month, with 30 percent less compared to the monthly average.\u201d\n\n## **Windows Critical Security Vulnerabilities**\n\nThe seven critical bugs [addressed in August](<https://msrc.microsoft.com/update-guide/>) are as follows:\n\n * CVE-2021-26424 \u2013 Windows TCP/IP RCE Vulnerability\n * CVE-2021-26432 \u2013 Windows Services for NFS ONCRPC XDR Driver RCE Vulnerability\n * CVE-2021-34480 \u2013 Scripting Engine Memory Corruption Vulnerability\n * CVE-2021-34530 \u2013 Windows Graphics Component RCE Vulnerability\n * CVE-2021-34534 \u2013 Windows MSHTML Platform RCE Vulnerability\n * CVE-2021-34535 \u2013 Remote Desktop Client RCE Vulnerability\n * CVE-2021-36936 \u2013 Windows Print Spooler RCE Vulnerability\n\nThe bug tracked as **CVE-2021-26424** exists in the TCP/IP protocol stack identified in Windows 7 and newer Microsoft operating systems, including servers.\n\n\u201cDespite its CVSS rating of 9.9, this may prove to be a trivial bug, but it\u2019s still fascinating,\u201d said Dustin Childs of Trend Micro\u2019s Zero Day Initiative (ZDI) in his [Tuesday analysis](<https://www.zerodayinitiative.com/blog/2021/8/10/the-august-2021-security-update-review>). \u201cAn attacker on a guest Hyper-V OS could execute code on the host Hyper-V server by sending a specially crafted IPv6 ping. This keeps it out of the wormable category. Still, a successful attack would allow the guest OS to completely take over the Hyper-V host. While not wormable, it\u2019s still cool to see new bugs in new scenarios being found in protocols that have been around for years.\u201d\n\nThe next bug, **CVE-2021-26432** in Windows Services, is more likely to be exploited given its low complexity status, according to Microsoft\u2019s advisory; it doesn\u2019t require privileges or user interaction to exploit, but Microsoft offered no further details.\n\n\u201cThis may fall into the \u2018wormable\u2019 category, at least between servers with NFS installed, especially since the open network computing remote procedure call (ONCRPC) consists of an External Data Representation (XDR) runtime built on the Winsock Kernel (WSK) interface,\u201d Childs said. \u201cThat certainly sounds like elevated code on a listening network service. Don\u2019t ignore this patch.\u201d\n\nAleks Haugom, product marketing manager at Automox, added, \u201cExploitation results in total loss of confidentiality across all devices managed by the same security authority. Furthermore, attackers can utilize it for denial-of-service attacks or to maliciously modify files. So far, no further details have been divulged by Microsoft or the security researcher (Liubenjin from Codesafe Team of Legendsec at Qi\u2019anxin Group) that discovered this vulnerability. Given the broad potential impact, its label \u2018Exploitation More Likely\u2019 and apparent secrecy, patching should be completed ASAP.\u201d\n\nMeanwhile, the memory-corruption bug (**CVE-2021-34480**) arises from how the scripting engine handles objects in memory, and it also allows RCE. Using a web-based attack or a malicious file, such as a malicious landing page or phishing email, attackers can use this vulnerability to take control of an affected system, install programs, view or change data, or create new user accounts with full user rights.\n\n\u201cCVE-2021-34480 should also be a priority,\u201d Kevin Breen, director of cyber-threat research at Immersive Labs, told Threatpost. \u201cIt is a low score in terms of CVSS, coming in at 6.8, but has been marked by Microsoft as \u2018Exploitation More Likely\u2019 because it is the type of attack commonly used to increase the success rate of spear phishing attacks to gain network access. Simple, but effective.\u201d\n\nThe Windows Graphic Component bug (**CVE-2021-34530**) allows attackers to remotely execute malicious code in the context of the current user, according to Microsoft \u2013 if they can social-engineer a target into opening a specially crafted file.\n\nAnother bug exists in the Windows MSHTML platform, also known as Trident (**CVE-2021-34534**). Trident is the rendering engine (mshtml.dll) used by Internet Explorer. The bug affects many Windows 10 versions (1607, 1809,1909, 2004, 20H2, 21H1) as well as Windows Server 2016 and 2019.\n\nBut while it potentially affects a large number of users, exploitation is not trivial.\n\n\u201cTo exploit, a threat actor would need to pull off a highly complex attack with user interaction \u2013 still entirely possible with the sophisticated attackers of today,\u201d said Peter Pflaster, technical product marketing manager at Automox.\n\nThe bug tracked as **CVE-2021-34535** impacts the Microsoft Remote Desktop Client, Microsoft\u2019s nearly ubiquitous utility for connecting to remote PCs.\n\n\u201cWith today\u2019s highly dispersed workforce, CVE-2021-34535, an RCE vulnerability in Remote Desktop Clients, should be a priority patch,\u201d said Breen. \u201cAttackers increasingly use RDP access as the tip of the spear to gain network access, often combining it with privilege escalation to move laterally. These can be powerful as, depending on the method, it may allow the attacker to authenticate in the network in the same way a user would, making detection difficult.\u201d\n\nIt\u2019s not as dangerous of a bug [as BlueKeep,](<https://threatpost.com/one-million-devices-open-to-wormable-microsoft-bluekeep-flaw/145113/>) according to Childs, which also affected RDP.\n\n\u201cBefore you start having flashbacks to BlueKeep, this bug affects the RDP client and not the RDP server,\u201d he said. \u201cHowever, the CVSS 9.9 bug is nothing to ignore. An attacker can take over a system if they can convince an affected RDP client to connect to an RDP server they control. On Hyper-V servers, a malicious program running in a guest VM could trigger guest-to-host RCE by exploiting this vulnerability in the Hyper-V Viewer. This is the more likely scenario and the reason you should test and deploy this patch quickly.\u201d\n\n## **Windows Print Spooler Bugs \u2013 Again**\n\nThe final critical bug is **CVE-2021-36936**, a Windows Print Spooler RCE bug that\u2019s listed as publicly known.\n\nPrint Spooler made headlines last month, when Microsoft patched what it thought was a minor elevation-of-privilege vulnerability in the service (CVE-2021-1675). But the listing was updated later in the week, after researchers from Tencent and NSFOCUS TIANJI Lab figured out it could be used for RCE \u2013 [requiring a new patch](<https://threatpost.com/microsoft-emergency-patch-printnightmare/167578/>).\n\nIt also disclosed a second bug, similar to PrintNightmare (CVE-2021-34527); and a third, [an EoP issue](<https://threatpost.com/microsoft-unpatched-bug-windows-print-spooler/167855/>) ([CVE-2021-34481](<https://support.microsoft.com/en-us/topic/kb5005652-manage-new-point-and-print-default-driver-installation-behavior-cve-2021-34481-873642bf-2634-49c5-a23b-6d8e9a302872>)).\n\n\u201cAnother month, another remote code-execution bug in the Print Spooler,\u201d said ZDI\u2019s Childs. \u201cThis bug is listed as publicly known, but it\u2019s not clear if this bug is a variant of PrintNightmare or a unique vulnerability all on its own. There are quite a few print-spooler bugs to keep track of. Either way, attackers can use this to execute code on affected systems. Microsoft does state low privileges are required, so that should put this in the non-wormable category, but you should still prioritize testing and deployment of this critical-rated bug.\u201d\n\nThe critical vulnerability is just one of three Print Spooler issues in the August Patch Tuesday release.\n\n\u201cThe specter of the PrintNightmare continues to haunt this patch Tuesday with three more print spooler vulnerabilities, CVE-2021-36947, CVE-2021-36936 and CVE-2021-34481,\u201d said Breen. \u201cAll three are listed as RCE over the network, requiring a low level of access, similar to PrintNightmare. Microsoft has marked these as \u2018Exploitation More Likely\u2019 which, if the previous speed of POC code being published is anything to go by, is certainly true.\u201d\n\n## **RCE Zero-Day in Windows Update Medic Service **\n\nThe actively exploited bug is tracked as **CVE-2021-36948** and is rated as important; it could pave the way for RCE via the Windows Update Medic Service in Windows 10 and Server 2019 and newer operating systems.\n\n\u201cUpdate Medic is a new service that allows users to repair Windows Update components from a damaged state such that the device can continue to receive updates,\u201d Automox\u2019 Jay Goodman explained. \u201cThe exploit is both low complexity and can be exploited without user interaction, making this an easy vulnerability to include in an adversary\u2019s toolbox.\u201d\n\nImmersive\u2019s Breen added, \u201cCVE-2021-36948 is a privilege-escalation vulnerability \u2013 the cornerstone of modern intrusions as they allow attackers the level of access to do things like hide their tracks and create user accounts. In the case of ransomware attacks, they have also been used to ensure maximum damage.\u201d\n\nThough the bug is being reported as being exploited in the wild by Microsoft, activity appears to remain limited or targeted: \u201cWe have seen no evidence of it at Kenna Security at this time,\u201d Jerry Gamblin, director of security research at Kenna Security (now part of Cisco) told Threatpost.\n\n## **Publicly Known Windows LSA Spoofing Bug**\n\nThe second publicly known bug (after the Print Spooler issue covered earlier) is tracked as **CVE-2021-36942**, and it\u2019s an important-rated Windows LSA (Local Security Authority) spoofing vulnerability.\n\n\u201cIt fixes a flaw that could be used to steal NTLM hashes from a domain controller or other vulnerable host,\u201d Immersive\u2019s Breen said. \u201cThese types of attacks are well known for lateral movement and privilege escalation, as has been demonstrated recently by a [new exploit called PetitPotam](<https://threatpost.com/microsoft-petitpotam-poc/168163/>). It is a post-intrusion exploit \u2013 further down the attack chain \u2013 but still a useful tool for attackers.\u201d\n\nChilds offered a bit of context around the bug.\n\n\u201cMicrosoft released this patch to further protect against NTLM relay attacks by issuing this update to block the LSARPC interface,\u201d he said. \u201cThis will impact some systems, notably Windows Server 2008 SP2, that use the EFS API OpenEncryptedFileRawA function. You should apply this to your Domain Controllers first and follow the additional guidance in [ADV210003](<https://msrc.microsoft.com/update-guide/vulnerability/ADV210003>) and [KB5005413](<https://support.microsoft.com/en-us/topic/kb5005413-mitigating-ntlm-relay-attacks-on-active-directory-certificate-services-ad-cs-3612b773-4043-4aa9-b23d-b87910cd3429>). This has been an ongoing issue since 2009, and, likely, this isn\u2019t the last we\u2019ll hear of this persistent issue.\u201d\n\nMicrosoft\u2019s next Patch Tuesday will fall on September 14.\n\nWorried about where the next attack is coming from? We\u2019ve got your back. **[REGISTER NOW](<https://threatpost.com/webinars/how-to-think-like-a-threat-actor/?utm_source=ART&utm_medium=ART&utm_campaign=August_Uptycs_Webinar>)** for our upcoming live webinar, How to **Think Like a Threat Actor**, in partnership with Uptycs on Aug. 17 at 11 AM EST and find out precisely where attackers are targeting you and how to get there first. Join host Becky Bracken and Uptycs researchers Amit Malik and Ashwin Vamshi on **[Aug. 17 at 11AM EST for this LIVE discussion](<https://threatpost.com/webinars/how-to-think-like-a-threat-actor/?utm_source=ART&utm_medium=ART&utm_campaign=August_Uptycs_Webinar>)**.\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 8.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.1"}, "impactScore": 5.9}, "published": "2021-08-10T21:17:58", "type": "threatpost", "title": "Actively Exploited Windows Zero-Day Gets a Patch", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-1675", "CVE-2021-26424", "CVE-2021-26432", "CVE-2021-34480", "CVE-2021-34481", "CVE-2021-34527", "CVE-2021-34530", "CVE-2021-34534", "CVE-2021-34535", "CVE-2021-36936", "CVE-2021-36942", "CVE-2021-36947", "CVE-2021-36948"], "modified": "2021-08-10T21:17:58", "id": "THREATPOST:8D4EA8B0593FD44763915E703BC9AB72", "href": "https://threatpost.com/exploited-windows-zero-day-patch/168539/", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-05-11T11:15:19", "description": "Microsoft has revealed 73 new patches for [May\u2019s monthly update of security fixes](<https://msrc.microsoft.com/update-guide/releaseNote/2022-May>), including a patch for one flaw\u2013a zero-day Windows LSA Spoofing Vulnerability rated as \u201cimportant\u201d\u2014that is currently being exploited with man-in-the-middle attacks.\n\nThe software giant\u2019s monthly update of patches that comes out every second Tuesday of the month\u2013known as Patch Tuesday\u2014also included fixes for seven \u201ccritical\u201d flaws, 65 others rated as \u201cimportant,\u201d and one rated as \u201clow.\u201d\n\n\u201cAlthough this isn\u2019t a large number, this month makes up for it in severity and infrastructure headaches,\u201d observed Chris Hass, director of security at security firm [Automox](<https://www.automox.com/>)_, _in an email to Threatpost. \u201cThe big news is the critical vulnerabilities that need to be highlighted for immediate action.\u201d\n\nOf the seven critical flaws, five allow for remote code execution (RCE) and two give attackers elevation of privilege (EoP). The remainder of the flaws also include a high percentage of RCE and EoP bugs, with the former accounting for 32.9 percent of the flaws patched this month, while the latter accounted for 28.8 percent of fixes, according to [a blog post](<https://www.tenable.com/blog/microsofts-may-2022-patch-tuesday-addresses-73-cves-cve-2022-26925>) by researchers at Tenable.\n\nThe Windows LSA Spoofing Vulnerability, tracked as [CVE-2022-26925](<https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2022-26925>), in and of itself was not rated as critical. However, when chained with a new technology LAN manager (NTLM) relay attack, the combined CVSSv3 score for the attack chain is 9.8, noted Allan Liska, a senior security architect at Recorded Future, in an e-mail to Threatpost.\n\nMoreover, the flaw\u2014which allows an unauthenticated attacker to coerce domain controllers to authenticate to an attacker-controller server using NTLM\u2013is being exploited in the wild as a zero-day, he said. This makes it a priority to patch, Liska added, echoing guidance from Microsoft.\n\n## **Critical Infrastructure Vulnerabilities **\n\nOf the other critical RCE flaws patched by Microsoft, four are worth noting because of their presence in infrastructure that\u2019s fairly ubiquitous in many enterprise and/or cloud environments.\n\nOne is tracked as [CVE-2022-29972](<https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2022-29972>) and is found in Insight Software\u2019s Magnitude Simba Amazon Redshift ODBC Driver, and would need to be patched by a cloud provider\u2014something organizations should follow up on, Liska said.\n\n[CVE-2022-22012](<https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2022-22012>) and [CVE-2022-29130](<https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2022-29130>) are RCE vulnerabilities found in Microsoft\u2019s LDAP service that are rated as critical. However, a caveat by Microsoft in its security bulletin noted that they are only exploitable \u201cif the MaxReceiveBuffer LDAP policy is set to a value higher than the default value.\u201d That means that systems with the default value of this policy would not be vulnerable, the company said.\n\nWhile \u201chaving the MaxReceiveBuffer set to a higher value than the default\u201d seems an \u201cuncommon configuration,\u201d if an organization has this setting, it should prioritize patching these vulnerabilities, Liska observed.\n\nAnother critical RCE, [CVE-2022-26937](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-26937>), is found in the Network File System (NFS) and has broad impact for Windows Server versions 2008 through 2022. However, this vulnerability only affects NFSV2 and NFSV3, and Microsoft has included instructions for disabling these [versions of the NFS in the bulletin](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-26937>).\n\nAt the same time, Microsoft characterized the ease of exploitation of these vulnerabilities as \u201cExploitation More Likely,\u201d as was the case with a similar vulnerability, [CVE-2021-26432](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-26432>), an actively exploited zero day in the TCP/IP protocol stack in Windows server that [was patched](<https://threatpost.com/exploited-windows-zero-day-patch/168539/>) in August 2021.\n\n\u201cGiven the similarities between these vulnerabilities and those of August of 2021, we could all be in store for a rough May,\u201d Liska noted.\n\n## **Another Important Flaw Fixed**\n\nOf the other flaws, another \u201cimportant\u201d one to note is [CVE-2022-22019](<https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2022-22019>), a companion vulnerability to three previously disclosed and patched flaws found in Microsoft\u2019s Remote Procedure Call (RPC) runtime library.\n\nThe vulnerability, discovered by Akamai researcher Ben Barnea, takes advantage of three RPC runtime library flaws that Microsoft had patched in April\u2013[CVE-2022-26809](<https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2022-26809>), [CVE-2022-24492](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-24492>) and [CVE-2022-24528](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-24528>), he revealed in [a blog post Tuesday](<https://www.akamai.com/blog/security/rpc-runtime-patch-tuesday-take-two>). The flaws affected Windows 7, 8, 10 and 11, and Windows Servers 2008, 2012, 2019 and 2022, and could allow a remote, unauthenticated attacker to execute code on the vulnerable machine with the privileges of the RPC service.\n\nAkamai researchers discovered that the previous patch only partially addressed the problem, allowing the new vulnerability to create the same integer overflow that was supposed to be fixed, he explained.\n\n\u201cDuring our research, we found that right before allocating memory for the new coalesced buffer, the code adds another 24 bytes to the allocation size,\u201d Barnea wrote in the post. \u201cThese 24 bytes are the size of a struct called \u2018rpcconn_request_hdr_t,\u2019 which serves as the buffer header.\u201d\n\nThe previous patch performs the check for integer overflow before adding the header size, so it does not take into account this header\u2013which can lead to the same integer overflow that the patch was attempting to mitigate, he explained.\n\n\u201cThe new patch adds another call to validate that the addition of 24 bytes does not overflow,\u201d mitigating the problem, Barnea wrote.\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-05-11T11:12:11", "type": "threatpost", "title": "Actively Exploited Zero-Day Bug Patched by Microsoft", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-26432", "CVE-2022-22012", "CVE-2022-22019", "CVE-2022-24492", "CVE-2022-24528", "CVE-2022-26809", "CVE-2022-26925", "CVE-2022-26937", "CVE-2022-29130", "CVE-2022-29972"], "modified": "2022-05-11T11:12:11", "id": "THREATPOST:B7A9B20B1E9413BB675D8C2810F1365F", "href": "https://threatpost.com/microsoft-zero-day-mays-patch-tuesday/179579/", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "krebs": [{"lastseen": "2021-08-21T10:08:03", "description": "**Microsoft** today released software updates to plug at least 44 security vulnerabilities in its **Windows** operating systems and related products. The software giant warned that attackers already are pouncing on one of the flaws, which ironically enough involves an easy-to-exploit bug in the software component responsible for patching **Windows 10** PCs and **Windows Server 2019** machines.\n\n\n\nMicrosoft said attackers have seized upon [CVE-2021-36948](<https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-36948>), which is a weakness in the **Windows Update Medic** service. Update Medic is a new service that lets users repair Windows Update components from a damaged state so that the device can continue to receive updates.\n\nRedmond says while CVE-2021-36948 is being actively exploited, it is not aware of exploit code publicly available. The flaw is an "elevation of privilege" vulnerability that affects Windows 10 and **Windows Server 2019**, meaning it can be leveraged in combination with another vulnerability to let attackers run code of their choice as administrator on a vulnerable system.\n\n"CVE-2021-36948 is a privilege escalation vulnerability - the cornerstone of modern intrusions as they allow attackers the level of access to do things like hide their tracks and create user accounts," said **Kevin Breen** of [Immersive Labs](<https://www.immersivelabs.com>). "In the case of ransomware attacks, they have also been used to ensure maximum damage."\n\nAccording to Microsoft, critical flaws are those that can be exploited remotely by malware or malcontents to take complete control over a vulnerable Windows computer -- and with little to no help from users. Top of the heap again this month: Microsoft also took another stab at fixing a broad class of weaknesses in its printing software.\n\nLast month, the company rushed out an emergency update to patch "[PrintNightmare](<https://krebsonsecurity.com/2021/07/microsoft-issues-emergency-patch-for-windows-flaw/>)" -- a critical hole in its Windows Print Spooler software that was being attacked in the wild. Since then, a number of researchers have discovered holes in that patch, allowing them to circumvent its protections.\n\nToday's Patch Tuesday fixes another critical Print Spooler flaw ([CVE-2021-36936](<https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-36936>)), but it's not clear if this bug is a variant of PrintNightmare or a unique vulnerability all on its own, said **Dustin Childs** at **Trend Micro's Zero Day Initiative**.\n\n"Microsoft does state low privileges are required, so that should put this in the non-wormable category, but you should still prioritize testing and deployment of this Critical-rated bug," Childs said.\n\nMicrosoft said the Print Spooler patch it is pushing today should address all publicly documented security problems with the service.\n\n"Today we are addressing this risk by changing the default Point and Print driver installation and update behavior to require administrator privileges," Microsoft said in a blog post. "This change may impact Windows print clients in scenarios where non-elevated users were previously able to add or update printers. However, we strongly believe that the security risk justifies the change. This change will take effect with the installation of the security updates released on August 10, 2021 for all versions of Windows, and is documented as [CVE-2021-34481](<https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-34481>)."\n\nAugust brings yet another critical patch ([CVE-2021-34535](<https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-34535>)) for the **Windows Remote Desktop** service, and this time the flaw is in the Remote Desktop client instead of the server.\n\n[CVE-2021-26424](<https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-26424>) -- a scary, critical bug in the **Windows TCP/IP** component -- earned a CVSS score of 9.9 (10 is the worst), and is present in **Windows 7** through **Windows 10**, and Windows Server 2008 through 2019 (Windows 7 is no longer being supported with security updates).\n\nMicrosoft said it was not aware of anyone exploiting this bug yet, although the company assigned it the label "exploitation more likely," meaning it may not be difficult for attackers to figure out. CVE-2021-26424 could be exploited by sending a single malicious data packet to a vulnerable system.\n\nFor a complete rundown of all patches released today and indexed by severity, check out the [always-useful Patch Tuesday roundup](<https://isc.sans.edu/forums/diary/Microsoft+August+2021+Patch+Tuesday/27736/>) from the **SANS Internet Storm Center**. And it's not a bad idea to hold off updating for a few days until Microsoft works out any kinks in the updates: [AskWoody.com](<https://www.askwoody.com/2021/defcon-2-august-updates-include-print-spooler-fixes/>) usually has the lowdown on any patches that are causing problems for Windows users.\n\nOn that note, before you update _please_ make sure you have backed up your system and/or important files. It\u2019s not uncommon for a Windows update package to hose one\u2019s system or prevent it from booting properly, and some updates have been known to erase or corrupt files.\n\nSo do yourself a favor and backup before installing any patches. Windows 10 even has some [built-in tools](<https://lifehacker.com/how-to-back-up-your-computer-automatically-with-windows-1762867473>) to help you do that, either on a per-file/folder basis or by making a complete and bootable copy of your hard drive all at once.\n\nAnd if you wish to ensure Windows has been set to pause updating so you can back up your files and/or system before the operating system decides to reboot and install patches on its own schedule, [see this guide](<https://www.computerworld.com/article/3543189/check-to-make-sure-you-have-windows-updates-paused.html>).\n\nIf you experience glitches or problems installing any of these patches this month, please consider leaving a comment about it below; there\u2019s a decent chance other readers have experienced the same and may chime in here with useful tips.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 7.8, "privilegesRequired": "LOW", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 5.9}, "published": "2021-08-10T21:12:58", "type": "krebs", "title": "Microsoft Patch Tuesday, August 2021 Edition", "bulletinFamily": "blog", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 4.6, "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-26424", "CVE-2021-34481", "CVE-2021-34535", "CVE-2021-36936", "CVE-2021-36948"], "modified": "2021-08-10T21:12:58", "id": "KREBS:AE87E964E683A56CFE4E51E96F3530AD", "href": "https://krebsonsecurity.com/2021/08/microsoft-patch-tuesday-august-2021-edition/", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-05-20T03:29:17", "description": "**Microsoft **today released updates to fix at least 74 separate security problems in its **Windows **operating systems and related software. This month's patch batch includes fixes for seven "critical" flaws, as well as a zero-day vulnerability that affects all supported versions of Windows.\n\n\n\nBy all accounts, the most urgent bug Microsoft addressed this month is [CVE-2022-26925](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-26925>), a weakness in a central component of Windows security (the "**Local Security Authority**" process within Windows). CVE-2022-26925 was publicly disclosed prior to today, and Microsoft says it is now actively being exploited in the wild. The flaw affects Windows 7 through 10 and Windows Server 2008 through 2022.\n\n**Greg Wiseman**, product manager for **Rapid7**, said Microsoft has rated this vulnerability as important and assigned it a CVSS (danger) score of 8.1 (10 being the worst), although Microsoft notes that the CVSS score can be as high as 9.8 in certain situations.\n\n"This allows attackers to perform a man-in-the-middle attack to force domain controllers to authenticate to the attacker using NTLM authentication," Wiseman said. "This is very bad news when used in conjunction with an NTLM relay attack, potentially leading to remote code execution. This bug affects all supported versions of Windows, but Domain Controllers should be patched on a priority basis before updating other servers."\n\nWiseman said the most recent time Microsoft patched a similar vulnerability -- last August in [CVE-2021-36942](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-36942>) -- it was also being exploited in the wild under the name "[PetitPotam](<https://support.microsoft.com/en-gb/topic/kb5005413-mitigating-ntlm-relay-attacks-on-active-directory-certificate-services-ad-cs-3612b773-4043-4aa9-b23d-b87910cd3429>)."\n\n"CVE-2021-36942 was so bad it made CISA\u2019s [catalog of Known Exploited Vulnerabilities](<https://www.cisa.gov/known-exploited-vulnerabilities-catalog>)," Wiseman said.\n\nSeven of the flaws fixed today earned Microsoft's most-dire "critical" label, which it assigns to vulnerabilities that can be exploited by malware or miscreants to remotely compromise a vulnerable Windows system without any help from the user.\n\nAmong those is [CVE-2022-26937](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-26937>), which carries a CVSS score of 9.8, and affects services using the **Windows Network File System** (NFS). **Trend Micro's Zero Day Initiative** notes that this bug could allow remote, unauthenticated attackers to execute code in the context of the Network File System (NFS) service on affected systems.\n\n"NFS isn\u2019t on by default, but it\u2019s prevalent in environment where Windows systems are mixed with other OSes such as Linux or Unix," ZDI's **Dustin Childs** [wrote](<https://www.zerodayinitiative.com/blog/2022/5/10/the-may-2022-security-update-review>). "If this describes your environment, you should definitely test and deploy this patch quickly."\n\nOnce again, this month's Patch Tuesday is sponsored by **Windows Print Spooler**, a core Windows service that keeps spooling out the security hits. May's patches include four fixes for Print Spooler, including two information disclosure and two elevation of privilege flaws.\n\n"All of the flaws are rated as important, and two of the three are considered more likely to be exploited," said **Satnam Narang**, staff research engineer at **Tenable**. "Windows Print Spooler continues to remain a valuable target for attackers since [PrintNightmare was disclosed nearly a year ago](<https://krebsonsecurity.com/2021/07/microsoft-issues-emergency-patch-for-windows-flaw/>). Elevation of Privilege flaws in particular should be carefully prioritized, as we\u2019ve seen ransomware groups like Conti favor them as part of its playbook."\n\nOther Windows components that received patches this month include **.NET** and **Visual Studio**, **Microsoft Edge** (Chromium-based), **Microsoft Exchange Server**, **Office,** **Windows Hyper-V**,** Windows Authentication Methods**, **BitLocker**, **Remote Desktop Client**, and **Windows Point-to-Point Tunneling Protocol**.\n\nAlso today, Adobe issued five security bulletins to address at least 18 flaws in **Adobe CloudFusion**, **Framemaker**, **InCopy**, **InDesign**, and **Adobe Character Animator**. Adobe said it is not aware of any exploits in the wild for any of the issues addressed in today's updates.\n\nFor a more granular look at the patches released by Microsoft today and indexed by severity and other metrics, check out the [always-useful Patch Tuesday roundup](<https://isc.sans.edu/forums/diary/Microsoft+May+2022+Patch+Tuesday/28632/>) from the **SANS Internet Storm Center**. And it\u2019s not a bad idea to hold off updating for a few days until Microsoft works out any kinks in the updates: [AskWoody.com](<https://www.askwoody.com>) usually has the skinny on any patches that may be causing problems for Windows users.\n\nAs always, please consider backing up your system or at least your important documents and data before applying system updates. And if you run into any problems with these patches, please drop a note about it here in the comments.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-05-11T02:34:59", "type": "krebs", "title": "Microsoft Patch Tuesday, May 2022 Edition", "bulletinFamily": "blog", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-36942", "CVE-2022-26925", "CVE-2022-26937"], "modified": "2022-05-11T02:34:59", "id": "KREBS:5FA70C019AB463F5E02A97C6891685D8", "href": "https://krebsonsecurity.com/2022/05/microsoft-patch-tuesday-may-2022-edition/", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "malwarebytes": [{"lastseen": "2021-08-11T14:38:54", "description": "The sheer number of patches (44 security vulnerabilities) should be enough to scare us, but unfortunately we have gotten used to those numbers. In fact, 44 is a low number compared to what we have seen on recent Patch Tuesdays. So what are the most notable vulnerabilities that were patched.\n\n * One actively exploited vulnerability\n * One vulnerability that has a CVSS score of 9.9 out of 10\n * And yet another attempt to fix PrintNightmare\n\nLet\u2019s go over these worst cases to get an idea of what we are up against.\n\n### CVEs\n\nPublicly disclosed computer security flaws are listed in the Common Vulnerabilities and Exposures (CVE) database. Its goal is to make it easier to share data across separate vulnerability capabilities (tools, databases, and services).\n\n### Actively exploited\n\n[CVE-2021-36948](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-36948>) is an [elevation of privilege (EoP)](<https://blog.malwarebytes.com/glossary/privilege-escalation/>) vulnerability in the Windows Update Medic Service. The Windows Update Medic Service is a background service that was introduced with Windows 10 and handles the updating process. Its only purpose is to repair the Windows Update service so that your PC can continue to receive updates unhindered. Besides on Windows 10 it also runs on Windows Server 2019. According to Microsoft CVE-2021-36948 is being actively exploited, but it is not aware of exploit code publicly available. [Reportedly](<https://blog.automox.com/automox-experts-weigh-in-august-patch-tuesday-2021>), the exploit is both low complexity and can be exploited without user interaction, making this an easy vulnerability to include in an adversaries toolbox. The bug is only locally exploitable, but local elevation of privilege is exactly what ransomware gangs will be looking to do after breaching a network, for example.\n\n### 9.9 out of 10\n\n[CVE-2021-34535](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-34535>) is a [Remote Code Execution (RCE)](<https://blog.malwarebytes.com/glossary/remote-code-execution-rce-attack/>) vulnerability in Windows TCP/IP. This is remotely exploitable by a malicious Hyper-V guest sending an ipv6 ping to the Hyper-V host. An attacker could send a specially crafted TCPIP packet to its host. This vulnerability exists in the TCP/IP protocol stack identified in Windows 7 and newer Microsoft operating systems, including servers.\n\nThis vulnerability received a CVSS score of 9.9 out of 10. The CVSS standards are used to help security researchers, software users, and vulnerability tracking organizations measure and report on the severity of vulnerabilities. CVSS can also help security teams and developers prioritize threats and allocate resources effectively.\n\n### 9.8 out of 10\n\nAnother high scorer is [CVE-2021-26432](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-26432>), an RCE in the Windows Services for NFS ONCRPC XDR Driver. Open Network Computing (ONC) Remote Procedure Call (RPC) is a remote procedure call system. ONC was originally developed by Sun Microsystems. The NFS protocol is independent of the type of operating system, network architecture, and transport protocols. The Windows service for the driver makes sure that Windows computers can use this protocol. This vulnerability got a high score because it is known to be easy to exploit and can be initiated remotely.\n\n### More RDP\n\n[CVE-2021-34535](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-34535>) is an RCE in the Remote Desktop Client. Microsoft lists two exploit scenarios for this vulnerability:\n\n * In the case of a Remote Desktop connection, an attacker with control of a Remote Desktop Server could trigger a remote code execution (RCE) on the machine when a victim connects to the attacking server with the vulnerable Remote Desktop Client.\n * In the case of Hyper-V, a malicious program running in a guest VM could trigger guest-to-host RCE by exploiting this vulnerability in the Hyper-V Viewer when a victim running on the host connects to the attacking Hyper-V guest.\n\nSince this is a client-side vulnerability, an attacker would have to convince a user to authenticate to a malicious RDP server, where the server could then trigger the bug on the client side. Combined with other RDP weaknesses however, this vulnerability would be easy to chain into a full system take-over.\n\n### Never-ending nightmare of PrintNightmare\n\nThe Print Spooler service was subject to yet more patching. The researchers behind PrintNightmare predicted that it would be a fertile ground for further discoveries, and they seem to be right. I\u2019d be tempted to advise Microsoft to start from scratch instead of patching patches on a very old chunk of code.\n\n[CVE-2021-36936](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-36936>) an RCE vulnerability in Windows Print Spooler. A vulnerability that was publicly disclosed, which may be related to several bugs in Print Spooler that were identified by researchers over the past few months (presumably PrintNightmare).\n\n[CVE-2021-34481](<https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-34481>) and [CVE-2021-34527](<https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-34527>) are RCE vulnerabilities that could allow attackers to run arbitrary code with SYSTEM privileges.\n\nMicrosoft said the Print Spooler patch it pushed this time should address all publicly documented security problems with the service. In an unusual step, it has made a breaking change: \u201cToday we are addressing this risk by changing the default Point and Print driver installation and update behavior to require administrator privileges.\u201d\n\nTo be continued, we suspect.\n\nThe post [PrintNightmare and RDP RCE among major issues tackled by Patch Tuesday](<https://blog.malwarebytes.com/exploits-and-vulnerabilities/2021/08/printnightmare-and-rdp-rce-among-major-issues-tackled-by-patch-tuesday/>) appeared first on [Malwarebytes Labs](<https://blog.malwarebytes.com>).", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 8.8, "privilegesRequired": "LOW", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 5.9}, "published": "2021-08-11T12:16:17", "type": "malwarebytes", "title": "PrintNightmare and RDP RCE among major issues tackled by Patch Tuesday", "bulletinFamily": "blog", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.0, "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "acInsufInfo": false, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-26432", "CVE-2021-34481", "CVE-2021-34527", "CVE-2021-34535", "CVE-2021-36936", "CVE-2021-36948"], "modified": "2021-08-11T12:16:17", "id": "MALWAREBYTES:9F3181D8BD5EF0E44A305AF69898B9E0", "href": "https://blog.malwarebytes.com/exploits-and-vulnerabilities/2021/08/printnightmare-and-rdp-rce-among-major-issues-tackled-by-patch-tuesday/", "cvss": {"score": 9.0, "vector": "AV:N/AC:L/Au:S/C:C/I:C/A:C"}}], "thn": [{"lastseen": "2022-05-09T12:39:15", "description": "[](<https://thehackernews.com/images/-KFVbzvrTdtw/YRNbSwawxnI/AAAAAAAADfg/bEuoCVHmHHw4ycTXfnhAqcyuUoWDf2W7gCLcBGAsYHQ/s0/windows-update-download.jpg>)\n\nMicrosoft on Tuesday rolled out [security updates](<https://msrc.microsoft.com/update-guide/releaseNote/2021-Aug>) to address a total of 44 security issues affecting its software products and services, one of which it says is an actively exploited zero-day in the wild.\n\nThe update, which is the smallest release since December 2019, squashes seven Critical and 37 Important bugs in Windows, .NET Core & Visual Studio, Azure, Microsoft Graphics Component, Microsoft Office, Microsoft Scripting Engine, Microsoft Windows Codecs Library, Remote Desktop Client, among others. This is in addition to [seven security flaws](<https://docs.microsoft.com/en-us/deployedge/microsoft-edge-relnotes-security>) it patched in the Microsoft Edge browser on August 5.\n\nChief among the patched issues is [CVE-2021-36948](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-36948>) (CVSS score: 7.8), an elevation of privilege flaw affecting Windows Update Medic Service \u2014 a service that enables remediation and protection of Windows Update components \u2014 which could be abused to run malicious programs with escalated permissions.\n\nMicrosoft's Threat Intelligence Center has been credited with reporting the flaw, although the company refrained from sharing additional specifics or detail on how widespread those attacks were in light of active exploitation attempts.\n\nTwo of the security vulnerabilities are publicly known at the time of release -\n\n * [CVE-2021-36942](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-36942>) (CVSS score: 9.8) - Windows LSA Spoofing Vulnerability\n * [CVE-2021-36936](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-36936>) (CVSS score: 8.8) - Windows Print Spooler Remote Code Execution Vulnerability\n\nWhile CVE-2021-36942 contains fixes to secure systems against NTLM relay attacks like [PetitPotam](<https://thehackernews.com/2021/07/new-petitpotam-ntlm-relay-attack-lets.html>) by blocking the LSARPC interface, CVE-2021-36936 resolves yet another remote code execution flaw in the Windows Print Spooler component.\n\n\"An unauthenticated attacker could call a method on the LSARPC interface and coerce the domain controller to authenticate against another server using NTLM,\" Microsoft said in its advisory for CVE-2021-36942; adding the \"security update blocks the affected API calls OpenEncryptedFileRawA and OpenEncryptedFileRawW through LSARPC interface.\"\n\nCVE-2021-36936 is also one among the three flaws in the Print Spooler service that Microsoft has fixed this month, with the two other vulnerabilities being [CVE-2021-36947](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-36947>) and (CVSS score: 8.2) and [CVE-2021-34483](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-34483>) (CVSS score: 7.8), the latter of which concerns an elevation of privilege vulnerability.\n\nIn addition, Microsoft has released [security updates](<https://support.microsoft.com/en-us/topic/kb5005652-manage-new-point-and-print-default-driver-installation-behavior-cve-2021-34481-873642bf-2634-49c5-a23b-6d8e9a302872>) to resolve a previously disclosed remote code execution in the Print Spooler service tracked as [CVE-2021-34481](<https://thehackernews.com/2021/07/microsoft-warns-of-new-unpatched.html>) (CVSS score: 8.8). This changes the default behavior of the \"[Point and Print](<https://docs.microsoft.com/en-us/windows-hardware/drivers/print/introduction-to-point-and-print>)\" feature, effectively preventing non-administrator users from installing or updating new and existing printer drivers using drivers from a remote computer or server without first elevating themselves to an administrator.\n\nAnother critical flaw remediated as part of Patch Tuesday updates is [CVE-2021-26424](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-26424>) (CVSS score: 9.9), a remote code execution vulnerability in Windows TCP/IP, which Microsoft notes \"is remotely triggerable by a malicious Hyper-V guest sending an ipv6 ping to the Hyper-V host. An attacker could send a specially crafted TCP/IP packet to its host utilizing the TCP/IP Protocol Stack (tcpip.sys) to process packets.\"\n\nTo install the latest security updates, Windows users can head to Start > Settings > Update & Security > Windows Update or by selecting Check for Windows updates.\n\n### Software Patches From Other Vendors\n\nBesides Microsoft, patches have also been released by a number of other vendors to address several vulnerabilities, including -\n\n * [Adobe](<https://helpx.adobe.com/security.html/security/security-bulletin.ug.html>)\n * [Android](<https://source.android.com/security/bulletin/2021-08-01>)\n * [Cisco](<https://tools.cisco.com/security/center/publicationListing.x>)\n * [Citrix](<https://support.citrix.com/search/#/All%20Products?ct=Software%20Updates,Security%20Bulletins&searchText=&sortBy=Modified%20date&pageIndex=1>)\n * [Juniper Networks](<https://kb.juniper.net/InfoCenter/index?page=content&channel=SECURITY_ADVISORIES>)\n * Linux distributions [SUSE](<https://lists.suse.com/pipermail/sle-security-updates/2021-August/thread.html>), [Oracle Linux](<https://linux.oracle.com/ords/f?p=105:21>), and [Red Hat](<https://access.redhat.com/security/security-updates/#/security-advisories?q=&p=2&sort=portal_publication_date%20desc&rows=10&portal_advisory_type=Security%20Advisory&documentKind=Errata>)\n * [SAP](<https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=582222806>)\n * [Schneider Electric](<https://www.se.com/ww/en/work/support/cybersecurity/overview.jsp>)\n * [Siemens](<https://new.siemens.com/global/en/products/services/cert.html#SecurityPublications>), and\n * [VMware](<https://www.vmware.com/security/advisories.html>)\n \n\n\nFound this article interesting? Follow THN on [Facebook](<https://www.facebook.com/thehackernews>), [Twitter _\uf099_](<https://twitter.com/thehackersnews>) and [LinkedIn](<https://www.linkedin.com/company/thehackernews/>) to read more exclusive content we post.\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-08-11T05:31:00", "type": "thn", "title": "Microsoft Releases Windows Updates to Patch Actively Exploited Vulnerability", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-26424", "CVE-2021-34481", "CVE-2021-34483", "CVE-2021-36936", "CVE-2021-36942", "CVE-2021-36947", "CVE-2021-36948"], "modified": "2021-08-11T05:31:39", "id": "THN:F601EBBE359B3547B8E79F0217562FEF", "href": "https://thehackernews.com/2021/08/microsoft-releases-windows-updates-to.html", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-07-29T03:59:29", "description": "[](<https://thehackernews.com/new-images/img/b/R29vZ2xl/AVvXsEjRrnxKtJzXQbaLrPRY2GEIij8so07HImMs9wbPTTP-j92ED6wxTFv-NdQyw_Z0JBlqIYh-H3g2WKAcIkt70zKcB5AxP9KcQgCqChBwNsYPu9CQ_Xp6uBmkhxyoNZpHZIIQrV5TkreAFNBg-kFpOzjxBYxhl5bZqKZH6j9zgyd3itncGVyM5L09fy-c/s728-e100/windows-hacker.jpg>)\n\nA cyber mercenary that \"ostensibly sells general security and information analysis services to commercial customers\" used several Windows and Adobe zero-day exploits in limited and highly-targeted attacks against European and Central American entities.\n\nThe company, which Microsoft describes as a private-sector offensive actor (PSOA), is an Austria-based outfit called [DSIRF](<https://web.archive.org/web/20220713203741/https:/dsirf.eu/about/>) that's linked to the development and attempted sale of a piece of cyberweapon referred to as **Subzero**, which can be used to hack targets' phones, computers, and internet-connected devices.\n\n\"Observed victims to date include law firms, banks, and strategic consultancies in countries such as Austria, the United Kingdom, and Panama,\" the tech giant's cybersecurity teams [said](<https://www.microsoft.com/security/blog/2022/07/27/untangling-knotweed-european-private-sector-offensive-actor-using-0-day-exploits/>) in a Wednesday report.\n\nMicrosoft is [tracking](<https://blogs.microsoft.com/on-the-issues/2022/07/27/private-sector-cyberweapons-psoas-knotweed/>) the actor under the moniker KNOTWEED, continuing its trend of terming PSOAs using names given to trees and shrubs. The company previously designated the name [SOURGUM](<https://thehackernews.com/2021/07/israeli-firm-helped-governments-target.html>) to Israeli spyware vendor Candiru.\n\nKNOTWEED is known to dabble in both access-as-a-service and [hack-for-hire](<https://thehackernews.com/2022/06/google-blocks-dozens-of-malicious.html>) operations, offering its toolset to third parties as well as directly associating itself in certain attacks.\n\nWhile the former entails the sales of end-to-end hacking tools that can be used by the purchaser in their own operations without the involvement of the offensive actor, hack-for-hire groups run the targeted operations on behalf of their clients.\n\nThe deployment of Subzero is said to have transpired through the exploitation of numerous issues, including an attack chain that abused an unknown Adobe Reader remote code execution (RCE) flaw and a zero-day privilege escalation bug ([CVE-2022-22047](<https://thehackernews.com/2022/07/microsoft-releases-fix-for-zero-day.html>)), the latter of which was addressed by Microsoft as part of its July Patch Tuesday updates.\n\n\"The exploits were packaged into a PDF document that was sent to the victim via email,\" Microsoft explained. \"CVE-2022-22047 was used in KNOTWEED related attacks for privilege escalation. The vulnerability also provided the ability to escape sandboxes and achieve system-level code execution.\"\n\nSimilar attack chains observed in 2021 leveraged a combination of two Windows privilege escalation exploits (CVE-2021-31199 and CVE-2021-31201) in conjunction with an Adobe reader flaw (CVE-2021-28550). The three vulnerabilities were [resolved](<https://thehackernews.com/2021/06/update-your-windows-computers-to-patch.html>) in June 2021.\n\nThe deployment of Subzero subsequently occurred through a fourth exploit, this time taking advantage of a privilege escalation vulnerability in the Windows Update Medic Service ([CVE-2021-36948](<https://thehackernews.com/2021/08/microsoft-releases-windows-updates-to.html>)), which was closed by Microsoft in August 2021.\n\nBeyond these exploit chains, Excel files masquerading as real estate documents have been used as a conduit to deliver the malware, with the files containing [Excel 4.0 macros](<https://thehackernews.com/2022/01/emotet-now-using-unconventional-ip.html>) designed to kick-start the infection process.\n\nRegardless of the method employed, the intrusions culminate in the execution of shellcode, which is used to retrieve a second-stage payload called Corelump from a remote server in the form of a JPEG image that also embeds a loader named Jumplump that, in turn, loads Corelump into memory.\n\nThe evasive implant comes with a wide range of capabilities, including keylogging, capturing screenshots, exfiltrating files, running a remote shell, and running arbitrary plugins downloaded from the remote server.\n\nAlso deployed during the attacks were bespoke utilities like Mex, a command-line tool to run open source security software like Chisel, and PassLib, a tool to dump credentials from web browsers, email clients, and the Windows credential manager.\n\nMicrosoft said it uncovered KNOTWEED actively serving malware since February 2020 through infrastructure hosted on DigitalOcean and Choopa, alongside identifying subdomains that are used for malware development, debugging Mex, and staging the Subzero payload.\n\nMultiple links have also been unearthed between DSIRF and the malicious tools used in KNOTWEED's attacks.\n\n\"These include command-and-control infrastructure used by the malware directly linking to DSIRF, a DSIRF-associated GitHub account being used in one attack, a code signing certificate issued to DSIRF being used to sign an exploit, and other open-source news reports attributing Subzero to DSIRF,\" Redmond noted.\n\nSubzero is no different from off-the-shelf malware such as [Pegasus](<https://thehackernews.com/2022/07/pegasus-spyware-used-to-hack-devices-of.html>), [Predator](<https://thehackernews.com/2022/05/cytroxs-predator-spyware-target-android.html>), [Hermit](<https://thehackernews.com/2022/06/google-says-isps-helped-attackers.html>), and [DevilsTongue](<https://thehackernews.com/2022/07/candiru-spyware-caught-exploiting.html>), which are capable of infiltrating phones and Windows machines to remotely control the devices and siphon off data, sometimes without requiring the user to click on a malicious link.\n\nIf anything, the latest findings highlight a burgeoning international market for such sophisticated surveillance technologies to carry out targeted attacks aimed at members of civil society.\n\nAlthough companies that sell commercial spyware advertise their wares as a means to tackle serious crimes, evidence gathered so far has found [several instances](<https://thehackernews.com/2022/06/nso-confirms-pegasus-spyware-used-by-at.html>) of these tools being misused by authoritarian governments and private organizations to snoop on human rights advocates, journalists, dissidents, and politicians.\n\nGoogle's Threat Analysis Group (TAG), which is tracking over 30 vendors that hawk exploits or surveillance capabilities to state-sponsored actors, said the booming ecosystem underscores \"the extent to which commercial surveillance vendors have proliferated capabilities historically only used by governments.\"\n\n\"These vendors operate with deep technical expertise to develop and operationalize exploits,\" TAG's Shane Huntley [said](<https://blog.google/threat-analysis-group/googles-efforts-to-identify-and-counter-spyware/>) in a testimony to the U.S. House Intelligence Committee on Wednesday, adding, \"its use is growing, fueled by demand from governments.\"\n\n \n\n\nFound this article interesting? Follow THN on [Facebook](<https://www.facebook.com/thehackernews>), [Twitter _\uf099_](<https://twitter.com/thehackersnews>) and [LinkedIn](<https://www.linkedin.com/company/thehackernews/>) to read more exclusive content we post.\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2022-07-28T11:18:00", "type": "thn", "title": "Microsoft Uncovers Austrian Company Exploiting Windows and Adobe Zero-Day Exploits", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-28550", "CVE-2021-31199", "CVE-2021-31201", "CVE-2021-36948", "CVE-2022-22047"], "modified": "2022-07-29T02:58:07", "id": "THN:DFA2CC41C78DFA4BED87B1410C21CE2A", "href": "https://thehackernews.com/2022/07/microsoft-uncover-austrian-company.html", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-05-09T12:39:14", "description": "[](<https://thehackernews.com/images/-YB6xMmNkBp0/YRYuIvxMidI/AAAAAAAADhg/a2Ee5QkoQZw6JlnYhCIdg3Nk-HM2yu2wwCLcBGAsYHQ/s0/ransomware.jpg>)\n\nRansomware operators such as Magniber and Vice Society are actively exploiting vulnerabilities in Windows Print Spooler to compromise victims and spread laterally across a victim's network to deploy file-encrypting payloads on targeted systems.\n\n\"Multiple, distinct threat actors view this vulnerability as attractive to use during their attacks and may indicate that this vulnerability will continue to see more widespread adoption and incorporation by various adversaries moving forward,\" Cisco Talos [said](<https://blog.talosintelligence.com/2021/08/vice-society-ransomware-printnightmare.html>) in a report published Thursday, corroborating an [independent analysis](<https://www.crowdstrike.com/blog/magniber-ransomware-caught-using-printnightmare-vulnerability/>) from CrowdStrike, which observed instances of Magniber ransomware infections targeting entities in South Korea.\n\nWhile Magniber ransomware was first spotted in late 2017 singling out victims in South Korea through malvertising campaigns, Vice Society is a new entrant that emerged on the ransomware landscape in mid-2021, primarily targeting public school districts and other educational institutions. The attacks are said to have taken place since at least July 13.\n\nSince June, a series of \"PrintNightmare\" issues affecting the Windows print spooler service has come to light that could enable remote code execution when the component performs privileged file operations -\n\n * [**CVE-2021-1675**](<https://thehackernews.com/2021/06/researchers-leak-poc-exploit-for.html>) \\- Windows Print Spooler Remote Code Execution Vulnerability (Patched on June 8)\n * [**CVE-2021-34527**](<https://thehackernews.com/2021/07/microsofts-emergency-patch-fails-to.html>) \\- Windows Print Spooler Remote Code Execution Vulnerability (Patched on July 6-7)\n * [**CVE-2021-34481**](<https://thehackernews.com/2021/07/microsoft-warns-of-new-unpatched.html>) \\- Windows Print Spooler Remote Code Execution Vulnerability (Patched on August 10)\n * [**CVE-2021-36936**](<https://thehackernews.com/2021/08/microsoft-releases-windows-updates-to.html>) \\- Windows Print Spooler Remote Code Execution Vulnerability (Patched on August 10) \n * [**CVE-2021-36947**](<https://thehackernews.com/2021/08/microsoft-releases-windows-updates-to.html>) \\- Windows Print Spooler Remote Code Execution Vulnerability (Patched on August 10)\n * [**CVE-2021-34483**](<https://thehackernews.com/2021/08/microsoft-releases-windows-updates-to.html>) \\- Windows Print Spooler Elevation of Privilege Vulnerability (Patched on August 10)\n * [**CVE-2021-36958**](<https://thehackernews.com/2021/08/microsoft-security-bulletin-warns-of.html>) \\- Windows Print Spooler Remote Code Execution Vulnerability (Unpatched)\n\nCrowdStrike noted it was able to successfully prevent attempts made by the Magniber ransomware gang at exploiting the PrintNightmare vulnerability.\n\nVice Society, on the other hand, leveraged a variety of techniques to conduct post-compromise discovery and reconnaissance prior to bypassing native Windows protections for credential theft and privilege escalation.\n\n[](<https://thehackernews.com/images/-JlsTWIHVgX4/YRYltMOGBKI/AAAAAAAADhQ/pzUFIcW6y0ABjOe3PuUQE5cPSnEOvGP9ACLcBGAsYHQ/s0/ransomware.jpg>)\n\nSpecifically, the attacker is believed to have used a malicious library associated with the PrintNightmare flaw (CVE-2021-34527) to pivot to multiple systems across the environment and extract credentials from the victim.\n\n\"Adversaries are constantly refining their approach to the ransomware attack lifecycle as they strive to operate more effectively, efficiently, and evasively,\" the researchers said. \"The use of the vulnerability known as PrintNightmare shows that adversaries are paying close attention and will quickly incorporate new tools that they find useful for various purposes during their attacks.\"\n\n \n\n\nFound this article interesting? Follow THN on [Facebook](<https://www.facebook.com/thehackernews>), [Twitter _\uf099_](<https://twitter.com/thehackersnews>) and [LinkedIn](<https://www.linkedin.com/company/thehackernews/>) to read more exclusive content we post.\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-08-13T08:29:00", "type": "thn", "title": "Ransomware Gangs Exploiting Windows Print Spooler Vulnerabilities", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-1675", "CVE-2021-34481", "CVE-2021-34483", "CVE-2021-34527", "CVE-2021-36936", "CVE-2021-36947", "CVE-2021-36958"], "modified": "2021-08-13T08:32:51", "id": "THN:6428957E9DED493169A2E63839F98667", "href": "https://thehackernews.com/2021/08/ransomware-gangs-exploiting-windows.html", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}], "nessus": [{"lastseen": "2023-05-19T15:13:14", "description": "The remote Windows host is missing security update 5005030.\nIt is, therefore, affected by multiple vulnerabilities :\n\n - A remote code execution vulnerability. An attacker can exploit this to bypass authentication and execute unauthorized arbitrary commands. (CVE-2021-26424, CVE-2021-26432, CVE-2021-34530, CVE-2021-34533, CVE-2021-34534, CVE-2021-34535, CVE-2021-36936, CVE-2021-36937, CVE-2021-36947)\n\n - A session spoofing vulnerability exists. An attacker can exploit this to perform actions with the privileges of another user. (CVE-2021-36942)\n\n - An elevation of privilege vulnerability. An attacker can exploit this to gain elevated privileges.\n (CVE-2021-26425, CVE-2021-26426, CVE-2021-34483, CVE-2021-34484, CVE-2021-34486, CVE-2021-34487, CVE-2021-34536, CVE-2021-34537, CVE-2021-36948)\n\n - An memory corruption vulnerability exists. An attacker can exploit this to corrupt the memory and cause unexpected behaviors within the system/application.\n (CVE-2021-34480)\n\n - An information disclosure vulnerability. An attacker can exploit this to disclose potentially sensitive information. (CVE-2021-26433, CVE-2021-36926, CVE-2021-36932, CVE-2021-36933, CVE-2021-36938)", "cvss3": {}, "published": "2021-08-10T00:00:00", "type": "nessus", "title": "KB5005030: Windows 10 Version 1809 and Windows Server 2019 Security Update (August 2021)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2021-26424", "CVE-2021-26425", "CVE-2021-26426", "CVE-2021-26432", "CVE-2021-26433", "CVE-2021-34480", "CVE-2021-34481", "CVE-2021-34483", "CVE-2021-34484", "CVE-2021-34486", "CVE-2021-34487", "CVE-2021-34530", "CVE-2021-34533", "CVE-2021-34534", "CVE-2021-34535", "CVE-2021-34536", "CVE-2021-34537", "CVE-2021-36926", "CVE-2021-36932", "CVE-2021-36933", "CVE-2021-36936", "CVE-2021-36937", "CVE-2021-36938", "CVE-2021-36942", "CVE-2021-36947", "CVE-2021-36948"], "modified": "2022-04-07T00:00:00", "cpe": ["cpe:/o:microsoft:windows"], "id": "SMB_NT_MS21_AUG_5005030.NASL", "href": "https://www.tenable.com/plugins/nessus/152435", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the Microsoft Security Updates API. The text\n# itself is copyright (C) Microsoft Corporation.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(152435);\n script_version(\"1.10\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/04/07\");\n\n script_cve_id(\n \"CVE-2021-26424\",\n \"CVE-2021-26425\",\n \"CVE-2021-26426\",\n \"CVE-2021-26432\",\n \"CVE-2021-26433\",\n \"CVE-2021-34480\",\n \"CVE-2021-34481\",\n \"CVE-2021-34483\",\n \"CVE-2021-34484\",\n \"CVE-2021-34486\",\n \"CVE-2021-34487\",\n \"CVE-2021-34530\",\n \"CVE-2021-34533\",\n \"CVE-2021-34534\",\n \"CVE-2021-34535\",\n \"CVE-2021-34536\",\n \"CVE-2021-34537\",\n \"CVE-2021-36926\",\n \"CVE-2021-36932\",\n \"CVE-2021-36933\",\n \"CVE-2021-36936\",\n \"CVE-2021-36937\",\n \"CVE-2021-36938\",\n \"CVE-2021-36942\",\n \"CVE-2021-36947\",\n \"CVE-2021-36948\"\n );\n script_xref(name:\"MSKB\", value:\"5005030\");\n script_xref(name:\"MSFT\", value:\"MS21-5005030\");\n script_xref(name:\"IAVA\", value:\"2021-A-0373-S\");\n script_xref(name:\"IAVA\", value:\"2021-A-0374-S\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2021/11/17\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2022/04/18\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2022/04/21\");\n\n script_name(english:\"KB5005030: Windows 10 Version 1809 and Windows Server 2019 Security Update (August 2021)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Windows host is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Windows host is missing security update 5005030.\nIt is, therefore, affected by multiple vulnerabilities :\n\n - A remote code execution vulnerability. An attacker can\n exploit this to bypass authentication and execute\n unauthorized arbitrary commands. (CVE-2021-26424,\n CVE-2021-26432, CVE-2021-34530, CVE-2021-34533,\n CVE-2021-34534, CVE-2021-34535, CVE-2021-36936,\n CVE-2021-36937, CVE-2021-36947)\n\n - A session spoofing vulnerability exists. An attacker can\n exploit this to perform actions with the privileges of\n another user. (CVE-2021-36942)\n\n - An elevation of privilege vulnerability. An attacker can\n exploit this to gain elevated privileges.\n (CVE-2021-26425, CVE-2021-26426, CVE-2021-34483,\n CVE-2021-34484, CVE-2021-34486, CVE-2021-34487,\n CVE-2021-34536, CVE-2021-34537, CVE-2021-36948)\n\n - An memory corruption vulnerability exists. An attacker\n can exploit this to corrupt the memory and cause\n unexpected behaviors within the system/application.\n (CVE-2021-34480)\n\n - An information disclosure vulnerability. An attacker can\n exploit this to disclose potentially sensitive\n information. (CVE-2021-26433, CVE-2021-36926,\n CVE-2021-36932, CVE-2021-36933, CVE-2021-36938)\");\n # https://support.microsoft.com/en-us/topic/august-10-2021-kb5005030-os-build-17763-2114-cec503ed-cc09-4641-bdc1-988153e0bd9a\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?34b43ea5\");\n script_set_attribute(attribute:\"solution\", value:\n\"Apply Cumulative Update KB5005030.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-36936\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/08/10\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/08/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/08/10\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:microsoft:windows\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows : Microsoft Bulletins\");\n\n script_copyright(english:\"This script is Copyright (C) 2021-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"smb_check_rollup.nasl\", \"smb_hotfixes.nasl\", \"ms_bulletin_checks_possible.nasl\");\n script_require_keys(\"SMB/MS_Bulletin_Checks/Possible\");\n script_require_ports(139, 445, \"Host/patch_management_checks\");\n\n exit(0);\n}\n\ninclude('smb_func.inc');\ninclude('smb_hotfixes.inc');\ninclude('smb_hotfixes_fcheck.inc');\ninclude('smb_reg_query.inc');\n\nget_kb_item_or_exit('SMB/MS_Bulletin_Checks/Possible');\n\nbulletin = 'MS21-08';\nkbs = make_list(\n '5005030'\n);\n\nif (get_kb_item('Host/patch_management_checks')) hotfix_check_3rd_party(bulletin:bulletin, kbs:kbs, severity:SECURITY_HOLE);\n\nget_kb_item_or_exit('SMB/Registry/Enumerated');\nget_kb_item_or_exit('SMB/WindowsVersion', exit_code:1);\n\nif (hotfix_check_sp_range(win10:'0') <= 0) audit(AUDIT_OS_SP_NOT_VULN);\n\nshare = hotfix_get_systemdrive(as_share:TRUE, exit_on_fail:TRUE);\nif (!is_accessible_share(share:share)) audit(AUDIT_SHARE_FAIL, share);\n\nif (\n smb_check_rollup(os:'10', \n sp:0,\n os_build:17763,\n rollup_date:'08_2021',\n bulletin:bulletin,\n rollup_kb_list:[5005030])\n)\n{\n replace_kb_item(name:'SMB/Missing/'+bulletin, value:TRUE);\n hotfix_security_hole();\n hotfix_check_fversion_end();\n exit(0);\n}\nelse\n{\n hotfix_check_fversion_end();\n audit(AUDIT_HOST_NOT, hotfix_get_audit_report());\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T15:32:18", "description": "The remote Windows host is missing security update 5005040.\nIt is, therefore, affected by multiple vulnerabilities :\n\n - A remote code execution vulnerability. An attacker can exploit this to bypass authentication and execute unauthorized arbitrary commands. (CVE-2021-26424, CVE-2021-26432, CVE-2021-34530, CVE-2021-34533, CVE-2021-34534, CVE-2021-34535, CVE-2021-36936, CVE-2021-36937, CVE-2021-36947)\n\n - An information disclosure vulnerability. An attacker can exploit this to disclose potentially sensitive information. (CVE-2021-26433, CVE-2021-36926, CVE-2021-36932, CVE-2021-36933, CVE-2021-36938)\n\n - An elevation of privilege vulnerability. An attacker can exploit this to gain elevated privileges.\n (CVE-2021-26425, CVE-2021-26426, CVE-2021-34483, CVE-2021-34484, CVE-2021-34536, CVE-2021-34537)\n\n - An memory corruption vulnerability exists. An attacker can exploit this to corrupt the memory and cause unexpected behaviors within the system/application.\n (CVE-2021-34480)", "cvss3": {}, "published": "2021-08-10T00:00:00", "type": "nessus", "title": "KB5005040: Windows 10 version 1507 LTS Security Update (August 2021)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2021-26424", "CVE-2021-26425", "CVE-2021-26426", "CVE-2021-26432", "CVE-2021-26433", "CVE-2021-34480", "CVE-2021-34483", "CVE-2021-34484", "CVE-2021-34530", "CVE-2021-34533", "CVE-2021-34534", "CVE-2021-34535", "CVE-2021-34536", "CVE-2021-34537", "CVE-2021-36926", "CVE-2021-36932", "CVE-2021-36933", "CVE-2021-36936", "CVE-2021-36937", "CVE-2021-36938", "CVE-2021-36947"], "modified": "2022-04-07T00:00:00", "cpe": ["cpe:/o:microsoft:windows"], "id": "SMB_NT_MS21_AUG_5005040.NASL", "href": "https://www.tenable.com/plugins/nessus/152422", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the Microsoft Security Updates API. The text\n# itself is copyright (C) Microsoft Corporation.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(152422);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/04/07\");\n\n script_cve_id(\n \"CVE-2021-26424\",\n \"CVE-2021-26425\",\n \"CVE-2021-26426\",\n \"CVE-2021-26432\",\n \"CVE-2021-26433\",\n \"CVE-2021-34480\",\n \"CVE-2021-34483\",\n \"CVE-2021-34484\",\n \"CVE-2021-34530\",\n \"CVE-2021-34533\",\n \"CVE-2021-34534\",\n \"CVE-2021-34535\",\n \"CVE-2021-34536\",\n \"CVE-2021-34537\",\n \"CVE-2021-36926\",\n \"CVE-2021-36932\",\n \"CVE-2021-36933\",\n \"CVE-2021-36936\",\n \"CVE-2021-36937\",\n \"CVE-2021-36938\",\n \"CVE-2021-36947\"\n );\n script_xref(name:\"MSKB\", value:\"5005040\");\n script_xref(name:\"MSFT\", value:\"MS21-5005040\");\n script_xref(name:\"IAVA\", value:\"2021-A-0373-S\");\n script_xref(name:\"IAVA\", value:\"2021-A-0374-S\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2022/04/21\");\n\n script_name(english:\"KB5005040: Windows 10 version 1507 LTS Security Update (August 2021)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Windows host is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Windows host is missing security update 5005040.\nIt is, therefore, affected by multiple vulnerabilities :\n\n - A remote code execution vulnerability. An attacker can\n exploit this to bypass authentication and execute\n unauthorized arbitrary commands. (CVE-2021-26424,\n CVE-2021-26432, CVE-2021-34530, CVE-2021-34533,\n CVE-2021-34534, CVE-2021-34535, CVE-2021-36936,\n CVE-2021-36937, CVE-2021-36947)\n\n - An information disclosure vulnerability. An attacker can\n exploit this to disclose potentially sensitive\n information. (CVE-2021-26433, CVE-2021-36926,\n CVE-2021-36932, CVE-2021-36933, CVE-2021-36938)\n\n - An elevation of privilege vulnerability. An attacker can\n exploit this to gain elevated privileges.\n (CVE-2021-26425, CVE-2021-26426, CVE-2021-34483,\n CVE-2021-34484, CVE-2021-34536, CVE-2021-34537)\n\n - An memory corruption vulnerability exists. An attacker\n can exploit this to corrupt the memory and cause\n unexpected behaviors within the system/application.\n (CVE-2021-34480)\");\n # https://support.microsoft.com/en-us/topic/august-10-2021-kb5005040-os-build-10240-19022-e8bbfa7a-1012-4e18-a2d7-8ae6a8acf8fb\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?cab780fc\");\n script_set_attribute(attribute:\"solution\", value:\n\"Apply Cumulative Update KB5005040.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-36936\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/08/10\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/08/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/08/10\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:microsoft:windows\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows : Microsoft Bulletins\");\n\n script_copyright(english:\"This script is Copyright (C) 2021-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"smb_check_rollup.nasl\", \"smb_hotfixes.nasl\", \"ms_bulletin_checks_possible.nasl\");\n script_require_keys(\"SMB/MS_Bulletin_Checks/Possible\");\n script_require_ports(139, 445, \"Host/patch_management_checks\");\n\n exit(0);\n}\n\ninclude('smb_func.inc');\ninclude('smb_hotfixes.inc');\ninclude('smb_hotfixes_fcheck.inc');\ninclude('smb_reg_query.inc');\n\nget_kb_item_or_exit('SMB/MS_Bulletin_Checks/Possible');\n\nbulletin = 'MS21-08';\nkbs = make_list(\n '5005040'\n);\n\nif (get_kb_item('Host/patch_management_checks')) hotfix_check_3rd_party(bulletin:bulletin, kbs:kbs, severity:SECURITY_HOLE);\n\nget_kb_item_or_exit('SMB/Registry/Enumerated');\nget_kb_item_or_exit('SMB/WindowsVersion', exit_code:1);\n\nif (hotfix_check_sp_range(win10:'0') <= 0) audit(AUDIT_OS_SP_NOT_VULN);\n\nshare = hotfix_get_systemdrive(as_share:TRUE, exit_on_fail:TRUE);\nif (!is_accessible_share(share:share)) audit(AUDIT_SHARE_FAIL, share);\n\nif (\n smb_check_rollup(os:'10', \n sp:0,\n os_build:10240,\n rollup_date:'08_2021',\n bulletin:bulletin,\n rollup_kb_list:[5005040])\n)\n{\n replace_kb_item(name:'SMB/Missing/'+bulletin, value:TRUE);\n hotfix_security_hole();\n hotfix_check_fversion_end();\n exit(0);\n}\nelse\n{\n hotfix_check_fversion_end();\n audit(AUDIT_HOST_NOT, hotfix_get_audit_report());\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-19T15:13:14", "description": "The remote Windows host is missing security update 5005031.\nIt is, therefore, affected by multiple vulnerabilities :\n\n - A remote code execution vulnerability. An attacker can exploit this to bypass authentication and execute unauthorized arbitrary commands. (CVE-2021-26424, CVE-2021-26432, CVE-2021-34530, CVE-2021-34533, CVE-2021-34534, CVE-2021-34535, CVE-2021-36936, CVE-2021-36937, CVE-2021-36947)\n\n - An elevation of privilege vulnerability. An attacker can exploit this to gain elevated privileges.\n (CVE-2021-26425, CVE-2021-26426, CVE-2021-34483, CVE-2021-34484, CVE-2021-34486, CVE-2021-34487, CVE-2021-34536, CVE-2021-34537, CVE-2021-36948)\n\n - An information disclosure vulnerability. An attacker can exploit this to disclose potentially sensitive information. (CVE-2021-26433, CVE-2021-36926, CVE-2021-36932, CVE-2021-36933)\n\n - An memory corruption vulnerability exists. An attacker can exploit this to corrupt the memory and cause unexpected behaviors within the system/application.\n (CVE-2021-34480)", "cvss3": {}, "published": "2021-08-10T00:00:00", "type": "nessus", "title": "KB5005031: Windows 10 Version 1909 Security Update (August 2021)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2021-26424", "CVE-2021-26425", "CVE-2021-26426", "CVE-2021-26432", "CVE-2021-26433", "CVE-2021-34480", "CVE-2021-34481", "CVE-2021-34483", "CVE-2021-34484", "CVE-2021-34486", "CVE-2021-34487", "CVE-2021-34530", "CVE-2021-34533", "CVE-2021-34534", "CVE-2021-34535", "CVE-2021-34536", "CVE-2021-34537", "CVE-2021-36926", "CVE-2021-36932", "CVE-2021-36933", "CVE-2021-36936", "CVE-2021-36937", "CVE-2021-36947", "CVE-2021-36948"], "modified": "2022-04-07T00:00:00", "cpe": ["cpe:/o:microsoft:windows"], "id": "SMB_NT_MS21_AUG_5005031.NASL", "href": "https://www.tenable.com/plugins/nessus/152430", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the Microsoft Security Updates API. The text\n# itself is copyright (C) Microsoft Corporation.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(152430);\n script_version(\"1.10\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/04/07\");\n\n script_cve_id(\n \"CVE-2021-26424\",\n \"CVE-2021-26425\",\n \"CVE-2021-26426\",\n \"CVE-2021-26432\",\n \"CVE-2021-26433\",\n \"CVE-2021-34480\",\n \"CVE-2021-34481\",\n \"CVE-2021-34483\",\n \"CVE-2021-34484\",\n \"CVE-2021-34486\",\n \"CVE-2021-34487\",\n \"CVE-2021-34530\",\n \"CVE-2021-34533\",\n \"CVE-2021-34534\",\n \"CVE-2021-34535\",\n \"CVE-2021-34536\",\n \"CVE-2021-34537\",\n \"CVE-2021-36926\",\n \"CVE-2021-36932\",\n \"CVE-2021-36933\",\n \"CVE-2021-36936\",\n \"CVE-2021-36937\",\n \"CVE-2021-36947\",\n \"CVE-2021-36948\"\n );\n script_xref(name:\"MSKB\", value:\"5005031\");\n script_xref(name:\"MSFT\", value:\"MS21-5005031\");\n script_xref(name:\"IAVA\", value:\"2021-A-0373-S\");\n script_xref(name:\"IAVA\", value:\"2021-A-0374-S\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2021/11/17\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2022/04/18\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2022/04/21\");\n\n script_name(english:\"KB5005031: Windows 10 Version 1909 Security Update (August 2021)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Windows host is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Windows host is missing security update 5005031.\nIt is, therefore, affected by multiple vulnerabilities :\n\n - A remote code execution vulnerability. An attacker can\n exploit this to bypass authentication and execute\n unauthorized arbitrary commands. (CVE-2021-26424,\n CVE-2021-26432, CVE-2021-34530, CVE-2021-34533,\n CVE-2021-34534, CVE-2021-34535, CVE-2021-36936,\n CVE-2021-36937, CVE-2021-36947)\n\n - An elevation of privilege vulnerability. An attacker can\n exploit this to gain elevated privileges.\n (CVE-2021-26425, CVE-2021-26426, CVE-2021-34483,\n CVE-2021-34484, CVE-2021-34486, CVE-2021-34487,\n CVE-2021-34536, CVE-2021-34537, CVE-2021-36948)\n\n - An information disclosure vulnerability. An attacker can\n exploit this to disclose potentially sensitive\n information. (CVE-2021-26433, CVE-2021-36926,\n CVE-2021-36932, CVE-2021-36933)\n\n - An memory corruption vulnerability exists. An attacker\n can exploit this to corrupt the memory and cause\n unexpected behaviors within the system/application.\n (CVE-2021-34480)\");\n # https://support.microsoft.com/en-us/topic/august-10-2021-kb5005031-os-build-18363-1734-8af726da-a39b-417d-a5fb-670c42d69e78\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?819616f3\");\n script_set_attribute(attribute:\"solution\", value:\n\"Apply Cumulative Update KB5005031.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-36936\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/08/10\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/08/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/08/10\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:microsoft:windows\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows : Microsoft Bulletins\");\n\n script_copyright(english:\"This script is Copyright (C) 2021-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"smb_check_rollup.nasl\", \"smb_hotfixes.nasl\", \"ms_bulletin_checks_possible.nasl\");\n script_require_keys(\"SMB/MS_Bulletin_Checks/Possible\");\n script_require_ports(139, 445, \"Host/patch_management_checks\");\n\n exit(0);\n}\n\ninclude('smb_func.inc');\ninclude('smb_hotfixes.inc');\ninclude('smb_hotfixes_fcheck.inc');\ninclude('smb_reg_query.inc');\n\nget_kb_item_or_exit('SMB/MS_Bulletin_Checks/Possible');\n\nbulletin = 'MS21-08';\nkbs = make_list(\n '5005031'\n);\n\nif (get_kb_item('Host/patch_management_checks')) hotfix_check_3rd_party(bulletin:bulletin, kbs:kbs, severity:SECURITY_HOLE);\n\nget_kb_item_or_exit('SMB/Registry/Enumerated');\nget_kb_item_or_exit('SMB/WindowsVersion', exit_code:1);\n\nif (hotfix_check_sp_range(win10:'0') <= 0) audit(AUDIT_OS_SP_NOT_VULN);\n\nshare = hotfix_get_systemdrive(as_share:TRUE, exit_on_fail:TRUE);\nif (!is_accessible_share(share:share)) audit(AUDIT_SHARE_FAIL, share);\n\nif (\n smb_check_rollup(os:'10', \n sp:0,\n os_build:18363,\n rollup_date:'08_2021',\n bulletin:bulletin,\n rollup_kb_list:[5005031])\n)\n{\n replace_kb_item(name:'SMB/Missing/'+bulletin, value:TRUE);\n hotfix_security_hole();\n hotfix_check_fversion_end();\n exit(0);\n}\nelse\n{\n hotfix_check_fversion_end();\n audit(AUDIT_HOST_NOT, hotfix_get_audit_report());\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-21T14:07:27", "description": "The remote Windows host is missing security update 5005033.\nIt is, therefore, affected by multiple vulnerabilities :\n\n - An elevation of privilege vulnerability. An attacker can exploit this to gain elevated privileges.\n (CVE-2021-26425, CVE-2021-26426, CVE-2021-26431, CVE-2021-34483, CVE-2021-34484, CVE-2021-34486, CVE-2021-34487, CVE-2021-34536, CVE-2021-34537, CVE-2021-36948)\n\n - A remote code execution vulnerability. An attacker can exploit this to bypass authentication and execute unauthorized arbitrary commands. (CVE-2021-26424, CVE-2021-26432, CVE-2021-34530, CVE-2021-34533, CVE-2021-34534, CVE-2021-34535, CVE-2021-36936, CVE-2021-36937, CVE-2021-36947)\n\n - An information disclosure vulnerability. An attacker can exploit this to disclose potentially sensitive information. (CVE-2021-26433, CVE-2021-36926, CVE-2021-36932, CVE-2021-36933)\n\n - An memory corruption vulnerability exists. An attacker can exploit this to corrupt the memory and cause unexpected behaviors within the system/application.\n (CVE-2021-34480)", "cvss3": {}, "published": "2021-08-10T00:00:00", "type": "nessus", "title": "KB5005033: Windows 10 Version 2004 / Windows 10 Version 20H2 / Windows 10 Version 21H1 Security Update (August 2021)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2021-26424", "CVE-2021-26425", "CVE-2021-26426", "CVE-2021-26431", "CVE-2021-26432", "CVE-2021-26433", "CVE-2021-34480", "CVE-2021-34483", "CVE-2021-34484", "CVE-2021-34486", "CVE-2021-34487", "CVE-2021-34530", "CVE-2021-34533", "CVE-2021-34534", "CVE-2021-34535", "CVE-2021-34536", "CVE-2021-34537", "CVE-2021-36926", "CVE-2021-36932", "CVE-2021-36933", "CVE-2021-36936", "CVE-2021-36937", "CVE-2021-36947", "CVE-2021-36948"], "modified": "2022-04-07T00:00:00", "cpe": ["cpe:/o:microsoft:windows"], "id": "SMB_NT_MS21_AUG_5005033.NASL", "href": "https://www.tenable.com/plugins/nessus/152431", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the Microsoft Security Updates API. The text\n# itself is copyright (C) Microsoft Corporation.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(152431);\n script_version(\"1.11\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/04/07\");\n\n script_cve_id(\n \"CVE-2021-26424\",\n \"CVE-2021-26425\",\n \"CVE-2021-26426\",\n \"CVE-2021-26431\",\n \"CVE-2021-26432\",\n \"CVE-2021-26433\",\n \"CVE-2021-34480\",\n \"CVE-2021-34483\",\n \"CVE-2021-34484\",\n \"CVE-2021-34486\",\n \"CVE-2021-34487\",\n \"CVE-2021-34530\",\n \"CVE-2021-34533\",\n \"CVE-2021-34534\",\n \"CVE-2021-34535\",\n \"CVE-2021-34536\",\n \"CVE-2021-34537\",\n \"CVE-2021-36926\",\n \"CVE-2021-36932\",\n \"CVE-2021-36933\",\n \"CVE-2021-36936\",\n \"CVE-2021-36937\",\n \"CVE-2021-36947\",\n \"CVE-2021-36948\"\n );\n script_xref(name:\"MSKB\", value:\"5005033\");\n script_xref(name:\"MSFT\", value:\"MS21-5005033\");\n script_xref(name:\"IAVA\", value:\"2021-A-0373-S\");\n script_xref(name:\"IAVA\", value:\"2021-A-0374-S\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2021/11/17\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2022/04/18\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2022/04/21\");\n\n script_name(english:\"KB5005033: Windows 10 Version 2004 / Windows 10 Version 20H2 / Windows 10 Version 21H1 Security Update (August 2021)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Windows host is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Windows host is missing security update 5005033.\nIt is, therefore, affected by multiple vulnerabilities :\n\n - An elevation of privilege vulnerability. An attacker can\n exploit this to gain elevated privileges.\n (CVE-2021-26425, CVE-2021-26426, CVE-2021-26431,\n CVE-2021-34483, CVE-2021-34484, CVE-2021-34486,\n CVE-2021-34487, CVE-2021-34536, CVE-2021-34537,\n CVE-2021-36948)\n\n - A remote code execution vulnerability. An attacker can\n exploit this to bypass authentication and execute\n unauthorized arbitrary commands. (CVE-2021-26424,\n CVE-2021-26432, CVE-2021-34530, CVE-2021-34533,\n CVE-2021-34534, CVE-2021-34535, CVE-2021-36936,\n CVE-2021-36937, CVE-2021-36947)\n\n - An information disclosure vulnerability. An attacker can\n exploit this to disclose potentially sensitive\n information. (CVE-2021-26433, CVE-2021-36926,\n CVE-2021-36932, CVE-2021-36933)\n\n - An memory corruption vulnerability exists. An attacker\n can exploit this to corrupt the memory and cause\n unexpected behaviors within the system/application.\n (CVE-2021-34480)\");\n # https://support.microsoft.com/en-us/topic/august-10-2021-kb5005033-os-builds-19041-1165-19042-1165-and-19043-1165-b4c77d08-435a-4833-b9f7-e092372079a4\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?526975a8\");\n script_set_attribute(attribute:\"solution\", value:\n\"Apply Cumulative Update KB5005033.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-36936\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/08/10\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/08/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/08/10\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:microsoft:windows\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows : Microsoft Bulletins\");\n\n script_copyright(english:\"This script is Copyright (C) 2021-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"smb_check_rollup.nasl\", \"smb_hotfixes.nasl\", \"ms_bulletin_checks_possible.nasl\");\n script_require_keys(\"SMB/MS_Bulletin_Checks/Possible\");\n script_require_ports(139, 445, \"Host/patch_management_checks\");\n\n exit(0);\n}\n\ninclude('smb_func.inc');\ninclude('smb_hotfixes.inc');\ninclude('smb_hotfixes_fcheck.inc');\ninclude('smb_reg_query.inc');\n\nget_kb_item_or_exit('SMB/MS_Bulletin_Checks/Possible');\n\nvar bulletin = 'MS21-08';\nvar kbs = make_list(\n '5005033'\n);\n\nif (get_kb_item('Host/patch_management_checks')) hotfix_check_3rd_party(bulletin:bulletin, kbs:kbs, severity:SECURITY_HOLE);\n\nget_kb_item_or_exit('SMB/Registry/Enumerated');\nget_kb_item_or_exit('SMB/WindowsVersion', exit_code:1);\n\nif (hotfix_check_sp_range(win10:'0') <= 0) audit(AUDIT_OS_SP_NOT_VULN);\n\nvar share = hotfix_get_systemdrive(as_share:TRUE, exit_on_fail:TRUE);\nif (!is_accessible_share(share:share)) audit(AUDIT_SHARE_FAIL, share);\n\nif (\n smb_check_rollup(os:'10', \n sp:0,\n os_build:19041,\n rollup_date:'08_2021',\n bulletin:bulletin,\n rollup_kb_list:[5005033])\n||\n smb_check_rollup(os:'10', \n sp:0,\n os_build:19042,\n rollup_date:'08_2021',\n bulletin:bulletin,\n rollup_kb_list:[5005033])\n||\n smb_check_rollup(os:'10', \n sp:0,\n os_build:19043,\n rollup_date:'08_2021',\n bulletin:bulletin,\n rollup_kb_list:[5005033])\n)\n{\n replace_kb_item(name:'SMB/Missing/'+bulletin, value:TRUE);\n hotfix_security_hole();\n hotfix_check_fversion_end();\n exit(0);\n}\nelse\n{\n hotfix_check_fversion_end();\n audit(AUDIT_HOST_NOT, hotfix_get_audit_report());\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T15:32:50", "description": "The remote Windows host is missing security update 5005043.\nIt is, therefore, affected by multiple vulnerabilities :\n\n - A remote code execution vulnerability. An attacker can exploit this to bypass authentication and execute unauthorized arbitrary commands. (CVE-2021-26424, CVE-2021-26432, CVE-2021-34530, CVE-2021-34533, CVE-2021-34534, CVE-2021-34535, CVE-2021-36936, CVE-2021-36937, CVE-2021-36947)\n\n - A session spoofing vulnerability exists. An attacker can exploit this to perform actions with the privileges of another user. (CVE-2021-36942)\n\n - An elevation of privilege vulnerability. An attacker can exploit this to gain elevated privileges.\n (CVE-2021-26425, CVE-2021-26426, CVE-2021-34483, CVE-2021-34484, CVE-2021-34487, CVE-2021-34536, CVE-2021-34537)\n\n - An memory corruption vulnerability exists. An attacker can exploit this to corrupt the memory and cause unexpected behaviors within the system/application.\n (CVE-2021-34480)\n\n - An information disclosure vulnerability. An attacker can exploit this to disclose potentially sensitive information. (CVE-2021-26433, CVE-2021-36926, CVE-2021-36932, CVE-2021-36933, CVE-2021-36938)", "cvss3": {}, "published": "2021-08-10T00:00:00", "type": "nessus", "title": "KB5005043: Windows 10 Version 1607 and Windows Server 2016 Security Update (August 2021)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2021-26424", "CVE-2021-26425", "CVE-2021-26426", "CVE-2021-26432", "CVE-2021-26433", "CVE-2021-34480", "CVE-2021-34481", "CVE-2021-34483", "CVE-2021-34484", "CVE-2021-34487", "CVE-2021-34530", "CVE-2021-34533", "CVE-2021-34534", "CVE-2021-34535", "CVE-2021-34536", "CVE-2021-34537", "CVE-2021-36926", "CVE-2021-36932", "CVE-2021-36933", "CVE-2021-36936", "CVE-2021-36937", "CVE-2021-36938", "CVE-2021-36942", "CVE-2021-36947"], "modified": "2022-04-07T00:00:00", "cpe": ["cpe:/o:microsoft:windows"], "id": "SMB_NT_MS21_AUG_5005043.NASL", "href": "https://www.tenable.com/plugins/nessus/152434", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the Microsoft Security Updates API. The text\n# itself is copyright (C) Microsoft Corporation.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(152434);\n script_version(\"1.9\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/04/07\");\n\n script_cve_id(\n \"CVE-2021-26424\",\n \"CVE-2021-26425\",\n \"CVE-2021-26426\",\n \"CVE-2021-26432\",\n \"CVE-2021-26433\",\n \"CVE-2021-34480\",\n \"CVE-2021-34481\",\n \"CVE-2021-34483\",\n \"CVE-2021-34484\",\n \"CVE-2021-34487\",\n \"CVE-2021-34530\",\n \"CVE-2021-34533\",\n \"CVE-2021-34534\",\n \"CVE-2021-34535\",\n \"CVE-2021-34536\",\n \"CVE-2021-34537\",\n \"CVE-2021-36926\",\n \"CVE-2021-36932\",\n \"CVE-2021-36933\",\n \"CVE-2021-36936\",\n \"CVE-2021-36937\",\n \"CVE-2021-36938\",\n \"CVE-2021-36942\",\n \"CVE-2021-36947\"\n );\n script_xref(name:\"MSKB\", value:\"5005043\");\n script_xref(name:\"MSFT\", value:\"MS21-5005043\");\n script_xref(name:\"IAVA\", value:\"2021-A-0373-S\");\n script_xref(name:\"IAVA\", value:\"2021-A-0374-S\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2021/11/17\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2022/04/21\");\n\n script_name(english:\"KB5005043: Windows 10 Version 1607 and Windows Server 2016 Security Update (August 2021)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Windows host is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Windows host is missing security update 5005043.\nIt is, therefore, affected by multiple vulnerabilities :\n\n - A remote code execution vulnerability. An attacker can\n exploit this to bypass authentication and execute\n unauthorized arbitrary commands. (CVE-2021-26424,\n CVE-2021-26432, CVE-2021-34530, CVE-2021-34533,\n CVE-2021-34534, CVE-2021-34535, CVE-2021-36936,\n CVE-2021-36937, CVE-2021-36947)\n\n - A session spoofing vulnerability exists. An attacker can\n exploit this to perform actions with the privileges of\n another user. (CVE-2021-36942)\n\n - An elevation of privilege vulnerability. An attacker can\n exploit this to gain elevated privileges.\n (CVE-2021-26425, CVE-2021-26426, CVE-2021-34483,\n CVE-2021-34484, CVE-2021-34487, CVE-2021-34536,\n CVE-2021-34537)\n\n - An memory corruption vulnerability exists. An attacker\n can exploit this to corrupt the memory and cause\n unexpected behaviors within the system/application.\n (CVE-2021-34480)\n\n - An information disclosure vulnerability. An attacker can\n exploit this to disclose potentially sensitive\n information. (CVE-2021-26433, CVE-2021-36926,\n CVE-2021-36932, CVE-2021-36933, CVE-2021-36938)\");\n # https://support.microsoft.com/en-us/topic/august-10-2021-kb5005043-os-build-14393-4583-709d481e-b02a-4eb9-80d9-75c4b8170240\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?e5193663\");\n script_set_attribute(attribute:\"solution\", value:\n\"Apply Cumulative Update KB5005043.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-36936\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/08/10\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/08/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/08/10\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:microsoft:windows\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows : Microsoft Bulletins\");\n\n script_copyright(english:\"This script is Copyright (C) 2021-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"smb_check_rollup.nasl\", \"smb_hotfixes.nasl\", \"ms_bulletin_checks_possible.nasl\");\n script_require_keys(\"SMB/MS_Bulletin_Checks/Possible\");\n script_require_ports(139, 445, \"Host/patch_management_checks\");\n\n exit(0);\n}\n\ninclude('smb_func.inc');\ninclude('smb_hotfixes.inc');\ninclude('smb_hotfixes_fcheck.inc');\ninclude('smb_reg_query.inc');\n\nget_kb_item_or_exit('SMB/MS_Bulletin_Checks/Possible');\n\nbulletin = 'MS21-08';\nkbs = make_list(\n '5005043'\n);\n\nif (get_kb_item('Host/patch_management_checks')) hotfix_check_3rd_party(bulletin:bulletin, kbs:kbs, severity:SECURITY_HOLE);\n\nget_kb_item_or_exit('SMB/Registry/Enumerated');\nget_kb_item_or_exit('SMB/WindowsVersion', exit_code:1);\n\nif (hotfix_check_sp_range(win10:'0') <= 0) audit(AUDIT_OS_SP_NOT_VULN);\n\nshare = hotfix_get_systemdrive(as_share:TRUE, exit_on_fail:TRUE);\nif (!is_accessible_share(share:share)) audit(AUDIT_SHARE_FAIL, share);\n\nif (\n smb_check_rollup(os:'10', \n sp:0,\n os_build:14393,\n rollup_date:'08_2021',\n bulletin:bulletin,\n rollup_kb_list:[5005043])\n)\n{\n replace_kb_item(name:'SMB/Missing/'+bulletin, value:TRUE);\n hotfix_security_hole();\n hotfix_check_fversion_end();\n exit(0);\n}\nelse\n{\n hotfix_check_fversion_end();\n audit(AUDIT_HOST_NOT, hotfix_get_audit_report());\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T15:32:06", "description": "The remote Windows host is missing security update 5005089 or cumulative update 5005088. It is, therefore, affected by multiple vulnerabilities :\n\n - An elevation of privilege vulnerability. An attacker can exploit this to gain elevated privileges.\n (CVE-2021-26425, CVE-2021-34483, CVE-2021-34484, CVE-2021-34537, CVE-2021-36927)\n\n - A session spoofing vulnerability exists. An attacker can exploit this to perform actions with the privileges of another user. (CVE-2021-36942)\n\n - A remote code execution vulnerability. An attacker can exploit this to bypass authentication and execute unauthorized arbitrary commands. (CVE-2021-26424, CVE-2021-34533, CVE-2021-34535, CVE-2021-36936, CVE-2021-36937, CVE-2021-36947)\n\n - An memory corruption vulnerability exists. An attacker can exploit this to corrupt the memory and cause unexpected behaviors within the system/application.\n (CVE-2021-34480)", "cvss3": {}, "published": "2021-08-10T00:00:00", "type": "nessus", "title": "KB5005089: Windows 7 and Windows Server 2008 R2 Security Update (August 2021)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2021-26424", "CVE-2021-26425", "CVE-2021-34480", "CVE-2021-34481", "CVE-2021-34483", "CVE-2021-34484", "CVE-2021-34533", "CVE-2021-34535", "CVE-2021-34537", "CVE-2021-36927", "CVE-2021-36936", "CVE-2021-36937", "CVE-2021-36942", "CVE-2021-36947"], "modified": "2022-08-30T00:00:00", "cpe": ["cpe:/o:microsoft:windows"], "id": "SMB_NT_MS21_AUG_5005089.NASL", "href": "https://www.tenable.com/plugins/nessus/152436", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the Microsoft Security Updates API. The text\n# itself is copyright (C) Microsoft Corporation.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(152436);\n script_version(\"1.9\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/08/30\");\n\n script_cve_id(\n \"CVE-2021-26424\",\n \"CVE-2021-26425\",\n \"CVE-2021-34480\",\n \"CVE-2021-34481\",\n \"CVE-2021-34483\",\n \"CVE-2021-34484\",\n \"CVE-2021-34533\",\n \"CVE-2021-34535\",\n \"CVE-2021-34537\",\n \"CVE-2021-36927\",\n \"CVE-2021-36936\",\n \"CVE-2021-36937\",\n \"CVE-2021-36942\",\n \"CVE-2021-36947\"\n );\n script_xref(name:\"IAVA\", value:\"2021-A-0373-S\");\n script_xref(name:\"IAVA\", value:\"2021-A-0374-S\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2021/11/17\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2022/04/21\");\n script_xref(name:\"MSKB\", value:\"5005036\");\n script_xref(name:\"MSKB\", value:\"5005088\");\n script_xref(name:\"MSKB\", value:\"5005089\");\n script_xref(name:\"MSFT\", value:\"MS21-5005036\");\n script_xref(name:\"MSFT\", value:\"MS21-5005088\");\n script_xref(name:\"MSFT\", value:\"MS21-5005089\");\n\n script_name(english:\"KB5005089: Windows 7 and Windows Server 2008 R2 Security Update (August 2021)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Windows host is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Windows host is missing security update 5005089\nor cumulative update 5005088. It is, therefore, affected by\nmultiple vulnerabilities :\n\n - An elevation of privilege vulnerability. An attacker can\n exploit this to gain elevated privileges.\n (CVE-2021-26425, CVE-2021-34483, CVE-2021-34484,\n CVE-2021-34537, CVE-2021-36927)\n\n - A session spoofing vulnerability exists. An attacker can\n exploit this to perform actions with the privileges of\n another user. (CVE-2021-36942)\n\n - A remote code execution vulnerability. An attacker can\n exploit this to bypass authentication and execute\n unauthorized arbitrary commands. (CVE-2021-26424,\n CVE-2021-34533, CVE-2021-34535, CVE-2021-36936,\n CVE-2021-36937, CVE-2021-36947)\n\n - An memory corruption vulnerability exists. An attacker\n can exploit this to corrupt the memory and cause\n unexpected behaviors within the system/application.\n (CVE-2021-34480)\");\n # https://support.microsoft.com/en-us/topic/august-10-2021-kb5005089-security-only-update-28805642-8266-40f9-a2be-9003329f661c\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?383d9541\");\n # https://support.microsoft.com/en-us/topic/august-10-2021-kb5005088-monthly-rollup-69ec750d-30ee-4cbd-82eb-0b1ec2fd5f78\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?7d931097\");\n # https://support.microsoft.com/en-us/topic/kb5005036-cumulative-security-update-for-internet-explorer-august-10-2021-621b1edb-b461-4d99-ae3e-5add55e53895\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?0fe73cef\");\n script_set_attribute(attribute:\"solution\", value:\n\"Apply Security Only update KB5005089 or Cumulative Update KB5005088.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-36936\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/08/10\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/08/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/08/10\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:microsoft:windows\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows : Microsoft Bulletins\");\n\n script_copyright(english:\"This script is Copyright (C) 2021-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"smb_check_rollup.nasl\", \"smb_hotfixes.nasl\", \"ms_bulletin_checks_possible.nasl\");\n script_require_keys(\"SMB/MS_Bulletin_Checks/Possible\");\n script_require_ports(139, 445, \"Host/patch_management_checks\");\n\n exit(0);\n}\n\ninclude('smb_func.inc');\ninclude('smb_hotfixes.inc');\ninclude('smb_hotfixes_fcheck.inc');\ninclude('smb_reg_query.inc');\n\nget_kb_item_or_exit('SMB/MS_Bulletin_Checks/Possible');\n\nbulletin = 'MS21-08';\nkbs = make_list(\n '5005089',\n '5005088'\n);\n\nif (get_kb_item('Host/patch_management_checks')) hotfix_check_3rd_party(bulletin:bulletin, kbs:kbs, severity:SECURITY_HOLE);\n\nget_kb_item_or_exit('SMB/Registry/Enumerated');\nget_kb_item_or_exit('SMB/WindowsVersion', exit_code:1);\n\nif (hotfix_check_sp_range(win7:'1') <= 0) audit(AUDIT_OS_SP_NOT_VULN);\n\nshare = hotfix_get_systemdrive(as_share:TRUE, exit_on_fail:TRUE);\nif (!is_accessible_share(share:share)) audit(AUDIT_SHARE_FAIL, share);\n\nif (\n smb_check_rollup(os:'6.1', \n sp:1,\n rollup_date:'08_2021',\n bulletin:bulletin,\n rollup_kb_list:[5005089, 5005088])\n)\n{\n replace_kb_item(name:'SMB/Missing/'+bulletin, value:TRUE);\n hotfix_security_hole();\n hotfix_check_fversion_end();\n exit(0);\n}\nelse\n{\n hotfix_check_fversion_end();\n audit(AUDIT_HOST_NOT, hotfix_get_audit_report());\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T15:32:36", "description": "The remote Windows host is missing security update 5005094 or cumulative update 5005099. It is, therefore, affected by multiple vulnerabilities :\n\n - An elevation of privilege vulnerability. An attacker can exploit this to gain elevated privileges.\n (CVE-2021-26425, CVE-2021-26426, CVE-2021-34483, CVE-2021-34484, CVE-2021-36927)\n\n - A session spoofing vulnerability exists. An attacker can exploit this to perform actions with the privileges of another user. (CVE-2021-36942)\n\n - A remote code execution vulnerability. An attacker can exploit this to bypass authentication and execute unauthorized arbitrary commands. (CVE-2021-26424, CVE-2021-26432, CVE-2021-34533, CVE-2021-34535, CVE-2021-36936, CVE-2021-36937, CVE-2021-36947)\n\n - An information disclosure vulnerability. An attacker can exploit this to disclose potentially sensitive information. (CVE-2021-26433, CVE-2021-36926, CVE-2021-36932, CVE-2021-36933)\n\n - An memory corruption vulnerability exists. An attacker can exploit this to corrupt the memory and cause unexpected behaviors within the system/application.\n (CVE-2021-34480)", "cvss3": {}, "published": "2021-08-10T00:00:00", "type": "nessus", "title": "KB5005094: Windows Server 2012 Security Update (August 2021)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2021-26424", "CVE-2021-26425", "CVE-2021-26426", "CVE-2021-26432", "CVE-2021-26433", "CVE-2021-34480", "CVE-2021-34481", "CVE-2021-34483", "CVE-2021-34484", "CVE-2021-34533", "CVE-2021-34535", "CVE-2021-36926", "CVE-2021-36927", "CVE-2021-36932", "CVE-2021-36933", "CVE-2021-36936", "CVE-2021-36937", "CVE-2021-36942", "CVE-2021-36947"], "modified": "2022-04-07T00:00:00", "cpe": ["cpe:/o:microsoft:windows"], "id": "SMB_NT_MS21_AUG_5005094.NASL", "href": "https://www.tenable.com/plugins/nessus/152421", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the Microsoft Security Updates API. The text\n# itself is copyright (C) Microsoft Corporation.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(152421);\n script_version(\"1.9\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/04/07\");\n\n script_cve_id(\n \"CVE-2021-26424\",\n \"CVE-2021-26425\",\n \"CVE-2021-26426\",\n \"CVE-2021-26432\",\n \"CVE-2021-26433\",\n \"CVE-2021-34480\",\n \"CVE-2021-34481\",\n \"CVE-2021-34483\",\n \"CVE-2021-34484\",\n \"CVE-2021-34533\",\n \"CVE-2021-34535\",\n \"CVE-2021-36926\",\n \"CVE-2021-36927\",\n \"CVE-2021-36932\",\n \"CVE-2021-36933\",\n \"CVE-2021-36936\",\n \"CVE-2021-36937\",\n \"CVE-2021-36942\",\n \"CVE-2021-36947\"\n );\n script_xref(name:\"MSKB\", value:\"5005094\");\n script_xref(name:\"MSKB\", value:\"5005036\");\n script_xref(name:\"MSKB\", value:\"5005099\");\n script_xref(name:\"MSFT\", value:\"MS21-5005094\");\n script_xref(name:\"MSFT\", value:\"MS21-5005036\");\n script_xref(name:\"MSFT\", value:\"MS21-5005099\");\n script_xref(name:\"IAVA\", value:\"2021-A-0373-S\");\n script_xref(name:\"IAVA\", value:\"2021-A-0374-S\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2021/11/17\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2022/04/21\");\n\n script_name(english:\"KB5005094: Windows Server 2012 Security Update (August 2021)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Windows host is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Windows host is missing security update 5005094\nor cumulative update 5005099. It is, therefore, affected by\nmultiple vulnerabilities :\n\n - An elevation of privilege vulnerability. An attacker can\n exploit this to gain elevated privileges.\n (CVE-2021-26425, CVE-2021-26426, CVE-2021-34483,\n CVE-2021-34484, CVE-2021-36927)\n\n - A session spoofing vulnerability exists. An attacker can\n exploit this to perform actions with the privileges of\n another user. (CVE-2021-36942)\n\n - A remote code execution vulnerability. An attacker can\n exploit this to bypass authentication and execute\n unauthorized arbitrary commands. (CVE-2021-26424,\n CVE-2021-26432, CVE-2021-34533, CVE-2021-34535,\n CVE-2021-36936, CVE-2021-36937, CVE-2021-36947)\n\n - An information disclosure vulnerability. An attacker can\n exploit this to disclose potentially sensitive\n information. (CVE-2021-26433, CVE-2021-36926,\n CVE-2021-36932, CVE-2021-36933)\n\n - An memory corruption vulnerability exists. An attacker\n can exploit this to corrupt the memory and cause\n unexpected behaviors within the system/application.\n (CVE-2021-34480)\");\n # https://support.microsoft.com/en-us/topic/august-10-2021-kb5005094-security-only-update-276b95ad-c923-454c-8758-5b90175d86cc\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?ed9c2c14\");\n # https://support.microsoft.com/en-us/topic/kb5005036-cumulative-security-update-for-internet-explorer-august-10-2021-621b1edb-b461-4d99-ae3e-5add55e53895\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?0fe73cef\");\n # https://support.microsoft.com/en-us/topic/august-10-2021-kb5005099-monthly-rollup-34a20feb-f899-4d10-91e0-d5ab32c4e009\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?9af3c64c\");\n script_set_attribute(attribute:\"solution\", value:\n\"Apply Security Only update KB5005094 or Cumulative Update KB5005099.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-36936\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/08/10\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/08/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/08/10\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:microsoft:windows\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows : Microsoft Bulletins\");\n\n script_copyright(english:\"This script is Copyright (C) 2021-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"smb_check_rollup.nasl\", \"smb_hotfixes.nasl\", \"ms_bulletin_checks_possible.nasl\");\n script_require_keys(\"SMB/MS_Bulletin_Checks/Possible\");\n script_require_ports(139, 445, \"Host/patch_management_checks\");\n\n exit(0);\n}\ninclude('smb_func.inc');\ninclude('smb_hotfixes.inc');\ninclude('smb_hotfixes_fcheck.inc');\ninclude('smb_reg_query.inc');\n\nget_kb_item_or_exit('SMB/MS_Bulletin_Checks/Possible');\n\nbulletin = 'MS21-08';\nkbs = make_list(\n '5005099',\n '5005094'\n);\n\nif (get_kb_item('Host/patch_management_checks')) hotfix_check_3rd_party(bulletin:bulletin, kbs:kbs, severity:SECURITY_HOLE);\n\nget_kb_item_or_exit('SMB/Registry/Enumerated');\nget_kb_item_or_exit('SMB/WindowsVersion', exit_code:1);\n\nif (hotfix_check_sp_range(win8:'0') <= 0) audit(AUDIT_OS_SP_NOT_VULN);\n\nshare = hotfix_get_systemdrive(as_share:TRUE, exit_on_fail:TRUE);\nif (!is_accessible_share(share:share)) audit(AUDIT_SHARE_FAIL, share);\n\nif (\n smb_check_rollup(os:'6.2', \n sp:0,\n rollup_date:'08_2021',\n bulletin:bulletin,\n rollup_kb_list:[5005099, 5005094])\n)\n{\n replace_kb_item(name:'SMB/Missing/'+bulletin, value:TRUE);\n hotfix_security_hole();\n hotfix_check_fversion_end();\n exit(0);\n}\nelse\n{\n hotfix_check_fversion_end();\n audit(AUDIT_HOST_NOT, hotfix_get_audit_report());\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T15:32:36", "description": "The remote Windows host is missing security update 5005106 or cumulative update 5005076. It is, therefore, affected by multiple vulnerabilities :\n\n - An elevation of privilege vulnerability. An attacker can exploit this to gain elevated privileges.\n (CVE-2021-26425, CVE-2021-26426, CVE-2021-34483, CVE-2021-34484, CVE-2021-34537, CVE-2021-36927)\n\n - A session spoofing vulnerability exists. An attacker can exploit this to perform actions with the privileges of another user. (CVE-2021-36942)\n\n - A remote code execution vulnerability. An attacker can exploit this to bypass authentication and execute unauthorized arbitrary commands. (CVE-2021-26424, CVE-2021-26432, CVE-2021-34533, CVE-2021-34535, CVE-2021-36936, CVE-2021-36937, CVE-2021-36947)\n\n - An information disclosure vulnerability. An attacker can exploit this to disclose potentially sensitive information. (CVE-2021-26433, CVE-2021-36926, CVE-2021-36932, CVE-2021-36933)\n\n - An memory corruption vulnerability exists. An attacker can exploit this to corrupt the memory and cause unexpected behaviors within the system/application.\n (CVE-2021-34480)", "cvss3": {}, "published": "2021-08-10T00:00:00", "type": "nessus", "title": "KB5005106: Windows Server 2012 R2 Security Update (August 2021)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2021-26424", "CVE-2021-26425", "CVE-2021-26426", "CVE-2021-26432", "CVE-2021-26433", "CVE-2021-34480", "CVE-2021-34481", "CVE-2021-34483", "CVE-2021-34484", "CVE-2021-34533", "CVE-2021-34535", "CVE-2021-34537", "CVE-2021-36926", "CVE-2021-36927", "CVE-2021-36932", "CVE-2021-36933", "CVE-2021-36936", "CVE-2021-36937", "CVE-2021-36942", "CVE-2021-36947"], "modified": "2022-04-07T00:00:00", "cpe": ["cpe:/o:microsoft:windows"], "id": "SMB_NT_MS21_AUG_5005106.NASL", "href": "https://www.tenable.com/plugins/nessus/152433", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the Microsoft Security Updates API. The text\n# itself is copyright (C) Microsoft Corporation.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(152433);\n script_version(\"1.9\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/04/07\");\n\n script_cve_id(\n \"CVE-2021-26424\",\n \"CVE-2021-26425\",\n \"CVE-2021-26426\",\n \"CVE-2021-26432\",\n \"CVE-2021-26433\",\n \"CVE-2021-34480\",\n \"CVE-2021-34481\",\n \"CVE-2021-34483\",\n \"CVE-2021-34484\",\n \"CVE-2021-34533\",\n \"CVE-2021-34535\",\n \"CVE-2021-34537\",\n \"CVE-2021-36926\",\n \"CVE-2021-36927\",\n \"CVE-2021-36932\",\n \"CVE-2021-36933\",\n \"CVE-2021-36936\",\n \"CVE-2021-36937\",\n \"CVE-2021-36942\",\n \"CVE-2021-36947\"\n );\n script_xref(name:\"MSKB\", value:\"5005036\");\n script_xref(name:\"MSKB\", value:\"5005076\");\n script_xref(name:\"MSKB\", value:\"5005106\");\n script_xref(name:\"MSFT\", value:\"MS21-5005036\");\n script_xref(name:\"MSFT\", value:\"MS21-5005076\");\n script_xref(name:\"MSFT\", value:\"MS21-5005106\");\n script_xref(name:\"IAVA\", value:\"2021-A-0373-S\");\n script_xref(name:\"IAVA\", value:\"2021-A-0374-S\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2021/11/17\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2022/04/21\");\n\n script_name(english:\"KB5005106: Windows Server 2012 R2 Security Update (August 2021)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Windows host is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Windows host is missing security update 5005106\nor cumulative update 5005076. It is, therefore, affected by\nmultiple vulnerabilities :\n\n - An elevation of privilege vulnerability. An attacker can\n exploit this to gain elevated privileges.\n (CVE-2021-26425, CVE-2021-26426, CVE-2021-34483,\n CVE-2021-34484, CVE-2021-34537, CVE-2021-36927)\n\n - A session spoofing vulnerability exists. An attacker can\n exploit this to perform actions with the privileges of\n another user. (CVE-2021-36942)\n\n - A remote code execution vulnerability. An attacker can\n exploit this to bypass authentication and execute\n unauthorized arbitrary commands. (CVE-2021-26424,\n CVE-2021-26432, CVE-2021-34533, CVE-2021-34535,\n CVE-2021-36936, CVE-2021-36937, CVE-2021-36947)\n\n - An information disclosure vulnerability. An attacker can\n exploit this to disclose potentially sensitive\n information. (CVE-2021-26433, CVE-2021-36926,\n CVE-2021-36932, CVE-2021-36933)\n\n - An memory corruption vulnerability exists. An attacker\n can exploit this to corrupt the memory and cause\n unexpected behaviors within the system/application.\n (CVE-2021-34480)\");\n # https://support.microsoft.com/en-us/topic/kb5005036-cumulative-security-update-for-internet-explorer-august-10-2021-621b1edb-b461-4d99-ae3e-5add55e53895\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?0fe73cef\");\n # https://support.microsoft.com/en-us/topic/august-10-2021-kb5005076-monthly-rollup-bf677fed-96d9-475e-87c1-a053fa75fef7\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?0e0382f6\");\n # https://support.microsoft.com/en-us/topic/august-10-2021-kb5005106-security-only-update-d1ab5a34-55c1-4f66-8776-54a0c3bf40a7\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?57da6a50\");\n script_set_attribute(attribute:\"solution\", value:\n\"Apply Security Only update KB5005106 or Cumulative Update KB5005076.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-36936\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/08/10\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/08/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/08/10\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:microsoft:windows\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows : Microsoft Bulletins\");\n\n script_copyright(english:\"This script is Copyright (C) 2021-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"smb_check_rollup.nasl\", \"smb_hotfixes.nasl\", \"ms_bulletin_checks_possible.nasl\");\n script_require_keys(\"SMB/MS_Bulletin_Checks/Possible\");\n script_require_ports(139, 445, \"Host/patch_management_checks\");\n\n exit(0);\n}\n\ninclude('smb_func.inc');\ninclude('smb_hotfixes.inc');\ninclude('smb_hotfixes_fcheck.inc');\ninclude('smb_reg_query.inc');\n\nget_kb_item_or_exit('SMB/MS_Bulletin_Checks/Possible');\n\nbulletin = 'MS21-08';\nkbs = make_list(\n '5005106',\n '5005076'\n);\n\nif (get_kb_item('Host/patch_management_checks')) hotfix_check_3rd_party(bulletin:bulletin, kbs:kbs, severity:SECURITY_HOLE);\n\nget_kb_item_or_exit('SMB/Registry/Enumerated');\nget_kb_item_or_exit('SMB/WindowsVersion', exit_code:1);\n\nif (hotfix_check_sp_range(win81:'0') <= 0) audit(AUDIT_OS_SP_NOT_VULN);\n\nshare = hotfix_get_systemdrive(as_share:TRUE, exit_on_fail:TRUE);\nif (!is_accessible_share(share:share)) audit(AUDIT_SHARE_FAIL, share);\n\nif (\n smb_check_rollup(os:'6.3', \n sp:0,\n rollup_date:'08_2021',\n bulletin:bulletin,\n rollup_kb_list:[5005106, 5005076])\n)\n{\n replace_kb_item(name:'SMB/Missing/'+bulletin, value:TRUE);\n hotfix_security_hole();\n hotfix_check_fversion_end();\n exit(0);\n}\nelse\n{\n hotfix_check_fversion_end();\n audit(AUDIT_HOST_NOT, hotfix_get_audit_report());\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T15:32:21", "description": "The Windows Remote Desktop client for Windows installed on the remote host is affected by a remote code execution vulnerability. An attacker who successfully exploited the vulnerability could execute arbitrary code.", "cvss3": {}, "published": "2021-08-19T00:00:00", "type": "nessus", "title": "Remote Desktop client for Windows RCE (August 2021)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2021-34535"], "modified": "2021-08-20T00:00:00", "cpe": ["cpe:/o:microsoft:windows"], "id": "SMB_NT_MS21_AUG_RDC.NASL", "href": "https://www.tenable.com/plugins/nessus/152669", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# Tenable Network Security, Inc.\n##\n# The descriptive text and package checks in this plugin were\n# extracted from the Microsoft Security Updates API. The text\n# itself is copyright (C) Microsoft Corporation.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(152669);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/08/20\");\n\n script_cve_id(\"CVE-2021-34535\");\n\n script_name(english:\"Remote Desktop client for Windows RCE (August 2021)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The Windows app installed on the remote host is affected by a remote code\nexecution vulnerability.\");\n script_set_attribute(attribute:\"description\", value:\n\"The Windows Remote Desktop client for Windows installed on the remote\nhost is affected by a remote code execution vulnerability. An attacker who\nsuccessfully exploited the vulnerability could execute arbitrary code.\");\n # https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-34535\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?d2a45a5b\");\n # https://docs.microsoft.com/en-us/windows-server/remote/remote-desktop-services/clients/windowsdesktop-whatsnew#updates-for-version-122223\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?bb5c6218\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to client version 1.2.2223 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-34535\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/08/10\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/08/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/08/19\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:microsoft:windows\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows\");\n\n script_copyright(english:\"This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"remote_desktop_installed.nbin\");\n script_require_keys(\"installed_sw/Microsoft Remote Desktop\");\n\n exit(0);\n}\n\ninclude('vcf.inc');\n\nvar appname = \"Microsoft Remote Desktop\";\n\nvar app_info = vcf::get_app_info(app:appname, win_local:TRUE);\n\nvcf::check_granularity(app_info:app_info, sig_segments:3);\n\nvar constraints = [\n { 'fixed_version' : '1.2.2223.0' }\n];\n\nvcf::check_version_and_report(app_info:app_info, constraints:constraints, severity:SECURITY_WARNING);\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T15:32:49", "description": "The Internet Explorer installation on the remote host is missing a security update. It is, therefore, affected by a memory corruption error in the scripting engine. An unauthenticated, remote attacker can exploit this to execute arbitrary commands. (CVE-2021-34480)", "cvss3": {}, "published": "2021-08-10T00:00:00", "type": "nessus", "title": "Security Updates for Internet Explorer (August 2021)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2021-34480"], "modified": "2021-08-25T00:00:00", "cpe": ["cpe:/a:microsoft:ie"], "id": "SMB_NT_MS21_AUG_INTERNET_EXPLORER.NASL", "href": "https://www.tenable.com/plugins/nessus/152432", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(152432);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/08/25\");\n\n script_cve_id(\"CVE-2021-34480\");\n script_xref(name:\"MSKB\", value:\"5005036\");\n script_xref(name:\"MSKB\", value:\"5005076\");\n script_xref(name:\"MSKB\", value:\"5005088\");\n script_xref(name:\"MSKB\", value:\"5005090\");\n script_xref(name:\"MSKB\", value:\"5005099\");\n script_xref(name:\"MSFT\", value:\"MS21-5005036\");\n script_xref(name:\"MSFT\", value:\"MS21-5005076\");\n script_xref(name:\"MSFT\", value:\"MS21-5005088\");\n script_xref(name:\"MSFT\", value:\"MS21-5005090\");\n script_xref(name:\"MSFT\", value:\"MS21-5005099\");\n\n script_name(english:\"Security Updates for Internet Explorer (August 2021)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The Internet Explorer installation on the remote host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"The Internet Explorer installation on the remote host is missing a security update. It is, therefore, affected by a\nmemory corruption error in the scripting engine. An unauthenticated, remote attacker can exploit this to execute\narbitrary commands. (CVE-2021-34480)\");\n script_set_attribute(attribute:\"see_also\", value:\"https://support.microsoft.com/en-us/topic/5005036\");\n script_set_attribute(attribute:\"see_also\", value:\"https://support.microsoft.com/en-us/topic/5005076\");\n script_set_attribute(attribute:\"see_also\", value:\"https://support.microsoft.com/en-us/topic/5005088\");\n script_set_attribute(attribute:\"see_also\", value:\"https://support.microsoft.com/en-us/topic/5005090\");\n script_set_attribute(attribute:\"see_also\", value:\"https://support.microsoft.com/en-us/topic/5005099\");\n script_set_attribute(attribute:\"solution\", value:\n\"Microsoft has released the following security updates to address this issue: \n -KB5005036\n -KB5005076\n -KB5005088\n -KB5005090\n -KB5005099\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-34480\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/08/10\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/08/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/08/10\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:microsoft:ie\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows : Microsoft Bulletins\");\n\n script_copyright(english:\"This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"smb_check_rollup.nasl\", \"smb_hotfixes.nasl\", \"ms_bulletin_checks_possible.nasl\");\n script_require_keys(\"SMB/MS_Bulletin_Checks/Possible\");\n script_require_ports(139, 445, \"Host/patch_management_checks\");\n\n exit(0);\n}\ninclude('smb_hotfixes_fcheck.inc');\ninclude('smb_hotfixes.inc');\ninclude('smb_func.inc');\n\nget_kb_item_or_exit('SMB/MS_Bulletin_Checks/Possible');\n\nvar bulletin = 'MS21-08';\nvar kbs = make_list(\n '5005036',\n '5005076',\n '5005088',\n '5005090',\n '5005099'\n);\n\nif (get_kb_item('Host/patch_management_checks')) hotfix_check_3rd_party(bulletin:bulletin, kbs:kbs, severity:SECURITY_WARNING);\n\nget_kb_item_or_exit('SMB/Registry/Enumerated');\nvar os = get_kb_item_or_exit('SMB/WindowsVersion', exit_code:1);\n\nif (hotfix_check_sp_range(vista:'2', win7:'1', win8:'0', win81:'0') <= 0) audit(AUDIT_OS_SP_NOT_VULN);\n\nvar productname = get_kb_item_or_exit('SMB/ProductName', exit_code:1);\nif ('Windows 8' >< productname && '8.1' >!< productname)\n audit(AUDIT_OS_SP_NOT_VULN);\nif ('Vista' >< productname) audit(AUDIT_OS_SP_NOT_VULN);\n\nif (hotfix_check_server_core() == 1) audit(AUDIT_WIN_SERVER_CORE);\n\nvar share = hotfix_get_systemdrive(as_share:TRUE, exit_on_fail:TRUE);\nif (!is_accessible_share(share:share)) audit(AUDIT_SHARE_FAIL, share);\n\nif (\n # Windows 8.1 / Windows Server 2012 R2\n # Internet Explorer 11\n hotfix_is_vulnerable(os:'6.3', sp:0, file:'mshtml.dll', version:'11.0.9600.20091', min_version:'11.0.9600.16000', dir:'\\\\system32', bulletin:bulletin, kb:'5005036') ||\n\n # Windows Server 2012\n # Internet Explorer 11\n hotfix_is_vulnerable(os:'6.2', sp:0, file:'mshtml.dll', version:'11.0.9600.20091', min_version:'11.0.9600.16000', dir:'\\\\system32', bulletin:bulletin, kb:'5005036') ||\n\n # Windows 7 / Server 2008 R2\n # Internet Explorer 11\n hotfix_is_vulnerable(os:'6.1', sp:1, file:'mshtml.dll', version:'11.0.9600.20091', min_version:'11.0.9600.16000', dir:'\\\\system32', bulletin:bulletin, kb:'5005036') ||\n\n # Windows Server 2008\n # Internet Explorer 9\n hotfix_is_vulnerable(os:'6.0', sp:2, file:'mshtml.dll', version:'9.0.8112.21581', min_version:'9.0.8112.16000', dir:'\\\\system32', bulletin:bulletin, kb:'5005036')\n)\n{\n var report = '\\nNote: The fix for this issue is available in either of the following updates:\\n';\n report += ' - KB5005036 : Cumulative Security Update for Internet Explorer\\n';\n\n if(os == '6.3')\n {\n report += ' - KB5005076 : Windows 8.1 / Server 2012 R2 Monthly Rollup\\n';\n hotfix_add_report(bulletin:bulletin, kb:'5005076', report);\n }\n else if(os == '6.2')\n {\n report += ' - KB5005099 : Windows Server 2012 Monthly Rollup\\n';\n hotfix_add_report(bulletin:bulletin, kb:'5005099', report);\n }\n else if(os == '6.1')\n {\n report += ' - KB5005088 : Windows 7 / Server 2008 R2 Monthly Rollup\\n';\n hotfix_add_report(bulletin:bulletin, kb:'5005088', report);\n }\n else if(os == '6.0')\n {\n report += ' - KB5005090 : Windows Server 2008 Monthly Rollup\\n';\n hotfix_add_report(bulletin:bulletin, kb:'5005090', report);\n }\n\n set_kb_item(name:'SMB/Missing/'+bulletin, value:TRUE);\n\n var port = kb_smb_transport();\n\n hotfix_security_warning();\n hotfix_check_fversion_end();\n}\nelse\n{\n hotfix_check_fversion_end();\n audit(AUDIT_HOST_NOT, hotfix_get_audit_report());\n}\n\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T15:32:36", "description": "The remote Windows host is missing security update 5005095 or cumulative update 5005090. It is, therefore, affected by multiple vulnerabilities :\n\n - A remote code execution vulnerability. An attacker can exploit this to bypass authentication and execute unauthorized arbitrary commands. (CVE-2021-26424, CVE-2021-34533, CVE-2021-36936, CVE-2021-36937, CVE-2021-36947)\n\n - A session spoofing vulnerability exists. An attacker can exploit this to perform actions with the privileges of another user. (CVE-2021-36942)\n\n - An elevation of privilege vulnerability. An attacker can exploit this to gain elevated privileges.\n (CVE-2021-26425, CVE-2021-34483, CVE-2021-34484, CVE-2021-36927)", "cvss3": {}, "published": "2021-08-10T00:00:00", "type": "nessus", "title": "KB5005095: Windows Server 2008 Security Update (August 2021)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2021-26424", "CVE-2021-26425", "CVE-2021-34481", "CVE-2021-34483", "CVE-2021-34484", "CVE-2021-34533", "CVE-2021-36927", "CVE-2021-36936", "CVE-2021-36937", "CVE-2021-36942", "CVE-2021-36947"], "modified": "2022-04-07T00:00:00", "cpe": ["cpe:/o:microsoft:windows"], "id": "SMB_NT_MS21_AUG_5005095.NASL", "href": "https://www.tenable.com/plugins/nessus/152425", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the Microsoft Security Updates API. The text\n# itself is copyright (C) Microsoft Corporation.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(152425);\n script_version(\"1.9\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/04/07\");\n\n script_cve_id(\n \"CVE-2021-26424\",\n \"CVE-2021-26425\",\n \"CVE-2021-34481\",\n \"CVE-2021-34483\",\n \"CVE-2021-34484\",\n \"CVE-2021-34533\",\n \"CVE-2021-36927\",\n \"CVE-2021-36936\",\n \"CVE-2021-36937\",\n \"CVE-2021-36942\",\n \"CVE-2021-36947\"\n );\n script_xref(name:\"MSKB\", value:\"5005095\");\n script_xref(name:\"MSKB\", value:\"5005090\");\n script_xref(name:\"MSFT\", value:\"MS21-5005095\");\n script_xref(name:\"MSFT\", value:\"MS21-5005090\");\n script_xref(name:\"IAVA\", value:\"2021-A-0373-S\");\n script_xref(name:\"IAVA\", value:\"2021-A-0374-S\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2021/11/17\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2022/04/21\");\n\n script_name(english:\"KB5005095: Windows Server 2008 Security Update (August 2021)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Windows host is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Windows host is missing security update 5005095\nor cumulative update 5005090. It is, therefore, affected by\nmultiple vulnerabilities :\n\n - A remote code execution vulnerability. An attacker can\n exploit this to bypass authentication and execute\n unauthorized arbitrary commands. (CVE-2021-26424,\n CVE-2021-34533, CVE-2021-36936, CVE-2021-36937,\n CVE-2021-36947)\n\n - A session spoofing vulnerability exists. An attacker can\n exploit this to perform actions with the privileges of\n another user. (CVE-2021-36942)\n\n - An elevation of privilege vulnerability. An attacker can\n exploit this to gain elevated privileges.\n (CVE-2021-26425, CVE-2021-34483, CVE-2021-34484,\n CVE-2021-36927)\");\n # https://support.microsoft.com/en-us/topic/august-10-2021-kb5005095-security-only-update-a324fdbb-ce90-4c4d-8d9d-e9f2f2a57e0e\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?de72daa6\");\n # https://support.microsoft.com/en-us/topic/august-10-2021-kb5005090-monthly-rollup-8feea9cd-25f9-41ef-b8e1-815211dc4e6c\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?910509c6\");\n script_set_attribute(attribute:\"solution\", value:\n\"Apply Security Only update KB5005095 or Cumulative Update KB5005090.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-36936\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/08/10\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/08/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/08/10\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:microsoft:windows\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows : Microsoft Bulletins\");\n\n script_copyright(english:\"This script is Copyright (C) 2021-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"smb_check_rollup.nasl\", \"smb_hotfixes.nasl\", \"ms_bulletin_checks_possible.nasl\");\n script_require_keys(\"SMB/MS_Bulletin_Checks/Possible\");\n script_require_ports(139, 445, \"Host/patch_management_checks\");\n\n exit(0);\n}\n\ninclude('smb_func.inc');\ninclude('smb_hotfixes.inc');\ninclude('smb_hotfixes_fcheck.inc');\ninclude('smb_reg_query.inc');\n\nget_kb_item_or_exit('SMB/MS_Bulletin_Checks/Possible');\n\nbulletin = 'MS21-08';\nkbs = make_list(\n '5005095',\n '5005090'\n);\n\nif (get_kb_item('Host/patch_management_checks')) hotfix_check_3rd_party(bulletin:bulletin, kbs:kbs, severity:SECURITY_HOLE);\n\nget_kb_item_or_exit('SMB/Registry/Enumerated');\nget_kb_item_or_exit('SMB/WindowsVersion', exit_code:1);\n\nif (hotfix_check_sp_range(vista:'2') <= 0) audit(AUDIT_OS_SP_NOT_VULN);\n\nshare = hotfix_get_systemdrive(as_share:TRUE, exit_on_fail:TRUE);\nif (!is_accessible_share(share:share)) audit(AUDIT_SHARE_FAIL, share);\n\nif (\n smb_check_rollup(os:'6.0', \n sp:2,\n rollup_date:'08_2021',\n bulletin:bulletin,\n rollup_kb_list:[5005095, 5005090])\n)\n{\n replace_kb_item(name:'SMB/Missing/'+bulletin, value:TRUE);\n hotfix_security_hole();\n hotfix_check_fversion_end();\n exit(0);\n}\nelse\n{\n hotfix_check_fversion_end();\n audit(AUDIT_HOST_NOT, hotfix_get_audit_report());\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}], "mskb": [{"lastseen": "2023-05-19T10:52:17", "description": "None\n**6/15/21 \nIMPORTANT **This release includes the Flash Removal Package. Taking this update will remove Adobe Flash from the machine. For more information, see the [Update on Adobe Flash Player End of Support](<https://blogs.windows.com/msedgedev/2020/09/04/update-adobe-flash-end-support/>).\n\n**11/19/20** \nFor information about Windows update terminology, see the article about the [types of Windows updates](<https://docs.microsoft.com/en-us/troubleshoot/windows-client/deployment/standard-terminology-software-updates>) and the [monthly quality update types](<https://techcommunity.microsoft.com/t5/windows-it-pro-blog/windows-quality-updates-primer/ba-p/2569385>). To view other notes and messages, see the Windows 10, version 1909 update history home page. **Note **Follow [@WindowsUpdate](<https://twitter.com/windowsupdate>) to find out when new content is published to the release information dashboard.\n\n## Highlights\n\n * Updates the default installation privilege requirement so that you must be an administrator to install drivers when using [Point and Print](<https://docs.microsoft.com/en-us/windows-hardware/drivers/print/introduction-to-point-and-print>). \n\n## Improvements and fixes\n\nThis security update includes quality improvements. Key changes include:\n\n * Changes the default privilege requirement for installing drivers when using Point and Print. After installing this update, you must have administrative privileges to install drivers. If you use Point and Print, see [KB5005652](<https://support.microsoft.com/topic/873642bf-2634-49c5-a23b-6d8e9a302872>), [Point and Print Default Behavior Change](<https://aka.ms/PointPrintMSRCBlog>), and [CVE-2021-34481](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-34481>) for more information. \nIf you installed earlier updates, only the new fixes contained in this package will be downloaded and installed on your device.For more information about the resolved security vulnerabilities, please refer to the new [Security Update Guide](<https://msrc.microsoft.com/update-guide>) website.\n\n**Windows Update Improvements**Microsoft has released an update directly to the Windows Update client to improve reliability. Any device running Windows 10 configured to receive updates automatically from Windows Update, including Enterprise and Pro editions, will be offered the latest Windows 10 feature update based on device compatibility and Windows Update for Business deferral policy. This doesn't apply to long-term servicing editions.\n\n## Known issues in this update\n\n**Symptom**| **Workaround** \n---|--- \nAfter installing this update, the Encrypted File System (EFS) API [OpenEncryptedFileRaw(A/W)](<https://docs.microsoft.com/en-us/windows/win32/api/winbase/nf-winbase-openencryptedfilerawa>), often used in backup software, will not work when you back up to or from a Windows Server 2008 SP2 device. OpenEncryptedFileRaw will continue to work on all other versions of Windows (local and remote).| This behavior is expected because we addressed the issue in CVE-2021-36942.**Note** If you cannot use backup software on Windows 7 SP1 and Server 2008 R2 SP1 or later after installing this update, contact the manufacturer of your backup software for updates and support. \n \n## How to get this update\n\n**Before installing this update**Prerequisite:You **must **install the July 13, 2021 servicing stack update (SSU) (KB5004748) or the latest SSU (KB5005412) before installing the latest cumulative update (LCU). SSUs improve the reliability of the update process to mitigate potential issues while installing the LCU and applying Microsoft security fixes. For general information about SSUs, see [Servicing stack updates](<https://docs.microsoft.com/en-us/windows/deployment/update/servicing-stack-updates>) and Servicing Stack Updates (SSU): Frequently Asked Questions.If you are using Windows Update, the latest SSU will be offered to you automatically. To get the standalone package for the latest SSU, search for it in the [Microsoft Update Catalog](<https://www.catalog.update.microsoft.com/home.aspx>).**Install this update****Release Channel**| **Available**| **Next Step** \n---|---|--- \nWindows Update and Microsoft Update| Yes| None. This update will be downloaded and installed automatically from Windows Update. \nWindows Update for Business| Yes| None. This update will be downloaded and installed automatically from Windows Update in accordance with configured policies. \nMicrosoft Update Catalog| Yes| To get the standalone package for this update, go to the [Microsoft Update Catalog](<https://www.catalog.update.microsoft.com/Search.aspx?q=KB5005031>) website. \nWindows Server Update Services (WSUS)| Yes| This update will automatically sync with WSUS if you configure **Products and Classifications** as follows:**Product**: Windows 10, version 1903 and later**Classification**: Security Updates \n**File information**For a list of the files that are provided in this update, download the [file information for cumulative update 5005031](<https://download.microsoft.com/download/5/9/0/5901bffe-66e8-4289-9077-b87ae1af9813/5005031.csv>). \n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-08-10T07:00:00", "type": "mskb", "title": "August 10, 2021\u2014KB5005031 (OS Build 18363.1734)", "bulletinFamily": "microsoft", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-34481", "CVE-2021-36942", "CVE-2021-36948"], "modified": "2021-08-10T07:00:00", "id": "KB5005031", "href": "https://support.microsoft.com/en-us/help/5005031", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-05-19T10:52:17", "description": "None\n**6/15/21 \nIMPORTANT **This release includes the Flash Removal Package. Taking this update will remove Adobe Flash from the machine. For more information, see the [Update on Adobe Flash Player End of Support](<https://blogs.windows.com/msedgedev/2020/09/04/update-adobe-flash-end-support/>).\n\n**11/17/20**For information about Windows update terminology, see the article about the [types of Windows updates](<https://docs.microsoft.com/en-us/troubleshoot/windows-client/deployment/standard-terminology-software-updates>) and the [monthly quality update types](<https://techcommunity.microsoft.com/t5/windows-it-pro-blog/windows-quality-updates-primer/ba-p/2569385>). To view other notes and messages, see the Windows 10, version 2004 update history [home page](<https://support.microsoft.com/en-us/help/4555932>). **Note **Follow [@WindowsUpdate](<https://twitter.com/windowsupdate>) to find out when new content is published to the release information dashboard.\n\n## Highlights\n\n * Updates the default installation privilege requirement so that you must be an administrator to install drivers when using [Point and Print](<https://docs.microsoft.com/en-us/windows-hardware/drivers/print/introduction-to-point-and-print>). \n\n## Improvements and fixes\n\n**Note **To view the list of addressed issues, click or tap the OS name to expand the collapsible section.\n\n### \n\n__\n\nWindows 10, version 21H1\n\nThis security update includes quality improvements. Key changes include:\n\n * This build includes all the improvements from Windows 10, version 2004.\n * No additional issues were documented for this release.\n\n### \n\n__\n\nWindows 10, version 20H2\n\nThis security update includes quality improvements. Key changes include:\n\n * This build includes all the improvements from Windows 10, version 2004.\n * No additional issues were documented for this release.\n\n### \n\n__\n\nWindows 10, version 2004\n\n**Note: **This release also contains updates for Microsoft HoloLens (OS Build 19041.1159) released August 10, 2021. Microsoft will release an update directly to the Windows Update Client to improve Windows Update reliability on Microsoft HoloLens that have not updated to this most recent OS Build.\n\nThis security update includes quality improvements. Key changes include:\n\n * Changes the default privilege requirement for installing drivers when using Point and Print. After installing this update, you must have administrative privileges to install drivers. If you use Point and Print, see [KB5005652](<https://support.microsoft.com/topic/873642bf-2634-49c5-a23b-6d8e9a302872>), [Point and Print Default Behavior Change](<https://aka.ms/PointPrintMSRCBlog>), and [CVE-2021-34481](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-34481>) for more information.\nIf you installed earlier updates, only the new fixes contained in this package will be downloaded and installed on your device.For more information about the resolved security vulnerabilities, please refer to the new [Security Update Guide](<https://msrc.microsoft.com/update-guide>) website.\n\n**Windows Update Improvements**Microsoft has released an update directly to the Windows Update client to improve reliability. Any device running Windows 10 configured to receive updates automatically from Windows Update, including Enterprise and Pro editions, will be offered the latest Windows 10 feature update based on device compatibility and Windows Update for Business deferral policy. This doesn't apply to long-term servicing editions.\n\n### Windows 10 servicing stack update - 19041.1161, 19042.1161, and 19043.1161\n\n * This update makes quality improvements to the servicing stack, which is the component that installs Windows updates. Servicing stack updates (SSU) ensure that you have a robust and reliable servicing stack so that your devices can receive and install Microsoft updates.\n\n## Known issues in this update\n\n### \n\n__\n\nClick or tap to view the known issues\n\n**Symptom**| **Workaround** \n---|--- \nWhen using the Microsoft Japanese Input Method Editor (IME) to enter Kanji characters in an app that automatically allows the input of Furigana characters, you might not get the correct Furigana characters. You might need to enter the Furigana characters manually.**Note **The affected apps are using the **ImmGetCompositionString()** function.| This issue is resolved in KB5005101. \nDevices with Windows installations created from custom offline media or custom ISO image might have [Microsoft Edge Legacy](<https://support.microsoft.com/en-us/microsoft-edge/what-is-microsoft-edge-legacy-3e779e55-4c55-08e6-ecc8-2333768c0fb0>) removed by this update, but not automatically replaced by the new Microsoft Edge. This issue is only encountered when custom offline media or ISO images are created by slipstreaming this update into the image without having first installed the standalone servicing stack update (SSU) released March 29, 2021 or later.**Note **Devices that connect directly to Windows Update to receive updates are not affected. This includes devices using Windows Update for Business. Any device connecting to Windows Update should always receive the latest versions of the SSU and latest cumulative update (LCU) without any extra steps. | To avoid this issue, be sure to first slipstream the SSU released March 29, 2021 or later into the custom offline media or ISO image before slipstreaming the LCU. To do this with the combined SSU and LCU packages now used for Windows 10, version 20H2 and Windows 10, version 2004, you will need to extract the SSU from the combined package. Use the following steps to extract the SSU:\n\n 1. Extract the cab from the msu via this command line (using the package for KB5000842 as an example): **expand Windows10.0-KB5000842-x64.msu /f:Windows10.0-KB5000842-x64.cab <destination path>**\n 2. Extract the SSU from the previously extracted cab via this command line: **expand Windows10.0-KB5000842-x64.cab /f:* <destination path>**\n 3. You will then have the SSU cab, in this example named **SSU-19041.903-x64.cab**. Slipstream this file into your offline image first, then the LCU.\nIf you have already encountered this issue by installing the OS using affected custom media, you can mitigate it by directly installing the [new Microsoft Edge](<https://www.microsoft.com/edge>). If you need to broadly deploy the new Microsoft Edge for business, see [Download and deploy Microsoft Edge for business](<https://www.microsoft.com/edge/business/download>). \nAfter installing the June 21, 2021 (KB5003690) update, some devices cannot install new updates, such as the July 6, 2021 (KB5004945) or later updates. You will receive the error message, \"PSFX_E_MATCHING_BINARY_MISSING\".| For more information and a workaround, see KB5005322. \nAfter installing this update, the Encrypted File System (EFS) API [OpenEncryptedFileRaw(A/W)](<https://docs.microsoft.com/en-us/windows/win32/api/winbase/nf-winbase-openencryptedfilerawa>), often used in backup software, will not work when you back up to or from a Windows Server 2008 SP2 device. OpenEncryptedFileRaw will continue to work on all other versions of Windows (local and remote).| This behavior is expected because we addressed the issue in CVE-2021-36942.**Note** If you cannot use backup software on Windows 7 SP1 and Server 2008 R2 SP1 or later after installing this update, contact the manufacturer of your backup software for updates and support. \n \n## How to get this update\n\n**Before installing this update**Microsoft now combines the latest servicing stack update (SSU) for your operating system with the latest cumulative update (LCU). For general information about SSUs, see [Servicing stack updates](<https://docs.microsoft.com/en-us/windows/deployment/update/servicing-stack-updates>) and Servicing Stack Updates (SSU): Frequently Asked Questions.Prerequisite:For Windows Server Update Services (WSUS) deployment or when installing the standalone package from Microsoft Update Catalog:If your devices do not have the May 11, 2021 update (KB5003173) or later LCU, you **must **install the special standalone August 10, 2021 SSU (KB5005260).**Install this update****Release Channel**| **Available**| **Next Step** \n---|---|--- \nWindows Update and Microsoft Update| Yes| None. This update will be downloaded and installed automatically from Windows Update. \nWindows Update for Business| Yes| None. This update will be downloaded and installed automatically from Windows Update in accordance with configured policies. \nMicrosoft Update Catalog| Yes| To get the standalone package for this update, go to the [Microsoft Update Catalog](<https://www.catalog.update.microsoft.com/Search.aspx?q=KB5005033>) website. \nWindows Server Update Services (WSUS)| Yes| This update will automatically sync with WSUS if you configure **Products and Classifications** as follows:**Product**: Windows 10, version 1903 and later**Classification**: Security Updates \n \n**If you want to remove the LCU**To remove the LCU after installing the combined SSU and LCU package, use the [DISM/Remove-Package](<https://docs.microsoft.com/en-us/windows-hardware/manufacture/desktop/dism-operating-system-package-servicing-command-line-options>) command line option with the LCU package name as the argument. You can find the package name by using this command: **DISM /online /get-packages**.Running [Windows Update Standalone Installer](<https://support.microsoft.com/en-us/topic/description-of-the-windows-update-standalone-installer-in-windows-799ba3df-ec7e-b05e-ee13-1cdae8f23b19>) (**wusa.exe**) with the **/uninstall **switch on the combined package will not work because the combined package contains the SSU. You cannot remove the SSU from the system after installation.\n\n**File information**For a list of the files that are provided in this update, download the [file information for cumulative update 5005033](<https://download.microsoft.com/download/1/e/e/1eeb7268-cb6a-4865-a98b-9c51f0ec7beb/5005033.csv>). For a list of the files that are provided in the servicing stack update, download the [file information for the SSU - version 19041.1161, 19042.1161, and 19043.1161](<https://download.microsoft.com/download/f/7/4/f74513f3-7838-4538-89f5-8be86d571826/SSU_version_19041_1161.csv>). \n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-08-10T07:00:00", "type": "mskb", "title": "August 10, 2021\u2014KB5005033 (OS Builds 19041.1165, 19042.1165, and 19043.1165)", "bulletinFamily": "microsoft", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-34481", "CVE-2021-36942", "CVE-2021-36948"], "modified": "2021-08-10T07:00:00", "id": "KB5005033", "href": "https://support.microsoft.com/en-us/help/5005033", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-05-19T10:52:17", "description": "None\n**6/15/21 \nIMPORTANT **This release includes the Flash Removal Package. Taking this update will remove Adobe Flash from the machine. For more information, see the [Update on Adobe Flash Player End of Support](<https://blogs.windows.com/msedgedev/2020/09/04/update-adobe-flash-end-support/>).\n\n**11/17/20** \nFor information about Windows update terminology, see the article about the [types of Windows updates](<https://docs.microsoft.com/en-us/troubleshoot/windows-client/deployment/standard-terminology-software-updates>) and the [monthly quality update types](<https://techcommunity.microsoft.com/t5/windows-it-pro-blog/windows-quality-updates-primer/ba-p/2569385>). To view other notes and messages, see the Windows 10, version 1809 update history home page.\n\n**Note **This release also contains updates for Microsoft HoloLens (OS Build 17763.2114) released August 10, 2021. Microsoft will release an update directly to the Windows Update Client to improve Windows Update reliability on Microsoft HoloLens that have not updated to this most recent OS Build.\n\n## Highlights\n\n * Updates the default installation privilege requirement so that you must be an administrator to install drivers when using [Point and Print](<https://docs.microsoft.com/en-us/windows-hardware/drivers/print/introduction-to-point-and-print>). \n\n## Improvements and fixes\n\nThis security update includes quality improvements. Key changes include:\n\n * Changes the default privilege requirement for installing drivers when using Point and Print. After installing this update, you must have administrative privileges to install drivers. If you use Point and Print, see [KB5005652](<https://support.microsoft.com/topic/873642bf-2634-49c5-a23b-6d8e9a302872>), [Point and Print Default Behavior Change](<https://aka.ms/PointPrintMSRCBlog>), and [CVE-2021-34481](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-34481>) for more information.\nIf you installed earlier updates, only the new fixes contained in this package will be downloaded and installed on your device.For more information about the resolved security vulnerabilities, please refer to the new [Security Update Guide](<https://msrc.microsoft.com/update-guide>) website.\n\n**Windows Update Improvements**Microsoft has released an update directly to the Windows Update client to improve reliability. Any device running Windows 10 configured to receive updates automatically from Windows Update, including Enterprise and Pro editions, will be offered the latest Windows 10 feature update based on device compatibility and Windows Update for Business deferral policy. This doesn't apply to long-term servicing editions.\n\n## Known issues in this update\n\n### \n\n__\n\nClick or tap to view the known issues\n\n**Symptom**| **Workaround** \n---|--- \nAfter installing KB4493509, devices with some Asian language packs installed may receive the error, \"0x800f0982 - PSFX_E_MATCHING_COMPONENT_NOT_FOUND.\"| This issue is addressed by updates released June 11, 2019 and later. We recommend you install the latest security updates for your device. Customers installing Windows Server 2019 using media should install the latest [Servicing Stack Update (SSU)](<https://docs.microsoft.com/windows/deployment/update/servicing-stack-updates>) before installing the language pack or other optional components. If using the [Volume Licensing Service Center (VLSC)](<https://www.microsoft.com/licensing/servicecenter/default.aspx>), acquire the latest Windows Server 2019 media available. The proper order of installation is as follows:\n\n 1. Install the latest prerequisite SSU, currently [KB5005112](<https://support.microsoft.com/help/5005112>)\n 2. Install optional components or language packs\n 3. Install latest cumulative update\n**Note** Updating your device will prevent this issue, but will have no effect on devices already affected by this issue. If this issue is present in your device, you will need to use the workaround steps to repair it.**Workaround:**\n\n 1. Uninstall and reinstall any recently added language packs. For instructions, see [Manage the input and display language settings in Windows 10](<https://support.microsoft.com/windows/manage-the-input-and-display-language-settings-in-windows-12a10cb4-8626-9b77-0ccb-5013e0c7c7a2>).\n 2. Click **Check for Updates **and install the April 2019 Cumulative Update or later. For instructions, see [Update Windows 10](<https://support.microsoft.com/windows/update-windows-3c5ae7fc-9fb6-9af1-1984-b5e0412c556a>).\n**Note **If reinstalling the language pack does not mitigate the issue, use the In-Place-Upgrade feature. For guidance, see [How to do an in-place upgrade on Windows](<https://docs.microsoft.com/troubleshoot/windows-server/deployment/repair-or-in-place-upgrade>), and [Perform an in-place upgrade of Windows Server](<https://docs.microsoft.com/windows-server/get-started/perform-in-place-upgrade>). \nAfter installing KB5001342 or later, the Cluster Service might fail to start because a Cluster Network Driver is not found.| This issue occurs because of an update to the PnP class drivers used by this service. After about 20 minutes, you should be able to restart your device and not encounter this issue. \nFor more information about the specific errors, cause, and workaround for this issue, please see KB5003571. \nAfter installing this update, the Encrypted File System (EFS) API [OpenEncryptedFileRaw(A/W)](<https://docs.microsoft.com/en-us/windows/win32/api/winbase/nf-winbase-openencryptedfilerawa>), often used in backup software, will not work when you back up to or from a Windows Server 2008 SP2 device. OpenEncryptedFileRaw will continue to work on all other versions of Windows (local and remote).| This behavior is expected because we addressed the issue in CVE-2021-36942.**Note** If you cannot use backup software on Windows 7 SP1 and Server 2008 R2 SP1 or later after installing this update, contact the manufacturer of your backup software for updates and support. \nAfter installing updates released April 22, 2021 or later, an issue occurs that affects versions of Windows Server that are in use as a Key Management Services (KMS) host. Client devices running Windows 10 Enterprise LTSC 2019 and Windows 10 Enterprise LTSC 2016 might fail to activate. This issue only occurs when using a new Customer Support Volume License Key (CSVLK). **Note** This does not affect activation of any other version or edition of Windows. Client devices that are attempting to activate and are affected by this issue might receive the error, \"Error: 0xC004F074. The Software Licensing Service reported that the computer could not be activated. No Key Management Service (KMS) could be contacted. Please see the Application Event Log for additional information.\"Event Log entries related to activation are another way to tell that you might be affected by this issue. Open **Event Viewer **on the client device that failed activation and go to **Windows Logs **> **Application**. If you see only event ID 12288 without a corresponding event ID 12289, this means one of the following:\n\n * The KMS client could not reach the KMS host.\n * The KMS host did not respond.\n * The client did not receive the response.\nFor more information on these event IDs, see [Useful KMS client events - Event ID 12288 and Event ID 12289](<https://docs.microsoft.com/windows-server/get-started/activation-troubleshoot-kms-general#event-id-12288-and-event-id-12289>).| This issue is resolved in KB5009616. \n \n## How to get this update\n\n**Before installing this update**Prerequisite:You **must **install the May 11, 2021 servicing stack update (SSU) (KB5003243) or the latest SSU (KB5005112) before installing the latest cumulative update (LCU). SSUs improve the reliability of the update process to mitigate potential issues while installing the LCU and applying Microsoft security fixes. For general information about SSUs, see [Servicing stack updates](<https://docs.microsoft.com/en-us/windows/deployment/update/servicing-stack-updates>) and Servicing Stack Updates (SSU): Frequently Asked Questions.If you are using Windows Update, the latest SSU will be offered to you automatically. To get the standalone package for the latest SSU, search for it in the [Microsoft Update Catalog](<http://www.catalog.update.microsoft.com/home.aspx>).**Install this update****Release Channel**| **Available**| **Next Step** \n---|---|--- \nWindows Update and Microsoft Update| Yes| None. This update will be downloaded and installed automatically from Windows Update. \nWindows Update for Business| Yes| None. This update will be downloaded and installed automatically from Windows Update in accordance with configured policies. \nMicrosoft Update Catalog| Yes| To get the standalone package for this update, go to the [Microsoft Update Catalog](<https://www.catalog.update.microsoft.com/Search.aspx?q=KB5005030>) website. \nWindows Server Update Services (WSUS)| Yes| This update will automatically sync with WSUS if you configure **Products and Classifications** as follows:**Product**: Windows 10**Classification**: Security Updates \n**File information**For a list of the files that are provided in this update, download the [file information for cumulative update 5005030](<https://download.microsoft.com/download/3/f/c/3fc996a5-7267-4a7c-9a5b-83ade06204dc/5005030.csv>).\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-08-10T07:00:00", "type": "mskb", "title": "August 10, 2021\u2014KB5005030 (OS Build 17763.2114)", "bulletinFamily": "microsoft", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-34481", "CVE-2021-36942", "CVE-2021-36948"], "modified": "2021-08-10T07:00:00", "id": "KB5005030", "href": "https://support.microsoft.com/en-us/help/5005030", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-05-19T10:52:17", "description": "None\nThis article applies to the following:\n\n * Internet Explorer 11 on Windows Server 2012 R2\n * Internet Explorer 11 on Windows 8.1\n * Internet Explorer 11 on Windows Server 2012\n * Internet Explorer 11 on Windows Server 2008 R2 SP1\n * Internet Explorer 11 on Windows 7 SP1\n * Internet Explorer 9 on Windows Server 2008 SP2\n\n**Important: **\n\n * As of February 11, 2020, Internet Explorer 10 is no longer in support. To get Internet Explorer 11 for Windows Server 2012 or Windows 8 Embedded Standard, see [KB4492872](<https://support.microsoft.com/help/4492872>). Install one of the following applicable updates to stay updated with the latest security fixes:\n * Cumulative Update for Internet Explorer 11 for Windows Server 2012.\n * Cumulative Update for Internet Explorer 11 for Windows 8 Embedded Standard.\n * The August 2021 Monthly Rollup.\n * Some customers using Windows Server 2008 R2 SP1 who activated their ESU multiple activation key (MAK) add-on before installing the January 14, 2020 updates might need to re-activate their key. Re-activation on affected devices should only be required once. For information on activation, see this [blog](<https://aka.ms/Windows7ESU>) post.\n * WSUS scan cab files will continue to be available for Windows 7 SP1 and Windows Server 2008 R2 SP1. If you have a subset of devices running these operating systems without ESU, they might show as non-compliant in your patch management and compliance toolsets.\n\n## **Summary**\n\nThis security update resolves vulnerabilities in Internet Explorer. To learn more about these vulnerabilities, see [Microsoft Common Vulnerabilities and Exposures](<https://portal.msrc.microsoft.com/en-us/security-guidance>).Additionally, see the following articles for more information about cumulative updates:\n\n * [Windows Server 2008 SP2 update history](<https://support.microsoft.com/help/4343218>)\n * [Windows 7 SP1 and Windows Server 2008 R2 SP1 update history](<https://support.microsoft.com/help/4009469>)\n * [Windows Server 2012 update history](<https://support.microsoft.com/help/4009471>)\n * [Windows 8.1 and Windows Server 2012 R2 update history](<https://support.microsoft.com/help/4009470>)\n\n**Important: **\n\n * The fixes that are included in this update are also included in the August 2021 Security Monthly Quality Rollup. Installing either this update or the Security Monthly Quality Rollup installs the same fixes.\n * This update is not applicable for installation on a device on which the Security Monthly Quality Rollup from August 2021 or a later month is already installed. This is because that update contains all the same fixes that are included in this update.\n * If you use update management processes other than Windows Update and you automatically approve all security update classifications for deployment, this update, the August 2021 Security-only Quality Update, and the August 2021 Security Monthly Quality Rollup are deployed. We recommend that you review your update deployment rules to make sure that the desired updates are deployed.\n * If you install a language pack after you install this update, you must reinstall this update. Therefore, we recommend that you install any language packs that you need before you install this update. For more information, see [Add language packs to Windows](<https://technet.microsoft.com/library/hh825699>).\n\n## **Known issues in this security update**\n\nWe are currently not aware of any issues in this update.\n\n## **How to get and install this update**\n\n**Before installing this update**To install Windows 7 SP1, Windows Server 2008 R2 SP1, or Windows Server 2008 SP2 updates released on or after July 2019, you must have the following required updates installed. If you use Windows Update, these required updates will be offered automatically as needed.\n\n * Install the SHA-2 code signing support updates: \n \nFor Windows 7 SP1, Windows Server 2008 R2, and Windows Server 2008 SP2, you must have the SHA-2 update ([KB4474419](<https://support.microsoft.com/help/4474419>)) that is dated September 23, 2019 or a later SHA-2 update installed and then restart your device before you apply this update. For more information about SHA-2 updates, see [2019 SHA-2 Code Signing Support requirement for Windows and WSUS](<https://support.microsoft.com/help/4472027>). \n \nFor Windows 7 SP1 and Windows Server 2008 R2 SP1, you must have installed the servicing stack update (SSU) ([KB4490628](<https://support.microsoft.com/help/4490628>)) that is dated March 12, 2019. After update [KB4490628](<https://support.microsoft.com/help/4490628>) is installed, we recommend that you install the July 13, 2021 SSU ([KB5004378](<https://support.microsoft.com/help/5004378>)) or a later SSU update. For more information about the latest SSU updates, see [ADV990001 | Latest Servicing Stack Updates](<https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/ADV990001>). \n \nFor Windows Server 2008 SP2, you must have installed the servicing stack update (SSU) ([KB4493730](<https://support.microsoft.com/help/4493730>)) that is dated April 9, 2019. After update [KB4493730](<https://support.microsoft.com/help/4493730>) is installed, we recommend that you install the October 13, 2020 SSU ([KB4580971](<https://support.microsoft.com/help/4580971>)) or a later SSU update. For more information about the latest SSU updates, see [ADV990001 | Latest Servicing Stack Updates](<https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/ADV990001>).\n * Install the Extended Security Update (ESU): \n \nFor Windows 7 SP1 and Windows Server 2008 R2 SP1, you must have installed the \"Extended Security Updates (ESU) Licensing Preparation Package\" ([KB4538483](<https://support.microsoft.com/en/help/4538483>)) or the \"Update for the Extended Security Updates (ESU) Licensing Preparation Package\" ([KB4575903](<https://support.microsoft.com/help/4575903>)). The ESU licensing preparation package will be offered to you from WSUS. To get the standalone package for ESU licensing preparation package, search for it in the [Microsoft Update Catalog](<http://www.catalog.update.microsoft.com/home.aspx>). \n \nFor Windows 7 SP1, Windows Server 2008 R2 SP1, and Windows Server 2008 SP2, you must have purchased the Extended Security Update (ESU) for on-premises versions of these operating systems and follow the procedures in [KB4522133](<https://support.microsoft.com/help/4522133>) to continue receiving security updates after extended support ends. Extended support ends as follows:\n * For Windows 7 SP1, Windows Server 2008 R2 SP1, and Windows Server 2008 SP2, extended support ends on January 14, 2020.\n * For Windows Embedded Standard 7, extended support ends on October 13, 2020.\nFor more information about ESU and which editions are supported, see [KB4497181](<https://support.microsoft.com/help/4497181>). \n \nFor Windows Embedded Standard 7, Windows Management Instrumentation (WMI) must be enabled to get updates from Windows Update or Windows Server Update Services. \n \nFor Windows Thin PC, you must have the August 11, 2020 SSU ([KB4570673](<https://support.microsoft.com/help/4570673>)) or a later SSU installed to make sure you continue to get the extended security updates starting with the October 13, 2020 updates.**Important **You must restart your device after you install these required updates.**Install this update**To install this update, use one of the following release channels.**Release Channel**| **Available**| **Next Step** \n---|---|--- \nWindows Update and Microsoft Update| No| See the other following options. \nWindows Update for Business| Yes| None. This update will be downloaded and installed automatically from Windows Update in accordance with configured policies. \nMicrosoft Update Catalog| Yes| To get the standalone package for this update, go to the [Microsoft Update Catalog](<https://www.catalog.update.microsoft.com/Search.aspx?q=KB5005036>) website. \nWindows Server Update Services (WSUS)| Yes| This update will automatically synchronize with WSUS if you configure **Products and Classifications** as follows:**Product**: Windows Server 2008 Service Pack 2, Windows 7 Service Pack 1, Windows Server 2008 R2 Service Pack 1, Windows Server 2012, Windows Embedded 8 Standard, Windows 8.1, Windows Server 2012 R2**Classification**: Security Updates \n \n## **File information**\n\nThe English (United States) version of this software update installs files that have the attributes that are listed in the following tables.**Note** The MANIFEST files (.manifest) and MUM files (.mum) that are installed are not listed.\n\n### Windows 8.1, Windows RT 8.1 and Windows Server 2012 R2\n\n### \n\n__\n\nInternet Explorer 11 on all supported x86-based versions\n\n**File name**| **File version**| **Date**| **Time**| **File size** \n---|---|---|---|--- \nactxprxy.dll| 6.3.9600.20045| 4-Jun-2021| 21:32| 1,049,600 \nhlink.dll| 6.3.9600.19101| 18-Jul-2018| 20:55| 99,328 \npngfilt.dll| 11.0.9600.19963| 12-Feb-2021| 18:49| 58,368 \nurlmon.dll| 11.0.9600.20091| 12-Jul-2021| 20:21| 1,342,976 \niexplore.exe| 11.0.9600.19036| 24-May-2018| 22:24| 817,296 \nWininetPlugin.dll| 6.3.9600.17416| 30-Oct-2014| 20:12| 35,328 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 13:31| 46,592 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 13:30| 52,736 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 13:30| 51,200 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 13:30| 51,200 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 13:30| 56,320 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 13:32| 57,856 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 13:32| 49,664 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 11:17| 49,664 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 13:32| 54,272 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 13:32| 47,616 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 13:32| 49,152 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 13:30| 55,296 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 13:32| 45,056 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 13:32| 51,712 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 13:32| 51,712 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 13:32| 53,248 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 13:32| 39,424 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 13:32| 35,840 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 13:31| 50,176 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 13:31| 51,200 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 13:31| 50,688 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 13:31| 52,736 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 13:31| 53,760 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 12:30| 54,272 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 12:29| 54,272 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 12:30| 52,736 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 12:29| 51,200 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 12:30| 53,248 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 12:30| 52,736 \nwininet.dll.mui| 11.0.9600.20091| 12-Jul-2021| 23:22| 51,712 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 12:30| 50,688 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 12:27| 50,688 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 12:28| 50,176 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 12:28| 50,176 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 12:28| 31,232 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 13:30| 31,232 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 13:30| 31,232 \nhtml.iec| 2019.0.0.18895| 1-Jan-2018| 20:51| 341,504 \ninetcpl.cpl| 11.0.9600.20045| 4-Jun-2021| 21:30| 2,058,752 \nmshtml.dll.mui| 11.0.9600.19404| 9-Jul-2019| 21:50| 307,200 \nmshtml.dll.mui| 11.0.9600.19404| 9-Jul-2019| 21:50| 293,888 \nmshtml.dll.mui| 11.0.9600.19404| 9-Jul-2019| 21:52| 290,304 \nmshtml.dll.mui| 11.0.9600.19404| 9-Jul-2019| 21:50| 289,280 \nmshtml.dll.mui| 11.0.9600.19404| 9-Jul-2019| 21:50| 299,008 \nmshtml.dll.mui| 11.0.9600.19404| 9-Jul-2019| 21:50| 303,104 \nmshtml.dll.mui| 11.0.9600.19404| 9-Jul-2019| 21:49| 282,112 \nmshtml.dll.mui| 11.0.9600.19404| 9-Jul-2019| 20:58| 282,112 \nmshtml.dll.mui| 11.0.9600.19404| 9-Jul-2019| 21:51| 296,960 \nmshtml.dll.mui| 11.0.9600.19404| 9-Jul-2019| 21:50| 283,648 \nmshtml.dll.mui| 11.0.9600.19404| 9-Jul-2019| 21:50| 291,840 \nmshtml.dll.mui| 11.0.9600.19404| 9-Jul-2019| 21:50| 299,520 \nmshtml.dll.mui| 11.0.9600.19404| 9-Jul-2019| 21:51| 275,968 \nmshtml.dll.mui| 11.0.9600.19404| 9-Jul-2019| 21:49| 290,816 \nmshtml.dll.mui| 11.0.9600.19404| 9-Jul-2019| 21:49| 293,376 \nmshtml.dll.mui| 11.0.9600.19404| 9-Jul-2019| 21:53| 296,960 \nmshtml.dll.mui| 11.0.9600.19404| 9-Jul-2019| 21:53| 258,048 \nmshtml.dll.mui| 11.0.9600.19404| 9-Jul-2019| 21:52| 256,512 \nmshtml.dll.mui| 11.0.9600.19404| 9-Jul-2019| 21:51| 289,280 \nmshtml.dll.mui| 11.0.9600.19404| 9-Jul-2019| 21:53| 288,256 \nmshtml.dll.mui| 11.0.9600.19404| 9-Jul-2019| 21:53| 285,184 \nmshtml.dll.mui| 11.0.9600.19404| 9-Jul-2019| 21:53| 295,424 \nmshtml.dll.mui| 11.0.9600.19404| 9-Jul-2019| 21:52| 297,472 \nmshtml.dll.mui| 11.0.9600.19404| 9-Jul-2019| 21:50| 292,864 \nmshtml.dll.mui| 11.0.9600.19404| 9-Jul-2019| 21:51| 295,424 \nmshtml.dll.mui| 11.0.9600.19404| 9-Jul-2019| 21:50| 294,400 \nmshtml.dll.mui| 11.0.9600.19404| 9-Jul-2019| 21:51| 294,400 \nmshtml.dll.mui| 11.0.9600.19404| 9-Jul-2019| 21:50| 292,864 \nmshtml.dll.mui| 11.0.9600.19404| 9-Jul-2019| 21:50| 290,816 \nmshtml.dll.mui| 11.0.9600.20091| 12-Jul-2021| 23:25| 290,816 \nmshtml.dll.mui| 11.0.9600.19404| 9-Jul-2019| 21:50| 286,208 \nmshtml.dll.mui| 11.0.9600.19404| 9-Jul-2019| 21:43| 281,600 \nmshtml.dll.mui| 11.0.9600.19404| 9-Jul-2019| 21:43| 286,720 \nmshtml.dll.mui| 11.0.9600.19404| 9-Jul-2019| 21:42| 292,352 \nmshtml.dll.mui| 11.0.9600.19404| 9-Jul-2019| 21:43| 242,176 \nmshtml.dll.mui| 11.0.9600.19404| 9-Jul-2019| 21:53| 243,200 \nmshtml.dll.mui| 11.0.9600.19404| 9-Jul-2019| 21:50| 243,200 \nF12Resources.dll.mui| 11.0.9600.17278| 16-Aug-2014| 1:34| 73,728 \nF12Resources.dll.mui| 11.0.9600.17278| 16-Aug-2014| 1:33| 67,584 \nF12Resources.dll.mui| 11.0.9600.17278| 16-Aug-2014| 1:34| 67,584 \nF12Resources.dll.mui| 11.0.9600.17278| 16-Aug-2014| 1:35| 74,240 \nF12Resources.dll.mui| 11.0.9600.17278| 16-Aug-2014| 1:33| 78,848 \nF12Resources.dll.mui| 11.0.9600.17278| 16-Aug-2014| 1:34| 61,440 \nF12Resources.dll.mui| 11.0.9600.17278| 15-Aug-2014| 19:47| 61,440 \nF12Resources.dll.mui| 11.0.9600.17278| 16-Aug-2014| 1:33| 74,752 \nF12Resources.dll.mui| 11.0.9600.17278| 16-Aug-2014| 1:32| 62,464 \nF12Resources.dll.mui| 11.0.9600.17278| 16-Aug-2014| 1:27| 68,096 \nF12Resources.dll.mui| 11.0.9600.17278| 16-Aug-2014| 1:27| 75,264 \nF12Resources.dll.mui| 11.0.9600.17278| 16-Aug-2014| 1:27| 68,608 \nF12Resources.dll.mui| 11.0.9600.17278| 16-Aug-2014| 1:29| 71,680 \nF12Resources.dll.mui| 11.0.9600.17278| 16-Aug-2014| 1:27| 73,216 \nF12Resources.dll.mui| 11.0.9600.17278| 16-Aug-2014| 1:30| 41,472 \nF12Resources.dll.mui| 11.0.9600.17278| 16-Aug-2014| 1:30| 37,888 \nF12Resources.dll.mui| 11.0.9600.17278| 16-Aug-2014| 1:30| 68,608 \nF12Resources.dll.mui| 11.0.9600.17278| 16-Aug-2014| 1:30| 67,584 \nF12Resources.dll.mui| 11.0.9600.17278| 16-Aug-2014| 1:30| 65,536 \nF12Resources.dll.mui| 11.0.9600.17278| 16-Aug-2014| 1:30| 74,240 \nF12Resources.dll.mui| 11.0.9600.17278| 16-Aug-2014| 1:30| 70,656 \nF12Resources.dll.mui| 11.0.9600.17278| 16-Aug-2014| 1:30| 71,168 \nF12Resources.dll.mui| 11.0.9600.17278| 16-Aug-2014| 1:30| 71,680 \nF12Resources.dll.mui| 11.0.9600.17278| 16-Aug-2014| 1:30| 71,168 \nF12Resources.dll.mui| 11.0.9600.17278| 16-Aug-2014| 1:38| 69,632 \nF12Resources.dll.mui| 11.0.9600.17278| 16-Aug-2014| 1:38| 68,096 \nF12Resources.dll.mui| 11.0.9600.17278| 16-Aug-2014| 1:39| 68,608 \nF12Resources.dll.mui| 11.0.9600.20091| 12-Jul-2021| 23:23| 68,096 \nF12Resources.dll.mui| 11.0.9600.17278| 16-Aug-2014| 1:38| 65,536 \nF12Resources.dll.mui| 11.0.9600.17278| 16-Aug-2014| 1:38| 59,904 \nF12Resources.dll.mui| 11.0.9600.17278| 16-Aug-2014| 1:38| 65,536 \nF12Resources.dll.mui| 11.0.9600.17278| 16-Aug-2014| 1:38| 69,120 \nF12Resources.dll.mui| 11.0.9600.17278| 16-Aug-2014| 1:39| 29,696 \nF12Resources.dll.mui| 11.0.9600.17278| 16-Aug-2014| 1:34| 30,720 \nF12Resources.dll.mui| 11.0.9600.17278| 16-Aug-2014| 1:33| 30,720 \nJavaScriptCollectionAgent.dll| 11.0.9600.19963| 12-Feb-2021| 18:25| 60,416 \nDiagnosticsHub.ScriptedSandboxPlugin.dll| 11.0.9600.19963| 12-Feb-2021| 18:26| 230,912 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 13:26| 46,080 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 13:24| 50,176 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 13:23| 48,640 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 13:24| 49,664 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 13:23| 51,712 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 12:12| 54,272 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 12:12| 48,128 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 11:10| 48,128 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 12:12| 50,176 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 12:12| 47,616 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 12:12| 49,152 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 13:24| 50,688 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 12:12| 45,056 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 12:12| 49,152 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 12:13| 49,152 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 12:07| 49,664 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 12:07| 39,936 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 12:07| 39,424 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 12:07| 47,616 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 12:07| 48,640 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 12:07| 51,200 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 12:07| 50,688 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 12:03| 49,152 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 12:04| 50,176 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 12:02| 49,152 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 12:03| 48,640 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 12:03| 49,664 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 12:03| 48,640 \nurlmon.dll.mui| 11.0.9600.20091| 12-Jul-2021| 23:24| 49,664 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 12:03| 48,640 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 12:04| 48,128 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 12:04| 49,152 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 12:05| 48,128 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 12:04| 35,328 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 13:23| 35,328 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 13:23| 35,328 \nwininet.dll| 11.0.9600.20091| 12-Jul-2021| 20:26| 4,387,840 \njsproxy.dll| 11.0.9600.17416| 30-Oct-2014| 20:16| 47,104 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 14:12| 114,176 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 14:09| 130,560 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 14:10| 124,928 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 14:12| 122,880 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 14:10| 130,048 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 14:12| 138,240 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 14:12| 114,688 \ninetcpl.cpl.mui| 11.0.9600.18666| 16-Apr-2017| 1:51| 114,688 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 14:12| 131,584 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 14:10| 117,760 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 14:12| 122,368 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 14:12| 134,144 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 14:13| 107,008 \ninetcpl.cpl.mui| 11.0.9600.18838| 14-Oct-2017| 1:46| 123,392 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 14:11| 127,488 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 14:11| 128,512 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 14:07| 88,064 \ninetcpl.cpl.mui| 11.0.9600.18838| 14-Oct-2017| 1:47| 82,944 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 14:07| 125,440 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 14:07| 123,392 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 14:10| 120,320 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 14:07| 130,560 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 14:07| 129,024 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 15:26| 125,952 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 15:26| 129,024 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 15:25| 128,000 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 15:26| 123,904 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 15:26| 129,024 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 15:25| 123,904 \ninetcpl.cpl.mui| 11.0.9600.20091| 12-Jul-2021| 23:25| 124,416 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 13:56| 121,856 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 14:03| 115,712 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 14:04| 123,904 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 14:04| 125,440 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 14:04| 74,752 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 14:09| 75,776 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 14:10| 75,776 \nieui.dll| 11.0.9600.18895| 1-Jan-2018| 20:44| 476,160 \niedkcs32.dll| 18.0.9600.20045| 4-Jun-2021| 21:34| 333,312 \ninstall.ins| Not versioned| 12-Jul-2021| 19:02| 464 \nieapfltr.dat| 10.0.9301.0| 23-Sep-2013| 19:20| 616,104 \nieapfltr.dll| 11.0.9600.20091| 12-Jul-2021| 20:18| 710,656 \niepeers.dll| 11.0.9600.19963| 12-Feb-2021| 18:20| 128,512 \nlicmgr10.dll| 11.0.9600.17416| 30-Oct-2014| 20:03| 27,136 \ntdc.ocx| 11.0.9600.19963| 12-Feb-2021| 18:24| 73,728 \nDiagnosticsHub.DataWarehouse.dll| 11.0.9600.18895| 1-Jan-2018| 20:55| 489,472 \niedvtool.dll| 11.0.9600.20045| 4-Jun-2021| 22:45| 772,608 \nDiagnosticsHub_is.dll| 11.0.9600.19963| 12-Feb-2021| 18:52| 38,912 \ndxtmsft.dll| 11.0.9600.19963| 12-Feb-2021| 18:29| 415,744 \ndxtrans.dll| 11.0.9600.19963| 12-Feb-2021| 18:20| 280,064 \nMicrosoft-Windows-IE-F12-Provider.ptxml| Not versioned| 15-Aug-2014| 15:51| 11,892 \nF12.dll.mui| 11.0.9600.17278| 16-Aug-2014| 1:34| 4,096 \nF12.dll.mui| 11.0.9600.17278| 16-Aug-2014| 1:35| 4,096 \nF12.dll.mui| 11.0.9600.17278| 16-Aug-2014| 1:36| 4,096 \nF12.dll.mui| 11.0.9600.17278| 16-Aug-2014| 1:33| 4,096 \nF12.dll.mui| 11.0.9600.17278| 16-Aug-2014| 1:34| 4,096 \nF12.dll.mui| 11.0.9600.17278| 16-Aug-2014| 1:33| 4,096 \nF12.dll.mui| 11.0.9600.17278| 15-Aug-2014| 19:47| 4,096 \nF12.dll.mui| 11.0.9600.17278| 16-Aug-2014| 1:32| 4,096 \nF12.dll.mui| 11.0.9600.17278| 16-Aug-2014| 1:32| 4,096 \nF12.dll.mui| 11.0.9600.17278| 16-Aug-2014| 1:26| 4,096 \nF12.dll.mui| 11.0.9600.17278| 16-Aug-2014| 1:27| 4,096 \nF12.dll.mui| 11.0.9600.17278| 16-Aug-2014| 1:27| 4,096 \nF12.dll.mui| 11.0.9600.17278| 16-Aug-2014| 1:27| 4,096 \nF12.dll.mui| 11.0.9600.17278| 16-Aug-2014| 1:26| 4,096 \nF12.dll.mui| 11.0.9600.17278| 16-Aug-2014| 1:30| 3,584 \nF12.dll.mui| 11.0.9600.17278| 16-Aug-2014| 1:30| 3,584 \nF12.dll.mui| 11.0.9600.17278| 16-Aug-2014| 1:29| 4,096 \nF12.dll.mui| 11.0.9600.17278| 16-Aug-2014| 1:29| 4,096 \nF12.dll.mui| 11.0.9600.17278| 16-Aug-2014| 1:30| 4,096 \nF12.dll.mui| 11.0.9600.17278| 16-Aug-2014| 1:30| 4,096 \nF12.dll.mui| 11.0.9600.17278| 16-Aug-2014| 1:30| 4,096 \nF12.dll.mui| 11.0.9600.17278| 16-Aug-2014| 1:31| 4,096 \nF12.dll.mui| 11.0.9600.17278| 16-Aug-2014| 1:30| 4,096 \nF12.dll.mui| 11.0.9600.17278| 16-Aug-2014| 1:37| 4,096 \nF12.dll.mui| 11.0.9600.17278| 16-Aug-2014| 1:37| 4,096 \nF12.dll.mui| 11.0.9600.17278| 16-Aug-2014| 1:38| 4,096 \nF12.dll.mui| 11.0.9600.20091| 12-Jul-2021| 23:23| 4,096 \nF12.dll.mui| 11.0.9600.17278| 16-Aug-2014| 1:39| 4,096 \nF12.dll.mui| 11.0.9600.17278| 16-Aug-2014| 1:37| 4,096 \nF12.dll.mui| 11.0.9600.17278| 16-Aug-2014| 1:37| 4,096 \nF12.dll.mui| 11.0.9600.17278| 16-Aug-2014| 1:38| 3,584 \nF12.dll.mui| 11.0.9600.17278| 16-Aug-2014| 1:32| 3,584 \nF12.dll.mui| 11.0.9600.17278| 16-Aug-2014| 1:34| 3,584 \nDiagnosticsTap.dll| 11.0.9600.19963| 12-Feb-2021| 18:28| 175,104 \nF12Resources.dll| 11.0.9600.18939| 10-Feb-2018| 9:17| 10,948,096 \nF12Tools.dll| 11.0.9600.19963| 12-Feb-2021| 18:27| 256,000 \nF12.dll| 11.0.9600.19963| 12-Feb-2021| 18:17| 1,207,808 \nmsfeeds.dll| 11.0.9600.20091| 12-Jul-2021| 20:37| 696,320 \nmsfeeds.mof| Not versioned| 5-Feb-2014| 21:53| 1,518 \nmsfeedsbs.mof| Not versioned| 21-Aug-2013| 16:49| 1,574 \nmsfeedsbs.dll| 11.0.9600.19650| 11-Feb-2020| 4:57| 52,736 \nmsfeedssync.exe| 11.0.9600.17416| 30-Oct-2014| 20:25| 11,264 \nmshta.exe| 11.0.9600.17416| 30-Oct-2014| 20:28| 12,800 \nmshtmled.dll| 11.0.9600.19963| 12-Feb-2021| 18:21| 76,800 \nmshtml.dll| 11.0.9600.20091| 12-Jul-2021| 21:35| 20,293,632 \nmshtml.tlb| 11.0.9600.16518| 6-Feb-2014| 2:20| 2,724,864 \nMicrosoft-Windows-IE-HTMLRendering.ptxml| Not versioned| 5-Feb-2014| 21:40| 3,228 \nIEAdvpack.dll| 11.0.9600.17416| 30-Oct-2014| 20:14| 112,128 \nieetwcollector.exe| 11.0.9600.18666| 16-Apr-2017| 0:47| 104,960 \nieetwproxystub.dll| 11.0.9600.17416| 30-Oct-2014| 20:23| 47,616 \nieetwcollectorres.dll| 11.0.9600.16518| 6-Feb-2014| 2:19| 4,096 \nielowutil.exe| 11.0.9600.19404| 9-Jul-2019| 20:06| 221,184 \nieproxy.dll| 11.0.9600.19963| 12-Feb-2021| 17:45| 310,784 \nIEShims.dll| 11.0.9600.20045| 4-Jun-2021| 21:12| 290,304 \niexpress.exe| 11.0.9600.17416| 30-Oct-2014| 20:27| 152,064 \nwextract.exe| 11.0.9600.17416| 30-Oct-2014| 20:28| 137,728 \nimgutil.dll| 11.0.9600.19963| 12-Feb-2021| 17:59| 40,448 \nExtExport.exe| 11.0.9600.17416| 30-Oct-2014| 20:20| 25,600 \nWindows Pop-up Blocked.wav| Not versioned| 23-Sep-2013| 19:58| 85,548 \nWindows Information Bar.wav| Not versioned| 23-Sep-2013| 19:58| 23,308 \nWindows Feed Discovered.wav| Not versioned| 23-Sep-2013| 19:58| 19,884 \nWindows Navigation Start.wav| Not versioned| 23-Sep-2013| 19:58| 11,340 \nbing.ico| Not versioned| 23-Sep-2013| 19:36| 5,430 \nieUnatt.exe| 11.0.9600.17416| 30-Oct-2014| 20:12| 115,712 \nMicrosoft-Windows-IE-InternetExplorer-ppdlic.xrm-ms| Not versioned| 12-Jul-2021| 22:32| 2,956 \njsdbgui.dll| 11.0.9600.19963| 12-Feb-2021| 18:22| 459,776 \njsprofilerui.dll| 11.0.9600.19963| 12-Feb-2021| 18:22| 579,584 \nMemoryAnalyzer.dll| 11.0.9600.20045| 4-Jun-2021| 21:48| 1,399,296 \nMshtmlDac.dll| 11.0.9600.19867| 12-Oct-2020| 21:43| 64,000 \nnetworkinspection.dll| 11.0.9600.19846| 23-Sep-2020| 20:28| 1,075,200 \noccache.dll| 11.0.9600.17416| 30-Oct-2014| 19:48| 130,048 \ndesktop.ini| Not versioned| 18-Jun-2013| 5:18| 65 \nwebcheck.dll| 11.0.9600.19963| 12-Feb-2021| 18:13| 230,400 \ndesktop.ini| Not versioned| 18-Jun-2013| 5:19| 65 \npdm.dll| 12.0.41202.0| 30-Sep-2014| 16:00| 442,992 \nmsdbg2.dll| 12.0.41202.0| 30-Sep-2014| 16:00| 315,008 \npdmproxy100.dll| 12.0.41202.0| 30-Sep-2014| 16:00| 99,984 \nmsrating.dll| 11.0.9600.19507| 5-Oct-2019| 19:57| 168,960 \nicrav03.rat| Not versioned| 23-Sep-2013| 19:25| 8,798 \nticrf.rat| Not versioned| 23-Sep-2013| 19:26| 1,988 \niertutil.dll| 11.0.9600.20064| 14-Jun-2021| 21:16| 2,308,608 \nie4uinit.exe| 11.0.9600.19963| 12-Feb-2021| 18:11| 692,224 \niernonce.dll| 11.0.9600.17416| 30-Oct-2014| 20:15| 30,720 \niesetup.dll| 11.0.9600.17416| 30-Oct-2014| 20:24| 62,464 \nieuinit.inf| Not versioned| 12-Mar-2015| 18:55| 16,303 \ninseng.dll| 11.0.9600.17416| 30-Oct-2014| 19:56| 91,136 \niesysprep.dll| 11.0.9600.17416| 30-Oct-2014| 19:56| 90,624 \nTimeline.dll| 11.0.9600.19963| 12-Feb-2021| 18:23| 154,112 \nTimeline_is.dll| 11.0.9600.19963| 12-Feb-2021| 18:40| 124,928 \nTimeline.cpu.xml| Not versioned| 24-Jul-2014| 12:11| 3,197 \nVGX.dll| 11.0.9600.19963| 12-Feb-2021| 18:21| 818,176 \nurl.dll| 11.0.9600.17416| 30-Oct-2014| 20:24| 235,520 \nieframe.dll.mui| 11.0.9600.19846| 23-Sep-2020| 22:27| 2,066,432 \nieframe.dll.mui| 11.0.9600.19846| 23-Sep-2020| 22:26| 2,121,216 \nieframe.dll.mui| 11.0.9600.19846| 23-Sep-2020| 22:26| 2,075,136 \nieframe.dll.mui| 11.0.9600.19846| 23-Sep-2020| 22:27| 2,063,872 \nieframe.dll.mui| 11.0.9600.19846| 23-Sep-2020| 22:26| 2,314,240 \nieframe.dll.mui| 11.0.9600.19846| 23-Sep-2020| 22:29| 2,390,528 \nieframe.dll.mui| 11.0.9600.19846| 23-Sep-2020| 22:29| 2,034,176 \nieframe.dll.mui| 11.0.9600.19846| 23-Sep-2020| 21:39| 2,033,152 \nieframe.dll.mui| 11.0.9600.19846| 23-Sep-2020| 22:29| 2,307,584 \nieframe.dll.mui| 11.0.9600.19846| 23-Sep-2020| 22:29| 2,255,872 \nieframe.dll.mui| 11.0.9600.19846| 23-Sep-2020| 22:30| 2,061,312 \nieframe.dll.mui| 11.0.9600.19846| 23-Sep-2020| 22:26| 2,326,016 \nieframe.dll.mui| 11.0.9600.19846| 23-Sep-2020| 22:29| 2,019,840 \nieframe.dll.mui| 11.0.9600.19846| 23-Sep-2020| 22:29| 2,071,040 \nieframe.dll.mui| 11.0.9600.19846| 23-Sep-2020| 22:29| 2,082,816 \nieframe.dll.mui| 11.0.9600.19846| 23-Sep-2020| 22:27| 2,307,584 \nieframe.dll.mui| 11.0.9600.19846| 23-Sep-2020| 22:26| 2,170,368 \nieframe.dll.mui| 11.0.9600.19846| 23-Sep-2020| 22:27| 2,153,984 \nieframe.dll.mui| 11.0.9600.19846| 23-Sep-2020| 22:26| 2,291,712 \nieframe.dll.mui| 11.0.9600.19846| 23-Sep-2020| 22:27| 2,283,520 \nieframe.dll.mui| 11.0.9600.19846| 23-Sep-2020| 22:26| 2,052,096 \nieframe.dll.mui| 11.0.9600.19846| 23-Sep-2020| 22:27| 2,301,952 \nieframe.dll.mui| 11.0.9600.19846| 23-Sep-2020| 22:27| 2,093,056 \nieframe.dll.mui| 11.0.9600.19846| 23-Sep-2020| 22:30| 2,075,648 \nieframe.dll.mui| 11.0.9600.19846| 23-Sep-2020| 22:30| 2,299,392 \nieframe.dll.mui| 11.0.9600.19846| 23-Sep-2020| 22:30| 2,094,592 \nieframe.dll.mui| 11.0.9600.19846| 23-Sep-2020| 22:30| 2,316,800 \nieframe.dll.mui| 11.0.9600.19846| 23-Sep-2020| 22:30| 2,305,536 \nieframe.dll.mui| 11.0.9600.19846| 23-Sep-2020| 22:30| 2,278,912 \nieframe.dll.mui| 11.0.9600.20091| 12-Jul-2021| 23:26| 2,286,080 \nieframe.dll.mui| 11.0.9600.19846| 23-Sep-2020| 22:30| 2,060,288 \nieframe.dll.mui| 11.0.9600.19846| 23-Sep-2020| 22:30| 2,315,776 \nieframe.dll.mui| 11.0.9600.19846| 23-Sep-2020| 22:30| 2,278,912 \nieframe.dll.mui| 11.0.9600.19846| 23-Sep-2020| 22:29| 2,324,992 \nieframe.dll.mui| 11.0.9600.19846| 23-Sep-2020| 22:30| 2,098,176 \nieframe.dll.mui| 11.0.9600.19846| 23-Sep-2020| 22:26| 1,890,304 \nieframe.dll.mui| 11.0.9600.19846| 23-Sep-2020| 22:26| 1,890,304 \nieframe.dll| 11.0.9600.20091| 12-Jul-2021| 20:43| 13,882,368 \nieframe.ptxml| Not versioned| 5-Feb-2014| 21:40| 24,486 \nieinstal.exe| 11.0.9600.18921| 9-Feb-2018| 21:35| 475,648 \nInetRes.adml| Not versioned| 12-Feb-2021| 20:30| 526,294 \nInetRes.adml| Not versioned| 12-Feb-2021| 20:29| 499,654 \nInetRes.adml| Not versioned| 12-Feb-2021| 20:29| 552,337 \nInetRes.adml| Not versioned| 12-Feb-2021| 20:31| 944,559 \nInetRes.adml| Not versioned| 12-Feb-2021| 19:38| 457,561 \nInetRes.adml| Not versioned| 12-Feb-2021| 20:31| 543,946 \nInetRes.adml| Not versioned| 12-Feb-2021| 20:31| 526,557 \nInetRes.adml| Not versioned| 12-Feb-2021| 20:29| 575,838 \nInetRes.adml| Not versioned| 12-Feb-2021| 20:30| 570,737 \nInetRes.adml| Not versioned| 12-Feb-2021| 20:29| 548,119 \nInetRes.adml| Not versioned| 12-Feb-2021| 20:31| 639,271 \nInetRes.adml| Not versioned| 12-Feb-2021| 20:29| 525,504 \nInetRes.adml| Not versioned| 12-Feb-2021| 20:29| 488,488 \nInetRes.adml| Not versioned| 12-Feb-2021| 20:29| 548,494 \nInetRes.adml| Not versioned| 12-Feb-2021| 20:29| 559,343 \nInetRes.adml| Not versioned| 12-Feb-2021| 20:31| 535,067 \nInetRes.adml| Not versioned| 12-Feb-2021| 20:31| 541,455 \nInetRes.adml| Not versioned| 12-Feb-2021| 20:31| 804,470 \nInetRes.adml| Not versioned| 12-Feb-2021| 20:31| 503,909 \nInetRes.adml| Not versioned| 12-Feb-2021| 20:29| 521,583 \nInetRes.adml| Not versioned| 12-Feb-2021| 20:29| 420,082 \nInetRes.adml| Not versioned| 12-Feb-2021| 20:28| 436,651 \nInetRes.adml| Not versioned| 12-Feb-2021| 20:28| 436,651 \ninetres.admx| Not versioned| 11-Jan-2021| 19:25| 1,678,023 \ninetcomm.dll| 6.3.9600.20091| 12-Jul-2021| 20:41| 880,640 \nINETRES.dll| 6.3.9600.16384| 21-Aug-2013| 21:14| 84,480 \njscript9.dll| 11.0.9600.20091| 12-Jul-2021| 20:46| 4,119,040 \njscript9diag.dll| 11.0.9600.19963| 12-Feb-2021| 18:37| 620,032 \njscript.dll| 5.8.9600.20091| 12-Jul-2021| 20:58| 653,824 \nvbscript.dll| 5.8.9600.20091| 12-Jul-2021| 21:07| 498,176 \n \n### \n\n__\n\nInternet Explorer 11 on all supported x64-based versions\n\n**File name**| **File version**| **Date**| **Time**| **File size** \n---|---|---|---|--- \nactxprxy.dll| 6.3.9600.20045| 4-Jun-2021| 21:30| 2,882,048 \nhlink.dll| 6.3.9600.19101| 18-Jul-2018| 21:22| 108,544 \npngfilt.dll| 11.0.9600.19963| 12-Feb-2021| 19:18| 65,024 \nurlmon.dll| 11.0.9600.20091| 12-Jul-2021| 20:48| 1,562,624 \niexplore.exe| 11.0.9600.19036| 24-May-2018| 23:30| 817,296 \nWininetPlugin.dll| 6.3.9600.17416| 30-Oct-2014| 21:51| 43,008 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 13:35| 46,592 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 13:34| 52,736 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 13:34| 51,200 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 13:34| 51,200 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 13:34| 56,320 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 16:01| 57,856 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 15:59| 49,664 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 12:20| 49,664 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 16:00| 54,272 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 15:59| 47,616 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 15:58| 49,152 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 13:34| 55,296 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 16:02| 45,056 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 15:57| 51,712 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 15:57| 51,712 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 13:38| 53,248 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 13:39| 39,424 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 13:38| 35,840 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 13:38| 50,176 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 13:38| 51,200 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 13:39| 50,688 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 13:38| 52,736 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 13:39| 53,760 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 13:38| 54,272 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 13:39| 54,272 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 13:38| 52,736 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 13:38| 51,200 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 13:37| 53,248 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 13:37| 52,736 \nwininet.dll.mui| 11.0.9600.20091| 12-Jul-2021| 23:39| 51,712 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 13:37| 50,688 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 13:27| 50,688 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 13:27| 50,176 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 13:27| 50,176 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 13:27| 31,232 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 13:34| 31,232 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 13:34| 31,232 \nhtml.iec| 2019.0.0.20045| 4-Jun-2021| 22:23| 417,280 \ninetcpl.cpl| 11.0.9600.20045| 4-Jun-2021| 21:42| 2,132,992 \nmshtml.dll.mui| 11.0.9600.19404| 9-Jul-2019| 22:16| 307,200 \nmshtml.dll.mui| 11.0.9600.19404| 9-Jul-2019| 22:16| 293,888 \nmshtml.dll.mui| 11.0.9600.19404| 9-Jul-2019| 22:16| 290,304 \nmshtml.dll.mui| 11.0.9600.19404| 9-Jul-2019| 22:17| 289,280 \nmshtml.dll.mui| 11.0.9600.19404| 9-Jul-2019| 22:18| 299,008 \nmshtml.dll.mui| 11.0.9600.19404| 9-Jul-2019| 22:15| 303,104 \nmshtml.dll.mui| 11.0.9600.19404| 9-Jul-2019| 22:15| 282,112 \nmshtml.dll.mui| 11.0.9600.19404| 9-Jul-2019| 21:33| 282,112 \nmshtml.dll.mui| 11.0.9600.19404| 9-Jul-2019| 22:15| 296,960 \nmshtml.dll.mui| 11.0.9600.19404| 9-Jul-2019| 22:15| 283,648 \nmshtml.dll.mui| 11.0.9600.19404| 9-Jul-2019| 22:16| 291,840 \nmshtml.dll.mui| 11.0.9600.19404| 9-Jul-2019| 22:18| 299,520 \nmshtml.dll.mui| 11.0.9600.19404| 9-Jul-2019| 22:15| 275,968 \nmshtml.dll.mui| 11.0.9600.19404| 9-Jul-2019| 22:12| 290,816 \nmshtml.dll.mui| 11.0.9600.19404| 9-Jul-2019| 22:12| 293,376 \nmshtml.dll.mui| 11.0.9600.19404| 10-Jul-2019| 0:26| 296,960 \nmshtml.dll.mui| 11.0.9600.19404| 10-Jul-2019| 0:26| 258,048 \nmshtml.dll.mui| 11.0.9600.19404| 10-Jul-2019| 0:25| 256,512 \nmshtml.dll.mui| 11.0.9600.19404| 10-Jul-2019| 0:25| 289,280 \nmshtml.dll.mui| 11.0.9600.19404| 10-Jul-2019| 0:25| 288,256 \nmshtml.dll.mui| 11.0.9600.19404| 10-Jul-2019| 0:25| 285,184 \nmshtml.dll.mui| 11.0.9600.19404| 10-Jul-2019| 0:26| 295,424 \nmshtml.dll.mui| 11.0.9600.19404| 10-Jul-2019| 0:25| 297,472 \nmshtml.dll.mui| 11.0.9600.19404| 9-Jul-2019| 22:12| 292,864 \nmshtml.dll.mui| 11.0.9600.19404| 9-Jul-2019| 22:13| 295,424 \nmshtml.dll.mui| 11.0.9600.19404| 9-Jul-2019| 22:12| 294,400 \nmshtml.dll.mui| 11.0.9600.19404| 9-Jul-2019| 22:12| 294,400 \nmshtml.dll.mui| 11.0.9600.19404| 9-Jul-2019| 22:12| 290,816 \nmshtml.dll.mui| 11.0.9600.20091| 12-Jul-2021| 23:43| 290,816 \nmshtml.dll.mui| 11.0.9600.19404| 9-Jul-2019| 22:13| 286,208 \nmshtml.dll.mui| 11.0.9600.19404| 9-Jul-2019| 22:06| 281,600 \nmshtml.dll.mui| 11.0.9600.19404| 9-Jul-2019| 22:04| 286,720 \nmshtml.dll.mui| 11.0.9600.19404| 9-Jul-2019| 22:04| 292,352 \nmshtml.dll.mui| 11.0.9600.19404| 9-Jul-2019| 22:04| 242,176 \nmshtml.dll.mui| 11.0.9600.19404| 9-Jul-2019| 22:16| 243,200 \nmshtml.dll.mui| 11.0.9600.19404| 9-Jul-2019| 22:17| 243,200 \nF12Resources.dll.mui| 11.0.9600.17278| 16-Aug-2014| 4:58| 73,728 \nF12Resources.dll.mui| 11.0.9600.17278| 16-Aug-2014| 4:59| 67,584 \nF12Resources.dll.mui| 11.0.9600.17278| 16-Aug-2014| 4:58| 67,584 \nF12Resources.dll.mui| 11.0.9600.17278| 16-Aug-2014| 5:00| 74,240 \nF12Resources.dll.mui| 11.0.9600.17278| 16-Aug-2014| 4:58| 78,848 \nF12Resources.dll.mui| 11.0.9600.17278| 16-Aug-2014| 4:59| 61,440 \nF12Resources.dll.mui| 11.0.9600.17278| 15-Aug-2014| 20:19| 61,440 \nF12Resources.dll.mui| 11.0.9600.17278| 16-Aug-2014| 5:00| 74,752 \nF12Resources.dll.mui| 11.0.9600.17278| 16-Aug-2014| 4:58| 62,464 \nF12Resources.dll.mui| 11.0.9600.17278| 16-Aug-2014| 5:04| 68,096 \nF12Resources.dll.mui| 11.0.9600.17278| 16-Aug-2014| 5:02| 75,264 \nF12Resources.dll.mui| 11.0.9600.17278| 16-Aug-2014| 5:01| 68,608 \nF12Resources.dll.mui| 11.0.9600.17278| 16-Aug-2014| 5:03| 71,680 \nF12Resources.dll.mui| 11.0.9600.17278| 16-Aug-2014| 5:03| 73,216 \nF12Resources.dll.mui| 11.0.9600.17278| 16-Aug-2014| 5:03| 41,472 \nF12Resources.dll.mui| 11.0.9600.17278| 16-Aug-2014| 5:03| 37,888 \nF12Resources.dll.mui| 11.0.9600.17278| 16-Aug-2014| 5:02| 68,608 \nF12Resources.dll.mui| 11.0.9600.17278| 16-Aug-2014| 5:01| 67,584 \nF12Resources.dll.mui| 11.0.9600.17278| 16-Aug-2014| 5:02| 65,536 \nF12Resources.dll.mui| 11.0.9600.17278| 16-Aug-2014| 5:03| 74,240 \nF12Resources.dll.mui| 11.0.9600.17278| 16-Aug-2014| 5:02| 70,656 \nF12Resources.dll.mui| 11.0.9600.17278| 16-Aug-2014| 5:02| 71,168 \nF12Resources.dll.mui| 11.0.9600.17278| 16-Aug-2014| 5:03| 71,680 \nF12Resources.dll.mui| 11.0.9600.17278| 16-Aug-2014| 5:02| 71,168 \nF12Resources.dll.mui| 11.0.9600.17278| 16-Aug-2014| 5:03| 69,632 \nF12Resources.dll.mui| 11.0.9600.17278| 16-Aug-2014| 5:03| 68,096 \nF12Resources.dll.mui| 11.0.9600.17278| 16-Aug-2014| 5:03| 68,608 \nF12Resources.dll.mui| 11.0.9600.20091| 12-Jul-2021| 23:40| 68,096 \nF12Resources.dll.mui| 11.0.9600.17278| 16-Aug-2014| 5:03| 65,536 \nF12Resources.dll.mui| 11.0.9600.17278| 16-Aug-2014| 5:03| 59,904 \nF12Resources.dll.mui| 11.0.9600.17278| 16-Aug-2014| 5:04| 65,536 \nF12Resources.dll.mui| 11.0.9600.17278| 16-Aug-2014| 5:03| 69,120 \nF12Resources.dll.mui| 11.0.9600.17278| 16-Aug-2014| 5:03| 29,696 \nF12Resources.dll.mui| 11.0.9600.17278| 16-Aug-2014| 4:58| 30,720 \nF12Resources.dll.mui| 11.0.9600.17278| 16-Aug-2014| 4:59| 30,720 \nJavaScriptCollectionAgent.dll| 11.0.9600.19963| 12-Feb-2021| 18:47| 77,824 \nDiagnosticsHub.ScriptedSandboxPlugin.dll| 11.0.9600.19963| 12-Feb-2021| 18:49| 276,480 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 13:20| 46,080 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 13:20| 50,176 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 13:20| 48,640 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 13:20| 49,664 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 13:20| 51,712 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 13:12| 54,272 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 13:12| 48,128 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 12:08| 48,128 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 13:12| 50,176 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 13:12| 47,616 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 13:12| 49,152 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 13:20| 50,688 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 13:12| 45,056 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 13:12| 49,152 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 13:12| 49,152 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 13:19| 49,664 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 13:19| 39,936 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 13:19| 39,424 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 13:19| 47,616 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 13:19| 47,616 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 13:20| 48,640 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 13:19| 51,200 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 13:19| 50,688 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 13:12| 49,152 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 13:12| 50,176 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 13:12| 49,152 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 13:12| 48,640 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 13:12| 49,664 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 13:12| 48,640 \nurlmon.dll.mui| 11.0.9600.20091| 12-Jul-2021| 23:41| 49,664 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 13:12| 48,640 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 13:14| 48,128 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 13:15| 49,152 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 13:15| 48,128 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 13:15| 35,328 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 13:20| 35,328 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 13:20| 35,328 \nwininet.dll| 11.0.9600.20091| 12-Jul-2021| 21:04| 4,858,880 \njsproxy.dll| 11.0.9600.17416| 30-Oct-2014| 21:57| 54,784 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 17:18| 114,176 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 17:16| 130,560 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 17:17| 124,928 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 17:17| 122,880 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 17:17| 130,048 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 17:39| 138,240 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 17:38| 114,688 \ninetcpl.cpl.mui| 11.0.9600.18666| 16-Apr-2017| 2:49| 114,688 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 17:38| 131,584 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 17:39| 117,760 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 17:40| 122,368 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 17:17| 134,144 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 17:40| 107,008 \ninetcpl.cpl.mui| 11.0.9600.18838| 14-Oct-2017| 2:53| 123,392 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 17:36| 127,488 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 17:21| 128,512 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 17:19| 88,064 \ninetcpl.cpl.mui| 11.0.9600.18838| 14-Oct-2017| 2:53| 82,944 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 17:18| 125,440 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 17:18| 123,392 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 17:21| 120,320 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 17:18| 130,560 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 17:19| 129,024 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 16:17| 125,952 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 16:17| 129,024 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 16:16| 128,000 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 16:17| 123,904 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 16:18| 129,024 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 16:16| 123,904 \ninetcpl.cpl.mui| 11.0.9600.20091| 12-Jul-2021| 23:40| 124,416 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 16:18| 121,856 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 16:13| 115,712 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 16:14| 123,904 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 16:13| 125,440 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 16:13| 74,752 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 17:16| 75,776 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 17:17| 75,776 \nieui.dll| 11.0.9600.20045| 4-Jun-2021| 22:15| 615,936 \niedkcs32.dll| 18.0.9600.20045| 4-Jun-2021| 21:45| 381,952 \ninstall.ins| Not versioned| 12-Jul-2021| 19:07| 464 \nieapfltr.dat| 10.0.9301.0| 23-Sep-2013| 19:22| 616,104 \nieapfltr.dll| 11.0.9600.20091| 12-Jul-2021| 20:29| 800,768 \niepeers.dll| 11.0.9600.19963| 12-Feb-2021| 18:41| 145,920 \nlicmgr10.dll| 11.0.9600.17416| 30-Oct-2014| 21:40| 33,280 \ntdc.ocx| 11.0.9600.19963| 12-Feb-2021| 18:47| 88,064 \nDiagnosticsHub.DataWarehouse.dll| 11.0.9600.18895| 1-Jan-2018| 21:32| 666,624 \niedvtool.dll| 11.0.9600.20045| 5-Jun-2021| 0:16| 950,784 \nDiagnosticsHub_is.dll| 11.0.9600.19963| 12-Feb-2021| 19:21| 50,176 \ndxtmsft.dll| 11.0.9600.19963| 12-Feb-2021| 18:53| 491,008 \ndxtrans.dll| 11.0.9600.19963| 12-Feb-2021| 18:40| 316,416 \nEscMigPlugin.dll| 11.0.9600.19963| 12-Feb-2021| 19:01| 124,416 \nescUnattend.exe| 11.0.9600.19326| 25-Mar-2019| 22:54| 87,040 \nMicrosoft-Windows-IE-F12-Provider.ptxml| Not versioned| 15-Aug-2014| 15:51| 11,892 \nF12.dll.mui| 11.0.9600.17278| 16-Aug-2014| 4:59| 4,096 \nF12.dll.mui| 11.0.9600.17278| 16-Aug-2014| 4:59| 4,096 \nF12.dll.mui| 11.0.9600.17278| 16-Aug-2014| 4:59| 4,096 \nF12.dll.mui| 11.0.9600.17278| 16-Aug-2014| 4:59| 4,096 \nF12.dll.mui| 11.0.9600.17278| 16-Aug-2014| 5:00| 4,096 \nF12.dll.mui| 11.0.9600.17278| 16-Aug-2014| 4:59| 4,096 \nF12.dll.mui| 11.0.9600.17278| 15-Aug-2014| 20:19| 4,096 \nF12.dll.mui| 11.0.9600.17278| 16-Aug-2014| 4:59| 4,096 \nF12.dll.mui| 11.0.9600.17278| 16-Aug-2014| 4:58| 4,096 \nF12.dll.mui| 11.0.9600.17278| 16-Aug-2014| 5:04| 4,096 \nF12.dll.mui| 11.0.9600.17278| 16-Aug-2014| 5:02| 4,096 \nF12.dll.mui| 11.0.9600.17278| 16-Aug-2014| 5:01| 4,096 \nF12.dll.mui| 11.0.9600.17278| 16-Aug-2014| 5:02| 4,096 \nF12.dll.mui| 11.0.9600.17278| 16-Aug-2014| 5:02| 4,096 \nF12.dll.mui| 11.0.9600.17278| 16-Aug-2014| 5:02| 3,584 \nF12.dll.mui| 11.0.9600.17278| 16-Aug-2014| 5:03| 3,584 \nF12.dll.mui| 11.0.9600.17278| 16-Aug-2014| 5:01| 4,096 \nF12.dll.mui| 11.0.9600.17278| 16-Aug-2014| 5:01| 4,096 \nF12.dll.mui| 11.0.9600.17278| 16-Aug-2014| 5:03| 4,096 \nF12.dll.mui| 11.0.9600.17278| 16-Aug-2014| 5:02| 4,096 \nF12.dll.mui| 11.0.9600.17278| 16-Aug-2014| 5:04| 4,096 \nF12.dll.mui| 11.0.9600.17278| 16-Aug-2014| 5:01| 4,096 \nF12.dll.mui| 11.0.9600.17278| 16-Aug-2014| 5:04| 4,096 \nF12.dll.mui| 11.0.9600.17278| 16-Aug-2014| 5:03| 4,096 \nF12.dll.mui| 11.0.9600.17278| 16-Aug-2014| 5:03| 4,096 \nF12.dll.mui| 11.0.9600.20091| 12-Jul-2021| 23:42| 4,096 \nF12.dll.mui| 11.0.9600.17278| 16-Aug-2014| 5:03| 4,096 \nF12.dll.mui| 11.0.9600.17278| 16-Aug-2014| 5:03| 4,096 \nF12.dll.mui| 11.0.9600.17278| 16-Aug-2014| 5:03| 3,584 \nF12.dll.mui| 11.0.9600.17278| 16-Aug-2014| 4:58| 3,584 \nF12.dll.mui| 11.0.9600.17278| 16-Aug-2014| 4:58| 3,584 \nDiagnosticsTap.dll| 11.0.9600.19963| 12-Feb-2021| 18:51| 245,248 \nF12Resources.dll| 11.0.9600.17496| 21-Nov-2014| 19:00| 10,949,120 \nF12Tools.dll| 11.0.9600.19963| 12-Feb-2021| 18:50| 372,224 \nF12.dll| 11.0.9600.20045| 4-Jun-2021| 21:50| 1,422,848 \nmsfeeds.dll| 11.0.9600.20091| 12-Jul-2021| 20:58| 809,472 \nmsfeeds.mof| Not versioned| 5-Feb-2014| 21:54| 1,518 \nmsfeedsbs.mof| Not versioned| 21-Aug-2013| 23:54| 1,574 \nmsfeedsbs.dll| 11.0.9600.19650| 11-Feb-2020| 5:16| 60,416 \nmsfeedssync.exe| 11.0.9600.17416| 30-Oct-2014| 22:08| 12,800 \nmshta.exe| 11.0.9600.17416| 30-Oct-2014| 22:12| 13,824 \nmshtmled.dll| 11.0.9600.20045| 4-Jun-2021| 21:55| 92,672 \nmshtml.dll| 11.0.9600.20091| 12-Jul-2021| 22:22| 25,757,696 \nmshtml.tlb| 11.0.9600.16518| 6-Feb-2014| 3:30| 2,724,864 \nMicrosoft-Windows-IE-HTMLRendering.ptxml| Not versioned| 5-Feb-2014| 21:41| 3,228 \nIEAdvpack.dll| 11.0.9600.17416| 30-Oct-2014| 21:54| 132,096 \nieetwcollector.exe| 11.0.9600.18895| 1-Jan-2018| 21:17| 116,224 \nieetwproxystub.dll| 11.0.9600.18895| 1-Jan-2018| 21:28| 48,640 \nieetwcollectorres.dll| 11.0.9600.16518| 6-Feb-2014| 3:30| 4,096 \nielowutil.exe| 11.0.9600.17416| 30-Oct-2014| 21:55| 222,720 \nieproxy.dll| 11.0.9600.20045| 4-Jun-2021| 21:13| 870,400 \nIEShims.dll| 11.0.9600.19650| 11-Feb-2020| 4:29| 387,072 \niexpress.exe| 11.0.9600.17416| 30-Oct-2014| 22:10| 167,424 \nwextract.exe| 11.0.9600.17416| 30-Oct-2014| 22:12| 143,872 \nimgutil.dll| 11.0.9600.19963| 12-Feb-2021| 18:08| 51,712 \nWindows Pop-up Blocked.wav| Not versioned| 23-Sep-2013| 20:25| 85,548 \nWindows Information Bar.wav| Not versioned| 23-Sep-2013| 20:25| 23,308 \nWindows Feed Discovered.wav| Not versioned| 23-Sep-2013| 20:25| 19,884 \nWindows Navigation Start.wav| Not versioned| 23-Sep-2013| 20:25| 11,340 \nbing.ico| Not versioned| 23-Sep-2013| 19:51| 5,430 \nieUnatt.exe| 11.0.9600.17416| 30-Oct-2014| 21:51| 144,384 \nMicrosoft-Windows-IE-InternetExplorer-ppdlic.xrm-ms| Not versioned| 12-Jul-2021| 22:53| 2,956 \njsdbgui.dll| 11.0.9600.19963| 12-Feb-2021| 18:43| 591,872 \njsprofilerui.dll| 11.0.9600.19963| 12-Feb-2021| 18:44| 628,736 \nMemoryAnalyzer.dll| 11.0.9600.19963| 12-Feb-2021| 19:01| 1,862,656 \nMshtmlDac.dll| 11.0.9600.19846| 23-Sep-2020| 21:25| 88,064 \nnetworkinspection.dll| 11.0.9600.19963| 12-Feb-2021| 18:38| 1,217,024 \noccache.dll| 11.0.9600.17416| 30-Oct-2014| 21:19| 152,064 \ndesktop.ini| Not versioned| 18-Jun-2013| 7:43| 65 \nwebcheck.dll| 11.0.9600.20045| 4-Jun-2021| 21:44| 262,144 \ndesktop.ini| Not versioned| 18-Jun-2013| 7:44| 65 \npdm.dll| 12.0.41202.0| 30-Sep-2014| 16:01| 579,192 \nmsdbg2.dll| 12.0.41202.0| 30-Sep-2014| 16:01| 403,592 \npdmproxy100.dll| 12.0.41202.0| 30-Sep-2014| 16:01| 107,152 \nmsrating.dll| 11.0.9600.18895| 1-Jan-2018| 20:56| 199,680 \nicrav03.rat| Not versioned| 23-Sep-2013| 19:32| 8,798 \nticrf.rat| Not versioned| 23-Sep-2013| 19:32| 1,988 \niertutil.dll| 11.0.9600.20064| 14-Jun-2021| 21:56| 2,916,864 \nie4uinit.exe| 11.0.9600.19963| 12-Feb-2021| 18:28| 728,064 \niernonce.dll| 11.0.9600.17416| 30-Oct-2014| 21:56| 34,304 \niesetup.dll| 11.0.9600.17416| 30-Oct-2014| 22:06| 66,560 \nieuinit.inf| Not versioned| 12-Mar-2015| 18:58| 16,303 \ninseng.dll| 11.0.9600.19101| 18-Jul-2018| 21:03| 107,520 \niesysprep.dll| 11.0.9600.17416| 30-Oct-2014| 21:29| 111,616 \nTimeline.dll| 11.0.9600.19963| 12-Feb-2021| 18:45| 219,648 \nTimeline_is.dll| 11.0.9600.19963| 12-Feb-2021| 19:07| 172,032 \nTimeline.cpu.xml| Not versioned| 24-Jul-2014| 11:58| 3,197 \nVGX.dll| 11.0.9600.19963| 12-Feb-2021| 18:43| 1,018,880 \nurl.dll| 11.0.9600.17416| 30-Oct-2014| 22:06| 237,568 \nieframe.dll.mui| 11.0.9600.19846| 24-Sep-2020| 0:14| 2,066,432 \nieframe.dll.mui| 11.0.9600.19846| 24-Sep-2020| 0:14| 2,121,216 \nieframe.dll.mui| 11.0.9600.19846| 24-Sep-2020| 0:14| 2,075,136 \nieframe.dll.mui| 11.0.9600.19846| 24-Sep-2020| 0:14| 2,063,872 \nieframe.dll.mui| 11.0.9600.19846| 24-Sep-2020| 0:14| 2,314,240 \nieframe.dll.mui| 11.0.9600.19846| 24-Sep-2020| 0:14| 2,390,528 \nieframe.dll.mui| 11.0.9600.19846| 24-Sep-2020| 0:14| 2,034,176 \nieframe.dll.mui| 11.0.9600.19846| 23-Sep-2020| 23:22| 2,033,152 \nieframe.dll.mui| 11.0.9600.19846| 24-Sep-2020| 0:13| 2,307,584 \nieframe.dll.mui| 11.0.9600.19846| 24-Sep-2020| 0:13| 2,255,872 \nieframe.dll.mui| 11.0.9600.19846| 24-Sep-2020| 0:14| 2,061,312 \nieframe.dll.mui| 11.0.9600.19846| 24-Sep-2020| 0:14| 2,326,016 \nieframe.dll.mui| 11.0.9600.19846| 24-Sep-2020| 0:14| 2,019,840 \nieframe.dll.mui| 11.0.9600.19846| 24-Sep-2020| 0:14| 2,071,040 \nieframe.dll.mui| 11.0.9600.19846| 24-Sep-2020| 0:14| 2,082,816 \nieframe.dll.mui| 11.0.9600.19846| 24-Sep-2020| 0:18| 2,307,584 \nieframe.dll.mui| 11.0.9600.19846| 24-Sep-2020| 0:17| 2,170,368 \nieframe.dll.mui| 11.0.9600.19846| 24-Sep-2020| 0:17| 2,153,984 \nieframe.dll.mui| 11.0.9600.19846| 24-Sep-2020| 0:15| 2,291,712 \nieframe.dll.mui| 11.0.9600.19846| 24-Sep-2020| 0:16| 2,283,520 \nieframe.dll.mui| 11.0.9600.19846| 24-Sep-2020| 0:17| 2,052,096 \nieframe.dll.mui| 11.0.9600.19846| 24-Sep-2020| 0:17| 2,301,952 \nieframe.dll.mui| 11.0.9600.19846| 24-Sep-2020| 0:18| 2,093,056 \nieframe.dll.mui| 11.0.9600.19846| 24-Sep-2020| 0:11| 2,075,648 \nieframe.dll.mui| 11.0.9600.19846| 24-Sep-2020| 0:10| 2,299,392 \nieframe.dll.mui| 11.0.9600.19846| 24-Sep-2020| 0:10| 2,094,592 \nieframe.dll.mui| 11.0.9600.19846| 24-Sep-2020| 0:12| 2,316,800 \nieframe.dll.mui| 11.0.9600.19846| 24-Sep-2020| 0:10| 2,305,536 \nieframe.dll.mui| 11.0.9600.19846| 24-Sep-2020| 0:11| 2,278,912 \nieframe.dll.mui| 11.0.9600.20091| 12-Jul-2021| 23:49| 2,286,080 \nieframe.dll.mui| 11.0.9600.19846| 24-Sep-2020| 0:11| 2,060,288 \nieframe.dll.mui| 11.0.9600.19846| 24-Sep-2020| 0:13| 2,315,776 \nieframe.dll.mui| 11.0.9600.19846| 24-Sep-2020| 0:13| 2,278,912 \nieframe.dll.mui| 11.0.9600.19846| 24-Sep-2020| 0:13| 2,324,992 \nieframe.dll.mui| 11.0.9600.19846| 24-Sep-2020| 0:13| 2,098,176 \nieframe.dll.mui| 11.0.9600.19846| 24-Sep-2020| 0:14| 1,890,304 \nieframe.dll.mui| 11.0.9600.19846| 24-Sep-2020| 0:14| 1,890,304 \nieframe.dll| 11.0.9600.20091| 12-Jul-2021| 21:26| 15,507,456 \nieframe.ptxml| Not versioned| 5-Feb-2014| 21:41| 24,486 \nieinstal.exe| 11.0.9600.18639| 25-Mar-2017| 10:20| 492,032 \nInetRes.adml| Not versioned| 12-Feb-2021| 22:00| 526,294 \nInetRes.adml| Not versioned| 12-Feb-2021| 22:00| 499,654 \nInetRes.adml| Not versioned| 12-Feb-2021| 21:59| 552,337 \nInetRes.adml| Not versioned| 12-Feb-2021| 22:01| 944,559 \nInetRes.adml| Not versioned| 12-Feb-2021| 21:14| 457,561 \nInetRes.adml| Not versioned| 12-Feb-2021| 22:00| 543,946 \nInetRes.adml| Not versioned| 12-Feb-2021| 22:01| 526,557 \nInetRes.adml| Not versioned| 12-Feb-2021| 21:59| 575,838 \nInetRes.adml| Not versioned| 12-Feb-2021| 22:01| 570,737 \nInetRes.adml| Not versioned| 12-Feb-2021| 21:56| 548,119 \nInetRes.adml| Not versioned| 12-Feb-2021| 21:56| 639,271 \nInetRes.adml| Not versioned| 12-Feb-2021| 21:57| 525,504 \nInetRes.adml| Not versioned| 12-Feb-2021| 21:56| 488,488 \nInetRes.adml| Not versioned| 12-Feb-2021| 21:56| 548,494 \nInetRes.adml| Not versioned| 12-Feb-2021| 21:56| 559,343 \nInetRes.adml| Not versioned| 12-Feb-2021| 22:02| 535,067 \nInetRes.adml| Not versioned| 12-Feb-2021| 22:02| 541,455 \nInetRes.adml| Not versioned| 12-Feb-2021| 22:03| 804,470 \nInetRes.adml| Not versioned| 12-Feb-2021| 22:00| 503,909 \nInetRes.adml| Not versioned| 12-Feb-2021| 22:02| 521,583 \nInetRes.adml| Not versioned| 12-Feb-2021| 22:02| 420,082 \nInetRes.adml| Not versioned| 12-Feb-2021| 21:59| 436,651 \nInetRes.adml| Not versioned| 12-Feb-2021| 21:59| 436,651 \ninetres.admx| Not versioned| 8-Feb-2021| 20:02| 1,678,023 \ninetcomm.dll| 6.3.9600.20091| 12-Jul-2021| 21:06| 1,033,216 \nINETRES.dll| 6.3.9600.16384| 22-Aug-2013| 4:43| 84,480 \njscript9.dll| 11.0.9600.20091| 12-Jul-2021| 22:01| 5,507,584 \njscript9diag.dll| 11.0.9600.19963| 12-Feb-2021| 19:03| 814,592 \njscript.dll| 5.8.9600.20091| 12-Jul-2021| 21:29| 785,408 \nvbscript.dll| 5.8.9600.20091| 12-Jul-2021| 21:39| 580,608 \niexplore.exe| 11.0.9600.19036| 24-May-2018| 22:24| 817,296 \nhtml.iec| 2019.0.0.18895| 1-Jan-2018| 20:51| 341,504 \nieui.dll| 11.0.9600.18895| 1-Jan-2018| 20:44| 476,160 \niepeers.dll| 11.0.9600.19963| 12-Feb-2021| 18:20| 128,512 \ntdc.ocx| 11.0.9600.19963| 12-Feb-2021| 18:24| 73,728 \ndxtmsft.dll| 11.0.9600.19963| 12-Feb-2021| 18:29| 415,744 \ndxtrans.dll| 11.0.9600.19963| 12-Feb-2021| 18:20| 280,064 \nmsfeeds.dll| 11.0.9600.20091| 12-Jul-2021| 20:37| 696,320 \nmsfeeds.mof| Not versioned| 5-Feb-2014| 21:53| 1,518 \nmshta.exe| 11.0.9600.17416| 30-Oct-2014| 20:28| 12,800 \nmshtmled.dll| 11.0.9600.19963| 12-Feb-2021| 18:21| 76,800 \nmshtml.dll| 11.0.9600.20091| 12-Jul-2021| 21:35| 20,293,632 \nmshtml.tlb| 11.0.9600.16518| 6-Feb-2014| 2:20| 2,724,864 \nwow64_Microsoft-Windows-IE-HTMLRendering.ptxml| Not versioned| 5-Feb-2014| 21:43| 3,228 \nieetwproxystub.dll| 11.0.9600.17416| 30-Oct-2014| 20:23| 47,616 \nieUnatt.exe| 11.0.9600.17416| 30-Oct-2014| 20:12| 115,712 \noccache.dll| 11.0.9600.17416| 30-Oct-2014| 19:48| 130,048 \nwebcheck.dll| 11.0.9600.19963| 12-Feb-2021| 18:13| 230,400 \niernonce.dll| 11.0.9600.17416| 30-Oct-2014| 20:15| 30,720 \niesetup.dll| 11.0.9600.17416| 30-Oct-2014| 20:24| 62,464 \nieuinit.inf| Not versioned| 12-Mar-2015| 18:55| 16,303 \niesysprep.dll| 11.0.9600.17416| 30-Oct-2014| 19:56| 90,624 \nieframe.dll| 11.0.9600.20091| 12-Jul-2021| 20:43| 13,882,368 \nie9props.propdesc| Not versioned| 23-Sep-2013| 19:34| 2,843 \nwow64_ieframe.ptxml| Not versioned| 5-Feb-2014| 21:43| 24,486 \njscript9.dll| 11.0.9600.20091| 12-Jul-2021| 20:46| 4,119,040 \njscript9diag.dll| 11.0.9600.19963| 12-Feb-2021| 18:37| 620,032 \njscript.dll| 5.8.9600.20091| 12-Jul-2021| 20:58| 653,824 \nvbscript.dll| 5.8.9600.20091| 12-Jul-2021| 21:07| 498,176 \nactxprxy.dll| 6.3.9600.20045| 4-Jun-2021| 21:32| 1,049,600 \nhlink.dll| 6.3.9600.19101| 18-Jul-2018| 20:55| 99,328 \npngfilt.dll| 11.0.9600.19963| 12-Feb-2021| 18:49| 58,368 \nurlmon.dll| 11.0.9600.20091| 12-Jul-2021| 20:21| 1,342,976 \nWininetPlugin.dll| 6.3.9600.17416| 30-Oct-2014| 20:12| 35,328 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 13:31| 46,592 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 13:30| 52,736 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 13:30| 51,200 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 13:30| 51,200 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 13:30| 56,320 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 13:32| 57,856 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 13:32| 49,664 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 11:17| 49,664 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 13:32| 54,272 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 13:32| 47,616 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 13:32| 49,152 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 13:30| 55,296 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 13:32| 45,056 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 13:32| 51,712 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 13:32| 51,712 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 13:32| 53,248 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 13:32| 39,424 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 13:32| 35,840 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 13:31| 50,176 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 13:31| 51,200 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 13:31| 50,688 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 13:31| 52,736 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 13:31| 53,760 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 12:30| 54,272 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 12:29| 54,272 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 12:30| 52,736 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 12:29| 51,200 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 12:30| 53,248 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 12:30| 52,736 \nwininet.dll.mui| 11.0.9600.20091| 12-Jul-2021| 23:22| 51,712 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 12:30| 50,688 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 12:27| 50,688 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 12:28| 50,176 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 12:28| 50,176 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 12:28| 31,232 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 13:30| 31,232 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 13:30| 31,232 \ninetcpl.cpl| 11.0.9600.20045| 4-Jun-2021| 21:30| 2,058,752 \nmshtml.dll.mui| 11.0.9600.19404| 9-Jul-2019| 21:50| 307,200 \nmshtml.dll.mui| 11.0.9600.19404| 9-Jul-2019| 21:50| 293,888 \nmshtml.dll.mui| 11.0.9600.19404| 9-Jul-2019| 21:52| 290,304 \nmshtml.dll.mui| 11.0.9600.19404| 9-Jul-2019| 21:50| 289,280 \nmshtml.dll.mui| 11.0.9600.19404| 9-Jul-2019| 21:50| 299,008 \nmshtml.dll.mui| 11.0.9600.19404| 9-Jul-2019| 21:50| 303,104 \nmshtml.dll.mui| 11.0.9600.19404| 9-Jul-2019| 21:49| 282,112 \nmshtml.dll.mui| 11.0.9600.19404| 9-Jul-2019| 20:58| 282,112 \nmshtml.dll.mui| 11.0.9600.19404| 9-Jul-2019| 21:51| 296,960 \nmshtml.dll.mui| 11.0.9600.19404| 9-Jul-2019| 21:50| 283,648 \nmshtml.dll.mui| 11.0.9600.19404| 9-Jul-2019| 21:50| 291,840 \nmshtml.dll.mui| 11.0.9600.19404| 9-Jul-2019| 21:50| 299,520 \nmshtml.dll.mui| 11.0.9600.19404| 9-Jul-2019| 21:51| 275,968 \nmshtml.dll.mui| 11.0.9600.19404| 9-Jul-2019| 21:49| 290,816 \nmshtml.dll.mui| 11.0.9600.19404| 9-Jul-2019| 21:49| 293,376 \nmshtml.dll.mui| 11.0.9600.19404| 9-Jul-2019| 21:53| 296,960 \nmshtml.dll.mui| 11.0.9600.19404| 9-Jul-2019| 21:53| 258,048 \nmshtml.dll.mui| 11.0.9600.19404| 9-Jul-2019| 21:52| 256,512 \nmshtml.dll.mui| 11.0.9600.19404| 9-Jul-2019| 21:51| 289,280 \nmshtml.dll.mui| 11.0.9600.19404| 9-Jul-2019| 21:53| 288,256 \nmshtml.dll.mui| 11.0.9600.19404| 9-Jul-2019| 21:53| 285,184 \nmshtml.dll.mui| 11.0.9600.19404| 9-Jul-2019| 21:53| 295,424 \nmshtml.dll.mui| 11.0.9600.19404| 9-Jul-2019| 21:52| 297,472 \nmshtml.dll.mui| 11.0.9600.19404| 9-Jul-2019| 21:50| 292,864 \nmshtml.dll.mui| 11.0.9600.19404| 9-Jul-2019| 21:51| 295,424 \nmshtml.dll.mui| 11.0.9600.19404| 9-Jul-2019| 21:50| 294,400 \nmshtml.dll.mui| 11.0.9600.19404| 9-Jul-2019| 21:51| 294,400 \nmshtml.dll.mui| 11.0.9600.19404| 9-Jul-2019| 21:50| 292,864 \nmshtml.dll.mui| 11.0.9600.19404| 9-Jul-2019| 21:50| 290,816 \nmshtml.dll.mui| 11.0.9600.20091| 12-Jul-2021| 23:25| 290,816 \nmshtml.dll.mui| 11.0.9600.19404| 9-Jul-2019| 21:50| 286,208 \nmshtml.dll.mui| 11.0.9600.19404| 9-Jul-2019| 21:43| 281,600 \nmshtml.dll.mui| 11.0.9600.19404| 9-Jul-2019| 21:43| 286,720 \nmshtml.dll.mui| 11.0.9600.19404| 9-Jul-2019| 21:42| 292,352 \nmshtml.dll.mui| 11.0.9600.19404| 9-Jul-2019| 21:43| 242,176 \nmshtml.dll.mui| 11.0.9600.19404| 9-Jul-2019| 21:53| 243,200 \nmshtml.dll.mui| 11.0.9600.19404| 9-Jul-2019| 21:50| 243,200 \nJavaScriptCollectionAgent.dll| 11.0.9600.19963| 12-Feb-2021| 18:25| 60,416 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 13:26| 46,080 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 13:24| 50,176 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 13:23| 48,640 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 13:24| 49,664 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 13:23| 51,712 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 12:12| 54,272 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 12:12| 48,128 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 11:10| 48,128 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 12:12| 50,176 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 12:12| 47,616 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 12:12| 49,152 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 13:24| 50,688 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 12:12| 45,056 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 12:12| 49,152 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 12:13| 49,152 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 12:07| 49,664 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 12:07| 39,936 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 12:07| 39,424 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 12:07| 47,616 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 12:07| 48,640 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 12:07| 51,200 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 12:07| 50,688 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 12:03| 49,152 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 12:04| 50,176 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 12:02| 49,152 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 12:03| 48,640 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 12:03| 49,664 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 12:03| 48,640 \nurlmon.dll.mui| 11.0.9600.20091| 12-Jul-2021| 23:24| 49,664 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 12:03| 48,640 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 12:04| 48,128 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 12:04| 49,152 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 12:05| 48,128 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 12:04| 35,328 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 13:23| 35,328 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 13:23| 35,328 \nwininet.dll| 11.0.9600.20091| 12-Jul-2021| 20:26| 4,387,840 \njsproxy.dll| 11.0.9600.17416| 30-Oct-2014| 20:16| 47,104 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 14:12| 114,176 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 14:09| 130,560 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 14:10| 124,928 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 14:12| 122,880 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 14:10| 130,048 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 14:12| 138,240 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 14:12| 114,688 \ninetcpl.cpl.mui| 11.0.9600.18666| 16-Apr-2017| 1:51| 114,688 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 14:12| 131,584 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 14:10| 117,760 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 14:12| 122,368 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 14:12| 134,144 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 14:13| 107,008 \ninetcpl.cpl.mui| 11.0.9600.18838| 14-Oct-2017| 1:46| 123,392 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 14:11| 127,488 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 14:11| 128,512 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 14:07| 88,064 \ninetcpl.cpl.mui| 11.0.9600.18838| 14-Oct-2017| 1:47| 82,944 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 14:07| 125,440 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 14:07| 123,392 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 14:10| 120,320 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 14:07| 130,560 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 14:07| 129,024 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 15:26| 125,952 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 15:26| 129,024 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 15:25| 128,000 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 15:26| 123,904 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 15:26| 129,024 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 15:25| 123,904 \ninetcpl.cpl.mui| 11.0.9600.20091| 12-Jul-2021| 23:25| 124,416 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 13:56| 121,856 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 14:03| 115,712 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 14:04| 123,904 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 14:04| 125,440 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 14:04| 74,752 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 14:09| 75,776 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 14:10| 75,776 \niedkcs32.dll| 18.0.9600.20045| 4-Jun-2021| 21:34| 333,312 \ninstall.ins| Not versioned| 12-Jul-2021| 19:02| 464 \nieapfltr.dat| 10.0.9301.0| 23-Sep-2013| 19:20| 616,104 \nieapfltr.dll| 11.0.9600.20091| 12-Jul-2021| 20:18| 710,656 \nlicmgr10.dll| 11.0.9600.17416| 30-Oct-2014| 20:03| 27,136 \niedvtool.dll| 11.0.9600.20045| 4-Jun-2021| 22:45| 772,608 \nDiagnosticsTap.dll| 11.0.9600.19963| 12-Feb-2021| 18:28| 175,104 \nF12Tools.dll| 11.0.9600.19963| 12-Feb-2021| 18:27| 256,000 \nmsfeedsbs.mof| Not versioned| 21-Aug-2013| 16:49| 1,574 \nmsfeedsbs.dll| 11.0.9600.19650| 11-Feb-2020| 4:57| 52,736 \nmsfeedssync.exe| 11.0.9600.17416| 30-Oct-2014| 20:25| 11,264 \nIEAdvpack.dll| 11.0.9600.17416| 30-Oct-2014| 20:14| 112,128 \nielowutil.exe| 11.0.9600.19404| 9-Jul-2019| 20:06| 221,184 \nieproxy.dll| 11.0.9600.19963| 12-Feb-2021| 17:45| 310,784 \nIEShims.dll| 11.0.9600.20045| 4-Jun-2021| 21:12| 290,304 \niexpress.exe| 11.0.9600.17416| 30-Oct-2014| 20:27| 152,064 \nwextract.exe| 11.0.9600.17416| 30-Oct-2014| 20:28| 137,728 \nimgutil.dll| 11.0.9600.19963| 12-Feb-2021| 17:59| 40,448 \nExtExport.exe| 11.0.9600.17416| 30-Oct-2014| 20:20| 25,600 \njsdbgui.dll| 11.0.9600.19963| 12-Feb-2021| 18:22| 459,776 \njsprofilerui.dll| 11.0.9600.19963| 12-Feb-2021| 18:22| 579,584 \nMshtmlDac.dll| 11.0.9600.19867| 12-Oct-2020| 21:43| 64,000 \nnetworkinspection.dll| 11.0.9600.19846| 23-Sep-2020| 20:28| 1,075,200 \npdm.dll| 12.0.41202.0| 30-Sep-2014| 16:00| 442,992 \nmsdbg2.dll| 12.0.41202.0| 30-Sep-2014| 16:00| 315,008 \npdmproxy100.dll| 12.0.41202.0| 30-Sep-2014| 16:00| 99,984 \nmsrating.dll| 11.0.9600.19507| 5-Oct-2019| 19:57| 168,960 \nicrav03.rat| Not versioned| 23-Sep-2013| 19:25| 8,798 \nticrf.rat| Not versioned| 23-Sep-2013| 19:26| 1,988 \niertutil.dll| 11.0.9600.20064| 14-Jun-2021| 21:16| 2,308,608 \ninseng.dll| 11.0.9600.17416| 30-Oct-2014| 19:56| 91,136 \nVGX.dll| 11.0.9600.19963| 12-Feb-2021| 18:21| 818,176 \nurl.dll| 11.0.9600.17416| 30-Oct-2014| 20:24| 235,520 \nieframe.dll.mui| 11.0.9600.19846| 23-Sep-2020| 22:27| 2,066,432 \nieframe.dll.mui| 11.0.9600.19846| 23-Sep-2020| 22:26| 2,121,216 \nieframe.dll.mui| 11.0.9600.19846| 23-Sep-2020| 22:26| 2,075,136 \nieframe.dll.mui| 11.0.9600.19846| 23-Sep-2020| 22:27| 2,063,872 \nieframe.dll.mui| 11.0.9600.19846| 23-Sep-2020| 22:26| 2,314,240 \nieframe.dll.mui| 11.0.9600.19846| 23-Sep-2020| 22:29| 2,390,528 \nieframe.dll.mui| 11.0.9600.19846| 23-Sep-2020| 22:29| 2,034,176 \nieframe.dll.mui| 11.0.9600.19846| 23-Sep-2020| 21:39| 2,033,152 \nieframe.dll.mui| 11.0.9600.19846| 23-Sep-2020| 22:29| 2,307,584 \nieframe.dll.mui| 11.0.9600.19846| 23-Sep-2020| 22:29| 2,255,872 \nieframe.dll.mui| 11.0.9600.19846| 23-Sep-2020| 22:30| 2,061,312 \nieframe.dll.mui| 11.0.9600.19846| 23-Sep-2020| 22:26| 2,326,016 \nieframe.dll.mui| 11.0.9600.19846| 23-Sep-2020| 22:29| 2,019,840 \nieframe.dll.mui| 11.0.9600.19846| 23-Sep-2020| 22:29| 2,071,040 \nieframe.dll.mui| 11.0.9600.19846| 23-Sep-2020| 22:29| 2,082,816 \nieframe.dll.mui| 11.0.9600.19846| 23-Sep-2020| 22:27| 2,307,584 \nieframe.dll.mui| 11.0.9600.19846| 23-Sep-2020| 22:26| 2,170,368 \nieframe.dll.mui| 11.0.9600.19846| 23-Sep-2020| 22:27| 2,153,984 \nieframe.dll.mui| 11.0.9600.19846| 23-Sep-2020| 22:26| 2,291,712 \nieframe.dll.mui| 11.0.9600.19846| 23-Sep-2020| 22:27| 2,283,520 \nieframe.dll.mui| 11.0.9600.19846| 23-Sep-2020| 22:26| 2,052,096 \nieframe.dll.mui| 11.0.9600.19846| 23-Sep-2020| 22:27| 2,301,952 \nieframe.dll.mui| 11.0.9600.19846| 23-Sep-2020| 22:27| 2,093,056 \nieframe.dll.mui| 11.0.9600.19846| 23-Sep-2020| 22:30| 2,075,648 \nieframe.dll.mui| 11.0.9600.19846| 23-Sep-2020| 22:30| 2,299,392 \nieframe.dll.mui| 11.0.9600.19846| 23-Sep-2020| 22:30| 2,094,592 \nieframe.dll.mui| 11.0.9600.19846| 23-Sep-2020| 22:30| 2,316,800 \nieframe.dll.mui| 11.0.9600.19846| 23-Sep-2020| 22:30| 2,305,536 \nieframe.dll.mui| 11.0.9600.19846| 23-Sep-2020| 22:30| 2,278,912 \nieframe.dll.mui| 11.0.9600.20091| 12-Jul-2021| 23:26| 2,286,080 \nieframe.dll.mui| 11.0.9600.19846| 23-Sep-2020| 22:30| 2,060,288 \nieframe.dll.mui| 11.0.9600.19846| 23-Sep-2020| 22:30| 2,315,776 \nieframe.dll.mui| 11.0.9600.19846| 23-Sep-2020| 22:30| 2,278,912 \nieframe.dll.mui| 11.0.9600.19846| 23-Sep-2020| 22:29| 2,324,992 \nieframe.dll.mui| 11.0.9600.19846| 23-Sep-2020| 22:30| 2,098,176 \nieframe.dll.mui| 11.0.9600.19846| 23-Sep-2020| 22:26| 1,890,304 \nieframe.dll.mui| 11.0.9600.19846| 23-Sep-2020| 22:26| 1,890,304 \nieinstal.exe| 11.0.9600.18921| 9-Feb-2018| 21:35| 475,648 \ninetcomm.dll| 6.3.9600.20091| 12-Jul-2021| 20:41| 880,640 \nINETRES.dll| 6.3.9600.16384| 21-Aug-2013| 21:14| 84,480 \n \n### \n\n__\n\nInternet Explorer 11 on all supported Arm-based versions\n\n**File name**| **File version**| **Date**| **Time**| **File size** \n---|---|---|---|--- \nactxprxy.dll| 6.3.9600.20045| 4-Jun-2021| 20:58| 1,064,960 \nhlink.dll| 6.3.9600.19101| 18-Jul-2018| 20:30| 68,608 \npngfilt.dll| 11.0.9600.19963| 12-Feb-2021| 18:21| 47,616 \nurlmon.dll| 11.0.9600.20091| 12-Jul-2021| 20:05| 1,035,264 \niexplore.exe| 11.0.9600.19867| 12-Oct-2020| 22:01| 807,816 \nWininetPlugin.dll| 6.3.9600.16384| 21-Aug-2013| 19:52| 33,792 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 13:08| 46,592 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 13:08| 52,736 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 13:08| 51,200 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 13:08| 51,200 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 13:08| 56,320 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 13:09| 57,856 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 13:09| 49,664 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 10:19| 49,664 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 13:09| 54,272 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 13:09| 47,616 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 13:09| 49,152 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 13:08| 55,296 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 13:09| 45,056 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 13:09| 51,712 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 13:09| 51,712 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 13:09| 53,248 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 13:09| 39,424 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 13:09| 35,840 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 13:09| 50,176 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 13:09| 51,200 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 13:09| 50,688 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 13:10| 52,736 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 13:09| 53,760 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 13:08| 54,272 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 13:07| 54,272 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 13:08| 52,736 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 13:08| 51,200 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 13:08| 53,248 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 13:08| 52,736 \nwininet.dll.mui| 11.0.9600.20091| 12-Jul-2021| 21:58| 51,712 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 13:07| 50,688 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 13:06| 50,688 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 13:06| 50,176 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 13:06| 50,176 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 13:06| 31,232 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 13:08| 31,232 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 13:08| 31,232 \nhtml.iec| 2019.0.0.20045| 4-Jun-2021| 21:28| 320,000 \ninetcpl.cpl| 11.0.9600.20045| 4-Jun-2021| 21:05| 2,007,040 \nmshtml.dll.mui| 11.0.9600.19507| 5-Oct-2019| 20:51| 307,200 \nmshtml.dll.mui| 11.0.9600.19507| 5-Oct-2019| 20:51| 293,888 \nmshtml.dll.mui| 11.0.9600.19507| 5-Oct-2019| 20:51| 290,304 \nmshtml.dll.mui| 11.0.9600.19507| 5-Oct-2019| 20:51| 289,280 \nmshtml.dll.mui| 11.0.9600.19507| 5-Oct-2019| 20:51| 299,008 \nmshtml.dll.mui| 11.0.9600.19507| 5-Oct-2019| 20:51| 303,104 \nmshtml.dll.mui| 11.0.9600.19507| 5-Oct-2019| 20:51| 282,112 \nmshtml.dll.mui| 11.0.9600.19507| 5-Oct-2019| 20:16| 282,112 \nmshtml.dll.mui| 11.0.9600.19507| 5-Oct-2019| 20:52| 296,960 \nmshtml.dll.mui| 11.0.9600.19507| 5-Oct-2019| 20:51| 283,648 \nmshtml.dll.mui| 11.0.9600.19507| 5-Oct-2019| 20:51| 291,840 \nmshtml.dll.mui| 11.0.9600.19507| 5-Oct-2019| 20:51| 299,520 \nmshtml.dll.mui| 11.0.9600.19507| 5-Oct-2019| 20:51| 275,968 \nmshtml.dll.mui| 11.0.9600.19507| 5-Oct-2019| 20:52| 290,816 \nmshtml.dll.mui| 11.0.9600.19507| 5-Oct-2019| 20:51| 293,376 \nmshtml.dll.mui| 11.0.9600.19507| 5-Oct-2019| 20:51| 296,960 \nmshtml.dll.mui| 11.0.9600.19507| 5-Oct-2019| 20:51| 258,048 \nmshtml.dll.mui| 11.0.9600.19507| 5-Oct-2019| 20:51| 256,512 \nmshtml.dll.mui| 11.0.9600.19507| 5-Oct-2019| 20:51| 289,280 \nmshtml.dll.mui| 11.0.9600.19507| 5-Oct-2019| 20:51| 288,256 \nmshtml.dll.mui| 11.0.9600.19507| 5-Oct-2019| 20:51| 285,184 \nmshtml.dll.mui| 11.0.9600.19507| 5-Oct-2019| 20:51| 295,424 \nmshtml.dll.mui| 11.0.9600.19507| 5-Oct-2019| 20:51| 297,472 \nmshtml.dll.mui| 11.0.9600.19507| 5-Oct-2019| 20:50| 292,864 \nmshtml.dll.mui| 11.0.9600.19507| 5-Oct-2019| 20:50| 295,424 \nmshtml.dll.mui| 11.0.9600.19507| 5-Oct-2019| 20:51| 294,400 \nmshtml.dll.mui| 11.0.9600.19507| 5-Oct-2019| 20:50| 294,400 \nmshtml.dll.mui| 11.0.9600.19507| 5-Oct-2019| 20:50| 292,864 \nmshtml.dll.mui| 11.0.9600.19507| 5-Oct-2019| 20:51| 290,816 \nmshtml.dll.mui| 11.0.9600.20091| 12-Jul-2021| 21:58| 290,816 \nmshtml.dll.mui| 11.0.9600.19507| 5-Oct-2019| 20:50| 286,208 \nmshtml.dll.mui| 11.0.9600.19507| 5-Oct-2019| 20:48| 281,600 \nmshtml.dll.mui| 11.0.9600.19507| 5-Oct-2019| 20:48| 286,720 \nmshtml.dll.mui| 11.0.9600.19507| 5-Oct-2019| 20:48| 292,352 \nmshtml.dll.mui| 11.0.9600.19507| 5-Oct-2019| 20:48| 242,176 \nmshtml.dll.mui| 11.0.9600.19507| 5-Oct-2019| 20:51| 243,200 \nmshtml.dll.mui| 11.0.9600.19507| 5-Oct-2019| 20:51| 243,200 \nF12Resources.dll.mui| 11.0.9600.17278| 16-Aug-2014| 4:19| 73,728 \nF12Resources.dll.mui| 11.0.9600.17278| 16-Aug-2014| 4:19| 67,584 \nF12Resources.dll.mui| 11.0.9600.17278| 16-Aug-2014| 4:19| 67,584 \nF12Resources.dll.mui| 11.0.9600.17278| 16-Aug-2014| 4:19| 74,240 \nF12Resources.dll.mui| 11.0.9600.17278| 16-Aug-2014| 4:19| 78,848 \nF12Resources.dll.mui| 11.0.9600.17278| 16-Aug-2014| 4:19| 61,440 \nF12Resources.dll.mui| 11.0.9600.17278| 15-Aug-2014| 18:39| 61,440 \nF12Resources.dll.mui| 11.0.9600.17278| 16-Aug-2014| 4:19| 74,752 \nF12Resources.dll.mui| 11.0.9600.17278| 16-Aug-2014| 4:19| 62,464 \nF12Resources.dll.mui| 11.0.9600.17278| 16-Aug-2014| 4:27| 68,096 \nF12Resources.dll.mui| 11.0.9600.17278| 16-Aug-2014| 4:27| 75,264 \nF12Resources.dll.mui| 11.0.9600.17278| 16-Aug-2014| 4:28| 68,608 \nF12Resources.dll.mui| 11.0.9600.17278| 16-Aug-2014| 4:27| 71,680 \nF12Resources.dll.mui| 11.0.9600.17278| 16-Aug-2014| 4:27| 73,216 \nF12Resources.dll.mui| 11.0.9600.17278| 16-Aug-2014| 4:18| 41,472 \nF12Resources.dll.mui| 11.0.9600.17278| 16-Aug-2014| 4:18| 37,888 \nF12Resources.dll.mui| 11.0.9600.17278| 16-Aug-2014| 4:18| 68,608 \nF12Resources.dll.mui| 11.0.9600.17278| 16-Aug-2014| 4:18| 67,584 \nF12Resources.dll.mui| 11.0.9600.17278| 16-Aug-2014| 4:18| 65,536 \nF12Resources.dll.mui| 11.0.9600.17278| 16-Aug-2014| 4:18| 74,240 \nF12Resources.dll.mui| 11.0.9600.17278| 16-Aug-2014| 4:18| 70,656 \nF12Resources.dll.mui| 11.0.9600.17278| 16-Aug-2014| 4:18| 71,168 \nF12Resources.dll.mui| 11.0.9600.17278| 16-Aug-2014| 4:18| 71,680 \nF12Resources.dll.mui| 11.0.9600.17278| 16-Aug-2014| 4:18| 71,168 \nF12Resources.dll.mui| 11.0.9600.17278| 16-Aug-2014| 4:27| 69,632 \nF12Resources.dll.mui| 11.0.9600.17278| 16-Aug-2014| 4:27| 68,096 \nF12Resources.dll.mui| 11.0.9600.17278| 16-Aug-2014| 4:26| 68,608 \nF12Resources.dll.mui| 11.0.9600.20091| 12-Jul-2021| 21:58| 68,096 \nF12Resources.dll.mui| 11.0.9600.17278| 16-Aug-2014| 4:27| 65,536 \nF12Resources.dll.mui| 11.0.9600.17278| 16-Aug-2014| 4:27| 59,904 \nF12Resources.dll.mui| 11.0.9600.17278| 16-Aug-2014| 4:27| 65,536 \nF12Resources.dll.mui| 11.0.9600.17278| 16-Aug-2014| 4:26| 69,120 \nF12Resources.dll.mui| 11.0.9600.17278| 16-Aug-2014| 4:27| 29,696 \nF12Resources.dll.mui| 11.0.9600.17278| 16-Aug-2014| 4:19| 30,720 \nF12Resources.dll.mui| 11.0.9600.17278| 16-Aug-2014| 4:18| 30,720 \nJavaScriptCollectionAgent.dll| 11.0.9600.19963| 12-Feb-2021| 18:03| 63,488 \nDiagnosticsHub.ScriptedSandboxPlugin.dll| 11.0.9600.19963| 12-Feb-2021| 18:04| 215,552 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 13:02| 46,080 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 13:02| 50,176 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 13:02| 48,640 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 13:02| 49,664 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 13:02| 51,712 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 13:03| 54,272 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 13:03| 48,128 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 10:09| 48,128 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 13:03| 50,176 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 13:03| 47,616 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 13:04| 49,152 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 13:02| 50,688 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 13:03| 45,056 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 13:03| 49,152 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 13:03| 49,152 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 12:54| 49,664 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 12:53| 39,936 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 12:53| 39,424 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 12:53| 47,616 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 12:53| 47,616 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 12:53| 48,640 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 12:53| 51,200 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 12:53| 50,688 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 13:03| 49,152 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 13:02| 50,176 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 13:02| 49,152 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 13:02| 48,640 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 13:02| 49,664 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 13:02| 48,640 \nurlmon.dll.mui| 11.0.9600.20091| 12-Jul-2021| 21:57| 49,664 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 13:02| 48,640 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 12:59| 48,128 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 12:58| 49,152 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 12:58| 48,128 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 12:58| 35,328 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 13:02| 35,328 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 13:02| 35,328 \nwininet.dll| 11.0.9600.20091| 12-Jul-2021| 20:04| 4,147,712 \njsproxy.dll| 11.0.9600.17416| 30-Oct-2014| 19:43| 39,936 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 15:24| 114,176 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 15:24| 130,560 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 15:24| 124,928 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 15:24| 122,880 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 15:24| 130,048 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 15:23| 138,240 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 15:23| 114,688 \ninetcpl.cpl.mui| 11.0.9600.18698| 14-May-2017| 12:41| 114,688 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 15:23| 131,584 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 15:23| 117,760 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 15:23| 122,368 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 15:24| 134,144 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 15:23| 107,008 \ninetcpl.cpl.mui| 11.0.9600.18838| 14-Oct-2017| 0:14| 123,392 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 15:24| 127,488 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 15:23| 128,512 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 15:23| 88,064 \ninetcpl.cpl.mui| 11.0.9600.18838| 14-Oct-2017| 0:14| 82,944 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 15:23| 125,440 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 15:23| 123,392 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 15:23| 120,320 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 15:24| 130,560 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 15:23| 129,024 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 15:24| 125,952 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 15:24| 129,024 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 15:24| 128,000 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 15:24| 123,904 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 15:24| 129,024 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 15:24| 123,904 \ninetcpl.cpl.mui| 11.0.9600.20091| 12-Jul-2021| 21:57| 124,416 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 15:24| 121,856 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 15:21| 115,712 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 15:21| 123,904 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 15:22| 125,440 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 15:21| 74,752 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 15:23| 75,776 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 15:24| 75,776 \nieui.dll| 11.0.9600.19650| 11-Feb-2020| 4:46| 427,520 \niedkcs32.dll| 18.0.9600.19963| 12-Feb-2021| 17:52| 292,864 \ninstall.ins| Not versioned| 12-Jul-2021| 19:01| 464 \nieapfltr.dat| 10.0.9301.0| 23-Sep-2013| 19:22| 616,104 \nieapfltr.dll| 11.0.9600.20091| 12-Jul-2021| 20:07| 548,864 \niepeers.dll| 11.0.9600.19963| 12-Feb-2021| 17:59| 107,008 \nlicmgr10.dll| 11.0.9600.17416| 30-Oct-2014| 19:34| 23,552 \ntdc.ocx| 11.0.9600.19963| 12-Feb-2021| 18:02| 62,464 \nDiagnosticsHub.DataWarehouse.dll| 11.0.9600.17416| 30-Oct-2014| 19:52| 495,616 \niedvtool.dll| 11.0.9600.20045| 4-Jun-2021| 21:19| 726,016 \nDiagnosticsHub_is.dll| 11.0.9600.19963| 12-Feb-2021| 18:22| 39,936 \ndxtmsft.dll| 11.0.9600.19963| 12-Feb-2021| 18:06| 364,032 \ndxtrans.dll| 11.0.9600.19963| 12-Feb-2021| 17:58| 221,696 \nMicrosoft-Windows-IE-F12-Provider.ptxml| Not versioned| 15-Aug-2014| 15:50| 11,892 \nF12.dll.mui| 11.0.9600.17278| 16-Aug-2014| 4:18| 4,096 \nF12.dll.mui| 11.0.9600.17278| 16-Aug-2014| 4:18| 4,096 \nF12.dll.mui| 11.0.9600.17278| 16-Aug-2014| 4:19| 4,096 \nF12.dll.mui| 11.0.9600.17278| 16-Aug-2014| 4:19| 4,096 \nF12.dll.mui| 11.0.9600.17278| 16-Aug-2014| 4:19| 4,096 \nF12.dll.mui| 11.0.9600.17278| 16-Aug-2014| 4:20| 4,096 \nF12.dll.mui| 11.0.9600.17278| 15-Aug-2014| 18:39| 4,096 \nF12.dll.mui| 11.0.9600.17278| 16-Aug-2014| 4:19| 4,096 \nF12.dll.mui| 11.0.9600.17278| 16-Aug-2014| 4:18| 4,096 \nF12.dll.mui| 11.0.9600.17278| 16-Aug-2014| 4:27| 4,096 \nF12.dll.mui| 11.0.9600.17278| 16-Aug-2014| 4:28| 4,096 \nF12.dll.mui| 11.0.9600.17278| 16-Aug-2014| 4:27| 4,096 \nF12.dll.mui| 11.0.9600.17278| 16-Aug-2014| 4:27| 4,096 \nF12.dll.mui| 11.0.9600.17278| 16-Aug-2014| 4:27| 4,096 \nF12.dll.mui| 11.0.9600.17278| 16-Aug-2014| 4:18| 3,584 \nF12.dll.mui| 11.0.9600.17278| 16-Aug-2014| 4:19| 3,584 \nF12.dll.mui| 11.0.9600.17278| 16-Aug-2014| 4:18| 4,096 \nF12.dll.mui| 11.0.9600.17278| 16-Aug-2014| 4:17| 4,096 \nF12.dll.mui| 11.0.9600.17278| 16-Aug-2014| 4:18| 4,096 \nF12.dll.mui| 11.0.9600.17278| 16-Aug-2014| 4:18| 4,096 \nF12.dll.mui| 11.0.9600.17278| 16-Aug-2014| 4:19| 4,096 \nF12.dll.mui| 11.0.9600.17278| 16-Aug-2014| 4:18| 4,096 \nF12.dll.mui| 11.0.9600.17278| 16-Aug-2014| 4:18| 4,096 \nF12.dll.mui| 11.0.9600.17278| 16-Aug-2014| 4:18| 4,096 \nF12.dll.mui| 11.0.9600.17278| 16-Aug-2014| 4:27| 4,096 \nF12.dll.mui| 11.0.9600.17278| 16-Aug-2014| 4:27| 4,096 \nF12.dll.mui| 11.0.9600.17278| 16-Aug-2014| 4:26| 4,096 \nF12.dll.mui| 11.0.9600.20091| 12-Jul-2021| 21:57| 4,096 \nF12.dll.mui| 11.0.9600.17278| 16-Aug-2014| 4:26| 4,096 \nF12.dll.mui| 11.0.9600.17278| 16-Aug-2014| 4:27| 4,096 \nF12.dll.mui| 11.0.9600.17278| 16-Aug-2014| 4:26| 4,096 \nF12.dll.mui| 11.0.9600.17278| 16-Aug-2014| 4:26| 4,096 \nF12.dll.mui| 11.0.9600.17278| 16-Aug-2014| 4:27| 3,584 \nF12.dll.mui| 11.0.9600.17278| 16-Aug-2014| 4:19| 3,584 \nF12.dll.mui| 11.0.9600.17278| 16-Aug-2014| 4:18| 3,584 \nDiagnosticsTap.dll| 11.0.9600.20045| 4-Jun-2021| 21:17| 175,616 \nF12Resources.dll| 11.0.9600.17496| 21-Nov-2014| 17:44| 10,948,608 \nF12Tools.dll| 11.0.9600.20045| 4-Jun-2021| 21:16| 263,680 \nF12.dll| 11.0.9600.20045| 4-Jun-2021| 21:08| 1,186,304 \nmsfeeds.dll| 11.0.9600.20091| 12-Jul-2021| 20:21| 587,776 \nmsfeeds.mof| Not versioned| 5-Feb-2014| 21:51| 1,518 \nmsfeedsbs.mof| Not versioned| 21-Aug-2013| 16:43| 1,574 \nmsfeedsbs.dll| 11.0.9600.19650| 11-Feb-2020| 4:34| 43,520 \nmsfeedssync.exe| 11.0.9600.16384| 21-Aug-2013| 20:05| 11,776 \nmshtmled.dll| 11.0.9600.19963| 12-Feb-2021| 18:00| 73,216 \nmshtml.dll| 11.0.9600.20091| 12-Jul-2021| 20:22| 16,228,864 \nmshtml.tlb| 11.0.9600.16518| 6-Feb-2014| 1:36| 2,724,864 \nMicrosoft-Windows-IE-HTMLRendering.ptxml| Not versioned| 5-Feb-2014| 21:39| 3,228 \nIEAdvpack.dll| 11.0.9600.16384| 21-Aug-2013| 19:54| 98,816 \nieetwcollector.exe| 11.0.9600.18658| 5-Apr-2017| 10:29| 98,816 \nieetwproxystub.dll| 11.0.9600.16518| 6-Feb-2014| 1:23| 43,008 \nieetwcollectorres.dll| 11.0.9600.16518| 6-Feb-2014| 1:36| 4,096 \nielowutil.exe| 11.0.9600.17031| 22-Feb-2014| 1:32| 222,208 \nieproxy.dll| 11.0.9600.19963| 12-Feb-2021| 17:33| 308,224 \nIEShims.dll| 11.0.9600.19650| 11-Feb-2020| 4:11| 268,800 \nimgutil.dll| 11.0.9600.19963| 12-Feb-2021| 17:43| 34,816 \nWindows Pop-up Blocked.wav| Not versioned| 23-Sep-2013| 20:25| 85,548 \nWindows Information Bar.wav| Not versioned| 23-Sep-2013| 20:25| 23,308 \nWindows Feed Discovered.wav| Not versioned| 23-Sep-2013| 20:25| 19,884 \nWindows Navigation Start.wav| Not versioned| 23-Sep-2013| 20:25| 11,340 \nbing.ico| Not versioned| 23-Sep-2013| 19:51| 5,430 \nieUnatt.exe| 11.0.9600.16518| 6-Feb-2014| 1:12| 112,128 \nMicrosoft-Windows-IE-InternetExplorer-ppdlic.xrm-ms| Not versioned| 12-Jul-2021| 21:21| 2,956 \njsdbgui.dll| 11.0.9600.19963| 12-Feb-2021| 18:01| 457,216 \njsprofilerui.dll| 11.0.9600.19963| 12-Feb-2021| 18:01| 574,976 \nMemoryAnalyzer.dll| 11.0.9600.19963| 12-Feb-2021| 18:12| 1,935,360 \nMshtmlDac.dll| 11.0.9600.19867| 12-Oct-2020| 21:22| 60,928 \nnetworkinspection.dll| 11.0.9600.19963| 12-Feb-2021| 17:57| 1,105,408 \noccache.dll| 11.0.9600.19867| 12-Oct-2020| 21:01| 121,856 \ndesktop.ini| Not versioned| 18-Jun-2013| 7:46| 65 \nwebcheck.dll| 11.0.9600.19867| 12-Oct-2020| 20:57| 201,216 \ndesktop.ini| Not versioned| 18-Jun-2013| 7:46| 65 \npdm.dll| 12.0.20712.1| 26-Jul-2013| 10:03| 420,752 \nmsdbg2.dll| 12.0.20712.1| 26-Jul-2013| 10:03| 295,320 \npdmproxy100.dll| 12.0.20712.1| 26-Jul-2013| 10:03| 76,712 \nmsrating.dll| 11.0.9600.17905| 15-Jun-2015| 12:46| 157,184 \nicrav03.rat| Not versioned| 23-Sep-2013| 19:32| 8,798 \nticrf.rat| Not versioned| 23-Sep-2013| 19:32| 1,988 \niertutil.dll| 11.0.9600.20064| 14-Jun-2021| 20:45| 2,186,240 \nie4uinit.exe| 11.0.9600.19963| 12-Feb-2021| 17:52| 678,400 \niernonce.dll| 11.0.9600.16518| 6-Feb-2014| 1:15| 28,160 \niesetup.dll| 11.0.9600.16518| 6-Feb-2014| 1:23| 59,904 \nieuinit.inf| Not versioned| 12-Mar-2015| 18:46| 16,303 \ninseng.dll| 11.0.9600.16384| 21-Aug-2013| 19:35| 77,312 \niesysprep.dll| 11.0.9600.17416| 30-Oct-2014| 19:28| 87,552 \nTimeline.dll| 11.0.9600.19963| 12-Feb-2021| 18:02| 155,648 \nTimeline_is.dll| 11.0.9600.19963| 12-Feb-2021| 18:14| 130,048 \nTimeline.cpu.xml| Not versioned| 24-Jul-2014| 12:09| 3,197 \nVGX.dll| 11.0.9600.19963| 12-Feb-2021| 18:00| 734,720 \nurl.dll| 11.0.9600.17416| 30-Oct-2014| 19:49| 236,032 \nieframe.dll.mui| 11.0.9600.19846| 23-Sep-2020| 21:51| 2,066,432 \nieframe.dll.mui| 11.0.9600.19846| 23-Sep-2020| 21:51| 2,121,216 \nieframe.dll.mui| 11.0.9600.19846| 23-Sep-2020| 21:51| 2,075,136 \nieframe.dll.mui| 11.0.9600.19846| 23-Sep-2020| 21:51| 2,063,872 \nieframe.dll.mui| 11.0.9600.19846| 23-Sep-2020| 21:51| 2,314,240 \nieframe.dll.mui| 11.0.9600.19846| 23-Sep-2020| 21:54| 2,390,528 \nieframe.dll.mui| 11.0.9600.19846| 23-Sep-2020| 21:53| 2,034,176 \nieframe.dll.mui| 11.0.9600.19846| 23-Sep-2020| 21:03| 2,033,152 \nieframe.dll.mui| 11.0.9600.19846| 23-Sep-2020| 21:53| 2,307,584 \nieframe.dll.mui| 11.0.9600.19846| 23-Sep-2020| 21:54| 2,255,872 \nieframe.dll.mui| 11.0.9600.19846| 23-Sep-2020| 21:53| 2,061,312 \nieframe.dll.mui| 11.0.9600.19846| 23-Sep-2020| 21:51| 2,326,016 \nieframe.dll.mui| 11.0.9600.19846| 23-Sep-2020| 21:54| 2,019,840 \nieframe.dll.mui| 11.0.9600.19846| 23-Sep-2020| 21:53| 2,071,040 \nieframe.dll.mui| 11.0.9600.19846| 23-Sep-2020| 21:53| 2,082,816 \nieframe.dll.mui| 11.0.9600.19846| 23-Sep-2020| 21:52| 2,307,584 \nieframe.dll.mui| 11.0.9600.19846| 23-Sep-2020| 21:53| 2,170,368 \nieframe.dll.mui| 11.0.9600.19846| 23-Sep-2020| 21:53| 2,153,984 \nieframe.dll.mui| 11.0.9600.19846| 23-Sep-2020| 21:52| 2,291,712 \nieframe.dll.mui| 11.0.9600.19846| 23-Sep-2020| 21:52| 2,283,520 \nieframe.dll.mui| 11.0.9600.19846| 23-Sep-2020| 21:52| 2,052,096 \nieframe.dll.mui| 11.0.9600.19846| 23-Sep-2020| 21:52| 2,301,952 \nieframe.dll.mui| 11.0.9600.19846| 23-Sep-2020| 21:52| 2,093,056 \nieframe.dll.mui| 11.0.9600.19846| 23-Sep-2020| 21:53| 2,075,648 \nieframe.dll.mui| 11.0.9600.19846| 23-Sep-2020| 21:52| 2,299,392 \nieframe.dll.mui| 11.0.9600.19846| 23-Sep-2020| 21:52| 2,094,592 \nieframe.dll.mui| 11.0.9600.19846| 23-Sep-2020| 21:52| 2,316,800 \nieframe.dll.mui| 11.0.9600.19846| 23-Sep-2020| 21:52| 2,305,536 \nieframe.dll.mui| 11.0.9600.19846| 23-Sep-2020| 21:52| 2,278,912 \nieframe.dll.mui| 11.0.9600.20091| 12-Jul-2021| 22:01| 2,286,080 \nieframe.dll.mui| 11.0.9600.19846| 23-Sep-2020| 21:52| 2,060,288 \nieframe.dll.mui| 11.0.9600.19846| 23-Sep-2020| 21:49| 2,315,776 \nieframe.dll.mui| 11.0.9600.19846| 23-Sep-2020| 21:49| 2,278,912 \nieframe.dll.mui| 11.0.9600.19846| 23-Sep-2020| 21:48| 2,324,992 \nieframe.dll.mui| 11.0.9600.19846| 23-Sep-2020| 21:49| 2,098,176 \nieframe.dll.mui| 11.0.9600.19846| 23-Sep-2020| 21:51| 1,890,304 \nieframe.dll.mui| 11.0.9600.19846| 23-Sep-2020| 21:50| 1,890,304 \nieframe.dll| 11.0.9600.20091| 12-Jul-2021| 20:09| 12,314,624 \nieframe.ptxml| Not versioned| 5-Feb-2014| 21:38| 24,486 \nInetRes.adml| Not versioned| 12-Feb-2021| 19:34| 526,294 \nInetRes.adml| Not versioned| 12-Feb-2021| 19:34| 499,654 \nInetRes.adml| Not versioned| 12-Feb-2021| 19:34| 552,337 \nInetRes.adml| Not versioned| 12-Feb-2021| 19:32| 944,559 \nInetRes.adml| Not versioned| 12-Feb-2021| 18:45| 457,561 \nInetRes.adml| Not versioned| 12-Feb-2021| 19:32| 543,946 \nInetRes.adml| Not versioned| 12-Feb-2021| 19:32| 526,557 \nInetRes.adml| Not versioned| 12-Feb-2021| 19:33| 575,838 \nInetRes.adml| Not versioned| 12-Feb-2021| 19:32| 570,737 \nInetRes.adml| Not versioned| 12-Feb-2021| 19:31| 548,119 \nInetRes.adml| Not versioned| 12-Feb-2021| 19:31| 639,271 \nInetRes.adml| Not versioned| 12-Feb-2021| 19:31| 525,504 \nInetRes.adml| Not versioned| 12-Feb-2021| 19:31| 488,488 \nInetRes.adml| Not versioned| 12-Feb-2021| 19:31| 548,494 \nInetRes.adml| Not versioned| 12-Feb-2021| 19:30| 559,343 \nInetRes.adml| Not versioned| 12-Feb-2021| 19:30| 535,067 \nInetRes.adml| Not versioned| 12-Feb-2021| 19:30| 541,455 \nInetRes.adml| Not versioned| 12-Feb-2021| 19:30| 804,470 \nInetRes.adml| Not versioned| 12-Feb-2021| 19:30| 503,909 \nInetRes.adml| Not versioned| 12-Feb-2021| 19:30| 521,583 \nInetRes.adml| Not versioned| 12-Feb-2021| 19:30| 420,082 \nInetRes.adml| Not versioned| 12-Feb-2021| 19:33| 436,651 \nInetRes.adml| Not versioned| 12-Feb-2021| 19:33| 436,651 \ninetres.admx| Not versioned| 11-Jan-2021| 19:24| 1,678,023 \ninetcomm.dll| 6.3.9600.20091| 12-Jul-2021| 20:24| 675,328 \nINETRES.dll| 6.3.9600.16384| 21-Aug-2013| 20:15| 84,480 \njscript9.dll| 11.0.9600.20091| 12-Jul-2021| 20:14| 3,571,712 \njscript9diag.dll| 11.0.9600.20045| 4-Jun-2021| 21:23| 557,568 \njscript.dll| 5.8.9600.20091| 12-Jul-2021| 20:39| 516,096 \nvbscript.dll| 5.8.9600.20091| 12-Jul-2021| 20:43| 403,968 \n \n### Windows Server 2012\n\n### \n\n__\n\nInternet Explorer 11 on all supported x86-based versions\n\n**File name**| **File version**| **Date**| **Time**| **File size** \n---|---|---|---|--- \nFileinfo.xml| Not versioned| 17-Jul-21| 1:30| 589,338 \nIe11-windows6.2-kb5005036-x86-express.cab| Not versioned| 17-Jul-21| 0:12| 729,960 \nIe11-windows6.2-kb5005036-x86.msu| Not versioned| 16-Jul-21| 23:39| 27,620,947 \nIe11-windows6.2-kb5005036-x86.psf| Not versioned| 16-Jul-21| 23:56| 184,407,260 \nPackageinfo.xml| Not versioned| 17-Jul-21| 1:30| 1,133 \nPackagestructure.xml| Not versioned| 17-Jul-21| 1:30| 149,422 \nPrebvtpackageinfo.xml| Not versioned| 17-Jul-21| 1:30| 573 \nIe11-windows6.2-kb5005036-x86.cab| Not versioned| 16-Jul-21| 23:23| 27,491,828 \nIe11-windows6.2-kb5005036-x86.xml| Not versioned| 16-Jul-21| 23:31| 450 \nWsusscan.cab| Not versioned| 16-Jul-21| 23:33| 173,630 \nUrlmon.dll| 11.0.9600.20091| 13-Jul-21| 3:21| 1,342,976 \nIexplore.exe| 11.0.9600.20091| 16-Jul-21| 18:01| 810,384 \nWininet.dll.mui| 11.0.9600.20091| 16-Jul-21| 18:01| 46,592 \nWininet.dll.mui| 11.0.9600.20091| 16-Jul-21| 18:02| 52,736 \nWininet.dll.mui| 11.0.9600.20091| 16-Jul-21| 18:03| 51,200 \nWininet.dll.mui| 11.0.9600.20091| 16-Jul-21| 18:04| 51,200 \nWininet.dll.mui| 11.0.9600.20091| 16-Jul-21| 18:04| 56,320 \nWininet.dll.mui| 11.0.9600.20091| 16-Jul-21| 18:04| 57,856 \nWininet.dll.mui| 11.0.9600.20091| 16-Jul-21| 18:05| 54,272 \nWininet.dll.mui| 11.0.9600.20091| 16-Jul-21| 18:06| 47,616 \nWininet.dll.mui| 11.0.9600.20091| 16-Jul-21| 18:06| 49,152 \nWininet.dll.mui| 11.0.9600.20091| 16-Jul-21| 18:07| 55,296 \nWininet.dll.mui| 11.0.9600.20091| 16-Jul-21| 18:08| 45,056 \nWininet.dll.mui| 11.0.9600.20091| 16-Jul-21| 18:08| 51,712 \nWininet.dll.mui| 11.0.9600.20091| 16-Jul-21| 18:09| 51,712 \nWininet.dll.mui| 11.0.9600.20091| 16-Jul-21| 18:10| 53,248 \nWininet.dll.mui| 11.0.9600.20091| 16-Jul-21| 18:10| 39,424 \nWininet.dll.mui| 11.0.9600.20091| 16-Jul-21| 18:11| 35,840 \nWininet.dll.mui| 11.0.9600.20091| 16-Jul-21| 18:12| 50,176 \nWininet.dll.mui| 11.0.9600.20091| 16-Jul-21| 18:12| 51,200 \nWininet.dll.mui| 11.0.9600.20091| 16-Jul-21| 18:13| 50,688 \nWininet.dll.mui| 11.0.9600.20091| 16-Jul-21| 18:13| 52,736 \nWininet.dll.mui| 11.0.9600.20091| 16-Jul-21| 18:14| 53,760 \nWininet.dll.mui| 11.0.9600.20091| 16-Jul-21| 18:15| 54,272 \nWininet.dll.mui| 11.0.9600.20091| 16-Jul-21| 18:15| 54,272 \nWininet.dll.mui| 11.0.9600.20091| 16-Jul-21| 18:16| 52,736 \nWininet.dll.mui| 11.0.9600.20091| 16-Jul-21| 18:16| 51,200 \nWininet.dll.mui| 11.0.9600.20091| 16-Jul-21| 18:17| 53,248 \nWininet.dll.mui| 11.0.9600.20091| 16-Jul-21| 18:18| 52,736 \nWininet.dll.mui| 11.0.9600.20091| 16-Jul-21| 18:18| 51,712 \nWininet.dll.mui| 11.0.9600.20091| 16-Jul-21| 18:19| 50,688 \nWininet.dll.mui| 11.0.9600.20091| 16-Jul-21| 18:19| 50,688 \nWininet.dll.mui| 11.0.9600.20091| 16-Jul-21| 18:20| 50,176 \nWininet.dll.mui| 11.0.9600.20091| 16-Jul-21| 18:21| 50,176 \nWininet.dll.mui| 11.0.9600.20091| 16-Jul-21| 18:21| 30,720 \nWininet.dll.mui| 11.0.9600.20091| 16-Jul-21| 18:22| 30,720 \nWininet.dll.mui| 11.0.9600.20091| 16-Jul-21| 18:22| 30,720 \nInetcpl.cpl| 11.0.9600.20091| 13-Jul-21| 3:37| 2,058,752 \nMshtml.dll.mui| 11.0.9600.20091| 16-Jul-21| 18:01| 307,200 \nMshtml.dll.mui| 11.0.9600.20091| 16-Jul-21| 18:02| 293,888 \nMshtml.dll.mui| 11.0.9600.20091| 16-Jul-21| 18:03| 290,304 \nMshtml.dll.mui| 11.0.9600.20091| 16-Jul-21| 18:03| 289,280 \nMshtml.dll.mui| 11.0.9600.20091| 16-Jul-21| 18:04| 299,008 \nMshtml.dll.mui| 11.0.9600.20091| 16-Jul-21| 18:04| 303,104 \nMshtml.dll.mui| 11.0.9600.20091| 16-Jul-21| 18:38| 282,112 \nMshtml.dll.mui| 11.0.9600.20091| 16-Jul-21| 18:05| 296,960 \nMshtml.dll.mui| 11.0.9600.20091| 16-Jul-21| 18:06| 283,648 \nMshtml.dll.mui| 11.0.9600.20091| 16-Jul-21| 18:07| 291,840 \nMshtml.dll.mui| 11.0.9600.20091| 16-Jul-21| 18:07| 299,520 \nMshtml.dll.mui| 11.0.9600.20091| 16-Jul-21| 18:08| 275,968 \nMshtml.dll.mui| 11.0.9600.20091| 16-Jul-21| 18:08| 290,816 \nMshtml.dll.mui| 11.0.9600.20091| 16-Jul-21| 18:09| 293,376 \nMshtml.dll.mui| 11.0.9600.20091| 16-Jul-21| 18:10| 296,960 \nMshtml.dll.mui| 11.0.9600.20091| 16-Jul-21| 18:10| 258,048 \nMshtml.dll.mui| 11.0.9600.20091| 16-Jul-21| 18:11| 256,512 \nMshtml.dll.mui| 11.0.9600.20091| 16-Jul-21| 18:12| 289,280 \nMshtml.dll.mui| 11.0.9600.20091| 16-Jul-21| 18:12| 288,256 \nMshtml.dll.mui| 11.0.9600.20091| 16-Jul-21| 18:13| 285,184 \nMshtml.dll.mui| 11.0.9600.20091| 16-Jul-21| 18:13| 295,424 \nMshtml.dll.mui| 11.0.9600.20091| 16-Jul-21| 18:14| 297,472 \nMshtml.dll.mui| 11.0.9600.20091| 16-Jul-21| 18:15| 292,864 \nMshtml.dll.mui| 11.0.9600.20091| 16-Jul-21| 18:15| 295,424 \nMshtml.dll.mui| 11.0.9600.20091| 16-Jul-21| 18:16| 294,400 \nMshtml.dll.mui| 11.0.9600.20091| 16-Jul-21| 18:17| 294,400 \nMshtml.dll.mui| 11.0.9600.20091| 16-Jul-21| 18:17| 292,864 \nMshtml.dll.mui| 11.0.9600.20091| 16-Jul-21| 18:18| 290,816 \nMshtml.dll.mui| 11.0.9600.20091| 16-Jul-21| 18:18| 288,768 \nMshtml.dll.mui| 11.0.9600.20091| 16-Jul-21| 18:19| 286,208 \nMshtml.dll.mui| 11.0.9600.20091| 16-Jul-21| 18:20| 281,600 \nMshtml.dll.mui| 11.0.9600.20091| 16-Jul-21| 18:20| 286,720 \nMshtml.dll.mui| 11.0.9600.20091| 16-Jul-21| 18:21| 292,352 \nMshtml.dll.mui| 11.0.9600.20091| 16-Jul-21| 18:21| 242,176 \nMshtml.dll.mui| 11.0.9600.20091| 16-Jul-21| 18:22| 243,200 \nMshtml.dll.mui| 11.0.9600.20091| 16-Jul-21| 18:23| 243,200 \nUrlmon.dll.mui| 11.0.9600.20091| 16-Jul-21| 18:01| 46,080 \nUrlmon.dll.mui| 11.0.9600.20091| 16-Jul-21| 18:02| 50,176 \nUrlmon.dll.mui| 11.0.9600.20091| 16-Jul-21| 18:03| 48,640 \nUrlmon.dll.mui| 11.0.9600.20091| 16-Jul-21| 18:03| 49,664 \nUrlmon.dll.mui| 11.0.9600.20091| 16-Jul-21| 18:04| 51,712 \nUrlmon.dll.mui| 11.0.9600.20091| 16-Jul-21| 18:05| 54,272 \nUrlmon.dll.mui| 11.0.9600.20091| 16-Jul-21| 18:05| 50,176 \nUrlmon.dll.mui| 11.0.9600.20091| 16-Jul-21| 18:06| 47,616 \nUrlmon.dll.mui| 11.0.9600.20091| 16-Jul-21| 18:06| 49,152 \nUrlmon.dll.mui| 11.0.9600.20091| 16-Jul-21| 18:07| 50,688 \nUrlmon.dll.mui| 11.0.9600.20091| 16-Jul-21| 18:08| 45,056 \nUrlmon.dll.mui| 11.0.9600.20091| 16-Jul-21| 18:08| 49,152 \nUrlmon.dll.mui| 11.0.9600.20091| 16-Jul-21| 18:09| 49,152 \nUrlmon.dll.mui| 11.0.9600.20091| 16-Jul-21| 18:10| 49,664 \nUrlmon.dll.mui| 11.0.9600.20091| 16-Jul-21| 18:10| 39,936 \nUrlmon.dll.mui| 11.0.9600.20091| 16-Jul-21| 18:11| 39,424 \nUrlmon.dll.mui| 11.0.9600.20091| 16-Jul-21| 18:12| 47,616 \nUrlmon.dll.mui| 11.0.9600.20091| 16-Jul-21| 18:12| 47,616 \nUrlmon.dll.mui| 11.0.9600.20091| 16-Jul-21| 18:13| 48,640 \nUrlmon.dll.mui| 11.0.9600.20091| 16-Jul-21| 18:13| 51,200 \nUrlmon.dll.mui| 11.0.9600.20091| 16-Jul-21| 18:14| 50,688 \nUrlmon.dll.mui| 11.0.9600.20091| 16-Jul-21| 18:15| 49,664 \nUrlmon.dll.mui| 11.0.9600.20091| 16-Jul-21| 18:15| 50,176 \nUrlmon.dll.mui| 11.0.9600.20091| 16-Jul-21| 18:16| 49,152 \nUrlmon.dll.mui| 11.0.9600.20091| 16-Jul-21| 18:16| 48,640 \nUrlmon.dll.mui| 11.0.9600.20091| 16-Jul-21| 18:17| 50,176 \nUrlmon.dll.mui| 11.0.9600.20091| 16-Jul-21| 18:18| 48,640 \nUrlmon.dll.mui| 11.0.9600.20091| 16-Jul-21| 18:18| 49,664 \nUrlmon.dll.mui| 11.0.9600.20091| 16-Jul-21| 18:19| 48,640 \nUrlmon.dll.mui| 11.0.9600.20091| 16-Jul-21| 18:19| 48,128 \nUrlmon.dll.mui| 11.0.9600.20091| 16-Jul-21| 18:20| 49,152 \nUrlmon.dll.mui| 11.0.9600.20091| 16-Jul-21| 18:21| 48,128 \nUrlmon.dll.mui| 11.0.9600.20091| 16-Jul-21| 18:22| 35,328 \nUrlmon.dll.mui| 11.0.9600.20091| 16-Jul-21| 18:22| 35,328 \nUrlmon.dll.mui| 11.0.9600.20091| 16-Jul-21| 18:22| 35,328 \nJsproxy.dll| 11.0.9600.20091| 13-Jul-21| 4:01| 47,104 \nWininet.dll| 11.0.9600.20091| 13-Jul-21| 3:26| 4,387,840 \nInetcpl.cpl.mui| 11.0.9600.20091| 16-Jul-21| 18:01| 114,176 \nInetcpl.cpl.mui| 11.0.9600.20091| 16-Jul-21| 18:02| 130,560 \nInetcpl.cpl.mui| 11.0.9600.20091| 16-Jul-21| 18:03| 124,928 \nInetcpl.cpl.mui| 11.0.9600.20091| 16-Jul-21| 18:04| 122,880 \nInetcpl.cpl.mui| 11.0.9600.20091| 16-Jul-21| 18:04| 130,048 \nInetcpl.cpl.mui| 11.0.9600.20091| 16-Jul-21| 18:05| 138,240 \nInetcpl.cpl.mui| 11.0.9600.20091| 16-Jul-21| 18:38| 114,688 \nInetcpl.cpl.mui| 11.0.9600.20091| 16-Jul-21| 18:05| 131,584 \nInetcpl.cpl.mui| 11.0.9600.20091| 16-Jul-21| 18:06| 117,760 \nInetcpl.cpl.mui| 11.0.9600.20091| 16-Jul-21| 18:06| 122,368 \nInetcpl.cpl.mui| 11.0.9600.20091| 16-Jul-21| 18:07| 134,144 \nInetcpl.cpl.mui| 11.0.9600.20091| 16-Jul-21| 18:08| 107,008 \nInetcpl.cpl.mui| 11.0.9600.20091| 16-Jul-21| 18:08| 123,392 \nInetcpl.cpl.mui| 11.0.9600.20091| 16-Jul-21| 18:09| 127,488 \nInetcpl.cpl.mui| 11.0.9600.20091| 16-Jul-21| 18:09| 128,512 \nInetcpl.cpl.mui| 11.0.9600.20091| 16-Jul-21| 18:10| 88,576 \nInetcpl.cpl.mui| 11.0.9600.20091| 16-Jul-21| 18:11| 82,944 \nInetcpl.cpl.mui| 11.0.9600.20091| 16-Jul-21| 18:11| 125,440 \nInetcpl.cpl.mui| 11.0.9600.20091| 16-Jul-21| 18:12| 123,392 \nInetcpl.cpl.mui| 11.0.9600.20091| 16-Jul-21| 18:13| 120,320 \nInetcpl.cpl.mui| 11.0.9600.20091| 16-Jul-21| 18:13| 130,560 \nInetcpl.cpl.mui| 11.0.9600.20091| 16-Jul-21| 18:14| 129,024 \nInetcpl.cpl.mui| 11.0.9600.20091| 16-Jul-21| 18:15| 125,952 \nInetcpl.cpl.mui| 11.0.9600.20091| 16-Jul-21| 18:15| 129,024 \nInetcpl.cpl.mui| 11.0.9600.20091| 16-Jul-21| 18:16| 128,000 \nInetcpl.cpl.mui| 11.0.9600.20091| 16-Jul-21| 18:16| 123,904 \nInetcpl.cpl.mui| 11.0.9600.20091| 16-Jul-21| 18:17| 129,024 \nInetcpl.cpl.mui| 11.0.9600.20091| 16-Jul-21| 18:18| 123,904 \nInetcpl.cpl.mui| 11.0.9600.20091| 16-Jul-21| 18:18| 124,416 \nInetcpl.cpl.mui| 11.0.9600.20091| 16-Jul-21| 18:19| 121,856 \nInetcpl.cpl.mui| 11.0.9600.20091| 16-Jul-21| 18:19| 115,712 \nInetcpl.cpl.mui| 11.0.9600.20091| 16-Jul-21| 18:20| 123,904 \nInetcpl.cpl.mui| 11.0.9600.20091| 16-Jul-21| 18:21| 125,440 \nInetcpl.cpl.mui| 11.0.9600.20091| 16-Jul-21| 18:21| 72,704 \nInetcpl.cpl.mui| 11.0.9600.20091| 16-Jul-21| 18:22| 73,728 \nInetcpl.cpl.mui| 11.0.9600.20091| 16-Jul-21| 18:23| 73,728 \nMsfeedsbs.dll| 11.0.9600.20091| 13-Jul-21| 3:45| 52,736 \nMsfeedsbs.mof| Not versioned| 13-Jul-21| 2:13| 1,574 \nMsfeedssync.exe| 11.0.9600.20091| 13-Jul-21| 4:07| 11,776 \nMicrosoft-windows-ie-htmlrendering.ptxml| Not versioned| 13-Jul-21| 2:01| 3,228 \nMshtml.dll| 11.0.9600.20091| 13-Jul-21| 4:35| 20,293,632 \nMshtml.tlb| 11.0.9600.20091| 13-Jul-21| 4:16| 2,724,864 \nIeproxy.dll| 11.0.9600.20091| 13-Jul-21| 3:16| 310,784 \nIeshims.dll| 11.0.9600.20091| 13-Jul-21| 3:20| 290,304 \nIertutil.dll| 11.0.9600.20091| 13-Jul-21| 4:06| 2,308,608 \nSqmapi.dll| 6.2.9200.16384| 16-Jul-21| 18:01| 228,240 \nIeframe.dll.mui| 11.0.9600.20091| 16-Jul-21| 18:02| 2,066,432 \nIeframe.dll.mui| 11.0.9600.20091| 16-Jul-21| 18:02| 2,121,216 \nIeframe.dll.mui| 11.0.9600.20091| 16-Jul-21| 18:03| 2,075,648 \nIeframe.dll.mui| 11.0.9600.20091| 16-Jul-21| 18:03| 2,063,872 \nIeframe.dll.mui| 11.0.9600.20091| 16-Jul-21| 18:04| 2,314,240 \nIeframe.dll.mui| 11.0.9600.20091| 16-Jul-21| 18:05| 2,390,528 \nIeframe.dll.mui| 11.0.9600.20091| 16-Jul-21| 18:38| 2,033,152 \nIeframe.dll.mui| 11.0.9600.20091| 16-Jul-21| 18:05| 2,307,584 \nIeframe.dll.mui| 11.0.9600.20091| 16-Jul-21| 18:06| 2,255,872 \nIeframe.dll.mui| 11.0.9600.20091| 16-Jul-21| 18:07| 2,061,312 \nIeframe.dll.mui| 11.0.9600.20091| 16-Jul-21| 18:07| 2,326,016 \nIeframe.dll.mui| 11.0.9600.20091| 16-Jul-21| 18:08| 2,019,840 \nIeframe.dll.mui| 11.0.9600.20091| 16-Jul-21| 18:09| 2,071,040 \nIeframe.dll.mui| 11.0.9600.20091| 16-Jul-21| 18:09| 2,082,816 \nIeframe.dll.mui| 11.0.9600.20091| 16-Jul-21| 18:10| 2,307,584 \nIeframe.dll.mui| 11.0.9600.20091| 16-Jul-21| 18:11| 2,170,368 \nIeframe.dll.mui| 11.0.9600.20091| 16-Jul-21| 18:11| 2,153,984 \nIeframe.dll.mui| 11.0.9600.20091| 16-Jul-21| 18:12| 2,291,712 \nIeframe.dll.mui| 11.0.9600.20091| 16-Jul-21| 18:12| 2,283,520 \nIeframe.dll.mui| 11.0.9600.20091| 16-Jul-21| 18:13| 2,052,096 \nIeframe.dll.mui| 11.0.9600.20091| 16-Jul-21| 18:14| 2,301,952 \nIeframe.dll.mui| 11.0.9600.20091| 16-Jul-21| 18:14| 2,093,056 \nIeframe.dll.mui| 11.0.9600.20091| 16-Jul-21| 18:15| 2,075,648 \nIeframe.dll.mui| 11.0.9600.20091| 16-Jul-21| 18:16| 2,299,392 \nIeframe.dll.mui| 11.0.9600.20091| 16-Jul-21| 18:16| 2,094,592 \nIeframe.dll.mui| 11.0.9600.20091| 16-Jul-21| 18:17| 2,316,800 \nIeframe.dll.mui| 11.0.9600.20091| 16-Jul-21| 18:17| 2,305,536 \nIeframe.dll.mui| 11.0.9600.20091| 16-Jul-21| 18:18| 2,278,912 \nIeframe.dll.mui| 11.0.9600.20091| 16-Jul-21| 18:19| 2,285,568 \nIeframe.dll.mui| 11.0.9600.20091| 16-Jul-21| 18:19| 2,060,288 \nIeframe.dll.mui| 11.0.9600.20091| 16-Jul-21| 18:20| 2,315,776 \nIeframe.dll.mui| 11.0.9600.20091| 16-Jul-21| 18:20| 2,279,424 \nIeframe.dll.mui| 11.0.9600.20091| 16-Jul-21| 18:21| 2,324,992 \nIeframe.dll.mui| 11.0.9600.20091| 16-Jul-21| 18:22| 2,098,176 \nIeframe.dll.mui| 11.0.9600.20091| 16-Jul-21| 18:22| 1,890,304 \nIeframe.dll.mui| 11.0.9600.20091| 16-Jul-21| 18:23| 1,890,304 \nIeframe.dll| 11.0.9600.20091| 13-Jul-21| 3:43| 13,882,368 \nIeframe.ptxml| Not versioned| 13-Jul-21| 2:01| 24,486 \nInetres.adml| Not versioned| 16-Jul-21| 18:01| 463,373 \nInetres.adml| Not versioned| 16-Jul-21| 18:02| 751,382 \nInetres.adml| Not versioned| 16-Jul-21| 18:03| 526,344 \nInetres.adml| Not versioned| 16-Jul-21| 18:03| 499,706 \nInetres.adml| Not versioned| 16-Jul-21| 18:04| 552,386 \nInetres.adml| Not versioned| 16-Jul-21| 18:05| 944,609 \nInetres.adml| Not versioned| 16-Jul-21| 18:38| 457,561 \nInetres.adml| Not versioned| 16-Jul-21| 18:05| 543,997 \nInetres.adml| Not versioned| 16-Jul-21| 18:06| 751,359 \nInetres.adml| Not versioned| 16-Jul-21| 18:06| 526,606 \nInetres.adml| Not versioned| 16-Jul-21| 18:07| 575,887 \nInetres.adml| Not versioned| 16-Jul-21| 18:08| 463,373 \nInetres.adml| Not versioned| 16-Jul-21| 18:08| 751,329 \nInetres.adml| Not versioned| 16-Jul-21| 18:09| 570,784 \nInetres.adml| Not versioned| 16-Jul-21| 18:09| 548,169 \nInetres.adml| Not versioned| 16-Jul-21| 18:10| 639,283 \nInetres.adml| Not versioned| 16-Jul-21| 18:11| 525,516 \nInetres.adml| Not versioned| 16-Jul-21| 18:11| 751,351 \nInetres.adml| Not versioned| 16-Jul-21| 18:12| 751,299 \nInetres.adml| Not versioned| 16-Jul-21| 18:13| 488,536 \nInetres.adml| Not versioned| 16-Jul-21| 18:13| 548,544 \nInetres.adml| Not versioned| 16-Jul-21| 18:14| 559,395 \nInetres.adml| Not versioned| 16-Jul-21| 18:15| 535,117 \nInetres.adml| Not versioned| 16-Jul-21| 18:15| 541,506 \nInetres.adml| Not versioned| 16-Jul-21| 18:16| 751,421 \nInetres.adml| Not versioned| 16-Jul-21| 18:16| 804,520 \nInetres.adml| Not versioned| 16-Jul-21| 18:17| 751,266 \nInetres.adml| Not versioned| 16-Jul-21| 18:18| 751,330 \nInetres.adml| Not versioned| 16-Jul-21| 18:18| 751,274 \nInetres.adml| Not versioned| 16-Jul-21| 18:19| 503,958 \nInetres.adml| Not versioned| 16-Jul-21| 18:19| 751,272 \nInetres.adml| Not versioned| 16-Jul-21| 18:20| 521,633 \nInetres.adml| Not versioned| 16-Jul-21| 18:21| 751,313 \nInetres.adml| Not versioned| 16-Jul-21| 18:21| 420,094 \nInetres.adml| Not versioned| 16-Jul-21| 18:22| 436,663 \nInetres.adml| Not versioned| 16-Jul-21| 18:23| 436,663 \nInetres.admx| Not versioned| 4-Mar-21| 22:09| 1,678,023 \nJscript9.dll.mui| 11.0.9600.20091| 16-Jul-21| 18:01| 29,184 \nJscript9.dll.mui| 11.0.9600.20091| 16-Jul-21| 18:02| 29,696 \nJscript9.dll.mui| 11.0.9600.20091| 16-Jul-21| 18:03| 32,768 \nJscript9.dll.mui| 11.0.9600.20091| 16-Jul-21| 18:03| 33,280 \nJscript9.dll.mui| 11.0.9600.20091| 16-Jul-21| 18:04| 35,328 \nJscript9.dll.mui| 11.0.9600.20091| 16-Jul-21| 18:05| 37,888 \nJscript9.dll.mui| 11.0.9600.20091| 16-Jul-21| 18:38| 29,696 \nJscript9.dll.mui| 11.0.9600.20091| 16-Jul-21| 18:05| 34,304 \nJscript9.dll.mui| 11.0.9600.20091| 16-Jul-21| 18:06| 29,696 \nJscript9.dll.mui| 11.0.9600.20091| 16-Jul-21| 18:06| 33,280 \nJscript9.dll.mui| 11.0.9600.20091| 16-Jul-21| 18:07| 34,304 \nJscript9.dll.mui| 11.0.9600.20091| 16-Jul-21| 18:08| 27,648 \nJscript9.dll.mui| 11.0.9600.20091| 16-Jul-21| 18:08| 29,696 \nJscript9.dll.mui| 11.0.9600.20091| 16-Jul-21| 18:09| 34,304 \nJscript9.dll.mui| 11.0.9600.20091| 16-Jul-21| 18:10| 33,792 \nJscript9.dll.mui| 11.0.9600.20091| 16-Jul-21| 18:10| 23,040 \nJscript9.dll.mui| 11.0.9600.20091| 16-Jul-21| 18:11| 22,016 \nJscript9.dll.mui| 11.0.9600.20091| 16-Jul-21| 18:11| 29,696 \nJscript9.dll.mui| 11.0.9600.20091| 16-Jul-21| 18:12| 29,696 \nJscript9.dll.mui| 11.0.9600.20091| 16-Jul-21| 18:13| 31,232 \nJscript9.dll.mui| 11.0.9600.20091| 16-Jul-21| 18:13| 34,304 \nJscript9.dll.mui| 11.0.9600.20091| 16-Jul-21| 18:14| 35,840 \nJscript9.dll.mui| 11.0.9600.20091| 16-Jul-21| 18:15| 32,768 \nJscript9.dll.mui| 11.0.9600.20091| 16-Jul-21| 18:15| 33,280 \nJscript9.dll.mui| 11.0.9600.20091| 16-Jul-21| 18:16| 29,696 \nJscript9.dll.mui| 11.0.9600.20091| 16-Jul-21| 18:16| 34,816 \nJscript9.dll.mui| 11.0.9600.20091| 16-Jul-21| 18:17| 33,280 \nJscript9.dll.mui| 11.0.9600.20091| 16-Jul-21| 18:18| 32,256 \nJscript9.dll.mui| 11.0.9600.20091| 16-Jul-21| 18:18| 29,696 \nJscript9.dll.mui| 11.0.9600.20091| 16-Jul-21| 18:19| 32,768 \nJscript9.dll.mui| 11.0.9600.20091| 16-Jul-21| 18:20| 29,696 \nJscript9.dll.mui| 11.0.9600.20091| 16-Jul-21| 18:20| 30,720 \nJscript9.dll.mui| 11.0.9600.20091| 16-Jul-21| 18:21| 29,696 \nJscript9.dll.mui| 11.0.9600.20091| 16-Jul-21| 18:21| 16,384 \nJscript9.dll.mui| 11.0.9600.20091| 16-Jul-21| 18:22| 16,896 \nJscript9.dll.mui| 11.0.9600.20091| 16-Jul-21| 18:23| 16,896 \nJscript9.dll| 11.0.9600.20091| 13-Jul-21| 3:46| 4,119,040 \nJscript9diag.dll| 11.0.9600.20091| 13-Jul-21| 3:58| 620,032 \nJscript.dll| 5.8.9600.20091| 13-Jul-21| 3:58| 653,824 \nVbscript.dll| 5.8.9600.20091| 13-Jul-21| 4:07| 498,176 \nPackage.cab| Not versioned| 16-Jul-21| 23:31| 300,465 \n \n### \n\n__\n\nInternet Explorer 11 on all supported x64-based versions\n\n**File name**| **File version**| **File size**| **Date**| **Time** \n---|---|---|---|--- \nFileinfo.xml| Not versioned| 916,366| 17-Jul-21| 1:59 \nIe11-windows6.2-kb5005036-x64-express.cab| Not versioned| 1,226,553| 17-Jul-21| 0:15 \nIe11-windows6.2-kb5005036-x64.msu| Not versioned| 48,197,090| 16-Jul-21| 23:42 \nIe11-windows6.2-kb5005036-x64.psf| Not versioned| 282,907,689| 17-Jul-21| 0:02 \nPackageinfo.xml| Not versioned| 1,228| 17-Jul-21| 1:59 \nPackagestructure.xml| Not versioned| 239,770| 17-Jul-21| 1:59 \nPrebvtpackageinfo.xml| Not versioned| 652| 17-Jul-21| 1:59 \nIe11-windows6.2-kb5005036-x64.cab| Not versioned| 48,101,609| 16-Jul-21| 23:31 \nIe11-windows6.2-kb5005036-x64.xml| Not versioned| 452| 16-Jul-21| 23:31 \nWsusscan.cab| Not versioned| 172,370| 16-Jul-21| 23:36 \nUrlmon.dll| 11.0.9600.20091| 1,562,624| 13-Jul-21| 3:48 \nIexplore.exe| 11.0.9600.20091| 810,400| 16-Jul-21| 21:10 \nWininet.dll.mui| 11.0.9600.20091| 46,592| 16-Jul-21| 21:11 \nWininet.dll.mui| 11.0.9600.20091| 52,736| 16-Jul-21| 21:12 \nWininet.dll.mui| 11.0.9600.20091| 51,200| 16-Jul-21| 21:12 \nWininet.dll.mui| 11.0.9600.20091| 51,200| 16-Jul-21| 21:13 \nWininet.dll.mui| 11.0.9600.20091| 56,320| 16-Jul-21| 21:14 \nWininet.dll.mui| 11.0.9600.20091| 57,856| 16-Jul-21| 21:14 \nWininet.dll.mui| 11.0.9600.20091| 49,664| 16-Jul-21| 22:13 \nWininet.dll.mui| 11.0.9600.20091| 54,272| 16-Jul-21| 21:15 \nWininet.dll.mui| 11.0.9600.20091| 47,616| 16-Jul-21| 21:15 \nWininet.dll.mui| 11.0.9600.20091| 49,152| 16-Jul-21| 21:16 \nWininet.dll.mui| 11.0.9600.20091| 55,296| 16-Jul-21| 21:17 \nWininet.dll.mui| 11.0.9600.20091| 45,056| 16-Jul-21| 21:17 \nWininet.dll.mui| 11.0.9600.20091| 51,712| 16-Jul-21| 21:18 \nWininet.dll.mui| 11.0.9600.20091| 51,712| 16-Jul-21| 21:19 \nWininet.dll.mui| 11.0.9600.20091| 53,248| 16-Jul-21| 21:19 \nWininet.dll.mui| 11.0.9600.20091| 39,424| 16-Jul-21| 21:20 \nWininet.dll.mui| 11.0.9600.20091| 35,840| 16-Jul-21| 21:20 \nWininet.dll.mui| 11.0.9600.20091| 50,176| 16-Jul-21| 21:21 \nWininet.dll.mui| 11.0.9600.20091| 51,200| 16-Jul-21| 21:21 \nWininet.dll.mui| 11.0.9600.20091| 50,688| 16-Jul-21| 21:22 \nWininet.dll.mui| 11.0.9600.20091| 52,736| 16-Jul-21| 21:23 \nWininet.dll.mui| 11.0.9600.20091| 53,760| 16-Jul-21| 21:23 \nWininet.dll.mui| 11.0.9600.20091| 54,272| 16-Jul-21| 21:24 \nWininet.dll.mui| 11.0.9600.20091| 54,272| 16-Jul-21| 21:24 \nWininet.dll.mui| 11.0.9600.20091| 52,736| 16-Jul-21| 21:25 \nWininet.dll.mui| 11.0.9600.20091| 51,200| 16-Jul-21| 21:26 \nWininet.dll.mui| 11.0.9600.20091| 53,248| 16-Jul-21| 21:27 \nWininet.dll.mui| 11.0.9600.20091| 52,736| 16-Jul-21| 21:27 \nWininet.dll.mui| 11.0.9600.20091| 51,712| 16-Jul-21| 21:27 \nWininet.dll.mui| 11.0.9600.20091| 50,688| 16-Jul-21| 21:28 \nWininet.dll.mui| 11.0.9600.20091| 50,688| 16-Jul-21| 21:29 \nWininet.dll.mui| 11.0.9600.20091| 50,176| 16-Jul-21| 21:29 \nWininet.dll.mui| 11.0.9600.20091| 50,176| 16-Jul-21| 21:30 \nWininet.dll.mui| 11.0.9600.20091| 30,720| 16-Jul-21| 21:30 \nWininet.dll.mui| 11.0.9600.20091| 30,720| 16-Jul-21| 21:31 \nWininet.dll.mui| 11.0.9600.20091| 30,720| 16-Jul-21| 21:32 \nInetcpl.cpl| 11.0.9600.20091| 2,132,992| 13-Jul-21| 3:57 \nMshtml.dll.mui| 11.0.9600.20091| 307,200| 16-Jul-21| 21:11 \nMshtml.dll.mui| 11.0.9600.20091| 293,888| 16-Jul-21| 21:12 \nMshtml.dll.mui| 11.0.9600.20091| 290,304| 16-Jul-21| 21:12 \nMshtml.dll.mui| 11.0.9600.20091| 289,280| 16-Jul-21| 21:13 \nMshtml.dll.mui| 11.0.9600.20091| 299,008| 16-Jul-21| 21:14 \nMshtml.dll.mui| 11.0.9600.20091| 303,104| 16-Jul-21| 21:14 \nMshtml.dll.mui| 11.0.9600.20091| 282,112| 16-Jul-21| 22:13 \nMshtml.dll.mui| 11.0.9600.20091| 296,960| 16-Jul-21| 21:15 \nMshtml.dll.mui| 11.0.9600.20091| 283,648| 16-Jul-21| 21:16 \nMshtml.dll.mui| 11.0.9600.20091| 291,840| 16-Jul-21| 21:16 \nMshtml.dll.mui| 11.0.9600.20091| 299,520| 16-Jul-21| 21:17 \nMshtml.dll.mui| 11.0.9600.20091| 275,968| 16-Jul-21| 21:17 \nMshtml.dll.mui| 11.0.9600.20091| 290,816| 16-Jul-21| 21:18 \nMshtml.dll.mui| 11.0.9600.20091| 293,376| 16-Jul-21| 21:18 \nMshtml.dll.mui| 11.0.9600.20091| 296,960| 16-Jul-21| 21:19 \nMshtml.dll.mui| 11.0.9600.20091| 258,048| 16-Jul-21| 21:20 \nMshtml.dll.mui| 11.0.9600.20091| 256,512| 16-Jul-21| 21:20 \nMshtml.dll.mui| 11.0.9600.20091| 289,280| 16-Jul-21| 21:21 \nMshtml.dll.mui| 11.0.9600.20091| 288,256| 16-Jul-21| 21:21 \nMshtml.dll.mui| 11.0.9600.20091| 285,184| 16-Jul-21| 21:22 \nMshtml.dll.mui| 11.0.9600.20091| 295,424| 16-Jul-21| 21:23 \nMshtml.dll.mui| 11.0.9600.20091| 297,472| 16-Jul-21| 21:23 \nMshtml.dll.mui| 11.0.9600.20091| 292,864| 16-Jul-21| 21:24 \nMshtml.dll.mui| 11.0.9600.20091| 295,424| 16-Jul-21| 21:25 \nMshtml.dll.mui| 11.0.9600.20091| 294,400| 16-Jul-21| 21:25 \nMshtml.dll.mui| 11.0.9600.20091| 294,400| 16-Jul-21| 21:26 \nMshtml.dll.mui| 11.0.9600.20091| 292,864| 16-Jul-21| 21:26 \nMshtml.dll.mui| 11.0.9600.20091| 290,816| 16-Jul-21| 21:27 \nMshtml.dll.mui| 11.0.9600.20091| 288,768| 16-Jul-21| 21:27 \nMshtml.dll.mui| 11.0.9600.20091| 286,208| 16-Jul-21| 21:28 \nMshtml.dll.mui| 11.0.9600.20091| 281,600| 16-Jul-21| 21:29 \nMshtml.dll.mui| 11.0.9600.20091| 286,720| 16-Jul-21| 21:29 \nMshtml.dll.mui| 11.0.9600.20091| 292,352| 16-Jul-21| 21:30 \nMshtml.dll.mui| 11.0.9600.20091| 242,176| 16-Jul-21| 21:30 \nMshtml.dll.mui| 11.0.9600.20091| 243,200| 16-Jul-21| 21:31 \nMshtml.dll.mui| 11.0.9600.20091| 243,200| 16-Jul-21| 21:32 \nUrlmon.dll.mui| 11.0.9600.20091| 46,080| 16-Jul-21| 21:11 \nUrlmon.dll.mui| 11.0.9600.20091| 50,176| 16-Jul-21| 21:12 \nUrlmon.dll.mui| 11.0.9600.20091| 48,640| 16-Jul-21| 21:12 \nUrlmon.dll.mui| 11.0.9600.20091| 49,664| 16-Jul-21| 21:13 \nUrlmon.dll.mui| 11.0.9600.20091| 51,712| 16-Jul-21| 21:14 \nUrlmon.dll.mui| 11.0.9600.20091| 54,272| 16-Jul-21| 21:15 \nUrlmon.dll.mui| 11.0.9600.20091| 48,128| 16-Jul-21| 22:13 \nUrlmon.dll.mui| 11.0.9600.20091| 50,176| 16-Jul-21| 21:15 \nUrlmon.dll.mui| 11.0.9600.20091| 47,616| 16-Jul-21| 21:15 \nUrlmon.dll.mui| 11.0.9600.20091| 49,152| 16-Jul-21| 21:16 \nUrlmon.dll.mui| 11.0.9600.20091| 50,688| 16-Jul-21| 21:17 \nUrlmon.dll.mui| 11.0.9600.20091| 45,056| 16-Jul-21| 21:17 \nUrlmon.dll.mui| 11.0.9600.20091| 49,152| 16-Jul-21| 21:18 \nUrlmon.dll.mui| 11.0.9600.20091| 49,152| 16-Jul-21| 21:18 \nUrlmon.dll.mui| 11.0.9600.20091| 49,664| 16-Jul-21| 21:19 \nUrlmon.dll.mui| 11.0.9600.20091| 39,936| 16-Jul-21| 21:20 \nUrlmon.dll.mui| 11.0.9600.20091| 39,424| 16-Jul-21| 21:21 \nUrlmon.dll.mui| 11.0.9600.20091| 47,616| 16-Jul-21| 21:21 \nUrlmon.dll.mui| 11.0.9600.20091| 47,616| 16-Jul-21| 21:21 \nUrlmon.dll.mui| 11.0.9600.20091| 48,640| 16-Jul-21| 21:22 \nUrlmon.dll.mui| 11.0.9600.20091| 51,200| 16-Jul-21| 21:23 \nUrlmon.dll.mui| 11.0.9600.20091| 50,688| 16-Jul-21| 21:23 \nUrlmon.dll.mui| 11.0.9600.20091| 49,664| 16-Jul-21| 21:24 \nUrlmon.dll.mui| 11.0.9600.20091| 50,176| 16-Jul-21| 21:24 \nUrlmon.dll.mui| 11.0.9600.20091| 49,152| 16-Jul-21| 21:25 \nUrlmon.dll.mui| 11.0.9600.20091| 48,640| 16-Jul-21| 21:26 \nUrlmon.dll.mui| 11.0.9600.20091| 50,176| 16-Jul-21| 21:26 \nUrlmon.dll.mui| 11.0.9600.20091| 48,640| 16-Jul-21| 21:27 \nUrlmon.dll.mui| 11.0.9600.20091| 49,664| 16-Jul-21| 21:27 \nUrlmon.dll.mui| 11.0.9600.20091| 48,640| 16-Jul-21| 21:28 \nUrlmon.dll.mui| 11.0.9600.20091| 48,128| 16-Jul-21| 21:29 \nUrlmon.dll.mui| 11.0.9600.20091| 49,152| 16-Jul-21| 21:29 \nUrlmon.dll.mui| 11.0.9600.20091| 48,128| 16-Jul-21| 21:30 \nUrlmon.dll.mui| 11.0.9600.20091| 35,328| 16-Jul-21| 21:30 \nUrlmon.dll.mui| 11.0.9600.20091| 35,328| 16-Jul-21| 21:31 \nUrlmon.dll.mui| 11.0.9600.20091| 35,328| 16-Jul-21| 21:32 \nJsproxy.dll| 11.0.9600.20091| 54,784| 13-Jul-21| 4:32 \nWininet.dll| 11.0.9600.20091| 4,858,880| 13-Jul-21| 4:04 \nInetcpl.cpl.mui| 11.0.9600.20091| 114,176| 16-Jul-21| 21:11 \nInetcpl.cpl.mui| 11.0.9600.20091| 130,560| 16-Jul-21| 21:12 \nInetcpl.cpl.mui| 11.0.9600.20091| 124,928| 16-Jul-21| 21:12 \nInetcpl.cpl.mui| 11.0.9600.20091| 122,880| 16-Jul-21| 21:13 \nInetcpl.cpl.mui| 11.0.9600.20091| 130,048| 16-Jul-21| 21:14 \nInetcpl.cpl.mui| 11.0.9600.20091| 138,240| 16-Jul-21| 21:15 \nInetcpl.cpl.mui| 11.0.9600.20091| 114,688| 16-Jul-21| 22:13 \nInetcpl.cpl.mui| 11.0.9600.20091| 131,584| 16-Jul-21| 21:15 \nInetcpl.cpl.mui| 11.0.9600.20091| 117,760| 16-Jul-21| 21:15 \nInetcpl.cpl.mui| 11.0.9600.20091| 122,368| 16-Jul-21| 21:16 \nInetcpl.cpl.mui| 11.0.9600.20091| 134,144| 16-Jul-21| 21:17 \nInetcpl.cpl.mui| 11.0.9600.20091| 107,008| 16-Jul-21| 21:17 \nInetcpl.cpl.mui| 11.0.9600.20091| 123,392| 16-Jul-21| 21:18 \nInetcpl.cpl.mui| 11.0.9600.20091| 127,488| 16-Jul-21| 21:19 \nInetcpl.cpl.mui| 11.0.9600.20091| 128,512| 16-Jul-21| 21:19 \nInetcpl.cpl.mui| 11.0.9600.20091| 88,576| 16-Jul-21| 21:20 \nInetcpl.cpl.mui| 11.0.9600.20091| 82,944| 16-Jul-21| 21:20 \nInetcpl.cpl.mui| 11.0.9600.20091| 125,440| 16-Jul-21| 21:21 \nInetcpl.cpl.mui| 11.0.9600.20091| 123,392| 16-Jul-21| 21:21 \nInetcpl.cpl.mui| 11.0.9600.20091| 120,320| 16-Jul-21| 21:22 \nInetcpl.cpl.mui| 11.0.9600.20091| 130,560| 16-Jul-21| 21:23 \nInetcpl.cpl.mui| 11.0.9600.20091| 129,024| 16-Jul-21| 21:23 \nInetcpl.cpl.mui| 11.0.9600.20091| 125,952| 16-Jul-21| 21:24 \nInetcpl.cpl.mui| 11.0.9600.20091| 129,024| 16-Jul-21| 21:24 \nInetcpl.cpl.mui| 11.0.9600.20091| 128,000| 16-Jul-21| 21:25 \nInetcpl.cpl.mui| 11.0.9600.20091| 123,904| 16-Jul-21| 21:26 \nInetcpl.cpl.mui| 11.0.9600.20091| 129,024| 16-Jul-21| 21:26 \nInetcpl.cpl.mui| 11.0.9600.20091| 123,904| 16-Jul-21| 21:27 \nInetcpl.cpl.mui| 11.0.9600.20091| 124,416| 16-Jul-21| 21:27 \nInetcpl.cpl.mui| 11.0.9600.20091| 121,856| 16-Jul-21| 21:28 \nInetcpl.cpl.mui| 11.0.9600.20091| 115,712| 16-Jul-21| 21:29 \nInetcpl.cpl.mui| 11.0.9600.20091| 123,904| 16-Jul-21| 21:29 \nInetcpl.cpl.mui| 11.0.9600.20091| 125,440| 16-Jul-21| 21:30 \nInetcpl.cpl.mui| 11.0.9600.20091| 72,704| 16-Jul-21| 21:30 \nInetcpl.cpl.mui| 11.0.9600.20091| 73,728| 16-Jul-21| 21:31 \nInetcpl.cpl.mui| 11.0.9600.20091| 73,728| 16-Jul-21| 21:32 \nMsfeedsbs.dll| 11.0.9600.20091| 60,416| 13-Jul-21| 4:11 \nMsfeedsbs.mof| Not versioned| 1,574| 13-Jul-21| 2:21 \nMsfeedssync.exe| 11.0.9600.20091| 13,312| 13-Jul-21| 4:39 \nMicrosoft-windows-ie-htmlrendering.ptxml| Not versioned| 3,228| 13-Jul-21| 2:13 \nMshtml.dll| 11.0.9600.20091| 25,757,696| 13-Jul-21| 5:22 \nMshtml.tlb| 11.0.9600.20091| 2,724,864| 13-Jul-21| 4:50 \nIeproxy.dll| 11.0.9600.20091| 870,400| 13-Jul-21| 3:29 \nIeshims.dll| 11.0.9600.20091| 387,072| 13-Jul-21| 3:34 \nIertutil.dll| 11.0.9600.20091| 2,916,864| 13-Jul-21| 4:48 \nSqmapi.dll| 6.2.9200.16384| 286,112| 16-Jul-21| 21:10 \nIeframe.dll.mui| 11.0.9600.20091| 2,066,432| 16-Jul-21| 21:11 \nIeframe.dll.mui| 11.0.9600.20091| 2,121,216| 16-Jul-21| 21:12 \nIeframe.dll.mui| 11.0.9600.20091| 2,075,648| 16-Jul-21| 21:13 \nIeframe.dll.mui| 11.0.9600.20091| 2,063,872| 16-Jul-21| 21:13 \nIeframe.dll.mui| 11.0.9600.20091| 2,314,240| 16-Jul-21| 21:14 \nIeframe.dll.mui| 11.0.9600.20091| 2,390,528| 16-Jul-21| 21:15 \nIeframe.dll.mui| 11.0.9600.20091| 2,033,152| 16-Jul-21| 22:13 \nIeframe.dll.mui| 11.0.9600.20091| 2,307,584| 16-Jul-21| 21:15 \nIeframe.dll.mui| 11.0.9600.20091| 2,255,872| 16-Jul-21| 21:16 \nIeframe.dll.mui| 11.0.9600.20091| 2,061,312| 16-Jul-21| 21:16 \nIeframe.dll.mui| 11.0.9600.20091| 2,326,016| 16-Jul-21| 21:17 \nIeframe.dll.mui| 11.0.9600.20091| 2,019,840| 16-Jul-21| 21:18 \nIeframe.dll.mui| 11.0.9600.20091| 2,071,040| 16-Jul-21| 21:18 \nIeframe.dll.mui| 11.0.9600.20091| 2,082,816| 16-Jul-21| 21:19 \nIeframe.dll.mui| 11.0.9600.20091| 2,307,584| 16-Jul-21| 21:19 \nIeframe.dll.mui| 11.0.9600.20091| 2,170,368| 16-Jul-21| 21:20 \nIeframe.dll.mui| 11.0.9600.20091| 2,153,984| 16-Jul-21| 21:21 \nIeframe.dll.mui| 11.0.9600.20091| 2,291,712| 16-Jul-21| 21:21 \nIeframe.dll.mui| 11.0.9600.20091| 2,283,520| 16-Jul-21| 21:22 \nIeframe.dll.mui| 11.0.9600.20091| 2,052,096| 16-Jul-21| 21:22 \nIeframe.dll.mui| 11.0.9600.20091| 2,301,952| 16-Jul-21| 21:23 \nIeframe.dll.mui| 11.0.9600.20091| 2,093,056| 16-Jul-21| 21:24 \nIeframe.dll.mui| 11.0.9600.20091| 2,075,648| 16-Jul-21| 21:24 \nIeframe.dll.mui| 11.0.9600.20091| 2,299,392| 16-Jul-21| 21:25 \nIeframe.dll.mui| 11.0.9600.20091| 2,094,592| 16-Jul-21| 21:25 \nIeframe.dll.mui| 11.0.9600.20091| 2,316,800| 16-Jul-21| 21:26 \nIeframe.dll.mui| 11.0.9600.20091| 2,305,536| 16-Jul-21| 21:27 \nIeframe.dll.mui| 11.0.9600.20091| 2,278,912| 16-Jul-21| 21:27 \nIeframe.dll.mui| 11.0.9600.20091| 2,285,568| 16-Jul-21| 21:28 \nIeframe.dll.mui| 11.0.9600.20091| 2,060,288| 16-Jul-21| 21:28 \nIeframe.dll.mui| 11.0.9600.20091| 2,315,776| 16-Jul-21| 21:29 \nIeframe.dll.mui| 11.0.9600.20091| 2,279,424| 16-Jul-21| 21:29 \nIeframe.dll.mui| 11.0.9600.20091| 2,324,992| 16-Jul-21| 21:30 \nIeframe.dll.mui| 11.0.9600.20091| 2,098,176| 16-Jul-21| 21:31 \nIeframe.dll.mui| 11.0.9600.20091| 1,890,304| 16-Jul-21| 21:31 \nIeframe.dll.mui| 11.0.9600.20091| 1,890,304| 16-Jul-21| 21:32 \nIeframe.dll| 11.0.9600.20091| 15,507,456| 13-Jul-21| 4:26 \nIeframe.ptxml| Not versioned| 24,486| 13-Jul-21| 2:13 \nInetres.adml| Not versioned| 463,373| 16-Jul-21| 21:11 \nInetres.adml| Not versioned| 751,257| 16-Jul-21| 21:12 \nInetres.adml| Not versioned| 526,342| 16-Jul-21| 21:12 \nInetres.adml| Not versioned| 499,704| 16-Jul-21| 21:13 \nInetres.adml| Not versioned| 552,388| 16-Jul-21| 21:14 \nInetres.adml| Not versioned| 944,608| 16-Jul-21| 21:14 \nInetres.adml| Not versioned| 457,561| 16-Jul-21| 22:13 \nInetres.adml| Not versioned| 543,997| 16-Jul-21| 21:15 \nInetres.adml| Not versioned| 751,275| 16-Jul-21| 21:15 \nInetres.adml| Not versioned| 526,606| 16-Jul-21| 21:16 \nInetres.adml| Not versioned| 575,891| 16-Jul-21| 21:17 \nInetres.adml| Not versioned| 463,373| 16-Jul-21| 21:17 \nInetres.adml| Not versioned| 751,582| 16-Jul-21| 21:18 \nInetres.adml| Not versioned| 570,785| 16-Jul-21| 21:19 \nInetres.adml| Not versioned| 548,170| 16-Jul-21| 21:19 \nInetres.adml| Not versioned| 639,283| 16-Jul-21| 21:20 \nInetres.adml| Not versioned| 525,516| 16-Jul-21| 21:20 \nInetres.adml| Not versioned| 751,408| 16-Jul-21| 21:21 \nInetres.adml| Not versioned| 751,457| 16-Jul-21| 21:21 \nInetres.adml| Not versioned| 488,537| 16-Jul-21| 21:22 \nInetres.adml| Not versioned| 548,544| 16-Jul-21| 21:23 \nInetres.adml| Not versioned| 559,394| 16-Jul-21| 21:23 \nInetres.adml| Not versioned| 535,117| 16-Jul-21| 21:24 \nInetres.adml| Not versioned| 541,505| 16-Jul-21| 21:24 \nInetres.adml| Not versioned| 751,347| 16-Jul-21| 21:25 \nInetres.adml| Not versioned| 804,520| 16-Jul-21| 21:26 \nInetres.adml| Not versioned| 751,166| 16-Jul-21| 21:26 \nInetres.adml| Not versioned| 751,517| 16-Jul-21| 21:27 \nInetres.adml| Not versioned| 751,324| 16-Jul-21| 21:27 \nInetres.adml| Not versioned| 503,958| 16-Jul-21| 21:28 \nInetres.adml| Not versioned| 751,319| 16-Jul-21| 21:29 \nInetres.adml| Not versioned| 521,634| 16-Jul-21| 21:29 \nInetres.adml| Not versioned| 751,381| 16-Jul-21| 21:30 \nInetres.adml| Not versioned| 420,094| 16-Jul-21| 21:30 \nInetres.adml| Not versioned| 436,663| 16-Jul-21| 21:31 \nInetres.adml| Not versioned| 436,663| 16-Jul-21| 21:32 \nInetres.admx| Not versioned| 1,678,023| 13-Apr-21| 5:59 \nJscript9.dll.mui| 11.0.9600.20091| 29,184| 16-Jul-21| 21:11 \nJscript9.dll.mui| 11.0.9600.20091| 29,696| 16-Jul-21| 21:12 \nJscript9.dll.mui| 11.0.9600.20091| 32,768| 16-Jul-21| 21:12 \nJscript9.dll.mui| 11.0.9600.20091| 33,280| 16-Jul-21| 21:13 \nJscript9.dll.mui| 11.0.9600.20091| 35,328| 16-Jul-21| 21:14 \nJscript9.dll.mui| 11.0.9600.20091| 37,888| 16-Jul-21| 21:14 \nJscript9.dll.mui| 11.0.9600.20091| 29,696| 16-Jul-21| 22:13 \nJscript9.dll.mui| 11.0.9600.20091| 34,304| 16-Jul-21| 21:15 \nJscript9.dll.mui| 11.0.9600.20091| 29,696| 16-Jul-21| 21:15 \nJscript9.dll.mui| 11.0.9600.20091| 33,280| 16-Jul-21| 21:16 \nJscript9.dll.mui| 11.0.9600.20091| 34,304| 16-Jul-21| 21:17 \nJscript9.dll.mui| 11.0.9600.20091| 27,648| 16-Jul-21| 21:17 \nJscript9.dll.mui| 11.0.9600.20091| 29,696| 16-Jul-21| 21:18 \nJscript9.dll.mui| 11.0.9600.20091| 34,304| 16-Jul-21| 21:18 \nJscript9.dll.mui| 11.0.9600.20091| 33,792| 16-Jul-21| 21:19 \nJscript9.dll.mui| 11.0.9600.20091| 23,040| 16-Jul-21| 21:20 \nJscript9.dll.mui| 11.0.9600.20091| 22,016| 16-Jul-21| 21:20 \nJscript9.dll.mui| 11.0.9600.20091| 29,696| 16-Jul-21| 21:21 \nJscript9.dll.mui| 11.0.9600.20091| 29,696| 16-Jul-21| 21:21 \nJscript9.dll.mui| 11.0.9600.20091| 31,232| 16-Jul-21| 21:22 \nJscript9.dll.mui| 11.0.9600.20091| 34,304| 16-Jul-21| 21:23 \nJscript9.dll.mui| 11.0.9600.20091| 35,840| 16-Jul-21| 21:23 \nJscript9.dll.mui| 11.0.9600.20091| 32,768| 16-Jul-21| 21:24 \nJscript9.dll.mui| 11.0.9600.20091| 33,280| 16-Jul-21| 21:24 \nJscript9.dll.mui| 11.0.9600.20091| 29,696| 16-Jul-21| 21:25 \nJscript9.dll.mui| 11.0.9600.20091| 34,816| 16-Jul-21| 21:26 \nJscript9.dll.mui| 11.0.9600.20091| 33,280| 16-Jul-21| 21:26 \nJscript9.dll.mui| 11.0.9600.20091| 32,256| 16-Jul-21| 21:27 \nJscript9.dll.mui| 11.0.9600.20091| 29,696| 16-Jul-21| 21:27 \nJscript9.dll.mui| 11.0.9600.20091| 32,768| 16-Jul-21| 21:28 \nJscript9.dll.mui| 11.0.9600.20091| 29,696| 16-Jul-21| 21:29 \nJscript9.dll.mui| 11.0.9600.20091| 30,720| 16-Jul-21| 21:29 \nJscript9.dll.mui| 11.0.9600.20091| 29,696| 16-Jul-21| 21:30 \nJscript9.dll.mui| 11.0.9600.20091| 16,384| 16-Jul-21| 21:30 \nJscript9.dll.mui| 11.0.9600.20091| 16,896| 16-Jul-21| 21:31 \nJscript9.dll.mui| 11.0.9600.20091| 16,896| 16-Jul-21| 21:32 \nJscript9.dll| 11.0.9600.20091| 5,507,584| 13-Jul-21| 5:01 \nJscript9diag.dll| 11.0.9600.20091| 814,592| 13-Jul-21| 4:28 \nJscript.dll| 5.8.9600.20091| 785,408| 13-Jul-21| 4:29 \nVbscript.dll| 5.8.9600.20091| 580,608| 13-Jul-21| 4:39 \nIexplore.exe| 11.0.9600.20091| 810,384| 16-Jul-21| 18:01 \nMshtml.dll| 11.0.9600.20091| 20,293,632| 13-Jul-21| 4:35 \nMshtml.tlb| 11.0.9600.20091| 2,724,864| 13-Jul-21| 4:16 \nWow64_microsoft-windows-ie-htmlrendering.ptxml| Not versioned| 3,228| 13-Jul-21| 2:04 \nIe9props.propdesc| Not versioned| 2,843| 4-Mar-21| 21:47 \nIeframe.dll| 11.0.9600.20091| 13,882,368| 13-Jul-21| 3:43 \nWow64_ieframe.ptxml| Not versioned| 24,486| 13-Jul-21| 2:04 \nJscript9.dll| 11.0.9600.20091| 4,119,040| 13-Jul-21| 3:46 \nJscript9diag.dll| 11.0.9600.20091| 620,032| 13-Jul-21| 3:58 \nJscript.dll| 5.8.9600.20091| 653,824| 13-Jul-21| 3:58 \nVbscript.dll| 5.8.9600.20091| 498,176| 13-Jul-21| 4:07 \nUrlmon.dll| 11.0.9600.20091| 1,342,976| 13-Jul-21| 3:21 \nWininet.dll.mui| 11.0.9600.20091| 46,592| 16-Jul-21| 18:01 \nWininet.dll.mui| 11.0.9600.20091| 52,736| 16-Jul-21| 18:02 \nWininet.dll.mui| 11.0.9600.20091| 51,200| 16-Jul-21| 18:03 \nWininet.dll.mui| 11.0.9600.20091| 51,200| 16-Jul-21| 18:04 \nWininet.dll.mui| 11.0.9600.20091| 56,320| 16-Jul-21| 18:04 \nWininet.dll.mui| 11.0.9600.20091| 57,856| 16-Jul-21| 18:04 \nWininet.dll.mui| 11.0.9600.20091| 49,664| 16-Jul-21| 18:38 \nWininet.dll.mui| 11.0.9600.20091| 54,272| 16-Jul-21| 18:05 \nWininet.dll.mui| 11.0.9600.20091| 47,616| 16-Jul-21| 18:06 \nWininet.dll.mui| 11.0.9600.20091| 49,152| 16-Jul-21| 18:06 \nWininet.dll.mui| 11.0.9600.20091| 55,296| 16-Jul-21| 18:07 \nWininet.dll.mui| 11.0.9600.20091| 45,056| 16-Jul-21| 18:08 \nWininet.dll.mui| 11.0.9600.20091| 51,712| 16-Jul-21| 18:08 \nWininet.dll.mui| 11.0.9600.20091| 51,712| 16-Jul-21| 18:09 \nWininet.dll.mui| 11.0.9600.20091| 53,248| 16-Jul-21| 18:10 \nWininet.dll.mui| 11.0.9600.20091| 39,424| 16-Jul-21| 18:10 \nWininet.dll.mui| 11.0.9600.20091| 35,840| 16-Jul-21| 18:11 \nWininet.dll.mui| 11.0.9600.20091| 50,176| 16-Jul-21| 18:12 \nWininet.dll.mui| 11.0.9600.20091| 51,200| 16-Jul-21| 18:12 \nWininet.dll.mui| 11.0.9600.20091| 50,688| 16-Jul-21| 18:13 \nWininet.dll.mui| 11.0.9600.20091| 52,736| 16-Jul-21| 18:13 \nWininet.dll.mui| 11.0.9600.20091| 53,760| 16-Jul-21| 18:14 \nWininet.dll.mui| 11.0.9600.20091| 54,272| 16-Jul-21| 18:15 \nWininet.dll.mui| 11.0.9600.20091| 54,272| 16-Jul-21| 18:15 \nWininet.dll.mui| 11.0.9600.20091| 52,736| 16-Jul-21| 18:16 \nWininet.dll.mui| 11.0.9600.20091| 51,200| 16-Jul-21| 18:16 \nWininet.dll.mui| 11.0.9600.20091| 53,248| 16-Jul-21| 18:17 \nWininet.dll.mui| 11.0.9600.20091| 52,736| 16-Jul-21| 18:18 \nWininet.dll.mui| 11.0.9600.20091| 51,712| 16-Jul-21| 18:18 \nWininet.dll.mui| 11.0.9600.20091| 50,688| 16-Jul-21| 18:19 \nWininet.dll.mui| 11.0.9600.20091| 50,688| 16-Jul-21| 18:19 \nWininet.dll.mui| 11.0.9600.20091| 50,176| 16-Jul-21| 18:20 \nWininet.dll.mui| 11.0.9600.20091| 50,176| 16-Jul-21| 18:21 \nWininet.dll.mui| 11.0.9600.20091| 30,720| 16-Jul-21| 18:21 \nWininet.dll.mui| 11.0.9600.20091| 30,720| 16-Jul-21| 18:22 \nWininet.dll.mui| 11.0.9600.20091| 30,720| 16-Jul-21| 18:22 \nInetcpl.cpl| 11.0.9600.20091| 2,058,752| 13-Jul-21| 3:37 \nMshtml.dll.mui| 11.0.9600.20091| 307,200| 16-Jul-21| 18:01 \nMshtml.dll.mui| 11.0.9600.20091| 293,888| 16-Jul-21| 18:02 \nMshtml.dll.mui| 11.0.9600.20091| 290,304| 16-Jul-21| 18:03 \nMshtml.dll.mui| 11.0.9600.20091| 289,280| 16-Jul-21| 18:03 \nMshtml.dll.mui| 11.0.9600.20091| 299,008| 16-Jul-21| 18:04 \nMshtml.dll.mui| 11.0.9600.20091| 303,104| 16-Jul-21| 18:04 \nMshtml.dll.mui| 11.0.9600.20091| 282,112| 16-Jul-21| 18:38 \nMshtml.dll.mui| 11.0.9600.20091| 296,960| 16-Jul-21| 18:05 \nMshtml.dll.mui| 11.0.9600.20091| 283,648| 16-Jul-21| 18:06 \nMshtml.dll.mui| 11.0.9600.20091| 291,840| 16-Jul-21| 18:07 \nMshtml.dll.mui| 11.0.9600.20091| 299,520| 16-Jul-21| 18:07 \nMshtml.dll.mui| 11.0.9600.20091| 275,968| 16-Jul-21| 18:08 \nMshtml.dll.mui| 11.0.9600.20091| 290,816| 16-Jul-21| 18:08 \nMshtml.dll.mui| 11.0.9600.20091| 293,376| 16-Jul-21| 18:09 \nMshtml.dll.mui| 11.0.9600.20091| 296,960| 16-Jul-21| 18:10 \nMshtml.dll.mui| 11.0.9600.20091| 258,048| 16-Jul-21| 18:10 \nMshtml.dll.mui| 11.0.9600.20091| 256,512| 16-Jul-21| 18:11 \nMshtml.dll.mui| 11.0.9600.20091| 289,280| 16-Jul-21| 18:12 \nMshtml.dll.mui| 11.0.9600.20091| 288,256| 16-Jul-21| 18:12 \nMshtml.dll.mui| 11.0.9600.20091| 285,184| 16-Jul-21| 18:13 \nMshtml.dll.mui| 11.0.9600.20091| 295,424| 16-Jul-21| 18:13 \nMshtml.dll.mui| 11.0.9600.20091| 297,472| 16-Jul-21| 18:14 \nMshtml.dll.mui| 11.0.9600.20091| 292,864| 16-Jul-21| 18:15 \nMshtml.dll.mui| 11.0.9600.20091| 295,424| 16-Jul-21| 18:15 \nMshtml.dll.mui| 11.0.9600.20091| 294,400| 16-Jul-21| 18:16 \nMshtml.dll.mui| 11.0.9600.20091| 294,400| 16-Jul-21| 18:17 \nMshtml.dll.mui| 11.0.9600.20091| 292,864| 16-Jul-21| 18:17 \nMshtml.dll.mui| 11.0.9600.20091| 290,816| 16-Jul-21| 18:18 \nMshtml.dll.mui| 11.0.9600.20091| 288,768| 16-Jul-21| 18:18 \nMshtml.dll.mui| 11.0.9600.20091| 286,208| 16-Jul-21| 18:19 \nMshtml.dll.mui| 11.0.9600.20091| 281,600| 16-Jul-21| 18:20 \nMshtml.dll.mui| 11.0.9600.20091| 286,720| 16-Jul-21| 18:20 \nMshtml.dll.mui| 11.0.9600.20091| 292,352| 16-Jul-21| 18:21 \nMshtml.dll.mui| 11.0.9600.20091| 242,176| 16-Jul-21| 18:21 \nMshtml.dll.mui| 11.0.9600.20091| 243,200| 16-Jul-21| 18:22 \nMshtml.dll.mui| 11.0.9600.20091| 243,200| 16-Jul-21| 18:23 \nUrlmon.dll.mui| 11.0.9600.20091| 46,080| 16-Jul-21| 18:01 \nUrlmon.dll.mui| 11.0.9600.20091| 50,176| 16-Jul-21| 18:02 \nUrlmon.dll.mui| 11.0.9600.20091| 48,640| 16-Jul-21| 18:03 \nUrlmon.dll.mui| 11.0.9600.20091| 49,664| 16-Jul-21| 18:03 \nUrlmon.dll.mui| 11.0.9600.20091| 51,712| 16-Jul-21| 18:04 \nUrlmon.dll.mui| 11.0.9600.20091| 54,272| 16-Jul-21| 18:05 \nUrlmon.dll.mui| 11.0.9600.20091| 48,128| 16-Jul-21| 18:38 \nUrlmon.dll.mui| 11.0.9600.20091| 50,176| 16-Jul-21| 18:05 \nUrlmon.dll.mui| 11.0.9600.20091| 47,616| 16-Jul-21| 18:06 \nUrlmon.dll.mui| 11.0.9600.20091| 49,152| 16-Jul-21| 18:06 \nUrlmon.dll.mui| 11.0.9600.20091| 50,688| 16-Jul-21| 18:07 \nUrlmon.dll.mui| 11.0.9600.20091| 45,056| 16-Jul-21| 18:08 \nUrlmon.dll.mui| 11.0.9600.20091| 49,152| 16-Jul-21| 18:08 \nUrlmon.dll.mui| 11.0.9600.20091| 49,152| 16-Jul-21| 18:09 \nUrlmon.dll.mui| 11.0.9600.20091| 49,664| 16-Jul-21| 18:10 \nUrlmon.dll.mui| 11.0.9600.20091| 39,936| 16-Jul-21| 18:10 \nUrlmon.dll.mui| 11.0.9600.20091| 39,424| 16-Jul-21| 18:11 \nUrlmon.dll.mui| 11.0.9600.20091| 47,616| 16-Jul-21| 18:12 \nUrlmon.dll.mui| 11.0.9600.20091| 47,616| 16-Jul-21| 18:12 \nUrlmon.dll.mui| 11.0.9600.20091| 48,640| 16-Jul-21| 18:13 \nUrlmon.dll.mui| 11.0.9600.20091| 51,200| 16-Jul-21| 18:13 \nUrlmon.dll.mui| 11.0.9600.20091| 50,688| 16-Jul-21| 18:14 \nUrlmon.dll.mui| 11.0.9600.20091| 49,664| 16-Jul-21| 18:15 \nUrlmon.dll.mui| 11.0.9600.20091| 50,176| 16-Jul-21| 18:15 \nUrlmon.dll.mui| 11.0.9600.20091| 49,152| 16-Jul-21| 18:16 \nUrlmon.dll.mui| 11.0.9600.20091| 48,640| 16-Jul-21| 18:16 \nUrlmon.dll.mui| 11.0.9600.20091| 50,176| 16-Jul-21| 18:17 \nUrlmon.dll.mui| 11.0.9600.20091| 48,640| 16-Jul-21| 18:18 \nUrlmon.dll.mui| 11.0.9600.20091| 49,664| 16-Jul-21| 18:18 \nUrlmon.dll.mui| 11.0.9600.20091| 48,640| 16-Jul-21| 18:19 \nUrlmon.dll.mui| 11.0.9600.20091| 48,128| 16-Jul-21| 18:19 \nUrlmon.dll.mui| 11.0.9600.20091| 49,152| 16-Jul-21| 18:20 \nUrlmon.dll.mui| 11.0.9600.20091| 48,128| 16-Jul-21| 18:21 \nUrlmon.dll.mui| 11.0.9600.20091| 35,328| 16-Jul-21| 18:22 \nUrlmon.dll.mui| 11.0.9600.20091| 35,328| 16-Jul-21| 18:22 \nUrlmon.dll.mui| 11.0.9600.20091| 35,328| 16-Jul-21| 18:22 \nJsproxy.dll| 11.0.9600.20091| 47,104| 13-Jul-21| 4:01 \nWininet.dll| 11.0.9600.20091| 4,387,840| 13-Jul-21| 3:26 \nInetcpl.cpl.mui| 11.0.9600.20091| 114,176| 16-Jul-21| 18:01 \nInetcpl.cpl.mui| 11.0.9600.20091| 130,560| 16-Jul-21| 18:02 \nInetcpl.cpl.mui| 11.0.9600.20091| 124,928| 16-Jul-21| 18:03 \nInetcpl.cpl.mui| 11.0.9600.20091| 122,880| 16-Jul-21| 18:04 \nInetcpl.cpl.mui| 11.0.9600.20091| 130,048| 16-Jul-21| 18:04 \nInetcpl.cpl.mui| 11.0.9600.20091| 138,240| 16-Jul-21| 18:05 \nInetcpl.cpl.mui| 11.0.9600.20091| 114,688| 16-Jul-21| 18:38 \nInetcpl.cpl.mui| 11.0.9600.20091| 131,584| 16-Jul-21| 18:05 \nInetcpl.cpl.mui| 11.0.9600.20091| 117,760| 16-Jul-21| 18:06 \nInetcpl.cpl.mui| 11.0.9600.20091| 122,368| 16-Jul-21| 18:06 \nInetcpl.cpl.mui| 11.0.9600.20091| 134,144| 16-Jul-21| 18:07 \nInetcpl.cpl.mui| 11.0.9600.20091| 107,008| 16-Jul-21| 18:08 \nInetcpl.cpl.mui| 11.0.9600.20091| 123,392| 16-Jul-21| 18:08 \nInetcpl.cpl.mui| 11.0.9600.20091| 127,488| 16-Jul-21| 18:09 \nInetcpl.cpl.mui| 11.0.9600.20091| 128,512| 16-Jul-21| 18:09 \nInetcpl.cpl.mui| 11.0.9600.20091| 88,576| 16-Jul-21| 18:10 \nInetcpl.cpl.mui| 11.0.9600.20091| 82,944| 16-Jul-21| 18:11 \nInetcpl.cpl.mui| 11.0.9600.20091| 125,440| 16-Jul-21| 18:11 \nInetcpl.cpl.mui| 11.0.9600.20091| 123,392| 16-Jul-21| 18:12 \nInetcpl.cpl.mui| 11.0.9600.20091| 120,320| 16-Jul-21| 18:13 \nInetcpl.cpl.mui| 11.0.9600.20091| 130,560| 16-Jul-21| 18:13 \nInetcpl.cpl.mui| 11.0.9600.20091| 129,024| 16-Jul-21| 18:14 \nInetcpl.cpl.mui| 11.0.9600.20091| 125,952| 16-Jul-21| 18:15 \nInetcpl.cpl.mui| 11.0.9600.20091| 129,024| 16-Jul-21| 18:15 \nInetcpl.cpl.mui| 11.0.9600.20091| 128,000| 16-Jul-21| 18:16 \nInetcpl.cpl.mui| 11.0.9600.20091| 123,904| 16-Jul-21| 18:16 \nInetcpl.cpl.mui| 11.0.9600.20091| 129,024| 16-Jul-21| 18:17 \nInetcpl.cpl.mui| 11.0.9600.20091| 123,904| 16-Jul-21| 18:18 \nInetcpl.cpl.mui| 11.0.9600.20091| 124,416| 16-Jul-21| 18:18 \nInetcpl.cpl.mui| 11.0.9600.20091| 121,856| 16-Jul-21| 18:19 \nInetcpl.cpl.mui| 11.0.9600.20091| 115,712| 16-Jul-21| 18:19 \nInetcpl.cpl.mui| 11.0.9600.20091| 123,904| 16-Jul-21| 18:20 \nInetcpl.cpl.mui| 11.0.9600.20091| 125,440| 16-Jul-21| 18:21 \nInetcpl.cpl.mui| 11.0.9600.20091| 72,704| 16-Jul-21| 18:21 \nInetcpl.cpl.mui| 11.0.9600.20091| 73,728| 16-Jul-21| 18:22 \nInetcpl.cpl.mui| 11.0.9600.20091| 73,728| 16-Jul-21| 18:23 \nMsfeedsbs.dll| 11.0.9600.20091| 52,736| 13-Jul-21| 3:45 \nMsfeedsbs.mof| Not versioned| 1,574| 13-Jul-21| 2:13 \nMsfeedssync.exe| 11.0.9600.20091| 11,776| 13-Jul-21| 4:07 \nIeproxy.dll| 11.0.9600.20091| 310,784| 13-Jul-21| 3:16 \nIeshims.dll| 11.0.9600.20091| 290,304| 13-Jul-21| 3:20 \nIertutil.dll| 11.0.9600.20091| 2,308,608| 13-Jul-21| 4:06 \nSqmapi.dll| 6.2.9200.16384| 228,240| 16-Jul-21| 18:01 \nIeframe.dll.mui| 11.0.9600.20091| 2,066,432| 16-Jul-21| 18:02 \nIeframe.dll.mui| 11.0.9600.20091| 2,121,216| 16-Jul-21| 18:02 \nIeframe.dll.mui| 11.0.9600.20091| 2,075,648| 16-Jul-21| 18:03 \nIeframe.dll.mui| 11.0.9600.20091| 2,063,872| 16-Jul-21| 18:03 \nIeframe.dll.mui| 11.0.9600.20091| 2,314,240| 16-Jul-21| 18:04 \nIeframe.dll.mui| 11.0.9600.20091| 2,390,528| 16-Jul-21| 18:05 \nIeframe.dll.mui| 11.0.9600.20091| 2,033,152| 16-Jul-21| 18:38 \nIeframe.dll.mui| 11.0.9600.20091| 2,307,584| 16-Jul-21| 18:05 \nIeframe.dll.mui| 11.0.9600.20091| 2,255,872| 16-Jul-21| 18:06 \nIeframe.dll.mui| 11.0.9600.20091| 2,061,312| 16-Jul-21| 18:07 \nIeframe.dll.mui| 11.0.9600.20091| 2,326,016| 16-Jul-21| 18:07 \nIeframe.dll.mui| 11.0.9600.20091| 2,019,840| 16-Jul-21| 18:08 \nIeframe.dll.mui| 11.0.9600.20091| 2,071,040| 16-Jul-21| 18:09 \nIeframe.dll.mui| 11.0.9600.20091| 2,082,816| 16-Jul-21| 18:09 \nIeframe.dll.mui| 11.0.9600.20091| 2,307,584| 16-Jul-21| 18:10 \nIeframe.dll.mui| 11.0.9600.20091| 2,170,368| 16-Jul-21| 18:11 \nIeframe.dll.mui| 11.0.9600.20091| 2,153,984| 16-Jul-21| 18:11 \nIeframe.dll.mui| 11.0.9600.20091| 2,291,712| 16-Jul-21| 18:12 \nIeframe.dll.mui| 11.0.9600.20091| 2,283,520| 16-Jul-21| 18:12 \nIeframe.dll.mui| 11.0.9600.20091| 2,052,096| 16-Jul-21| 18:13 \nIeframe.dll.mui| 11.0.9600.20091| 2,301,952| 16-Jul-21| 18:14 \nIeframe.dll.mui| 11.0.9600.20091| 2,093,056| 16-Jul-21| 18:14 \nIeframe.dll.mui| 11.0.9600.20091| 2,075,648| 16-Jul-21| 18:15 \nIeframe.dll.mui| 11.0.9600.20091| 2,299,392| 16-Jul-21| 18:16 \nIeframe.dll.mui| 11.0.9600.20091| 2,094,592| 16-Jul-21| 18:16 \nIeframe.dll.mui| 11.0.9600.20091| 2,316,800| 16-Jul-21| 18:17 \nIeframe.dll.mui| 11.0.9600.20091| 2,305,536| 16-Jul-21| 18:17 \nIeframe.dll.mui| 11.0.9600.20091| 2,278,912| 16-Jul-21| 18:18 \nIeframe.dll.mui| 11.0.9600.20091| 2,285,568| 16-Jul-21| 18:19 \nIeframe.dll.mui| 11.0.9600.20091| 2,060,288| 16-Jul-21| 18:19 \nIeframe.dll.mui| 11.0.9600.20091| 2,315,776| 16-Jul-21| 18:20 \nIeframe.dll.mui| 11.0.9600.20091| 2,279,424| 16-Jul-21| 18:20 \nIeframe.dll.mui| 11.0.9600.20091| 2,324,992| 16-Jul-21| 18:21 \nIeframe.dll.mui| 11.0.9600.20091| 2,098,176| 16-Jul-21| 18:22 \nIeframe.dll.mui| 11.0.9600.20091| 1,890,304| 16-Jul-21| 18:22 \nIeframe.dll.mui| 11.0.9600.20091| 1,890,304| 16-Jul-21| 18:23 \nJscript9.dll.mui| 11.0.9600.20091| 29,184| 16-Jul-21| 18:01 \nJscript9.dll.mui| 11.0.9600.20091| 29,696| 16-Jul-21| 18:02 \nJscript9.dll.mui| 11.0.9600.20091| 32,768| 16-Jul-21| 18:03 \nJscript9.dll.mui| 11.0.9600.20091| 33,280| 16-Jul-21| 18:03 \nJscript9.dll.mui| 11.0.9600.20091| 35,328| 16-Jul-21| 18:04 \nJscript9.dll.mui| 11.0.9600.20091| 37,888| 16-Jul-21| 18:05 \nJscript9.dll.mui| 11.0.9600.20091| 29,696| 16-Jul-21| 18:38 \nJscript9.dll.mui| 11.0.9600.20091| 34,304| 16-Jul-21| 18:05 \nJscript9.dll.mui| 11.0.9600.20091| 29,696| 16-Jul-21| 18:06 \nJscript9.dll.mui| 11.0.9600.20091| 33,280| 16-Jul-21| 18:06 \nJscript9.dll.mui| 11.0.9600.20091| 34,304| 16-Jul-21| 18:07 \nJscript9.dll.mui| 11.0.9600.20091| 27,648| 16-Jul-21| 18:08 \nJscript9.dll.mui| 11.0.9600.20091| 29,696| 16-Jul-21| 18:08 \nJscript9.dll.mui| 11.0.9600.20091| 34,304| 16-Jul-21| 18:09 \nJscript9.dll.mui| 11.0.9600.20091| 33,792| 16-Jul-21| 18:10 \nJscript9.dll.mui| 11.0.9600.20091| 23,040| 16-Jul-21| 18:10 \nJscript9.dll.mui| 11.0.9600.20091| 22,016| 16-Jul-21| 18:11 \nJscript9.dll.mui| 11.0.9600.20091| 29,696| 16-Jul-21| 18:11 \nJscript9.dll.mui| 11.0.9600.20091| 29,696| 16-Jul-21| 18:12 \nJscript9.dll.mui| 11.0.9600.20091| 31,232| 16-Jul-21| 18:13 \nJscript9.dll.mui| 11.0.9600.20091| 34,304| 16-Jul-21| 18:13 \nJscript9.dll.mui| 11.0.9600.20091| 35,840| 16-Jul-21| 18:14 \nJscript9.dll.mui| 11.0.9600.20091| 32,768| 16-Jul-21| 18:15 \nJscript9.dll.mui| 11.0.9600.20091| 33,280| 16-Jul-21| 18:15 \nJscript9.dll.mui| 11.0.9600.20091| 29,696| 16-Jul-21| 18:16 \nJscript9.dll.mui| 11.0.9600.20091| 34,816| 16-Jul-21| 18:16 \nJscript9.dll.mui| 11.0.9600.20091| 33,280| 16-Jul-21| 18:17 \nJscript9.dll.mui| 11.0.9600.20091| 32,256| 16-Jul-21| 18:18 \nJscript9.dll.mui| 11.0.9600.20091| 29,696| 16-Jul-21| 18:18 \nJscript9.dll.mui| 11.0.9600.20091| 32,768| 16-Jul-21| 18:19 \nJscript9.dll.mui| 11.0.9600.20091| 29,696| 16-Jul-21| 18:20 \nJscript9.dll.mui| 11.0.9600.20091| 30,720| 16-Jul-21| 18:20 \nJscript9.dll.mui| 11.0.9600.20091| 29,696| 16-Jul-21| 18:21 \nJscript9.dll.mui| 11.0.9600.20091| 16,384| 16-Jul-21| 18:21 \nJscript9.dll.mui| 11.0.9600.20091| 16,896| 16-Jul-21| 18:22 \nJscript9.dll.mui| 11.0.9600.20091| 16,896| 16-Jul-21| 18:23 \nPackage.cab| Not versioned| 302,207| 16-Jul-21| 23:31 \n \n### Windows 7 and Windows Server 2008 R2\n\n### \n\n__\n\nInternet Explorer 11 on all supported x86-based versions\n\n**File name**| **File version**| **Date**| **Time**| **File size** \n---|---|---|---|--- \nurlmon.dll| 11.0.9600.20091| 12-Jul-2021| 20:21| 1,342,976 \niexplore.exe| 11.0.9600.20091| 13-Jul-2021| 12:28| 810,400 \nwebcheck.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:29| 31,744 \nwebcheck.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:30| 36,352 \nwebcheck.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:31| 35,328 \nwebcheck.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:31| 34,816 \nwebcheck.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:32| 36,864 \nwebcheck.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:32| 39,424 \nwebcheck.dll.mui| 11.0.9600.20091| 13-Jul-2021| 13:07| 32,768 \nwebcheck.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:33| 37,376 \nwebcheck.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:34| 33,280 \nwebcheck.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:34| 34,816 \nwebcheck.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:35| 38,400 \nwebcheck.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:35| 30,720 \nwebcheck.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:36| 34,816 \nwebcheck.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:37| 35,328 \nwebcheck.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:37| 36,864 \nwebcheck.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:38| 25,600 \nwebcheck.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:39| 24,576 \nwebcheck.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:39| 35,840 \nwebcheck.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:40| 34,304 \nwebcheck.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:41| 34,304 \nwebcheck.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:41| 36,352 \nwebcheck.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:42| 35,840 \nwebcheck.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:42| 34,816 \nwebcheck.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:43| 35,840 \nwebcheck.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:44| 35,840 \nwebcheck.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:44| 34,304 \nwebcheck.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:45| 35,840 \nwebcheck.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:45| 34,816 \nwebcheck.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:46| 34,816 \nwebcheck.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:46| 34,816 \nwebcheck.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:47| 33,280 \nwebcheck.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:48| 34,304 \nwebcheck.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:48| 34,304 \nwebcheck.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:49| 20,992 \nwebcheck.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:50| 21,504 \nwebcheck.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:50| 21,504 \nwininet.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:29| 46,592 \nwininet.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:30| 52,736 \nwininet.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:30| 51,200 \nwininet.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:31| 51,200 \nwininet.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:32| 56,320 \nwininet.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:33| 57,856 \nwininet.dll.mui| 11.0.9600.20091| 13-Jul-2021| 13:06| 49,664 \nwininet.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:33| 54,272 \nwininet.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:34| 47,616 \nwininet.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:34| 49,152 \nwininet.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:35| 55,296 \nwininet.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:36| 45,056 \nwininet.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:36| 51,712 \nwininet.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:37| 51,712 \nwininet.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:37| 53,248 \nwininet.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:38| 39,424 \nwininet.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:39| 35,840 \nwininet.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:39| 50,176 \nwininet.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:40| 51,200 \nwininet.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:40| 50,688 \nwininet.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:41| 52,736 \nwininet.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:42| 53,760 \nwininet.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:42| 54,272 \nwininet.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:43| 54,272 \nwininet.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:44| 52,736 \nwininet.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:44| 51,200 \nwininet.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:45| 53,248 \nwininet.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:46| 52,736 \nwininet.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:46| 51,712 \nwininet.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:46| 50,688 \nwininet.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:47| 50,688 \nwininet.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:48| 50,176 \nwininet.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:48| 50,176 \nwininet.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:49| 30,720 \nwininet.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:50| 30,720 \nwininet.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:50| 30,720 \ninetcpl.cpl| 11.0.9600.20091| 12-Jul-2021| 20:37| 2,058,752 \nDiagnosticsTap.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:29| 10,752 \nDiagnosticsTap.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:30| 10,752 \nDiagnosticsTap.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:31| 10,752 \nDiagnosticsTap.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:31| 10,752 \nDiagnosticsTap.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:32| 10,752 \nDiagnosticsTap.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:33| 10,752 \nDiagnosticsTap.dll.mui| 11.0.9600.20091| 13-Jul-2021| 13:07| 10,752 \nDiagnosticsTap.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:33| 10,752 \nDiagnosticsTap.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:34| 10,752 \nDiagnosticsTap.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:34| 10,752 \nDiagnosticsTap.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:35| 10,752 \nDiagnosticsTap.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:36| 10,752 \nDiagnosticsTap.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:36| 10,752 \nDiagnosticsTap.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:37| 10,752 \nDiagnosticsTap.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:37| 10,752 \nDiagnosticsTap.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:38| 10,752 \nDiagnosticsTap.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:39| 10,752 \nDiagnosticsTap.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:39| 10,752 \nDiagnosticsTap.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:40| 10,752 \nDiagnosticsTap.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:41| 10,752 \nDiagnosticsTap.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:41| 10,752 \nDiagnosticsTap.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:42| 10,752 \nDiagnosticsTap.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:43| 10,752 \nDiagnosticsTap.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:43| 10,752 \nDiagnosticsTap.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:44| 10,752 \nDiagnosticsTap.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:44| 10,752 \nDiagnosticsTap.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:45| 10,752 \nDiagnosticsTap.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:45| 10,752 \nDiagnosticsTap.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:46| 10,752 \nDiagnosticsTap.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:46| 10,752 \nDiagnosticsTap.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:47| 10,752 \nDiagnosticsTap.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:48| 10,752 \nDiagnosticsTap.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:48| 10,752 \nDiagnosticsTap.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:49| 10,752 \nDiagnosticsTap.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:50| 10,752 \nDiagnosticsTap.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:50| 10,752 \nmshtml.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:29| 307,200 \nmshtml.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:30| 293,888 \nmshtml.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:31| 290,304 \nmshtml.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:31| 289,280 \nmshtml.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:32| 299,008 \nmshtml.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:33| 303,104 \nmshtml.dll.mui| 11.0.9600.20091| 13-Jul-2021| 13:07| 282,112 \nmshtml.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:33| 296,960 \nmshtml.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:34| 283,648 \nmshtml.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:34| 291,840 \nmshtml.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:35| 299,520 \nmshtml.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:36| 275,968 \nmshtml.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:36| 290,816 \nmshtml.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:37| 293,376 \nmshtml.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:37| 296,960 \nmshtml.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:38| 258,048 \nmshtml.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:39| 256,512 \nmshtml.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:39| 289,280 \nmshtml.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:40| 288,256 \nmshtml.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:41| 285,184 \nmshtml.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:42| 295,424 \nmshtml.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:42| 297,472 \nmshtml.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:42| 292,864 \nmshtml.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:43| 295,424 \nmshtml.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:44| 294,400 \nmshtml.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:44| 294,400 \nmshtml.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:45| 292,864 \nmshtml.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:45| 290,816 \nmshtml.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:46| 288,768 \nmshtml.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:47| 286,208 \nmshtml.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:47| 281,600 \nmshtml.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:48| 286,720 \nmshtml.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:48| 292,352 \nmshtml.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:49| 242,176 \nmshtml.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:50| 243,200 \nmshtml.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:51| 243,200 \nF12Resources.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:29| 65,536 \nF12Resources.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:30| 73,728 \nF12Resources.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:30| 67,584 \nF12Resources.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:31| 67,584 \nF12Resources.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:32| 74,240 \nF12Resources.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:33| 78,848 \nF12Resources.dll.mui| 11.0.9600.20091| 13-Jul-2021| 13:06| 61,440 \nF12Resources.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:33| 74,752 \nF12Resources.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:34| 62,464 \nF12Resources.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:34| 68,096 \nF12Resources.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:35| 75,264 \nF12Resources.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:35| 65,536 \nF12Resources.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:36| 68,608 \nF12Resources.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:37| 72,192 \nF12Resources.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:37| 73,216 \nF12Resources.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:38| 41,472 \nF12Resources.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:39| 37,888 \nF12Resources.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:39| 68,608 \nF12Resources.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:40| 67,584 \nF12Resources.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:41| 65,536 \nF12Resources.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:42| 74,240 \nF12Resources.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:42| 70,656 \nF12Resources.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:42| 71,168 \nF12Resources.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:43| 71,680 \nF12Resources.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:44| 71,168 \nF12Resources.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:44| 69,632 \nF12Resources.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:45| 68,096 \nF12Resources.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:45| 68,608 \nF12Resources.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:46| 68,096 \nF12Resources.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:47| 65,536 \nF12Resources.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:47| 59,904 \nF12Resources.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:48| 65,536 \nF12Resources.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:48| 69,120 \nF12Resources.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:49| 29,696 \nF12Resources.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:50| 30,720 \nF12Resources.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:50| 30,720 \nJavaScriptCollectionAgent.dll| 11.0.9600.20091| 12-Jul-2021| 20:47| 60,416 \nDiagnosticsHub.ScriptedSandboxPlugin.dll| 11.0.9600.20091| 12-Jul-2021| 20:49| 230,912 \nurlmon.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:29| 46,080 \nurlmon.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:30| 50,176 \nurlmon.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:30| 48,640 \nurlmon.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:32| 49,664 \nurlmon.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:32| 51,712 \nurlmon.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:32| 54,272 \nurlmon.dll.mui| 11.0.9600.20091| 13-Jul-2021| 13:07| 48,128 \nurlmon.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:33| 50,176 \nurlmon.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:34| 47,616 \nurlmon.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:34| 49,152 \nurlmon.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:35| 50,688 \nurlmon.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:35| 45,056 \nurlmon.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:36| 49,152 \nurlmon.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:37| 49,152 \nurlmon.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:37| 49,664 \nurlmon.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:38| 39,936 \nurlmon.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:39| 39,424 \nurlmon.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:39| 47,616 \nurlmon.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:40| 47,616 \nurlmon.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:41| 48,640 \nurlmon.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:41| 51,200 \nurlmon.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:42| 50,688 \nurlmon.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:42| 49,664 \nurlmon.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:43| 50,176 \nurlmon.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:44| 49,152 \nurlmon.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:44| 48,640 \nurlmon.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:45| 50,176 \nurlmon.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:45| 48,640 \nurlmon.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:46| 49,664 \nurlmon.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:46| 48,640 \nurlmon.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:47| 48,128 \nurlmon.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:48| 49,152 \nurlmon.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:48| 48,128 \nurlmon.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:49| 35,328 \nurlmon.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:50| 35,328 \nurlmon.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:50| 35,328 \noccache.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:29| 9,728 \noccache.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:30| 10,752 \noccache.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:31| 10,240 \noccache.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:31| 9,728 \noccache.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:32| 10,752 \noccache.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:33| 11,264 \noccache.dll.mui| 11.0.9600.20091| 13-Jul-2021| 13:07| 9,728 \noccache.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:33| 10,752 \noccache.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:34| 10,240 \noccache.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:34| 10,240 \noccache.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:35| 10,752 \noccache.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:35| 9,216 \noccache.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:36| 10,240 \noccache.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:37| 10,240 \noccache.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:37| 10,752 \noccache.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:38| 7,680 \noccache.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:39| 7,680 \noccache.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:39| 10,240 \noccache.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:40| 10,240 \noccache.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:40| 9,728 \noccache.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:41| 10,240 \noccache.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:42| 10,240 \noccache.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:42| 10,752 \noccache.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:43| 10,752 \noccache.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:44| 10,240 \noccache.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:45| 10,240 \noccache.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:45| 10,752 \noccache.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:45| 10,240 \noccache.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:46| 10,240 \noccache.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:46| 9,728 \noccache.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:47| 9,728 \noccache.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:48| 10,240 \noccache.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:48| 10,240 \noccache.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:49| 6,656 \noccache.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:50| 6,656 \noccache.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:51| 6,656 \nwininet.dll| 11.0.9600.20091| 12-Jul-2021| 20:26| 4,387,840 \njsproxy.dll| 11.0.9600.20091| 12-Jul-2021| 21:01| 47,104 \ninetcpl.cpl.mui| 11.0.9600.20091| 13-Jul-2021| 12:29| 114,176 \ninetcpl.cpl.mui| 11.0.9600.20091| 13-Jul-2021| 12:30| 130,560 \ninetcpl.cpl.mui| 11.0.9600.20091| 13-Jul-2021| 12:31| 124,928 \ninetcpl.cpl.mui| 11.0.9600.20091| 13-Jul-2021| 12:31| 122,880 \ninetcpl.cpl.mui| 11.0.9600.20091| 13-Jul-2021| 12:32| 130,048 \ninetcpl.cpl.mui| 11.0.9600.20091| 13-Jul-2021| 12:33| 138,240 \ninetcpl.cpl.mui| 11.0.9600.20091| 13-Jul-2021| 13:06| 114,688 \ninetcpl.cpl.mui| 11.0.9600.20091| 13-Jul-2021| 12:33| 131,584 \ninetcpl.cpl.mui| 11.0.9600.20091| 13-Jul-2021| 12:34| 117,760 \ninetcpl.cpl.mui| 11.0.9600.20091| 13-Jul-2021| 12:34| 122,368 \ninetcpl.cpl.mui| 11.0.9600.20091| 13-Jul-2021| 12:35| 134,144 \ninetcpl.cpl.mui| 11.0.9600.20091| 13-Jul-2021| 12:36| 107,008 \ninetcpl.cpl.mui| 11.0.9600.20091| 13-Jul-2021| 12:36| 123,392 \ninetcpl.cpl.mui| 11.0.9600.20091| 13-Jul-2021| 12:37| 127,488 \ninetcpl.cpl.mui| 11.0.9600.20091| 13-Jul-2021| 12:37| 128,512 \ninetcpl.cpl.mui| 11.0.9600.20091| 13-Jul-2021| 12:38| 88,576 \ninetcpl.cpl.mui| 11.0.9600.20091| 13-Jul-2021| 12:39| 82,944 \ninetcpl.cpl.mui| 11.0.9600.20091| 13-Jul-2021| 12:39| 125,440 \ninetcpl.cpl.mui| 11.0.9600.20091| 13-Jul-2021| 12:40| 123,392 \ninetcpl.cpl.mui| 11.0.9600.20091| 13-Jul-2021| 12:40| 120,320 \ninetcpl.cpl.mui| 11.0.9600.20091| 13-Jul-2021| 12:41| 130,560 \ninetcpl.cpl.mui| 11.0.9600.20091| 13-Jul-2021| 12:42| 129,024 \ninetcpl.cpl.mui| 11.0.9600.20091| 13-Jul-2021| 12:42| 125,952 \ninetcpl.cpl.mui| 11.0.9600.20091| 13-Jul-2021| 12:43| 129,024 \ninetcpl.cpl.mui| 11.0.9600.20091| 13-Jul-2021| 12:44| 128,000 \ninetcpl.cpl.mui| 11.0.9600.20091| 13-Jul-2021| 12:44| 123,904 \ninetcpl.cpl.mui| 11.0.9600.20091| 13-Jul-2021| 12:45| 129,024 \ninetcpl.cpl.mui| 11.0.9600.20091| 13-Jul-2021| 12:45| 123,904 \ninetcpl.cpl.mui| 11.0.9600.20091| 13-Jul-2021| 12:46| 124,416 \ninetcpl.cpl.mui| 11.0.9600.20091| 13-Jul-2021| 12:46| 121,856 \ninetcpl.cpl.mui| 11.0.9600.20091| 13-Jul-2021| 12:47| 115,712 \ninetcpl.cpl.mui| 11.0.9600.20091| 13-Jul-2021| 12:48| 123,904 \ninetcpl.cpl.mui| 11.0.9600.20091| 13-Jul-2021| 12:48| 125,440 \ninetcpl.cpl.mui| 11.0.9600.20091| 13-Jul-2021| 12:49| 72,704 \ninetcpl.cpl.mui| 11.0.9600.20091| 13-Jul-2021| 12:50| 73,728 \ninetcpl.cpl.mui| 11.0.9600.20091| 13-Jul-2021| 12:50| 73,728 \niedkcs32.dll| 18.0.9600.20091| 13-Jul-2021| 12:28| 341,920 \ninstall.ins| Not versioned| 12-Jul-2021| 19:02| 464 \nieapfltr.dat| 10.0.9301.0| 4-Mar-2021| 13:41| 616,104 \nieapfltr.dll| 11.0.9600.20091| 12-Jul-2021| 20:18| 710,656 \ntdc.ocx| 11.0.9600.20091| 12-Jul-2021| 20:47| 73,728 \nDiagnosticsHub.DataWarehouse.dll| 11.0.9600.20091| 12-Jul-2021| 21:09| 489,472 \niedvtool.dll| 11.0.9600.20091| 12-Jul-2021| 21:35| 772,608 \nDiagnosticsHub_is.dll| 11.0.9600.20091| 12-Jul-2021| 21:10| 38,912 \ndxtmsft.dll| 11.0.9600.20091| 12-Jul-2021| 20:51| 415,744 \ndxtrans.dll| 11.0.9600.20091| 12-Jul-2021| 20:43| 280,064 \nMicrosoft-Windows-IE-F12-Provider.ptxml| Not versioned| 12-Jul-2021| 19:01| 11,892 \nF12.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:29| 4,096 \nF12.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:30| 4,096 \nF12.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:30| 4,096 \nF12.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:31| 4,096 \nF12.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:32| 4,096 \nF12.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:32| 4,096 \nF12.dll.mui| 11.0.9600.20091| 13-Jul-2021| 13:06| 4,096 \nF12.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:33| 4,096 \nF12.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:34| 4,096 \nF12.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:34| 4,096 \nF12.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:35| 4,096 \nF12.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:35| 4,096 \nF12.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:36| 4,096 \nF12.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:37| 4,096 \nF12.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:37| 4,096 \nF12.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:38| 3,584 \nF12.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:39| 3,584 \nF12.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:39| 4,096 \nF12.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:40| 4,096 \nF12.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:41| 4,096 \nF12.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:41| 4,096 \nF12.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:42| 4,096 \nF12.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:42| 4,096 \nF12.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:43| 4,096 \nF12.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:44| 4,096 \nF12.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:44| 4,096 \nF12.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:45| 4,096 \nF12.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:45| 4,096 \nF12.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:46| 4,096 \nF12.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:47| 4,096 \nF12.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:47| 4,096 \nF12.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:48| 4,096 \nF12.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:48| 4,096 \nF12.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:49| 3,584 \nF12.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:50| 3,584 \nF12.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:50| 3,584 \nDiagnosticsTap.dll| 11.0.9600.20091| 12-Jul-2021| 20:50| 175,104 \nF12Resources.dll| 11.0.9600.20091| 12-Jul-2021| 21:12| 10,948,096 \nF12Tools.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:29| 2,048 \nF12Tools.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:30| 2,048 \nF12Tools.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:31| 2,048 \nF12Tools.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:32| 2,048 \nF12Tools.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:32| 2,048 \nF12Tools.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:33| 2,048 \nF12Tools.dll.mui| 11.0.9600.20091| 13-Jul-2021| 13:07| 2,048 \nF12Tools.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:33| 2,048 \nF12Tools.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:34| 2,048 \nF12Tools.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:35| 2,048 \nF12Tools.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:35| 2,048 \nF12Tools.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:35| 2,048 \nF12Tools.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:36| 2,048 \nF12Tools.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:37| 2,048 \nF12Tools.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:37| 2,048 \nF12Tools.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:38| 2,048 \nF12Tools.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:39| 2,048 \nF12Tools.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:39| 2,048 \nF12Tools.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:40| 2,048 \nF12Tools.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:41| 2,048 \nF12Tools.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:42| 2,048 \nF12Tools.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:42| 2,048 \nF12Tools.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:42| 2,048 \nF12Tools.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:43| 2,048 \nF12Tools.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:44| 2,048 \nF12Tools.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:45| 2,048 \nF12Tools.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:45| 2,048 \nF12Tools.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:45| 2,048 \nF12Tools.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:46| 2,048 \nF12Tools.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:46| 2,048 \nF12Tools.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:47| 2,048 \nF12Tools.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:48| 2,048 \nF12Tools.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:48| 2,048 \nF12Tools.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:49| 2,048 \nF12Tools.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:50| 2,048 \nF12Tools.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:50| 2,048 \nF12Tools.dll| 11.0.9600.20091| 12-Jul-2021| 20:49| 256,000 \nF12.dll| 11.0.9600.20091| 12-Jul-2021| 20:41| 1,207,808 \nmsfeeds.dll| 11.0.9600.20091| 12-Jul-2021| 20:37| 696,320 \nmsfeeds.mof| Not versioned| 12-Jul-2021| 19:13| 1,518 \nmsfeedsbs.mof| Not versioned| 12-Jul-2021| 19:13| 1,574 \nmsfeedsbs.dll| 11.0.9600.20091| 12-Jul-2021| 20:45| 52,736 \nmsfeedssync.exe| 11.0.9600.20091| 12-Jul-2021| 21:07| 11,776 \nhtml.iec| 2019.0.0.20091| 12-Jul-2021| 21:06| 341,504 \nmshtmled.dll| 11.0.9600.20091| 12-Jul-2021| 20:44| 76,800 \nmshtmlmedia.dll| 11.0.9600.20091| 12-Jul-2021| 20:36| 1,155,584 \nmshtml.dll| 11.0.9600.20091| 12-Jul-2021| 21:35| 20,293,632 \nmshtml.tlb| 11.0.9600.20091| 12-Jul-2021| 21:16| 2,724,864 \nMicrosoft-Windows-IE-HTMLRendering.ptxml| Not versioned| 12-Jul-2021| 19:01| 3,228 \nieetwcollector.exe| 11.0.9600.20091| 12-Jul-2021| 20:58| 104,960 \nieetwproxystub.dll| 11.0.9600.20091| 12-Jul-2021| 21:06| 47,616 \nieetwcollectorres.dll| 11.0.9600.20091| 12-Jul-2021| 21:16| 4,096 \nielowutil.exe| 11.0.9600.20091| 12-Jul-2021| 21:00| 221,184 \nieproxy.dll| 11.0.9600.20091| 12-Jul-2021| 20:16| 310,784 \nIEShims.dll| 11.0.9600.20091| 12-Jul-2021| 20:20| 290,304 \nWindows Pop-up Blocked.wav| Not versioned| 4-Mar-2021| 13:55| 85,548 \nWindows Information Bar.wav| Not versioned| 4-Mar-2021| 13:55| 23,308 \nWindows Feed Discovered.wav| Not versioned| 4-Mar-2021| 13:55| 19,884 \nWindows Navigation Start.wav| Not versioned| 4-Mar-2021| 13:55| 11,340 \nbing.ico| Not versioned| 4-Mar-2021| 13:48| 5,430 \nieUnatt.exe| 11.0.9600.20091| 12-Jul-2021| 20:58| 115,712 \nMicrosoft-Windows-IE-InternetExplorer-ppdlic.xrm-ms| Not versioned| 14-Jul-2021| 11:52| 2,956 \njsprofilerui.dll| 11.0.9600.20091| 12-Jul-2021| 20:46| 579,584 \nMemoryAnalyzer.dll| 11.0.9600.20091| 12-Jul-2021| 20:56| 1,399,296 \nMshtmlDac.dll| 11.0.9600.20091| 12-Jul-2021| 21:05| 64,000 \nnetworkinspection.dll| 11.0.9600.20091| 12-Jul-2021| 20:42| 1,075,200 \noccache.dll| 11.0.9600.20091| 12-Jul-2021| 20:42| 130,048 \ndesktop.ini| Not versioned| 4-Mar-2021| 13:44| 65 \nwebcheck.dll| 11.0.9600.20091| 12-Jul-2021| 20:37| 230,400 \ndesktop.ini| Not versioned| 4-Mar-2021| 13:44| 65 \nmsrating.dll| 11.0.9600.20091| 12-Jul-2021| 20:45| 168,960 \nicrav03.rat| Not versioned| 4-Mar-2021| 13:44| 8,798 \nticrf.rat| Not versioned| 4-Mar-2021| 13:44| 1,988 \niertutil.dll| 11.0.9600.20091| 12-Jul-2021| 21:06| 2,308,608 \nsqmapi.dll| 6.2.9200.16384| 13-Jul-2021| 12:28| 228,256 \nie4uinit.exe| 11.0.9600.20091| 12-Jul-2021| 20:36| 692,224 \niernonce.dll| 11.0.9600.20091| 12-Jul-2021| 21:00| 30,720 \niesetup.dll| 11.0.9600.20091| 12-Jul-2021| 21:06| 62,464 \nieuinit.inf| Not versioned| 12-Jul-2021| 20:01| 16,303 \ninseng.dll| 11.0.9600.20091| 12-Jul-2021| 20:47| 91,136 \nTimeline.dll| 11.0.9600.20091| 12-Jul-2021| 20:46| 154,112 \nTimeline_is.dll| 11.0.9600.20091| 12-Jul-2021| 21:00| 124,928 \nTimeline.cpu.xml| Not versioned| 4-Mar-2021| 13:43| 3,197 \nVGX.dll| 11.0.9600.20091| 12-Jul-2021| 20:44| 818,176 \nieframe.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:30| 2,066,432 \nieui.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:29| 3,072 \nieframe.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:30| 2,121,216 \nieui.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:30| 3,072 \nieframe.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:31| 2,075,648 \nieui.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:31| 3,072 \nieframe.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:31| 2,063,872 \nieui.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:31| 3,072 \nieframe.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:32| 2,314,240 \nieui.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:32| 3,072 \nieframe.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:33| 2,390,528 \nieui.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:32| 3,584 \nieframe.dll.mui| 11.0.9600.20091| 13-Jul-2021| 13:07| 2,033,152 \nieui.dll.mui| 11.0.9600.20091| 13-Jul-2021| 13:06| 3,072 \nieframe.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:33| 2,307,584 \nieui.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:33| 3,072 \nieframe.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:34| 2,255,872 \nieui.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:34| 3,072 \nieframe.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:35| 2,061,312 \nieui.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:35| 3,072 \nieframe.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:35| 2,326,016 \nieui.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:35| 3,584 \nieframe.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:36| 2,019,840 \nieui.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:35| 3,072 \nieframe.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:36| 2,071,040 \nieui.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:36| 3,072 \nieframe.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:37| 2,082,816 \nieui.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:37| 3,584 \nieframe.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:38| 2,307,584 \nieui.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:37| 3,072 \nieframe.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:38| 2,170,368 \nieui.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:38| 3,072 \nieframe.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:39| 2,153,984 \nieui.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:39| 3,072 \nieframe.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:40| 2,291,712 \nieui.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:39| 3,072 \nieframe.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:40| 2,283,520 \nieui.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:40| 3,072 \nieframe.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:41| 2,052,096 \nieui.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:41| 3,072 \nieframe.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:41| 2,301,952 \nieui.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:41| 3,584 \nieframe.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:42| 2,093,056 \nieui.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:42| 3,072 \nieframe.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:43| 2,075,648 \nieui.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:42| 3,072 \nieframe.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:43| 2,299,392 \nieui.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:43| 3,072 \nieframe.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:44| 2,094,592 \nieui.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:44| 3,072 \nieframe.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:44| 2,316,800 \nieui.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:44| 3,584 \nieframe.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:45| 2,305,536 \nieui.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:45| 3,072 \nieframe.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:46| 2,278,912 \nieui.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:46| 3,072 \nieframe.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:46| 2,285,568 \nieui.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:46| 3,584 \nieframe.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:47| 2,060,288 \nieui.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:46| 3,072 \nieframe.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:48| 2,315,776 \nieui.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:47| 3,072 \nieframe.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:48| 2,279,424 \nieui.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:48| 3,072 \nieframe.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:49| 2,324,992 \nieui.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:48| 3,072 \nieframe.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:49| 2,098,176 \nieui.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:49| 3,072 \nieframe.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:50| 1,890,304 \nieui.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:50| 3,072 \nieframe.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:51| 1,890,304 \nieui.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:50| 3,072 \nieframe.dll| 11.0.9600.20091| 12-Jul-2021| 20:43| 13,882,368 \nieui.dll| 11.0.9600.20091| 12-Jul-2021| 20:59| 476,160 \nieframe.ptxml| Not versioned| 12-Jul-2021| 19:01| 24,486 \nieinstal.exe| 11.0.9600.20091| 12-Jul-2021| 20:43| 475,648 \nInetRes.adml| Not versioned| 13-Jul-2021| 12:29| 463,373 \nInetRes.adml| Not versioned| 13-Jul-2021| 12:30| 751,414 \nInetRes.adml| Not versioned| 13-Jul-2021| 12:31| 526,343 \nInetRes.adml| Not versioned| 13-Jul-2021| 12:31| 499,703 \nInetRes.adml| Not versioned| 13-Jul-2021| 12:32| 552,389 \nInetRes.adml| Not versioned| 13-Jul-2021| 12:32| 944,609 \nInetRes.adml| Not versioned| 13-Jul-2021| 13:07| 457,561 \nInetRes.adml| Not versioned| 13-Jul-2021| 12:33| 543,995 \nInetRes.adml| Not versioned| 13-Jul-2021| 12:34| 751,408 \nInetRes.adml| Not versioned| 13-Jul-2021| 12:34| 526,606 \nInetRes.adml| Not versioned| 13-Jul-2021| 12:35| 575,889 \nInetRes.adml| Not versioned| 13-Jul-2021| 12:36| 463,373 \nInetRes.adml| Not versioned| 13-Jul-2021| 12:36| 751,197 \nInetRes.adml| Not versioned| 13-Jul-2021| 12:37| 570,785 \nInetRes.adml| Not versioned| 13-Jul-2021| 12:37| 548,169 \nInetRes.adml| Not versioned| 13-Jul-2021| 12:38| 639,283 \nInetRes.adml| Not versioned| 13-Jul-2021| 12:39| 525,516 \nInetRes.adml| Not versioned| 13-Jul-2021| 12:39| 751,384 \nInetRes.adml| Not versioned| 13-Jul-2021| 12:40| 751,453 \nInetRes.adml| Not versioned| 13-Jul-2021| 12:41| 488,537 \nInetRes.adml| Not versioned| 13-Jul-2021| 12:41| 548,546 \nInetRes.adml| Not versioned| 13-Jul-2021| 12:42| 559,393 \nInetRes.adml| Not versioned| 13-Jul-2021| 12:42| 535,116 \nInetRes.adml| Not versioned| 13-Jul-2021| 12:43| 541,504 \nInetRes.adml| Not versioned| 13-Jul-2021| 12:44| 751,242 \nInetRes.adml| Not versioned| 13-Jul-2021| 12:44| 804,523 \nInetRes.adml| Not versioned| 13-Jul-2021| 12:45| 751,465 \nInetRes.adml| Not versioned| 13-Jul-2021| 12:45| 751,357 \nInetRes.adml| Not versioned| 13-Jul-2021| 12:46| 751,445 \nInetRes.adml| Not versioned| 13-Jul-2021| 12:46| 503,958 \nInetRes.adml| Not versioned| 13-Jul-2021| 12:47| 751,357 \nInetRes.adml| Not versioned| 13-Jul-2021| 12:48| 521,632 \nInetRes.adml| Not versioned| 13-Jul-2021| 12:48| 751,465 \nInetRes.adml| Not versioned| 13-Jul-2021| 12:49| 420,094 \nInetRes.adml| Not versioned| 13-Jul-2021| 12:50| 436,663 \nInetRes.adml| Not versioned| 13-Jul-2021| 12:50| 436,663 \ninetres.admx| Not versioned| 4-Mar-2021| 14:09| 1,678,023 \nMsSpellCheckingFacility.exe| 6.3.9600.20091| 12-Jul-2021| 20:53| 668,672 \njscript9.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:29| 29,184 \njscript9.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:30| 29,696 \njscript9.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:30| 32,768 \njscript9.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:31| 33,280 \njscript9.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:32| 35,328 \njscript9.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:32| 37,888 \njscript9.dll.mui| 11.0.9600.20091| 13-Jul-2021| 13:06| 29,696 \njscript9.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:33| 34,304 \njscript9.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:34| 29,696 \njscript9.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:34| 33,280 \njscript9.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:35| 34,304 \njscript9.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:35| 27,648 \njscript9.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:36| 29,696 \njscript9.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:37| 34,304 \njscript9.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:37| 33,792 \njscript9.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:38| 23,040 \njscript9.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:39| 22,016 \njscript9.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:40| 29,696 \njscript9.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:40| 29,696 \njscript9.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:41| 31,232 \njscript9.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:42| 34,304 \njscript9.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:42| 35,840 \njscript9.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:42| 32,768 \njscript9.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:43| 33,280 \njscript9.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:44| 29,696 \njscript9.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:44| 34,816 \njscript9.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:45| 33,280 \njscript9.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:45| 32,256 \njscript9.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:46| 29,696 \njscript9.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:46| 32,768 \njscript9.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:47| 29,696 \njscript9.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:48| 30,720 \njscript9.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:48| 29,696 \njscript9.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:49| 16,384 \njscript9.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:50| 16,896 \njscript9.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:50| 16,896 \njscript9.dll| 11.0.9600.20091| 12-Jul-2021| 20:46| 4,119,040 \njscript9diag.dll| 11.0.9600.20091| 12-Jul-2021| 20:58| 620,032 \njscript.dll| 5.8.9600.20091| 12-Jul-2021| 20:58| 653,824 \nvbscript.dll| 5.8.9600.20091| 12-Jul-2021| 21:07| 498,176 \n \n### \n\n__\n\nInternet Explorer 11 on all supported x64-based versions\n\n**File name**| **File version**| **Date**| **Time**| **File size** \n---|---|---|---|--- \nurlmon.dll| 11.0.9600.20091| 12-Jul-2021| 20:48| 1,562,624 \niexplore.exe| 11.0.9600.20091| 14-Jul-2021| 11:23| 810,376 \nwebcheck.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:24| 31,744 \nwebcheck.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:25| 36,352 \nwebcheck.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:25| 35,328 \nwebcheck.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:26| 34,816 \nwebcheck.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:26| 36,864 \nwebcheck.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:27| 39,424 \nwebcheck.dll.mui| 11.0.9600.20091| 14-Jul-2021| 12:32| 32,768 \nwebcheck.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:28| 37,376 \nwebcheck.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:28| 33,280 \nwebcheck.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:29| 34,816 \nwebcheck.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:30| 38,400 \nwebcheck.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:30| 30,720 \nwebcheck.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:31| 34,816 \nwebcheck.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:31| 35,328 \nwebcheck.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:32| 36,864 \nwebcheck.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:32| 25,600 \nwebcheck.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:33| 24,576 \nwebcheck.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:34| 35,840 \nwebcheck.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:34| 34,304 \nwebcheck.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:35| 34,304 \nwebcheck.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:36| 36,352 \nwebcheck.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:36| 35,840 \nwebcheck.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:37| 34,816 \nwebcheck.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:37| 35,840 \nwebcheck.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:38| 35,840 \nwebcheck.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:39| 34,304 \nwebcheck.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:39| 35,840 \nwebcheck.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:40| 34,816 \nwebcheck.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:40| 34,816 \nwebcheck.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:41| 34,816 \nwebcheck.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:42| 33,280 \nwebcheck.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:42| 34,304 \nwebcheck.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:43| 34,304 \nwebcheck.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:43| 20,992 \nwebcheck.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:44| 21,504 \nwebcheck.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:45| 21,504 \nwininet.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:24| 46,592 \nwininet.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:24| 52,736 \nwininet.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:25| 51,200 \nwininet.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:26| 51,200 \nwininet.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:26| 56,320 \nwininet.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:27| 57,856 \nwininet.dll.mui| 11.0.9600.20091| 14-Jul-2021| 12:32| 49,664 \nwininet.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:28| 54,272 \nwininet.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:28| 47,616 \nwininet.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:29| 49,152 \nwininet.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:30| 55,296 \nwininet.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:30| 45,056 \nwininet.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:31| 51,712 \nwininet.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:31| 51,712 \nwininet.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:32| 53,248 \nwininet.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:32| 39,424 \nwininet.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:33| 35,840 \nwininet.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:34| 50,176 \nwininet.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:34| 51,200 \nwininet.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:35| 50,688 \nwininet.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:36| 52,736 \nwininet.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:36| 53,760 \nwininet.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:37| 54,272 \nwininet.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:37| 54,272 \nwininet.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:38| 52,736 \nwininet.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:39| 51,200 \nwininet.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:40| 53,248 \nwininet.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:40| 52,736 \nwininet.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:40| 51,712 \nwininet.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:41| 50,688 \nwininet.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:42| 50,688 \nwininet.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:43| 50,176 \nwininet.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:43| 50,176 \nwininet.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:43| 30,720 \nwininet.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:44| 30,720 \nwininet.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:45| 30,720 \ninetcpl.cpl| 11.0.9600.20091| 12-Jul-2021| 20:57| 2,132,992 \nDiagnosticsTap.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:24| 10,752 \nDiagnosticsTap.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:25| 10,752 \nDiagnosticsTap.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:26| 10,752 \nDiagnosticsTap.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:26| 10,752 \nDiagnosticsTap.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:26| 10,752 \nDiagnosticsTap.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:27| 10,752 \nDiagnosticsTap.dll.mui| 11.0.9600.20091| 14-Jul-2021| 12:32| 10,752 \nDiagnosticsTap.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:28| 10,752 \nDiagnosticsTap.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:28| 10,752 \nDiagnosticsTap.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:29| 10,752 \nDiagnosticsTap.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:30| 10,752 \nDiagnosticsTap.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:30| 10,752 \nDiagnosticsTap.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:31| 10,752 \nDiagnosticsTap.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:31| 10,752 \nDiagnosticsTap.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:32| 10,752 \nDiagnosticsTap.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:32| 10,752 \nDiagnosticsTap.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:33| 10,752 \nDiagnosticsTap.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:34| 10,752 \nDiagnosticsTap.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:34| 10,752 \nDiagnosticsTap.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:35| 10,752 \nDiagnosticsTap.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:36| 10,752 \nDiagnosticsTap.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:36| 10,752 \nDiagnosticsTap.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:37| 10,752 \nDiagnosticsTap.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:37| 10,752 \nDiagnosticsTap.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:38| 10,752 \nDiagnosticsTap.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:39| 10,752 \nDiagnosticsTap.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:39| 10,752 \nDiagnosticsTap.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:40| 10,752 \nDiagnosticsTap.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:41| 10,752 \nDiagnosticsTap.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:41| 10,752 \nDiagnosticsTap.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:42| 10,752 \nDiagnosticsTap.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:42| 10,752 \nDiagnosticsTap.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:43| 10,752 \nDiagnosticsTap.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:43| 10,752 \nDiagnosticsTap.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:44| 10,752 \nDiagnosticsTap.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:45| 10,752 \nmshtml.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:24| 307,200 \nmshtml.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:25| 293,888 \nmshtml.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:25| 290,304 \nmshtml.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:26| 289,280 \nmshtml.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:26| 299,008 \nmshtml.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:27| 303,104 \nmshtml.dll.mui| 11.0.9600.20091| 14-Jul-2021| 12:32| 282,112 \nmshtml.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:28| 296,960 \nmshtml.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:28| 283,648 \nmshtml.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:29| 291,840 \nmshtml.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:30| 299,520 \nmshtml.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:30| 275,968 \nmshtml.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:31| 290,816 \nmshtml.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:31| 293,376 \nmshtml.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:32| 296,960 \nmshtml.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:33| 258,048 \nmshtml.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:33| 256,512 \nmshtml.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:34| 289,280 \nmshtml.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:35| 288,256 \nmshtml.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:35| 285,184 \nmshtml.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:36| 295,424 \nmshtml.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:36| 297,472 \nmshtml.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:37| 292,864 \nmshtml.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:37| 295,424 \nmshtml.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:38| 294,400 \nmshtml.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:39| 294,400 \nmshtml.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:39| 292,864 \nmshtml.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:40| 290,816 \nmshtml.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:40| 288,768 \nmshtml.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:41| 286,208 \nmshtml.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:42| 281,600 \nmshtml.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:42| 286,720 \nmshtml.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:43| 292,352 \nmshtml.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:43| 242,176 \nmshtml.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:44| 243,200 \nmshtml.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:45| 243,200 \nF12Resources.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:24| 65,536 \nF12Resources.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:25| 73,728 \nF12Resources.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:26| 67,584 \nF12Resources.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:26| 67,584 \nF12Resources.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:26| 74,240 \nF12Resources.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:27| 78,848 \nF12Resources.dll.mui| 11.0.9600.20091| 14-Jul-2021| 12:32| 61,440 \nF12Resources.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:28| 74,752 \nF12Resources.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:28| 62,464 \nF12Resources.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:29| 68,096 \nF12Resources.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:30| 75,264 \nF12Resources.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:30| 65,536 \nF12Resources.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:31| 68,608 \nF12Resources.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:31| 72,192 \nF12Resources.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:32| 73,216 \nF12Resources.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:32| 41,472 \nF12Resources.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:33| 37,888 \nF12Resources.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:34| 68,608 \nF12Resources.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:34| 67,584 \nF12Resources.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:35| 65,536 \nF12Resources.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:36| 74,240 \nF12Resources.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:36| 70,656 \nF12Resources.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:37| 71,168 \nF12Resources.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:37| 71,680 \nF12Resources.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:39| 71,168 \nF12Resources.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:39| 69,632 \nF12Resources.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:39| 68,096 \nF12Resources.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:40| 68,608 \nF12Resources.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:41| 68,096 \nF12Resources.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:41| 65,536 \nF12Resources.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:42| 59,904 \nF12Resources.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:42| 65,536 \nF12Resources.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:43| 69,120 \nF12Resources.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:43| 29,696 \nF12Resources.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:44| 30,720 \nF12Resources.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:45| 30,720 \nJavaScriptCollectionAgent.dll| 11.0.9600.20091| 12-Jul-2021| 21:13| 77,824 \nDiagnosticsHub.ScriptedSandboxPlugin.dll| 11.0.9600.20091| 12-Jul-2021| 21:14| 276,480 \nurlmon.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:24| 46,080 \nurlmon.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:24| 50,176 \nurlmon.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:25| 48,640 \nurlmon.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:26| 49,664 \nurlmon.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:26| 51,712 \nurlmon.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:27| 54,272 \nurlmon.dll.mui| 11.0.9600.20091| 14-Jul-2021| 12:32| 48,128 \nurlmon.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:28| 50,176 \nurlmon.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:28| 47,616 \nurlmon.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:29| 49,152 \nurlmon.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:30| 50,688 \nurlmon.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:30| 45,056 \nurlmon.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:31| 49,152 \nurlmon.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:31| 49,152 \nurlmon.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:32| 49,664 \nurlmon.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:33| 39,936 \nurlmon.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:33| 39,424 \nurlmon.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:34| 47,616 \nurlmon.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:34| 47,616 \nurlmon.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:35| 48,640 \nurlmon.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:36| 51,200 \nurlmon.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:36| 50,688 \nurlmon.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:37| 49,664 \nurlmon.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:37| 50,176 \nurlmon.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:38| 49,152 \nurlmon.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:39| 48,640 \nurlmon.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:40| 50,176 \nurlmon.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:40| 48,640 \nurlmon.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:40| 49,664 \nurlmon.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:41| 48,640 \nurlmon.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:42| 48,128 \nurlmon.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:42| 49,152 \nurlmon.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:43| 48,128 \nurlmon.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:43| 35,328 \nurlmon.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:44| 35,328 \nurlmon.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:45| 35,328 \noccache.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:24| 9,728 \noccache.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:25| 10,752 \noccache.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:25| 10,240 \noccache.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:26| 9,728 \noccache.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:26| 10,752 \noccache.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:27| 11,264 \noccache.dll.mui| 11.0.9600.20091| 14-Jul-2021| 12:32| 9,728 \noccache.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:28| 10,752 \noccache.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:28| 10,240 \noccache.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:29| 10,240 \noccache.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:30| 10,752 \noccache.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:30| 9,216 \noccache.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:31| 10,240 \noccache.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:31| 10,240 \noccache.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:32| 10,752 \noccache.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:33| 7,680 \noccache.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:33| 7,680 \noccache.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:34| 10,240 \noccache.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:34| 10,240 \noccache.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:35| 9,728 \noccache.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:36| 10,240 \noccache.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:36| 10,240 \noccache.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:37| 10,752 \noccache.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:37| 10,752 \noccache.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:38| 10,240 \noccache.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:39| 10,240 \noccache.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:40| 10,752 \noccache.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:40| 10,240 \noccache.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:40| 10,240 \noccache.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:41| 9,728 \noccache.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:42| 9,728 \noccache.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:42| 10,240 \noccache.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:43| 10,240 \noccache.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:43| 6,656 \noccache.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:44| 6,656 \noccache.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:45| 6,656 \nwininet.dll| 11.0.9600.20091| 12-Jul-2021| 21:04| 4,858,880 \njsproxy.dll| 11.0.9600.20091| 12-Jul-2021| 21:32| 54,784 \ninetcpl.cpl.mui| 11.0.9600.20091| 14-Jul-2021| 11:24| 114,176 \ninetcpl.cpl.mui| 11.0.9600.20091| 14-Jul-2021| 11:25| 130,560 \ninetcpl.cpl.mui| 11.0.9600.20091| 14-Jul-2021| 11:25| 124,928 \ninetcpl.cpl.mui| 11.0.9600.20091| 14-Jul-2021| 11:26| 122,880 \ninetcpl.cpl.mui| 11.0.9600.20091| 14-Jul-2021| 11:26| 130,048 \ninetcpl.cpl.mui| 11.0.9600.20091| 14-Jul-2021| 11:27| 138,240 \ninetcpl.cpl.mui| 11.0.9600.20091| 14-Jul-2021| 12:32| 114,688 \ninetcpl.cpl.mui| 11.0.9600.20091| 14-Jul-2021| 11:28| 131,584 \ninetcpl.cpl.mui| 11.0.9600.20091| 14-Jul-2021| 11:28| 117,760 \ninetcpl.cpl.mui| 11.0.9600.20091| 14-Jul-2021| 11:29| 122,368 \ninetcpl.cpl.mui| 11.0.9600.20091| 14-Jul-2021| 11:30| 134,144 \ninetcpl.cpl.mui| 11.0.9600.20091| 14-Jul-2021| 11:31| 107,008 \ninetcpl.cpl.mui| 11.0.9600.20091| 14-Jul-2021| 11:31| 123,392 \ninetcpl.cpl.mui| 11.0.9600.20091| 14-Jul-2021| 11:31| 127,488 \ninetcpl.cpl.mui| 11.0.9600.20091| 14-Jul-2021| 11:32| 128,512 \ninetcpl.cpl.mui| 11.0.9600.20091| 14-Jul-2021| 11:33| 88,576 \ninetcpl.cpl.mui| 11.0.9600.20091| 14-Jul-2021| 11:33| 82,944 \ninetcpl.cpl.mui| 11.0.9600.20091| 14-Jul-2021| 11:34| 125,440 \ninetcpl.cpl.mui| 11.0.9600.20091| 14-Jul-2021| 11:34| 123,392 \ninetcpl.cpl.mui| 11.0.9600.20091| 14-Jul-2021| 11:35| 120,320 \ninetcpl.cpl.mui| 11.0.9600.20091| 14-Jul-2021| 11:36| 130,560 \ninetcpl.cpl.mui| 11.0.9600.20091| 14-Jul-2021| 11:36| 129,024 \ninetcpl.cpl.mui| 11.0.9600.20091| 14-Jul-2021| 11:37| 125,952 \ninetcpl.cpl.mui| 11.0.9600.20091| 14-Jul-2021| 11:37| 129,024 \ninetcpl.cpl.mui| 11.0.9600.20091| 14-Jul-2021| 11:38| 128,000 \ninetcpl.cpl.mui| 11.0.9600.20091| 14-Jul-2021| 11:39| 123,904 \ninetcpl.cpl.mui| 11.0.9600.20091| 14-Jul-2021| 11:39| 129,024 \ninetcpl.cpl.mui| 11.0.9600.20091| 14-Jul-2021| 11:40| 123,904 \ninetcpl.cpl.mui| 11.0.9600.20091| 14-Jul-2021| 11:41| 124,416 \ninetcpl.cpl.mui| 11.0.9600.20091| 14-Jul-2021| 11:41| 121,856 \ninetcpl.cpl.mui| 11.0.9600.20091| 14-Jul-2021| 11:42| 115,712 \ninetcpl.cpl.mui| 11.0.9600.20091| 14-Jul-2021| 11:42| 123,904 \ninetcpl.cpl.mui| 11.0.9600.20091| 14-Jul-2021| 11:43| 125,440 \ninetcpl.cpl.mui| 11.0.9600.20091| 14-Jul-2021| 11:43| 72,704 \ninetcpl.cpl.mui| 11.0.9600.20091| 14-Jul-2021| 11:44| 73,728 \ninetcpl.cpl.mui| 11.0.9600.20091| 14-Jul-2021| 11:45| 73,728 \niedkcs32.dll| 18.0.9600.20091| 14-Jul-2021| 11:23| 390,528 \ninstall.ins| Not versioned| 12-Jul-2021| 19:07| 464 \nieapfltr.dat| 10.0.9301.0| 12-Apr-2021| 22:55| 616,104 \nieapfltr.dll| 11.0.9600.20091| 12-Jul-2021| 20:29| 800,768 \ntdc.ocx| 11.0.9600.20091| 12-Jul-2021| 21:13| 88,064 \nDiagnosticsHub.DataWarehouse.dll| 11.0.9600.20091| 12-Jul-2021| 21:41| 666,624 \niedvtool.dll| 11.0.9600.20091| 12-Jul-2021| 22:22| 950,784 \nDiagnosticsHub_is.dll| 11.0.9600.20091| 12-Jul-2021| 21:43| 50,176 \ndxtmsft.dll| 11.0.9600.20091| 12-Jul-2021| 21:19| 491,008 \ndxtrans.dll| 11.0.9600.20091| 12-Jul-2021| 21:09| 316,416 \nMicrosoft-Windows-IE-F12-Provider.ptxml| Not versioned| 12-Jul-2021| 19:13| 11,892 \nF12.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:24| 4,096 \nF12.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:25| 4,096 \nF12.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:25| 4,096 \nF12.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:26| 4,096 \nF12.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:26| 4,096 \nF12.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:27| 4,096 \nF12.dll.mui| 11.0.9600.20091| 14-Jul-2021| 12:32| 4,096 \nF12.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:28| 4,096 \nF12.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:28| 4,096 \nF12.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:29| 4,096 \nF12.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:30| 4,096 \nF12.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:30| 4,096 \nF12.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:31| 4,096 \nF12.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:31| 4,096 \nF12.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:32| 4,096 \nF12.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:33| 3,584 \nF12.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:33| 3,584 \nF12.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:34| 4,096 \nF12.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:34| 4,096 \nF12.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:35| 4,096 \nF12.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:36| 4,096 \nF12.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:36| 4,096 \nF12.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:37| 4,096 \nF12.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:37| 4,096 \nF12.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:38| 4,096 \nF12.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:39| 4,096 \nF12.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:39| 4,096 \nF12.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:40| 4,096 \nF12.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:41| 4,096 \nF12.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:41| 4,096 \nF12.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:42| 4,096 \nF12.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:42| 4,096 \nF12.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:43| 4,096 \nF12.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:43| 3,584 \nF12.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:44| 3,584 \nF12.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:45| 3,584 \nDiagnosticsTap.dll| 11.0.9600.20091| 12-Jul-2021| 21:17| 245,248 \nF12Resources.dll| 11.0.9600.20091| 12-Jul-2021| 21:45| 10,949,120 \nF12Tools.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:24| 2,048 \nF12Tools.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:25| 2,048 \nF12Tools.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:25| 2,048 \nF12Tools.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:26| 2,048 \nF12Tools.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:26| 2,048 \nF12Tools.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:27| 2,048 \nF12Tools.dll.mui| 11.0.9600.20091| 14-Jul-2021| 12:32| 2,048 \nF12Tools.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:28| 2,048 \nF12Tools.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:28| 2,048 \nF12Tools.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:29| 2,048 \nF12Tools.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:30| 2,048 \nF12Tools.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:30| 2,048 \nF12Tools.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:31| 2,048 \nF12Tools.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:31| 2,048 \nF12Tools.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:32| 2,048 \nF12Tools.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:33| 2,048 \nF12Tools.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:33| 2,048 \nF12Tools.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:34| 2,048 \nF12Tools.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:34| 2,048 \nF12Tools.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:35| 2,048 \nF12Tools.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:36| 2,048 \nF12Tools.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:36| 2,048 \nF12Tools.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:37| 2,048 \nF12Tools.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:37| 2,048 \nF12Tools.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:38| 2,048 \nF12Tools.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:39| 2,048 \nF12Tools.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:39| 2,048 \nF12Tools.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:40| 2,048 \nF12Tools.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:40| 2,048 \nF12Tools.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:41| 2,048 \nF12Tools.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:42| 2,048 \nF12Tools.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:43| 2,048 \nF12Tools.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:43| 2,048 \nF12Tools.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:44| 2,048 \nF12Tools.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:44| 2,048 \nF12Tools.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:45| 2,048 \nF12Tools.dll| 11.0.9600.20091| 12-Jul-2021| 21:16| 372,224 \nF12.dll| 11.0.9600.20091| 12-Jul-2021| 21:06| 1,422,848 \nmsfeeds.dll| 11.0.9600.20091| 12-Jul-2021| 20:58| 809,472 \nmsfeeds.mof| Not versioned| 12-Jul-2021| 19:21| 1,518 \nmsfeedsbs.mof| Not versioned| 12-Jul-2021| 19:21| 1,574 \nmsfeedsbs.dll| 11.0.9600.20091| 12-Jul-2021| 21:11| 60,416 \nmsfeedssync.exe| 11.0.9600.20091| 12-Jul-2021| 21:39| 13,312 \nhtml.iec| 2019.0.0.20091| 12-Jul-2021| 21:38| 417,280 \nmshtmled.dll| 11.0.9600.20091| 12-Jul-2021| 21:10| 92,672 \nmshtmlmedia.dll| 11.0.9600.20091| 12-Jul-2021| 20:57| 1,359,872 \nmshtml.dll| 11.0.9600.20091| 12-Jul-2021| 22:22| 25,757,696 \nmshtml.tlb| 11.0.9600.20091| 12-Jul-2021| 21:50| 2,724,864 \nMicrosoft-Windows-IE-HTMLRendering.ptxml| Not versioned| 12-Jul-2021| 19:13| 3,228 \nieetwcollector.exe| 11.0.9600.20091| 12-Jul-2021| 21:28| 116,224 \nieetwproxystub.dll| 11.0.9600.20091| 12-Jul-2021| 21:38| 48,640 \nieetwcollectorres.dll| 11.0.9600.20091| 12-Jul-2021| 21:50| 4,096 \nielowutil.exe| 11.0.9600.20091| 12-Jul-2021| 21:31| 222,720 \nieproxy.dll| 11.0.9600.20091| 12-Jul-2021| 20:29| 870,400 \nIEShims.dll| 11.0.9600.20091| 12-Jul-2021| 20:34| 387,072 \nWindows Pop-up Blocked.wav| Not versioned| 12-Apr-2021| 22:57| 85,548 \nWindows Information Bar.wav| Not versioned| 12-Apr-2021| 22:57| 23,308 \nWindows Feed Discovered.wav| Not versioned| 12-Apr-2021| 22:57| 19,884 \nWindows Navigation Start.wav| Not versioned| 12-Apr-2021| 22:57| 11,340 \nbing.ico| Not versioned| 12-Apr-2021| 22:56| 5,430 \nieUnatt.exe| 11.0.9600.20091| 12-Jul-2021| 21:28| 144,384 \nMicrosoft-Windows-IE-InternetExplorer-ppdlic.xrm-ms| Not versioned| 14-Jul-2021| 12:32| 2,956 \njsprofilerui.dll| 11.0.9600.20091| 12-Jul-2021| 21:12| 628,736 \nMemoryAnalyzer.dll| 11.0.9600.20091| 12-Jul-2021| 21:26| 1,862,656 \nMshtmlDac.dll| 11.0.9600.20091| 12-Jul-2021| 21:37| 88,064 \nnetworkinspection.dll| 11.0.9600.20091| 12-Jul-2021| 21:06| 1,217,024 \noccache.dll| 11.0.9600.20091| 12-Jul-2021| 21:07| 152,064 \ndesktop.ini| Not versioned| 12-Apr-2021| 22:55| 65 \nwebcheck.dll| 11.0.9600.20091| 12-Jul-2021| 20:59| 262,144 \ndesktop.ini| Not versioned| 12-Apr-2021| 22:55| 65 \nmsrating.dll| 11.0.9600.20091| 12-Jul-2021| 21:11| 199,680 \nicrav03.rat| Not versioned| 12-Apr-2021| 22:55| 8,798 \nticrf.rat| Not versioned| 12-Apr-2021| 22:55| 1,988 \niertutil.dll| 11.0.9600.20091| 12-Jul-2021| 21:48| 2,916,864 \nsqmapi.dll| 6.2.9200.16384| 14-Jul-2021| 11:23| 286,088 \nie4uinit.exe| 11.0.9600.20091| 12-Jul-2021| 20:58| 728,064 \niernonce.dll| 11.0.9600.20091| 12-Jul-2021| 21:31| 34,304 \niesetup.dll| 11.0.9600.20091| 12-Jul-2021| 21:38| 66,560 \nieuinit.inf| Not versioned| 12-Jul-2021| 20:09| 16,303 \ninseng.dll| 11.0.9600.20091| 12-Jul-2021| 21:13| 107,520 \nTimeline.dll| 11.0.9600.20091| 12-Jul-2021| 21:12| 219,648 \nTimeline_is.dll| 11.0.9600.20091| 12-Jul-2021| 21:31| 172,032 \nTimeline.cpu.xml| Not versioned| 12-Apr-2021| 22:55| 3,197 \nVGX.dll| 11.0.9600.20091| 12-Jul-2021| 21:10| 1,018,880 \nieframe.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:24| 2,066,432 \nieui.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:24| 3,072 \nieframe.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:25| 2,121,216 \nieui.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:25| 3,072 \nieframe.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:25| 2,075,648 \nieui.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:25| 3,072 \nieframe.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:26| 2,063,872 \nieui.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:26| 3,072 \nieframe.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:27| 2,314,240 \nieui.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:26| 3,072 \nieframe.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:27| 2,390,528 \nieui.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:27| 3,584 \nieframe.dll.mui| 11.0.9600.20091| 14-Jul-2021| 12:32| 2,033,152 \nieui.dll.mui| 11.0.9600.20091| 14-Jul-2021| 12:32| 3,072 \nieframe.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:28| 2,307,584 \nieui.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:28| 3,072 \nieframe.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:29| 2,255,872 \nieui.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:28| 3,072 \nieframe.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:29| 2,061,312 \nieui.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:29| 3,072 \nieframe.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:30| 2,326,016 \nieui.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:30| 3,584 \nieframe.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:31| 2,019,840 \nieui.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:30| 3,072 \nieframe.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:31| 2,071,040 \nieui.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:31| 3,072 \nieframe.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:32| 2,082,816 \nieui.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:31| 3,584 \nieframe.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:32| 2,307,584 \nieui.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:32| 3,072 \nieframe.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:33| 2,170,368 \nieui.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:32| 3,072 \nieframe.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:34| 2,153,984 \nieui.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:33| 3,072 \nieframe.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:34| 2,291,712 \nieui.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:34| 3,072 \nieframe.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:35| 2,283,520 \nieui.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:34| 3,072 \nieframe.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:35| 2,052,096 \nieui.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:35| 3,072 \nieframe.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:36| 2,301,952 \nieui.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:36| 3,584 \nieframe.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:37| 2,093,056 \nieui.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:36| 3,072 \nieframe.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:37| 2,075,648 \nieui.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:37| 3,072 \nieframe.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:38| 2,299,392 \nieui.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:37| 3,072 \nieframe.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:38| 2,094,592 \nieui.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:38| 3,072 \nieframe.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:39| 2,316,800 \nieui.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:39| 3,584 \nieframe.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:40| 2,305,536 \nieui.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:39| 3,072 \nieframe.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:40| 2,278,912 \nieui.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:40| 3,072 \nieframe.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:41| 2,285,568 \nieui.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:40| 3,584 \nieframe.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:41| 2,060,288 \nieui.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:41| 3,072 \nieframe.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:42| 2,315,776 \nieui.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:42| 3,072 \nieframe.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:43| 2,279,424 \nieui.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:43| 3,072 \nieframe.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:43| 2,324,992 \nieui.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:43| 3,072 \nieframe.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:44| 2,098,176 \nieui.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:43| 3,072 \nieframe.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:44| 1,890,304 \nieui.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:44| 3,072 \nieframe.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:45| 1,890,304 \nieui.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:45| 3,072 \nieframe.dll| 11.0.9600.20091| 12-Jul-2021| 21:26| 15,507,456 \nieui.dll| 11.0.9600.20091| 12-Jul-2021| 21:30| 615,936 \nieframe.ptxml| Not versioned| 12-Jul-2021| 19:13| 24,486 \nieinstal.exe| 11.0.9600.20091| 12-Jul-2021| 21:08| 492,032 \nInetRes.adml| Not versioned| 14-Jul-2021| 11:24| 463,373 \nInetRes.adml| Not versioned| 14-Jul-2021| 11:25| 751,268 \nInetRes.adml| Not versioned| 14-Jul-2021| 11:25| 526,344 \nInetRes.adml| Not versioned| 14-Jul-2021| 11:26| 499,704 \nInetRes.adml| Not versioned| 14-Jul-2021| 11:26| 552,384 \nInetRes.adml| Not versioned| 14-Jul-2021| 11:27| 944,610 \nInetRes.adml| Not versioned| 14-Jul-2021| 12:32| 457,561 \nInetRes.adml| Not versioned| 14-Jul-2021| 11:28| 543,995 \nInetRes.adml| Not versioned| 14-Jul-2021| 11:28| 751,402 \nInetRes.adml| Not versioned| 14-Jul-2021| 11:29| 526,608 \nInetRes.adml| Not versioned| 14-Jul-2021| 11:30| 575,890 \nInetRes.adml| Not versioned| 14-Jul-2021| 11:30| 463,373 \nInetRes.adml| Not versioned| 14-Jul-2021| 11:31| 751,351 \nInetRes.adml| Not versioned| 14-Jul-2021| 11:31| 570,787 \nInetRes.adml| Not versioned| 14-Jul-2021| 11:32| 548,169 \nInetRes.adml| Not versioned| 14-Jul-2021| 11:33| 639,283 \nInetRes.adml| Not versioned| 14-Jul-2021| 11:33| 525,516 \nInetRes.adml| Not versioned| 14-Jul-2021| 11:34| 751,362 \nInetRes.adml| Not versioned| 14-Jul-2021| 11:34| 751,276 \nInetRes.adml| Not versioned| 14-Jul-2021| 11:35| 488,538 \nInetRes.adml| Not versioned| 14-Jul-2021| 11:36| 548,545 \nInetRes.adml| Not versioned| 14-Jul-2021| 11:36| 559,392 \nInetRes.adml| Not versioned| 14-Jul-2021| 11:37| 535,119 \nInetRes.adml| Not versioned| 14-Jul-2021| 11:37| 541,503 \nInetRes.adml| Not versioned| 14-Jul-2021| 11:38| 751,379 \nInetRes.adml| Not versioned| 14-Jul-2021| 11:39| 804,522 \nInetRes.adml| Not versioned| 14-Jul-2021| 11:39| 751,404 \nInetRes.adml| Not versioned| 14-Jul-2021| 11:40| 751,525 \nInetRes.adml| Not versioned| 14-Jul-2021| 11:41| 751,407 \nInetRes.adml| Not versioned| 14-Jul-2021| 11:41| 503,960 \nInetRes.adml| Not versioned| 14-Jul-2021| 11:42| 751,417 \nInetRes.adml| Not versioned| 14-Jul-2021| 11:42| 521,632 \nInetRes.adml| Not versioned| 14-Jul-2021| 11:43| 751,304 \nInetRes.adml| Not versioned| 14-Jul-2021| 11:43| 420,094 \nInetRes.adml| Not versioned| 14-Jul-2021| 11:44| 436,663 \nInetRes.adml| Not versioned| 14-Jul-2021| 11:45| 436,663 \ninetres.admx| Not versioned| 12-Apr-2021| 22:59| 1,678,023 \nMsSpellCheckingFacility.exe| 6.3.9600.20091| 12-Jul-2021| 21:22| 970,752 \njscript9.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:24| 29,184 \njscript9.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:25| 29,696 \njscript9.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:25| 32,768 \njscript9.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:26| 33,280 \njscript9.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:27| 35,328 \njscript9.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:27| 37,888 \njscript9.dll.mui| 11.0.9600.20091| 14-Jul-2021| 12:32| 29,696 \njscript9.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:28| 34,304 \njscript9.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:28| 29,696 \njscript9.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:29| 33,280 \njscript9.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:30| 34,304 \njscript9.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:30| 27,648 \njscript9.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:31| 29,696 \njscript9.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:31| 34,304 \njscript9.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:32| 33,792 \njscript9.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:32| 23,040 \njscript9.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:33| 22,016 \njscript9.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:34| 29,696 \njscript9.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:34| 29,696 \njscript9.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:35| 31,232 \njscript9.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:36| 34,304 \njscript9.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:36| 35,840 \njscript9.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:37| 32,768 \njscript9.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:37| 33,280 \njscript9.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:38| 29,696 \njscript9.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:39| 34,816 \njscript9.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:40| 33,280 \njscript9.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:40| 32,256 \njscript9.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:41| 29,696 \njscript9.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:41| 32,768 \njscript9.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:42| 29,696 \njscript9.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:42| 30,720 \njscript9.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:43| 29,696 \njscript9.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:43| 16,384 \njscript9.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:44| 16,896 \njscript9.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:45| 16,896 \njscript9.dll| 11.0.9600.20091| 12-Jul-2021| 22:01| 5,507,584 \njscript9diag.dll| 11.0.9600.20091| 12-Jul-2021| 21:28| 814,592 \njscript.dll| 5.8.9600.20091| 12-Jul-2021| 21:29| 785,408 \nvbscript.dll| 5.8.9600.20091| 12-Jul-2021| 21:39| 580,608 \niexplore.exe| 11.0.9600.20091| 13-Jul-2021| 12:28| 810,400 \ntdc.ocx| 11.0.9600.20091| 12-Jul-2021| 20:47| 73,728 \ndxtmsft.dll| 11.0.9600.20091| 12-Jul-2021| 20:51| 415,744 \ndxtrans.dll| 11.0.9600.20091| 12-Jul-2021| 20:43| 280,064 \nmsfeeds.dll| 11.0.9600.20091| 12-Jul-2021| 20:37| 696,320 \nmsfeeds.mof| Not versioned| 12-Jul-2021| 19:13| 1,518 \nmshtmled.dll| 11.0.9600.20091| 12-Jul-2021| 20:44| 76,800 \nmshtmlmedia.dll| 11.0.9600.20091| 12-Jul-2021| 20:36| 1,155,584 \nmshtml.dll| 11.0.9600.20091| 12-Jul-2021| 21:35| 20,293,632 \nmshtml.tlb| 11.0.9600.20091| 12-Jul-2021| 21:16| 2,724,864 \nwow64_Microsoft-Windows-IE-HTMLRendering.ptxml| Not versioned| 12-Jul-2021| 19:04| 3,228 \nieetwproxystub.dll| 11.0.9600.20091| 12-Jul-2021| 21:06| 47,616 \nieUnatt.exe| 11.0.9600.20091| 12-Jul-2021| 20:58| 115,712 \noccache.dll| 11.0.9600.20091| 12-Jul-2021| 20:42| 130,048 \nwebcheck.dll| 11.0.9600.20091| 12-Jul-2021| 20:37| 230,400 \niernonce.dll| 11.0.9600.20091| 12-Jul-2021| 21:00| 30,720 \niesetup.dll| 11.0.9600.20091| 12-Jul-2021| 21:06| 62,464 \nieuinit.inf| Not versioned| 12-Jul-2021| 20:01| 16,303 \nieframe.dll| 11.0.9600.20091| 12-Jul-2021| 20:43| 13,882,368 \nieui.dll| 11.0.9600.20091| 12-Jul-2021| 20:59| 476,160 \nie9props.propdesc| Not versioned| 4-Mar-2021| 13:47| 2,843 \nwow64_ieframe.ptxml| Not versioned| 12-Jul-2021| 19:04| 24,486 \njscript9.dll| 11.0.9600.20091| 12-Jul-2021| 20:46| 4,119,040 \njscript9diag.dll| 11.0.9600.20091| 12-Jul-2021| 20:58| 620,032 \njscript.dll| 5.8.9600.20091| 12-Jul-2021| 20:58| 653,824 \nvbscript.dll| 5.8.9600.20091| 12-Jul-2021| 21:07| 498,176 \nurlmon.dll| 11.0.9600.20091| 12-Jul-2021| 20:21| 1,342,976 \nwebcheck.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:29| 31,744 \nwebcheck.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:30| 36,352 \nwebcheck.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:31| 35,328 \nwebcheck.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:31| 34,816 \nwebcheck.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:32| 36,864 \nwebcheck.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:32| 39,424 \nwebcheck.dll.mui| 11.0.9600.20091| 13-Jul-2021| 13:07| 32,768 \nwebcheck.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:33| 37,376 \nwebcheck.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:34| 33,280 \nwebcheck.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:34| 34,816 \nwebcheck.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:35| 38,400 \nwebcheck.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:35| 30,720 \nwebcheck.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:36| 34,816 \nwebcheck.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:37| 35,328 \nwebcheck.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:37| 36,864 \nwebcheck.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:38| 25,600 \nwebcheck.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:39| 24,576 \nwebcheck.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:39| 35,840 \nwebcheck.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:40| 34,304 \nwebcheck.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:41| 34,304 \nwebcheck.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:41| 36,352 \nwebcheck.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:42| 35,840 \nwebcheck.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:42| 34,816 \nwebcheck.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:43| 35,840 \nwebcheck.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:44| 35,840 \nwebcheck.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:44| 34,304 \nwebcheck.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:45| 35,840 \nwebcheck.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:45| 34,816 \nwebcheck.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:46| 34,816 \nwebcheck.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:46| 34,816 \nwebcheck.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:47| 33,280 \nwebcheck.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:48| 34,304 \nwebcheck.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:48| 34,304 \nwebcheck.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:49| 20,992 \nwebcheck.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:50| 21,504 \nwebcheck.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:50| 21,504 \nwininet.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:29| 46,592 \nwininet.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:30| 52,736 \nwininet.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:30| 51,200 \nwininet.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:31| 51,200 \nwininet.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:32| 56,320 \nwininet.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:33| 57,856 \nwininet.dll.mui| 11.0.9600.20091| 13-Jul-2021| 13:06| 49,664 \nwininet.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:33| 54,272 \nwininet.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:34| 47,616 \nwininet.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:34| 49,152 \nwininet.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:35| 55,296 \nwininet.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:36| 45,056 \nwininet.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:36| 51,712 \nwininet.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:37| 51,712 \nwininet.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:37| 53,248 \nwininet.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:38| 39,424 \nwininet.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:39| 35,840 \nwininet.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:39| 50,176 \nwininet.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:40| 51,200 \nwininet.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:40| 50,688 \nwininet.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:41| 52,736 \nwininet.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:42| 53,760 \nwininet.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:42| 54,272 \nwininet.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:43| 54,272 \nwininet.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:44| 52,736 \nwininet.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:44| 51,200 \nwininet.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:45| 53,248 \nwininet.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:46| 52,736 \nwininet.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:46| 51,712 \nwininet.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:46| 50,688 \nwininet.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:47| 50,688 \nwininet.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:48| 50,176 \nwininet.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:48| 50,176 \nwininet.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:49| 30,720 \nwininet.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:50| 30,720 \nwininet.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:50| 30,720 \ninetcpl.cpl| 11.0.9600.20091| 12-Jul-2021| 20:37| 2,058,752 \nDiagnosticsTap.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:29| 10,752 \nDiagnosticsTap.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:30| 10,752 \nDiagnosticsTap.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:31| 10,752 \nDiagnosticsTap.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:31| 10,752 \nDiagnosticsTap.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:32| 10,752 \nDiagnosticsTap.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:33| 10,752 \nDiagnosticsTap.dll.mui| 11.0.9600.20091| 13-Jul-2021| 13:07| 10,752 \nDiagnosticsTap.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:33| 10,752 \nDiagnosticsTap.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:34| 10,752 \nDiagnosticsTap.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:34| 10,752 \nDiagnosticsTap.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:35| 10,752 \nDiagnosticsTap.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:36| 10,752 \nDiagnosticsTap.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:36| 10,752 \nDiagnosticsTap.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:37| 10,752 \nDiagnosticsTap.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:37| 10,752 \nDiagnosticsTap.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:38| 10,752 \nDiagnosticsTap.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:39| 10,752 \nDiagnosticsTap.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:39| 10,752 \nDiagnosticsTap.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:40| 10,752 \nDiagnosticsTap.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:41| 10,752 \nDiagnosticsTap.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:41| 10,752 \nDiagnosticsTap.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:42| 10,752 \nDiagnosticsTap.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:43| 10,752 \nDiagnosticsTap.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:43| 10,752 \nDiagnosticsTap.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:44| 10,752 \nDiagnosticsTap.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:44| 10,752 \nDiagnosticsTap.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:45| 10,752 \nDiagnosticsTap.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:45| 10,752 \nDiagnosticsTap.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:46| 10,752 \nDiagnosticsTap.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:46| 10,752 \nDiagnosticsTap.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:47| 10,752 \nDiagnosticsTap.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:48| 10,752 \nDiagnosticsTap.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:48| 10,752 \nDiagnosticsTap.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:49| 10,752 \nDiagnosticsTap.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:50| 10,752 \nDiagnosticsTap.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:50| 10,752 \nmshtml.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:29| 307,200 \nmshtml.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:30| 293,888 \nmshtml.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:31| 290,304 \nmshtml.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:31| 289,280 \nmshtml.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:32| 299,008 \nmshtml.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:33| 303,104 \nmshtml.dll.mui| 11.0.9600.20091| 13-Jul-2021| 13:07| 282,112 \nmshtml.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:33| 296,960 \nmshtml.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:34| 283,648 \nmshtml.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:34| 291,840 \nmshtml.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:35| 299,520 \nmshtml.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:36| 275,968 \nmshtml.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:36| 290,816 \nmshtml.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:37| 293,376 \nmshtml.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:37| 296,960 \nmshtml.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:38| 258,048 \nmshtml.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:39| 256,512 \nmshtml.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:39| 289,280 \nmshtml.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:40| 288,256 \nmshtml.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:41| 285,184 \nmshtml.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:42| 295,424 \nmshtml.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:42| 297,472 \nmshtml.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:42| 292,864 \nmshtml.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:43| 295,424 \nmshtml.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:44| 294,400 \nmshtml.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:44| 294,400 \nmshtml.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:45| 292,864 \nmshtml.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:45| 290,816 \nmshtml.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:46| 288,768 \nmshtml.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:47| 286,208 \nmshtml.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:47| 281,600 \nmshtml.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:48| 286,720 \nmshtml.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:48| 292,352 \nmshtml.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:49| 242,176 \nmshtml.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:50| 243,200 \nmshtml.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:51| 243,200 \nJavaScriptCollectionAgent.dll| 11.0.9600.20091| 12-Jul-2021| 20:47| 60,416 \nurlmon.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:29| 46,080 \nurlmon.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:30| 50,176 \nurlmon.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:30| 48,640 \nurlmon.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:32| 49,664 \nurlmon.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:32| 51,712 \nurlmon.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:32| 54,272 \nurlmon.dll.mui| 11.0.9600.20091| 13-Jul-2021| 13:07| 48,128 \nurlmon.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:33| 50,176 \nurlmon.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:34| 47,616 \nurlmon.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:34| 49,152 \nurlmon.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:35| 50,688 \nurlmon.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:35| 45,056 \nurlmon.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:36| 49,152 \nurlmon.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:37| 49,152 \nurlmon.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:37| 49,664 \nurlmon.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:38| 39,936 \nurlmon.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:39| 39,424 \nurlmon.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:39| 47,616 \nurlmon.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:40| 47,616 \nurlmon.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:41| 48,640 \nurlmon.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:41| 51,200 \nurlmon.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:42| 50,688 \nurlmon.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:42| 49,664 \nurlmon.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:43| 50,176 \nurlmon.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:44| 49,152 \nurlmon.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:44| 48,640 \nurlmon.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:45| 50,176 \nurlmon.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:45| 48,640 \nurlmon.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:46| 49,664 \nurlmon.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:46| 48,640 \nurlmon.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:47| 48,128 \nurlmon.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:48| 49,152 \nurlmon.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:48| 48,128 \nurlmon.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:49| 35,328 \nurlmon.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:50| 35,328 \nurlmon.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:50| 35,328 \noccache.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:29| 9,728 \noccache.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:30| 10,752 \noccache.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:31| 10,240 \noccache.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:31| 9,728 \noccache.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:32| 10,752 \noccache.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:33| 11,264 \noccache.dll.mui| 11.0.9600.20091| 13-Jul-2021| 13:07| 9,728 \noccache.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:33| 10,752 \noccache.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:34| 10,240 \noccache.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:34| 10,240 \noccache.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:35| 10,752 \noccache.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:35| 9,216 \noccache.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:36| 10,240 \noccache.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:37| 10,240 \noccache.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:37| 10,752 \noccache.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:38| 7,680 \noccache.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:39| 7,680 \noccache.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:39| 10,240 \noccache.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:40| 10,240 \noccache.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:40| 9,728 \noccache.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:41| 10,240 \noccache.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:42| 10,240 \noccache.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:42| 10,752 \noccache.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:43| 10,752 \noccache.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:44| 10,240 \noccache.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:45| 10,240 \noccache.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:45| 10,752 \noccache.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:45| 10,240 \noccache.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:46| 10,240 \noccache.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:46| 9,728 \noccache.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:47| 9,728 \noccache.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:48| 10,240 \noccache.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:48| 10,240 \noccache.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:49| 6,656 \noccache.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:50| 6,656 \noccache.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:51| 6,656 \nwininet.dll| 11.0.9600.20091| 12-Jul-2021| 20:26| 4,387,840 \njsproxy.dll| 11.0.9600.20091| 12-Jul-2021| 21:01| 47,104 \ninetcpl.cpl.mui| 11.0.9600.20091| 13-Jul-2021| 12:29| 114,176 \ninetcpl.cpl.mui| 11.0.9600.20091| 13-Jul-2021| 12:30| 130,560 \ninetcpl.cpl.mui| 11.0.9600.20091| 13-Jul-2021| 12:31| 124,928 \ninetcpl.cpl.mui| 11.0.9600.20091| 13-Jul-2021| 12:31| 122,880 \ninetcpl.cpl.mui| 11.0.9600.20091| 13-Jul-2021| 12:32| 130,048 \ninetcpl.cpl.mui| 11.0.9600.20091| 13-Jul-2021| 12:33| 138,240 \ninetcpl.cpl.mui| 11.0.9600.20091| 13-Jul-2021| 13:06| 114,688 \ninetcpl.cpl.mui| 11.0.9600.20091| 13-Jul-2021| 12:33| 131,584 \ninetcpl.cpl.mui| 11.0.9600.20091| 13-Jul-2021| 12:34| 117,760 \ninetcpl.cpl.mui| 11.0.9600.20091| 13-Jul-2021| 12:34| 122,368 \ninetcpl.cpl.mui| 11.0.9600.20091| 13-Jul-2021| 12:35| 134,144 \ninetcpl.cpl.mui| 11.0.9600.20091| 13-Jul-2021| 12:36| 107,008 \ninetcpl.cpl.mui| 11.0.9600.20091| 13-Jul-2021| 12:36| 123,392 \ninetcpl.cpl.mui| 11.0.9600.20091| 13-Jul-2021| 12:37| 127,488 \ninetcpl.cpl.mui| 11.0.9600.20091| 13-Jul-2021| 12:37| 128,512 \ninetcpl.cpl.mui| 11.0.9600.20091| 13-Jul-2021| 12:38| 88,576 \ninetcpl.cpl.mui| 11.0.9600.20091| 13-Jul-2021| 12:39| 82,944 \ninetcpl.cpl.mui| 11.0.9600.20091| 13-Jul-2021| 12:39| 125,440 \ninetcpl.cpl.mui| 11.0.9600.20091| 13-Jul-2021| 12:40| 123,392 \ninetcpl.cpl.mui| 11.0.9600.20091| 13-Jul-2021| 12:40| 120,320 \ninetcpl.cpl.mui| 11.0.9600.20091| 13-Jul-2021| 12:41| 130,560 \ninetcpl.cpl.mui| 11.0.9600.20091| 13-Jul-2021| 12:42| 129,024 \ninetcpl.cpl.mui| 11.0.9600.20091| 13-Jul-2021| 12:42| 125,952 \ninetcpl.cpl.mui| 11.0.9600.20091| 13-Jul-2021| 12:43| 129,024 \ninetcpl.cpl.mui| 11.0.9600.20091| 13-Jul-2021| 12:44| 128,000 \ninetcpl.cpl.mui| 11.0.9600.20091| 13-Jul-2021| 12:44| 123,904 \ninetcpl.cpl.mui| 11.0.9600.20091| 13-Jul-2021| 12:45| 129,024 \ninetcpl.cpl.mui| 11.0.9600.20091| 13-Jul-2021| 12:45| 123,904 \ninetcpl.cpl.mui| 11.0.9600.20091| 13-Jul-2021| 12:46| 124,416 \ninetcpl.cpl.mui| 11.0.9600.20091| 13-Jul-2021| 12:46| 121,856 \ninetcpl.cpl.mui| 11.0.9600.20091| 13-Jul-2021| 12:47| 115,712 \ninetcpl.cpl.mui| 11.0.9600.20091| 13-Jul-2021| 12:48| 123,904 \ninetcpl.cpl.mui| 11.0.9600.20091| 13-Jul-2021| 12:48| 125,440 \ninetcpl.cpl.mui| 11.0.9600.20091| 13-Jul-2021| 12:49| 72,704 \ninetcpl.cpl.mui| 11.0.9600.20091| 13-Jul-2021| 12:50| 73,728 \ninetcpl.cpl.mui| 11.0.9600.20091| 13-Jul-2021| 12:50| 73,728 \niedkcs32.dll| 18.0.9600.20091| 13-Jul-2021| 12:28| 341,920 \ninstall.ins| Not versioned| 12-Jul-2021| 19:02| 464 \nieapfltr.dat| 10.0.9301.0| 4-Mar-2021| 13:41| 616,104 \nieapfltr.dll| 11.0.9600.20091| 12-Jul-2021| 20:18| 710,656 \niedvtool.dll| 11.0.9600.20091| 12-Jul-2021| 21:35| 772,608 \nDiagnosticsTap.dll| 11.0.9600.20091| 12-Jul-2021| 20:50| 175,104 \nF12Tools.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:29| 2,048 \nF12Tools.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:30| 2,048 \nF12Tools.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:31| 2,048 \nF12Tools.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:32| 2,048 \nF12Tools.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:32| 2,048 \nF12Tools.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:33| 2,048 \nF12Tools.dll.mui| 11.0.9600.20091| 13-Jul-2021| 13:07| 2,048 \nF12Tools.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:33| 2,048 \nF12Tools.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:34| 2,048 \nF12Tools.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:35| 2,048 \nF12Tools.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:35| 2,048 \nF12Tools.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:35| 2,048 \nF12Tools.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:36| 2,048 \nF12Tools.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:37| 2,048 \nF12Tools.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:37| 2,048 \nF12Tools.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:38| 2,048 \nF12Tools.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:39| 2,048 \nF12Tools.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:39| 2,048 \nF12Tools.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:40| 2,048 \nF12Tools.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:41| 2,048 \nF12Tools.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:42| 2,048 \nF12Tools.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:42| 2,048 \nF12Tools.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:42| 2,048 \nF12Tools.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:43| 2,048 \nF12Tools.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:44| 2,048 \nF12Tools.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:45| 2,048 \nF12Tools.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:45| 2,048 \nF12Tools.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:45| 2,048 \nF12Tools.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:46| 2,048 \nF12Tools.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:46| 2,048 \nF12Tools.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:47| 2,048 \nF12Tools.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:48| 2,048 \nF12Tools.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:48| 2,048 \nF12Tools.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:49| 2,048 \nF12Tools.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:50| 2,048 \nF12Tools.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:50| 2,048 \nF12Tools.dll| 11.0.9600.20091| 12-Jul-2021| 20:49| 256,000 \nmsfeedsbs.mof| Not versioned| 12-Jul-2021| 19:13| 1,574 \nmsfeedsbs.dll| 11.0.9600.20091| 12-Jul-2021| 20:45| 52,736 \nmsfeedssync.exe| 11.0.9600.20091| 12-Jul-2021| 21:07| 11,776 \nhtml.iec| 2019.0.0.20091| 12-Jul-2021| 21:06| 341,504 \nielowutil.exe| 11.0.9600.20091| 12-Jul-2021| 21:00| 221,184 \nieproxy.dll| 11.0.9600.20091| 12-Jul-2021| 20:16| 310,784 \nIEShims.dll| 11.0.9600.20091| 12-Jul-2021| 20:20| 290,304 \njsprofilerui.dll| 11.0.9600.20091| 12-Jul-2021| 20:46| 579,584 \nMshtmlDac.dll| 11.0.9600.20091| 12-Jul-2021| 21:05| 64,000 \nnetworkinspection.dll| 11.0.9600.20091| 12-Jul-2021| 20:42| 1,075,200 \nmsrating.dll| 11.0.9600.20091| 12-Jul-2021| 20:45| 168,960 \nicrav03.rat| Not versioned| 4-Mar-2021| 13:44| 8,798 \nticrf.rat| Not versioned| 4-Mar-2021| 13:44| 1,988 \niertutil.dll| 11.0.9600.20091| 12-Jul-2021| 21:06| 2,308,608 \nsqmapi.dll| 6.2.9200.16384| 13-Jul-2021| 12:28| 228,256 \ninseng.dll| 11.0.9600.20091| 12-Jul-2021| 20:47| 91,136 \nVGX.dll| 11.0.9600.20091| 12-Jul-2021| 20:44| 818,176 \nieframe.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:30| 2,066,432 \nieui.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:29| 3,072 \nieframe.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:30| 2,121,216 \nieui.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:30| 3,072 \nieframe.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:31| 2,075,648 \nieui.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:31| 3,072 \nieframe.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:31| 2,063,872 \nieui.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:31| 3,072 \nieframe.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:32| 2,314,240 \nieui.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:32| 3,072 \nieframe.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:33| 2,390,528 \nieui.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:32| 3,584 \nieframe.dll.mui| 11.0.9600.20091| 13-Jul-2021| 13:07| 2,033,152 \nieui.dll.mui| 11.0.9600.20091| 13-Jul-2021| 13:06| 3,072 \nieframe.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:33| 2,307,584 \nieui.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:33| 3,072 \nieframe.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:34| 2,255,872 \nieui.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:34| 3,072 \nieframe.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:35| 2,061,312 \nieui.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:35| 3,072 \nieframe.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:35| 2,326,016 \nieui.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:35| 3,584 \nieframe.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:36| 2,019,840 \nieui.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:35| 3,072 \nieframe.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:36| 2,071,040 \nieui.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:36| 3,072 \nieframe.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:37| 2,082,816 \nieui.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:37| 3,584 \nieframe.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:38| 2,307,584 \nieui.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:37| 3,072 \nieframe.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:38| 2,170,368 \nieui.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:38| 3,072 \nieframe.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:39| 2,153,984 \nieui.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:39| 3,072 \nieframe.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:40| 2,291,712 \nieui.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:39| 3,072 \nieframe.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:40| 2,283,520 \nieui.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:40| 3,072 \nieframe.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:41| 2,052,096 \nieui.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:41| 3,072 \nieframe.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:41| 2,301,952 \nieui.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:41| 3,584 \nieframe.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:42| 2,093,056 \nieui.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:42| 3,072 \nieframe.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:43| 2,075,648 \nieui.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:42| 3,072 \nieframe.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:43| 2,299,392 \nieui.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:43| 3,072 \nieframe.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:44| 2,094,592 \nieui.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:44| 3,072 \nieframe.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:44| 2,316,800 \nieui.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:44| 3,584 \nieframe.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:45| 2,305,536 \nieui.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:45| 3,072 \nieframe.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:46| 2,278,912 \nieui.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:46| 3,072 \nieframe.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:46| 2,285,568 \nieui.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:46| 3,584 \nieframe.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:47| 2,060,288 \nieui.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:46| 3,072 \nieframe.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:48| 2,315,776 \nieui.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:47| 3,072 \nieframe.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:48| 2,279,424 \nieui.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:48| 3,072 \nieframe.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:49| 2,324,992 \nieui.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:48| 3,072 \nieframe.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:49| 2,098,176 \nieui.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:49| 3,072 \nieframe.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:50| 1,890,304 \nieui.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:50| 3,072 \nieframe.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:51| 1,890,304 \nieui.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:50| 3,072 \nieinstal.exe| 11.0.9600.20091| 12-Jul-2021| 20:43| 475,648 \njscript9.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:29| 29,184 \njscript9.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:30| 29,696 \njscript9.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:30| 32,768 \njscript9.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:31| 33,280 \njscript9.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:32| 35,328 \njscript9.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:32| 37,888 \njscript9.dll.mui| 11.0.9600.20091| 13-Jul-2021| 13:06| 29,696 \njscript9.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:33| 34,304 \njscript9.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:34| 29,696 \njscript9.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:34| 33,280 \njscript9.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:35| 34,304 \njscript9.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:35| 27,648 \njscript9.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:36| 29,696 \njscript9.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:37| 34,304 \njscript9.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:37| 33,792 \njscript9.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:38| 23,040 \njscript9.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:39| 22,016 \njscript9.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:40| 29,696 \njscript9.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:40| 29,696 \njscript9.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:41| 31,232 \njscript9.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:42| 34,304 \njscript9.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:42| 35,840 \njscript9.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:42| 32,768 \njscript9.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:43| 33,280 \njscript9.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:44| 29,696 \njscript9.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:44| 34,816 \njscript9.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:45| 33,280 \njscript9.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:45| 32,256 \njscript9.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:46| 29,696 \njscript9.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:46| 32,768 \njscript9.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:47| 29,696 \njscript9.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:48| 30,720 \njscript9.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:48| 29,696 \njscript9.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:49| 16,384 \njscript9.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:50| 16,896 \njscript9.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:50| 16,896 \n \n### Windows Server 2008\n\n### \n\n__\n\nInternet Explorer 9 on all supported x86-based versions\n\n**File name**| **File version**| **Date**| **Time**| **File size** \n---|---|---|---|--- \nurlmon.dll| 9.0.8112.21581| 13-Jul-2021| 13:30| 1,142,784 \niexplore.exe| 9.0.8112.21581| 13-Jul-2021| 13:39| 751,512 \ninetcpl.cpl| 9.0.8112.21581| 13-Jul-2021| 13:29| 1,427,968 \nwininet.dll| 9.0.8112.21581| 13-Jul-2021| 13:30| 1,132,544 \njsproxy.dll| 9.0.8112.21581| 13-Jul-2021| 13:29| 75,776 \nWininetPlugin.dll| 1.0.0.1| 13-Jul-2021| 13:29| 66,048 \ntdc.ocx| 9.0.8112.21581| 13-Jul-2021| 13:28| 63,488 \niedvtool.dll| 9.0.8112.21581| 13-Jul-2021| 13:29| 678,912 \ndxtmsft.dll| 9.0.8112.21581| 13-Jul-2021| 13:28| 354,304 \ndxtrans.dll| 9.0.8112.21581| 13-Jul-2021| 13:28| 223,744 \nmsfeeds.dll| 9.0.8112.21581| 13-Jul-2021| 13:28| 607,744 \nmsfeeds.mof| Not versioned| 13-Jul-2021| 13:09| 1,518 \nmsfeedsbs.mof| Not versioned| 13-Jul-2021| 13:09| 1,574 \nmsfeedsbs.dll| 9.0.8112.21581| 13-Jul-2021| 13:28| 41,472 \nmsfeedssync.exe| 9.0.8112.21581| 13-Jul-2021| 13:28| 10,752 \nmshta.exe| 9.0.8112.21581| 13-Jul-2021| 13:28| 11,776 \nhtml.iec| 2019.0.0.21576| 13-Jul-2021| 13:31| 367,616 \nmshtmled.dll| 9.0.8112.21581| 13-Jul-2021| 13:28| 72,704 \nmshtml.dll| 9.0.8112.21581| 13-Jul-2021| 13:34| 12,845,056 \nmshtml.tlb| 9.0.8112.21581| 13-Jul-2021| 13:28| 2,382,848 \nielowutil.exe| 9.0.8112.21581| 13-Jul-2021| 13:29| 223,232 \nieproxy.dll| 9.0.8112.21581| 13-Jul-2021| 13:29| 195,072 \nIEShims.dll| 9.0.8112.21581| 13-Jul-2021| 13:29| 194,560 \nExtExport.exe| 9.0.8112.21581| 13-Jul-2021| 13:29| 22,528 \nWindows Pop-up Blocked.wav| Not versioned| 11-Mar-2021| 0:00| 85,548 \nWindows Information Bar.wav| Not versioned| 11-Mar-2021| 0:00| 23,308 \nWindows Feed Discovered.wav| Not versioned| 11-Mar-2021| 0:00| 19,884 \nWindows Navigation Start.wav| Not versioned| 11-Mar-2021| 0:00| 11,340 \nieUnatt.exe| 9.0.8112.21581| 13-Jul-2021| 13:28| 142,848 \njsdbgui.dll| 9.0.8112.21581| 13-Jul-2021| 13:29| 387,584 \niertutil.dll| 9.0.8112.21581| 13-Jul-2021| 13:29| 1,808,384 \nsqmapi.dll| 6.0.6000.16386| 13-Jul-2021| 13:40| 142,744 \nVGX.dll| 9.0.8112.21581| 13-Jul-2021| 13:29| 769,024 \nurl.dll| 9.0.8112.21581| 13-Jul-2021| 13:29| 231,936 \nieframe.dll| 9.0.8112.21581| 13-Jul-2021| 13:30| 9,757,696 \nieui.dll| 9.0.8112.21581| 13-Jul-2021| 13:27| 176,640 \nieinstal.exe| 9.0.8112.21581| 13-Jul-2021| 13:29| 474,624 \nInetRes.adml| Not versioned| 13-Jul-2021| 13:44| 393,813 \ninetres.admx| Not versioned| 11-Mar-2021| 0:10| 1,601,204 \njsdebuggeride.dll| 9.0.8112.21581| 13-Jul-2021| 13:29| 104,448 \njscript.dll| 5.8.7601.21576| 13-Jul-2021| 13:29| 723,456 \njscript9.dll| 9.0.8112.21581| 13-Jul-2021| 13:35| 1,819,648 \nvbscript.dll| 5.8.7601.21576| 13-Jul-2021| 13:29| 434,176 \n \n### \n\n__\n\nInternet Explorer 9 on all supported x64-based versions\n\n**File name**| **File version**| **Date**| **Time**| **File size** \n---|---|---|---|--- \nurlmon.dll| 9.0.8112.21581| 13-Jul-2021| 14:24| 1,391,616 \niexplore.exe| 9.0.8112.21581| 13-Jul-2021| 14:38| 757,656 \ninetcpl.cpl| 9.0.8112.21581| 13-Jul-2021| 14:23| 1,494,528 \nwininet.dll| 9.0.8112.21581| 13-Jul-2021| 14:24| 1,395,200 \njsproxy.dll| 9.0.8112.21581| 13-Jul-2021| 14:23| 97,280 \nWininetPlugin.dll| 1.0.0.1| 13-Jul-2021| 14:23| 86,528 \ntdc.ocx| 9.0.8112.21581| 13-Jul-2021| 14:22| 76,800 \niedvtool.dll| 9.0.8112.21581| 13-Jul-2021| 14:23| 887,808 \ndxtmsft.dll| 9.0.8112.21581| 13-Jul-2021| 14:23| 452,608 \ndxtrans.dll| 9.0.8112.21581| 13-Jul-2021| 14:23| 281,600 \nmsfeeds.dll| 9.0.8112.21581| 13-Jul-2021| 14:23| 729,088 \nmsfeeds.mof| Not versioned| 13-Jul-2021| 14:01| 1,518 \nmsfeedsbs.mof| Not versioned| 13-Jul-2021| 14:01| 1,574 \nmsfeedsbs.dll| 9.0.8112.21581| 13-Jul-2021| 14:23| 55,296 \nmsfeedssync.exe| 9.0.8112.21581| 13-Jul-2021| 14:22| 11,264 \nmshta.exe| 9.0.8112.21581| 13-Jul-2021| 14:22| 12,800 \nhtml.iec| 2019.0.0.21576| 13-Jul-2021| 14:26| 448,512 \nmshtmled.dll| 9.0.8112.21581| 13-Jul-2021| 14:23| 96,256 \nmshtml.dll| 9.0.8112.21581| 13-Jul-2021| 14:33| 18,812,416 \nmshtml.tlb| 9.0.8112.21581| 13-Jul-2021| 14:22| 2,382,848 \nielowutil.exe| 9.0.8112.21581| 13-Jul-2021| 14:23| 223,744 \nieproxy.dll| 9.0.8112.21581| 13-Jul-2021| 14:23| 550,912 \nIEShims.dll| 9.0.8112.21581| 13-Jul-2021| 14:23| 305,664 \nWindows Pop-up Blocked.wav| Not versioned| 11-Mar-2021| 0:00| 85,548 \nWindows Information Bar.wav| Not versioned| 11-Mar-2021| 0:00| 23,308 \nWindows Feed Discovered.wav| Not versioned| 11-Mar-2021| 0:00| 19,884 \nWindows Navigation Start.wav| Not versioned| 11-Mar-2021| 0:00| 11,340 \nieUnatt.exe| 9.0.8112.21581| 13-Jul-2021| 14:23| 173,056 \njsdbgui.dll| 9.0.8112.21581| 13-Jul-2021| 14:23| 499,200 \niertutil.dll| 9.0.8112.21581| 13-Jul-2021| 14:23| 2,163,200 \nsqmapi.dll| 6.0.6000.16386| 13-Jul-2021| 14:39| 176,024 \nVGX.dll| 9.0.8112.21581| 13-Jul-2021| 14:23| 997,376 \nurl.dll| 9.0.8112.21581| 13-Jul-2021| 14:23| 237,056 \nieframe.dll| 9.0.8112.21581| 13-Jul-2021| 14:25| 10,944,000 \nieui.dll| 9.0.8112.21581| 13-Jul-2021| 14:21| 248,320 \nieinstal.exe| 9.0.8112.21581| 13-Jul-2021| 14:23| 490,496 \nInetRes.adml| Not versioned| 13-Jul-2021| 14:43| 393,813 \ninetres.admx| Not versioned| 11-Mar-2021| 0:10| 1,601,204 \njsdebuggeride.dll| 9.0.8112.21581| 13-Jul-2021| 14:23| 141,312 \njscript.dll| 5.8.7601.21576| 13-Jul-2021| 14:23| 818,176 \njscript9.dll| 9.0.8112.21581| 13-Jul-2021| 14:29| 2,358,784 \nvbscript.dll| 5.8.7601.21576| 13-Jul-2021| 14:23| 583,680 \niexplore.exe| 9.0.8112.21581| 13-Jul-2021| 13:39| 751,512 \nieUnatt.exe| 9.0.8112.21581| 13-Jul-2021| 13:28| 142,848 \nurlmon.dll| 9.0.8112.21581| 13-Jul-2021| 13:30| 1,142,784 \ninetcpl.cpl| 9.0.8112.21581| 13-Jul-2021| 13:29| 1,427,968 \nwininet.dll| 9.0.8112.21581| 13-Jul-2021| 13:30| 1,132,544 \njsproxy.dll| 9.0.8112.21581| 13-Jul-2021| 13:29| 75,776 \nWininetPlugin.dll| 1.0.0.1| 13-Jul-2021| 13:29| 66,048 \ntdc.ocx| 9.0.8112.21581| 13-Jul-2021| 13:28| 63,488 \niedvtool.dll| 9.0.8112.21581| 13-Jul-2021| 13:29| 678,912 \ndxtmsft.dll| 9.0.8112.21581| 13-Jul-2021| 13:28| 354,304 \ndxtrans.dll| 9.0.8112.21581| 13-Jul-2021| 13:28| 223,744 \nmsfeeds.dll| 9.0.8112.21581| 13-Jul-2021| 13:28| 607,744 \nmsfeeds.mof| Not versioned| 13-Jul-2021| 13:09| 1,518 \nmsfeedsbs.mof| Not versioned| 13-Jul-2021| 13:09| 1,574 \nmsfeedsbs.dll| 9.0.8112.21581| 13-Jul-2021| 13:28| 41,472 \nmsfeedssync.exe| 9.0.8112.21581| 13-Jul-2021| 13:28| 10,752 \nmshta.exe| 9.0.8112.21581| 13-Jul-2021| 13:28| 11,776 \nhtml.iec| 2019.0.0.21576| 13-Jul-2021| 13:31| 367,616 \nmshtmled.dll| 9.0.8112.21581| 13-Jul-2021| 13:28| 72,704 \nmshtml.dll| 9.0.8112.21581| 13-Jul-2021| 13:34| 12,845,056 \nmshtml.tlb| 9.0.8112.21581| 13-Jul-2021| 13:28| 2,382,848 \nielowutil.exe| 9.0.8112.21581| 13-Jul-2021| 13:29| 223,232 \nieproxy.dll| 9.0.8112.21581| 13-Jul-2021| 13:29| 195,072 \nIEShims.dll| 9.0.8112.21581| 13-Jul-2021| 13:29| 194,560 \nExtExport.exe| 9.0.8112.21581| 13-Jul-2021| 13:29| 22,528 \njsdbgui.dll| 9.0.8112.21581| 13-Jul-2021| 13:29| 387,584 \niertutil.dll| 9.0.8112.21581| 13-Jul-2021| 13:29| 1,808,384 \nsqmapi.dll| 6.0.6000.16386| 13-Jul-2021| 13:40| 142,744 \nVGX.dll| 9.0.8112.21581| 13-Jul-2021| 13:29| 769,024 \nurl.dll| 9.0.8112.21581| 13-Jul-2021| 13:29| 231,936 \nieframe.dll| 9.0.8112.21581| 13-Jul-2021| 13:30| 9,757,696 \nieui.dll| 9.0.8112.21581| 13-Jul-2021| 13:27| 176,640 \nieinstal.exe| 9.0.8112.21581| 13-Jul-2021| 13:29| 474,624 \njsdebuggeride.dll| 9.0.8112.21581| 13-Jul-2021| 13:29| 104,448 \njscript.dll| 5.8.7601.21576| 13-Jul-2021| 13:29| 723,456 \njscript9.dll| 9.0.8112.21581| 13-Jul-2021| 13:35| 1,819,648 \nvbscript.dll| 5.8.7601.21576| 13-Jul-2021| 13:29| 434,176 \n \n## **Information about protection and security**\n\n * Protect yourself online: [Windows Security support](<https://support.microsoft.com/hub/4099151/windows-security-help>)\n * Learn how we guard against cyber threats: [Microsoft Security](<https://www.microsoft.com/security>)\n\n## **References**\n\nLearn about the [terminology](<https://support.microsoft.com/help/824684>) that Microsoft uses to describe software updates.\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2021-08-10T07:00:00", "type": "mskb", "title": "KB5005036: Cumulative security update for Internet Explorer: August 10, 2021", "bulletinFamily": "microsoft", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-34480"], "modified": "2021-08-10T07:00:00", "id": "KB5005036", "href": "https://support.microsoft.com/en-us/help/5005036", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-05-19T10:52:21", "description": "None\n**Important: **This release includes the Flash Removal Package. Taking this update will remove Adobe Flash from the device. For more information, see the [Update on Adobe Flash Player End of Support](<https://blogs.windows.com/msedgedev/2020/09/04/update-adobe-flash-end-support/>).\n\n**Important: **Windows Server 2012 has reached the end of mainstream support and is now in extended support. Starting in July 2020, there will no longer be optional releases (known as \"C\" or \"D\" releases) for this operating system. Operating systems in extended support have only cumulative monthly security updates (known as the \"B\" or Update Tuesday release). \n \nVerify that** **you have installed the required updates listed in the **How to get this update** section before installing this update. \n \nFor information about the various types of Windows updates, such as critical, security, driver, service packs, and so on, please see the following [article](<https://support.microsoft.com/help/824684>). To view other notes and messages, see the Windows Server 2012 update history [home page](<https://support.microsoft.com/help/4009471>).\n\n## **Improvements and fixes**\n\nThis security update includes improvements and fixes that were a part of update [KB5004294](<https://support.microsoft.com/help/5004294>) (released previous July 13, 2021) and addresses the following issues:\n\n * Changes the default privilege requirement for installing drivers when using Point and Print. After installing this update, you must have administrative privileges to install drivers. If you use Point and Print, see [KB5005652](<https://support.microsoft.com/topic/873642bf-2634-49c5-a23b-6d8e9a302872>), [Point and Print Default Behavior Change](<https://aka.ms/PointPrintMSRCBlog>), and [CVE-2021-34481](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-34481>) for more information.\n * Addresses an issue in which Smart Card Authentication (PIV) fails on non-RFC compliant printers and scanners requiring smartcard authentication. For more information, see [KB5005389.](<https://support.microsoft.com/help/5005389>)\n * This update also contains miscellaneous security improvements to internal OS functionality.\nFor more information about the resolved security vulnerabilities, please refer to the new [Security Update Guide](<https://msrc.microsoft.com/update-guide>) website.\n\n## **Known issues in this update**\n\n**Symptom**| **Workaround** \n---|--- \nAfter installing this update, the Encrypted File System (EFS) API **[OpenEncryptedFileRaw(A/W)](<https://docs.microsoft.com/en-us/windows/win32/api/winbase/nf-winbase-openencryptedfilerawa>)**, often used in backup software, will not work when you back up to or from a Windows Server 2008 SP2 device. **OpenEncryptedFileRaw** will continue to work on all other versions of Windows (local and remote).| This behavior is expected because we addressed the issue in [CVE-2021-36942](<https://portal.msrc.microsoft.com/security-guidance/advisory/CVE-2021-36942>).**Note** If you cannot use backup software on Windows 7 SP1 and Server 2008 R2 SP1 or later after installing this update, contact the manufacturer of your backup software for updates and support. \nCertain operations, such as **rename**, that you perform on files or folders that are on a Cluster Shared Volume (CSV) may fail with the error, \u201cSTATUS_BAD_IMPERSONATION_LEVEL (0xC00000A5)\u201d. This occurs when you perform the operation on a CSV owner node from a process that doesn\u2019t have administrator privilege.| Do one of the following:\n\n * Perform the operation from a process that has administrator privilege.\n * Perform the operation from a node that doesn\u2019t have CSV ownership.\nMicrosoft is working on a resolution and will provide an update in an upcoming release. \n \n## **How to get this update**\n\n**Before installing this update**We strongly recommend that you install the latest servicing stack update (SSU) for your operating system before installing the latest Rollup. SSUs improve the reliability of the update process to mitigate potential issues while installing the Rollup and applying Microsoft security fixes. For general information about SSUs, see [Servicing stack updates](<https://docs.microsoft.com/en-us/windows/deployment/update/servicing-stack-updates>) and [Servicing Stack Updates (SSU): Frequently Asked Questions](<https://support.microsoft.com/help/4535697>).If you use Windows Update, the latest SSU ([KB5001401](<https://support.microsoft.com/help/5001401>)) will be offered to you automatically. To get the standalone package for the latest SSU, search for it in the [Microsoft Update Catalog](<http://www.catalog.update.microsoft.com/home.aspx>). **Install this update****Release Channel**| **Available**| **Next Step** \n---|---|--- \nWindows Update and Microsoft Update| Yes| None. This update will be downloaded and installed automatically from Windows Update. \nMicrosoft Update Catalog| Yes| To get the standalone package for this update, go to the [Microsoft Update Catalog](<https://www.catalog.update.microsoft.com/Search.aspx?q=KB5005099>) website. \nWindows Server Update Services (WSUS)| Yes| This update will automatically sync with WSUS if you configure **Products and Classifications** as follows:**Product**: Windows Server 2012, Windows Embedded 8 Standard**Classification**: Security Updates \n \n## **File information**\n\nFor a list of the files that are provided in this update, download the [file information for update 5005099](<https://download.microsoft.com/download/5/4/b/54b50378-2639-49db-8cb2-4b4241268317/5005099.csv>). \n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-08-10T07:00:00", "type": "mskb", "title": "August 10, 2021\u2014KB5005099 (Monthly Rollup)", "bulletinFamily": "microsoft", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-34481", "CVE-2021-36937", "CVE-2021-36942"], "modified": "2021-08-10T07:00:00", "id": "KB5005099", "href": "https://support.microsoft.com/en-us/help/5005099", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-05-19T10:52:20", "description": "None\n**Important: **Windows Server 2008 Service Pack 2 (SP2) has reached the end of mainstream support and are now in extended support. Starting in July 2020, there will no longer be optional, non-security releases (known as \"C\" releases) for this operating system. Operating systems in extended support have only cumulative monthly security updates (known as the \"B\" or Update Tuesday release). \n \nVerify that** **you have installed the required updates listed in the **How to get this update** section before installing this update. \n \nWSUS scan cab files will continue to be available for Windows Server 2008 SP2. If you have a subset of devices running this operating system without ESU, they might show as non-compliant in your patch management and compliance toolsets.\n\n## **Improvements and fixes**\n\nThis security update includes quality improvements. Key changes include:\n\n * Changes the default privilege requirement for installing drivers when using Point and Print. After installing this update, you must have administrative privileges to install drivers. If you use Point and Print, see [KB5005652](<https://support.microsoft.com/topic/873642bf-2634-49c5-a23b-6d8e9a302872>), [Point and Print Default Behavior Change](<https://aka.ms/PointPrintMSRCBlog>), and [CVE-2021-34481](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-34481>) for more information.\n * Addresses an issue in which Smart Card Authentication (PIV) fails on non-RFC compliant printers and scanners requiring smartcard authentication. For more information, see [KB5005391](<https://support.microsoft.com/help/5005390>).\n * This update also contains miscellaneous security improvements to internal OS functionality.\nFor more information about the resolved security vulnerabilities, please refer to the new [Security Update Guide](<https://msrc.microsoft.com/update-guide>) website.\n\n## **Known issues in this update**\n\n**Symptom**| **Workaround** \n---|--- \nAfter installing this update, the Encrypted File System (EFS) API **[OpenEncryptedFileRaw(A/W)](<https://docs.microsoft.com/en-us/windows/win32/api/winbase/nf-winbase-openencryptedfilerawa>)**, often used in backup software, will not work when you back up to or from a Windows Server 2008 SP2 device. **OpenEncryptedFileRaw** will continue to work on all other versions of Windows (local and remote).| This behavior is expected because we addressed the issue in [CVE-2021-36942](<https://portal.msrc.microsoft.com/security-guidance/advisory/CVE-2021-36942>).**Note** If you cannot use backup software on Windows 7 SP1 and Server 2008 R2 SP1 or later after installing this update, contact the manufacturer of your backup software for updates and support. \nAfter installing this update and restarting your device, you might receive the error, \u201cFailure to configure Windows updates. Reverting Changes. Do not turn off your computer\u201d, and the update might show as **Failed** in **Update History**.| This is expected in the following circumstances:\n\n * If you are installing this update on a device that is running an edition that is not supported for ESU. For a complete list of which editions are supported, see [KB4497181](<https://support.microsoft.com/help/4497181>).\n * If you do not have an ESU MAK add-on key installed and activated.\nIf you have purchased an ESU key and have encountered this issue, please verify you have applied all prerequisites and that your key is activated. For information on activation, please see this [blog](<https://aka.ms/Windows7ESU>) post. For information on the prerequisites, see the \"How to get this update\" section of this article. \nCertain operations, such as **rename**, that you perform on files or folders that are on a Cluster Shared Volume (CSV) may fail with the error, \u201cSTATUS_BAD_IMPERSONATION_LEVEL (0xC00000A5)\u201d. This occurs when you perform the operation on a CSV owner node from a process that doesn\u2019t have administrator privilege.| Do one of the following:\n\n * Perform the operation from a process that has administrator privilege.\n * Perform the operation from a node that doesn\u2019t have CSV ownership.\nMicrosoft is working on a resolution and will provide an update in an upcoming release. \n \n## **How to get this update**\n\n**Before installing this update****IMPORTANT** Customers who have purchased the [Extended Security Update (ESU)](<https://www.microsoft.com/en-us/cloud-platform/extended-security-updates>) for on-premises versions of this OS must follow the procedures in [KB4522133](<https://support.microsoft.com/help/4522133>) to continue receiving security updates after extended support ends on January 14, 2020.For more information on ESU and which editions are supported, see [KB4497181](<https://support.microsoft.com/help/4497181>).**Prerequisite:**You must install the updates listed below and **restart your device** before installing the latest Rollup. Installing these updates improves the reliability of the update process and mitigates potential issues while installing the Rollup and applying Microsoft security fixes.\n\n 1. The April 9, 2019 servicing stack update (SSU) ([KB4493730](<https://support.microsoft.com/help/4493730>)). To get the standalone package for this SSU, search for it in the [Microsoft Update Catalog](<http://www.catalog.update.microsoft.com/home.aspx>). This update is required to install updates that are only SHA-2 signed.\n 2. The latest SHA-2 update ([KB4474419](<https://support.microsoft.com/help/4474419>)) released October 8, 2019. If you are using Windows Update, the latest SHA-2 update will be offered to you automatically. This update is required to install updates that are only SHA-2 signed. For more information on SHA-2 updates, see [2019 SHA-2 Code Signing Support requirement for Windows and WSUS](<https://support.microsoft.com/help/4472027>).\n 3. The Extended Security Updates (ESU) Licensing Preparation Package ([KB4538484](<https://support.microsoft.com/help/4538484>)) or the Update for the Extended Security Updates (ESU) Licensing Preparation Package ([KB4575904](<https://support.microsoft.com/help/4575904>)). The ESU licensing preparation package will be offered to you from WSUS. To get the standalone package for ESU licensing preparation package, search for it in the [Microsoft Update Catalog](<http://www.catalog.update.microsoft.com/home.aspx>).\nAfter installing the items above, we strongly recommend that you install the latest SSU ([KB4580971](<https://support.microsoft.com/help/4580971>)). If you are using Windows Update, the latest SSU will be offered to you automatically if you are an ESU customer. To get the standalone package for the latest SSU, search for it in the [Microsoft Update Catalog](<http://www.catalog.update.microsoft.com/home.aspx>). For general information about SSUs, see [Servicing stack updates](<https://docs.microsoft.com/en-us/windows/deployment/update/servicing-stack-updates>) and [Servicing Stack Updates (SSU): Frequently Asked Questions](<https://support.microsoft.com/help/4535697>).**REMINDER** If you are using Security-only updates, you will also need to install all previous Security-only updates and the latest cumulative update for Internet Explorer ([KB5005036](<https://support.microsoft.com/help/5005036>)).**Install this update****Release Channel**| **Available**| **Next Step** \n---|---|--- \nWindows Update and Microsoft Update| No| See the other options below. \nMicrosoft Update Catalog| Yes| To get the standalone package for this update, go to the [Microsoft Update Catalog](<https://www.catalog.update.microsoft.com/Search.aspx?q=KBNNNNNNN>) website. \nWindows Server Update Services (WSUS)| Yes| This update will automatically sync with WSUS if you configure **Products and Classifications** as follows:**Product**: Windows Server 2008 Service Pack 2**Classification**: Security Updates \n \n## **File information**\n\nFor a list of the files that are provided in this update, download the [file information for update 5005095](<https://download.microsoft.com/download/2/f/9/2f99a9fc-08b2-4463-9199-43e8f557ead0/5005095.csv>).\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-08-10T07:00:00", "type": "mskb", "title": "August 10, 2021\u2014KB5005095 (Security-only update)", "bulletinFamily": "microsoft", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-34481", "CVE-2021-36937", "CVE-2021-36942"], "modified": "2021-08-10T07:00:00", "id": "KB5005095", "href": "https://support.microsoft.com/en-us/help/5005095", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-05-19T10:52:19", "description": "None\n**Important: **This release includes the Flash Removal Package. Taking this update will remove Adobe Flash from the device. For more information, see the [Update on Adobe Flash Player End of Support](<https://blogs.windows.com/msedgedev/2020/09/04/update-adobe-flash-end-support/>).\n\n**Important: **Windows 8.1 and Windows Server 2012 R2 have reached the end of mainstream support and are now in extended support. Starting in July 2020, there will no longer be optional, non-security releases (known as \"C\" releases) for this operating system. Operating systems in extended support have only cumulative monthly security updates (known as the \"B\" or Update Tuesday release). \n \nFor information about the various types of Windows updates, such as critical, security, driver, service packs, and so on, please see the following [article](<https://support.microsoft.com/help/824684>). To view other notes and messages, see the Windows 8.1 and Windows Server 2012 R2 update history [home page](<https://support.microsoft.com/help/4009470>).\n\n## **Improvements and fixes**\n\nThis security update includes improvements and fixes that were a part of update [KB5004298](<https://support.microsoft.com/help/5004298>) (released July 13, 2021) and addresses the following issues:\n\n * Changes the default privilege requirement for installing drivers when using Point and Print. After installing this update, you must have administrative privileges to install drivers. If you use Point and Print, see [KB5005652](<https://support.microsoft.com/topic/873642bf-2634-49c5-a23b-6d8e9a302872>), [Point and Print Default Behavior Change](<https://aka.ms/PointPrintMSRCBlog>), and [CVE-2021-34481](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-34481>) for more information.\n * Addresses an issue in which Smart Card Authentication (PIV) fails on non-RFC compliant printers and scanners requiring smartcard authentication. For more information, see [KB5005391.](<https://support.microsoft.com/help/5005391>)\n * This update also contains miscellaneous security improvements to internal OS functionality.\nFor more information about the resolved security vulnerabilities, please refer to the new [Security Update Guide](<https://msrc.microsoft.com/update-guide>) website.\n\n## **Known issues in this update**\n\n**Symptom**| **Workaround** \n---|--- \nAfter installing this update, the Encrypted File System (EFS) API **[OpenEncryptedFileRaw(A/W)](<https://docs.microsoft.com/en-us/windows/win32/api/winbase/nf-winbase-openencryptedfilerawa>)**, often used in backup software, will not work when you back up to or from a Windows Server 2008 SP2 device. **OpenEncryptedFileRaw** will continue to work on all other versions of Windows (local and remote).| This behavior is expected because we addressed the issue in [CVE-2021-36942](<https://portal.msrc.microsoft.com/security-guidance/advisory/CVE-2021-36942>).**Note** If you cannot use backup software on Windows 7 SP1 and Server 2008 R2 SP1 or later after installing this update, contact the manufacturer of your backup software for updates and support. \nCertain operations, such as **rename**, that you perform on files or folders that are on a Cluster Shared Volume (CSV) may fail with the error, \u201cSTATUS_BAD_IMPERSONATION_LEVEL (0xC00000A5)\u201d. This occurs when you perform the operation on a CSV owner node from a process that doesn\u2019t have administrator privilege.| Do one of the following:\n\n * Perform the operation from a process that has administrator privilege.\n * Perform the operation from a node that doesn\u2019t have CSV ownership.\nMicrosoft is working on a resolution and will provide an update in an upcoming release. \n \n## **How to get this update**\n\n**Before installing this update**We strongly recommend that you install the latest servicing stack update (SSU) for your operating system before you install the latest Rollup. SSUs improve the reliability of the update process to mitigate potential issues while installing the Rollup and applying Microsoft security fixes. For general information about SSUs, see [Servicing stack updates](<https://docs.microsoft.com/en-us/windows/deployment/update/servicing-stack-updates>) and [Servicing Stack Updates (SSU): Frequently Asked Questions](<https://support.microsoft.com/help/4535697>).If you use Windows Update, the latest SSU ([KB5001403](<https://support.microsoft.com/help/5001403>)) will be offered to you automatically. To get the standalone package for the latest SSU, search for it in the [Microsoft Update Catalog](<http://www.catalog.update.microsoft.com/home.aspx>). **Install this update****Release Channel**| **Available**| **Next Step** \n---|---|--- \nWindows Update and Microsoft Update| Yes| None. This update will be downloaded and installed automatically from Windows Update. \nMicrosoft Update Catalog| Yes| To get the standalone package for this update, go to the [Microsoft Update Catalog](<https://www.catalog.update.microsoft.com/Search.aspx?q=KB5005076>) website. \nWindows Server Update Services (WSUS)| Yes| This update will automatically sync with WSUS if you configure **Products and Classifications** as follows:**Product**: Windows 8.1, Windows Server 2012 R2, Windows Embedded 8.1 Industry Enterprise, Windows Embedded 8.1 Industry Pro**Classification**: Security Updates \n \n## **File information**\n\nFor a list of the files that are provided in this update, download the [file information for update 5005076](<https://download.microsoft.com/download/f/e/9/fe907252-2606-4ef8-b4cd-bfe1b3bbae60/5005076.csv>). \n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-08-10T07:00:00", "type": "mskb", "title": "August 10, 2021\u2014KB5005076 (Monthly Rollup)", "bulletinFamily": "microsoft", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-34481", "CVE-2021-36937", "CVE-2021-36942"], "modified": "2021-08-10T07:00:00", "id": "KB5005076", "href": "https://support.microsoft.com/en-us/help/5005076", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-05-19T10:52:19", "description": "None\n**Important: **Windows 7 and Windows Server 2008 R2 have reached the end of mainstream support and are now in extended support. Starting in July 2020, there will no longer be optional, non-security releases (known as \"C\" releases) for this operating system. Operating systems in extended support have only cumulative monthly security updates (known as the \"B\" or Update Tuesday release). \n \nVerify that** **you have installed the required updates listed in the **How to get this update** section before installing this update. \n \nFor information about the various types of Windows updates, such as critical, security, driver, service packs, and so on, please see the following [article](<https://support.microsoft.com/help/824684>). To view other notes and messages, see the Windows 7 and Windows Server 2008 R2 update history [home page](<https://support.microsoft.com/help/4009469>).\n\n## **Improvements and fixes**\n\nThis security update includes quality improvements. Key changes include:\n\n * Changes the default privilege requirement for installing drivers when using Point and Print. After installing this update, you must have administrative privileges to install drivers. If you use Point and Print, see [KB5005652](<https://support.microsoft.com/topic/873642bf-2634-49c5-a23b-6d8e9a302872>), [Point and Print Default Behavior Change](<https://aka.ms/PointPrintMSRCBlog>), and [CVE-2021-34481](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-34481>) for more information.\n * Addresses an issue in which Smart Card Authentication (PIV) fails on non-RFC compliant printers and scanners requiring smartcard authentication. For more information, see [KB5005392](<https://support.microsoft.com/help/5005392>).\n * This update also contains miscellaneous security improvements to internal OS functionality.\nFor more information about the resolved security vulnerabilities, please refer to the new [Security Update Guide](<https://msrc.microsoft.com/update-guide>) website.\n\n## **Known issues in this update**\n\n**Symptom**| **Workaround** \n---|--- \nAfter installing this update, the Encrypted File System (EFS) API **[OpenEncryptedFileRaw(A/W)](<https://docs.microsoft.com/en-us/windows/win32/api/winbase/nf-winbase-openencryptedfilerawa>)**, often used in backup software, will not work when you back up to or from a Windows Server 2008 SP2 device. **OpenEncryptedFileRaw** will continue to work on all other versions of Windows (local and remote).| This behavior is expected because we addressed the issue in [CVE-2021-36942](<https://portal.msrc.microsoft.com/security-guidance/advisory/CVE-2021-36942>).**Note** If you cannot use backup software on Windows 7 SP1 and Server 2008 R2 SP1 or later after installing this update, contact the manufacturer of your backup software for updates and support. \nAfter installing this update and restarting your device, you might receive the error, \u201cFailure to configure Windows updates. Reverting Changes. Do not turn off your computer,\u201d and the update might show as **Failed **in **Update History**.| This is expected in the following circumstances:\n\n * If you are installing this update on a device that is running an edition that is not supported for ESU. For a complete list of which editions are supported, see [KB4497181](<https://support.microsoft.com/help/4497181>).\n * If you do not have an ESU MAK add-on key installed and activated.\n * If you have purchased an ESU key and have encountered this issue, please verify you have applied all prerequisites and that your key is activated. For information on activation, please see this [blog](<https://techcommunity.microsoft.com/t5/windows-it-pro-blog/obtaining-extended-security-updates-for-eligible-windows-devices/ba-p/1167091>) post. For information on the prerequisites, see the **How to get this update** section of this article. \nCertain operations, such as **rename**, that you perform on files or folders that are on a Cluster Shared Volume (CSV) may fail with the error, \"STATUS_BAD_IMPERSONATION_LEVEL (0xC00000A5)\". This occurs when you perform the operation on a CSV owner node from a process that doesn\u2019t have administrator privilege.| Do one of the following:\n\n * Perform the operation from a process that has administrator privilege.\n * Perform the operation from a node that doesn\u2019t have CSV ownership.\nMicrosoft is working on a resolution and will provide an update in an upcoming release. \n \n## **How to get this update**\n\n**Before installing this update****IMPORTANT** Customers who have purchased the Extended Security Update (ESU) for on-premises versions of these operating systems must follow the procedures in [KB4522133](<https://support.microsoft.com/help/4522133>) to continue receiving security updates after extended support ends. Extended support ends as follows:\n\n * For Windows 7 Service Pack 1 and Windows Server 2008 R2 Service Pack 1, extended support ends on January 14, 2020.\n * For Windows Embedded Standard 7, extended support ends on October 13, 2020.\nFor more information about ESU and which editions are supported, see [KB4497181](<https://support.microsoft.com/help/4497181>).**Note** For Windows Embedded Standard 7, Windows Management Instrumentation (WMI) must be enabled to get updates from Windows Update or Windows Server Update Services.**Prerequisite:**You must install the updates listed below and **restart your device** before installing the latest Rollup. Installing these updates improves the reliability of the update process and mitigates potential issues while installing the Rollup and applying Microsoft security fixes.\n\n 1. The March 12, 2019 servicing stack update (SSU) ([KB4490628](<https://support.microsoft.com/help/4490628>)). To get the standalone package for this SSU, search for it in the [Microsoft Update Catalog](<http://www.catalog.update.microsoft.com/home.aspx>). This update is required to install updates that are only SHA-2 signed.\n 2. The latest SHA-2 update ([KB4474419](<https://support.microsoft.com/help/4474419>)) released September 10, 2019. If you are using Windows Update, the latest SHA-2 update will be offered to you automatically. This update is required to install updates that are only SHA-2 signed. For more information on SHA-2 updates, see [2019 SHA-2 Code Signing Support requirement for Windows and WSUS](<https://support.microsoft.com/help/4472027>).\n 3. For Windows Thin PC, you must have the August 11, 2020 SSU ([KB4570673](<https://support.microsoft.com/help/4570673>)) or a later SSU installed to make sure you continue to get the extended security updates starting with the October 13, 2020 updates.\n 4. To get this security update, you must reinstall the \"Extended Security Updates (ESU) Licensing Preparation Package\" ([KB4538483](<https://support.microsoft.com/help/4538483>)) or the \"Update for the Extended Security Updates (ESU) Licensing Preparation Package\" ([KB4575903](<https://support.microsoft.com/help/4575903>)) even if you previously installed the ESU key. The ESU licensing preparation package will be offered to you from WSUS. To get the standalone package for ESU licensing preparation package, search for it in the [Microsoft Update Catalog](<http://www.catalog.update.microsoft.com/home.aspx>).\nAfter installing the items above, Microsoft strongly recommends that you install the latest SSU ([KB5004378](<https://support.microsoft.com/help/5004378>)). If you are using Windows Update, the latest SSU will be offered to you automatically if you are an ESU customer. To get the standalone package for the latest SSU, search for it in the [Microsoft Update Catalog](<http://www.catalog.update.microsoft.com/home.aspx>). For general information about SSUs, see [Servicing stack updates](<https://docs.microsoft.com/en-us/windows/deployment/update/servicing-stack-updates>) and [Servicing Stack Updates (SSU): Frequently Asked Questions](<https://support.microsoft.com/help/4535697>).**REMINDER** If you are using Security-only updates, you will also need to install all previous Security-only updates and the latest cumulative update for Internet Explorer ([KB5005036](<https://support.microsoft.com/help/5005036>)).**Install this update****Release Channel**| **Available**| **Next Step** \n---|---|--- \nWindows Update and Microsoft Update| No| See the other options below. \nMicrosoft Update Catalog| Yes| To get the standalone package for this update, go to the [Microsoft Update Catalog](<https://www.catalog.update.microsoft.com/Search.aspx?q=KB5005089>) website. \nWindows Server Update Services (WSUS)| Yes| This update will automatically sync with WSUS if you configure **Products and Classifications** as follows:**Product**: Windows 7 Service Pack 1, Windows Server 2008 R2 Service Pack 1, Windows Embedded Standard 7 Service Pack 1, Windows Embedded POSReady 7, Windows Thin PC**Classification**: Security Updates \n \n## **File information**\n\nFor a list of the files that are provided in this update, download the [file information for update 5005089](<https://download.microsoft.com/download/d/0/4/d0487f5c-6448-4a25-badb-8fcab6fc55bf/5005089.csv>).\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-08-10T07:00:00", "type": "mskb", "title": "August 10, 2021\u2014KB5005089 (Security-only update)", "bulletinFamily": "microsoft", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-34481", "CVE-2021-36937", "CVE-2021-36942"], "modified": "2021-08-10T07:00:00", "id": "KB5005089", "href": "https://support.microsoft.com/en-us/help/5005089", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-05-19T10:52:18", "description": "None\n**12/8/20** \nFor information about Windows update terminology, see the article about the [types of Windows updates](<https://docs.microsoft.com/en-us/troubleshoot/windows-client/deployment/standard-terminology-software-updates>) and the [monthly quality update types](<https://techcommunity.microsoft.com/t5/windows-it-pro-blog/windows-quality-updates-primer/ba-p/2569385>). To view other notes and messages, see the Windows 10, version 1507 update history home page.\n\n## Highlights\n\n * Updates the default installation privilege requirement so that you must be an administrator to install drivers when using [Point and Print](<https://docs.microsoft.com/en-us/windows-hardware/drivers/print/introduction-to-point-and-print>). \n\n## Improvements and fixes\n\nThis security update includes quality improvements. Key changes include:\n\n * Changes the default privilege requirement for installing drivers when using Point and Print. After installing this update, you must have administrative privileges to install drivers. If you use Point and Print, see [KB5005652](<https://support.microsoft.com/topic/873642bf-2634-49c5-a23b-6d8e9a302872>), [Point and Print Default Behavior Change](<https://aka.ms/PointPrintMSRCBlog>), and [CVE-2021-34481](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-34481>) for more information.\nIf you installed earlier updates, only the new fixes contained in this package will be downloaded and installed on your device.For more information about the resolved security vulnerabilities, please refer to the new [Security Update Guide](<https://msrc.microsoft.com/update-guide>) website.\n\n**Windows Update Improvements**Microsoft has released an update directly to the Windows Update client to improve reliability. Any device running Windows 10 configured to receive updates automatically from Windows Update, including Enterprise and Pro editions, will be offered the latest Windows 10 feature update based on device compatibility and Windows Update for Business deferral policy. This doesn't apply to long-term servicing editions.\n\n## Known issues in this update\n\n**Symptom**| **Workaround** \n---|--- \nAfter installing this update, the Encrypted File System (EFS) API [OpenEncryptedFileRaw(A/W)](<https://docs.microsoft.com/en-us/windows/win32/api/winbase/nf-winbase-openencryptedfilerawa>), often used in backup software, will not work when you back up to or from a Windows Server 2008 SP2 device. OpenEncryptedFileRaw will continue to work on all other versions of Windows (local and remote).| This behavior is expected because we addressed the issue in CVE-2021-36942.**Note** If you cannot use backup software on Windows 7 SP1 and Server 2008 R2 SP1 or later after installing this update, contact the manufacturer of your backup software for updates and support. \n \n## How to get this update\n\n**Before installing this update**Microsoft strongly recommends you install the latest servicing stack update (SSU) for your operating system before installing the latest cumulative update (LCU). SSUs improve the reliability of the update process to mitigate potential issues while installing the LCU and applying Microsoft security fixes. For general information about SSUs, see [Servicing stack updates](<https://docs.microsoft.com/en-us/windows/deployment/update/servicing-stack-updates>) and Servicing Stack Updates (SSU): Frequently Asked Questions. If you are using Windows Update, the latest SSU (KB5001399) will be offered to you automatically. To get the standalone package for the latest SSU, search for it in the [Microsoft Update Catalog](<http://www.catalog.update.microsoft.com/home.aspx>).**Install this update****Release Channel**| **Available**| **Next Step** \n---|---|--- \nWindows Update and Microsoft Update| Yes| None. This update will be downloaded and installed automatically from Windows Update. \nWindows Update for Business| Yes| None. This update will be downloaded and installed automatically from Windows Update in accordance with configured policies. \nMicrosoft Update Catalog| Yes| To get the standalone package for this update, go to the [Microsoft Update Catalog](<https://www.catalog.update.microsoft.com/Search.aspx?q=KB5005040>) website. \nWindows Server Update Services (WSUS)| Yes| This update will automatically sync with WSUS if you configure **Products and Classifications** as follows:**Product**: Windows 10**Classification**: Security Updates \n**File information**For a list of the files that are provided in this update, download the [file information for cumulative update 5005040](<https://download.microsoft.com/download/5/2/5/5258a9c1-9a52-4572-820f-3cf7336f0291/5005040.csv>). \n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-08-10T07:00:00", "type": "mskb", "title": "August 10, 2021\u2014KB5005040 (OS Build 10240.19022)", "bulletinFamily": "microsoft", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-34481", "CVE-2021-36938", "CVE-2021-36942"], "modified": "2021-08-10T07:00:00", "id": "KB5005040", "href": "https://support.microsoft.com/en-us/help/5005040", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-05-19T10:52:20", "description": "None\n**Important: **This release includes the Flash Removal Package. Taking this update will remove Adobe Flash from the device. For more information, see the [Update on Adobe Flash Player End of Support](<https://blogs.windows.com/msedgedev/2020/09/04/update-adobe-flash-end-support/>).\n\n**Important: **Windows Server 2012 has reached the end of mainstream support and is now in extended support. Starting in July 2020, there will no longer be optional releases (known as \"C\" or \"D\" releases) for this operating system. Operating systems in extended support have only cumulative monthly security updates (known as the \"B\" or Update Tuesday release). \n \nVerify that** **you have installed the required updates listed in the **How to get this update** section before installing this update. \n \nFor information about the various types of Windows updates, such as critical, security, driver, service packs, and so on, please see the following [article](<https://support.microsoft.com/help/824684>). To view other notes and messages, see the Windows Server 2012 update history [home page](<https://support.microsoft.com/help/4009471>).\n\n## **Improvements and fixes**\n\nThis security update includes quality improvements. Key changes include:\n\n * Changes the default privilege requirement for installing drivers when using Point and Print. After installing this update, you must have administrative privileges to install drivers. If you use Point and Print, see [KB5005652](<https://support.microsoft.com/topic/873642bf-2634-49c5-a23b-6d8e9a302872>), [Point and Print Default Behavior Change](<https://aka.ms/PointPrintMSRCBlog>), and [CVE-2021-34481](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-34481>) for more information.\n * Addresses an issue in which Smart Card Authentication (PIV) fails on non-RFC compliant printers and scanners requiring smartcard authentication. For more information, see [KB5005389](<https://support.microsoft.com/help/5005389>).\n * This update also contains miscellaneous security improvements to internal OS functionality.\nFor more information about the resolved security vulnerabilities, please refer to the [Security Update Guide](<https://portal.msrc.microsoft.com/security-guidance>).\n\n## **Known issues in this update**\n\n**Symptom**| **Workaround** \n---|--- \nAfter installing this update, the Encrypted File System (EFS) API **[OpenEncryptedFileRaw(A/W)](<https://docs.microsoft.com/en-us/windows/win32/api/winbase/nf-winbase-openencryptedfilerawa>)**, often used in backup software, will not work when you back up to or from a Windows Server 2008 SP2 device. **OpenEncryptedFileRaw** will continue to work on all other versions of Windows (local and remote).| This behavior is expected because we addressed the issue in [CVE-2021-36942](<https://portal.msrc.microsoft.com/security-guidance/advisory/CVE-2021-36942>).**Note** If you cannot use backup software on Windows 7 SP1 and Server 2008 R2 SP1 or later after installing this update, contact the manufacturer of your backup software for updates and support. \nCertain operations, such as **rename**, that you perform on files or folders that are on a Cluster Shared Volume (CSV) may fail with the error, \u201cSTATUS_BAD_IMPERSONATION_LEVEL (0xC00000A5)\u201d. This occurs when you perform the operation on a CSV owner node from a process that doesn\u2019t have administrator privilege.| Do one of the following:\n\n * Perform the operation from a process that has administrator privilege.\n * Perform the operation from a node that doesn\u2019t have CSV ownership.\nMicrosoft is working on a resolution and will provide an update in an upcoming release. \n \n## **How to get this update**\n\n**Before installing this update**We strongly recommend that you install the latest servicing stack update (SSU) for your operating system before installing the latest Rollup. SSUs improve the reliability of the update process to mitigate potential issues while installing the Rollup and applying Microsoft security fixes. For general information about SSUs, see [Servicing stack updates](<https://docs.microsoft.com/en-us/windows/deployment/update/servicing-stack-updates>) and [Servicing Stack Updates (SSU): Frequently Asked Questions](<https://support.microsoft.com/help/4535697>).If you use Windows Update, the latest SSU ([KB5001401](<https://support.microsoft.com/help/5001401>)) will be offered to you automatically. To get the standalone package for the latest SSU, search for it in the [Microsoft Update Catalog](<http://www.catalog.update.microsoft.com/home.aspx>). **REMINDER** If you are using Security-only updates, you will also need to install all previous Security-only updates and the latest cumulative update for Internet Explorer ([KB5005036](<https://support.microsoft.com/help/5005036>)).**Install this update****Release Channel**| **Available**| **Next Step** \n---|---|--- \nWindows Update and Microsoft Update| No| See the other options below. \nMicrosoft Update Catalog| Yes| To get the standalone package for this update, go to the [Microsoft Update Catalog](<https://www.catalog.update.microsoft.com/Search.aspx?q=KBNNNNNNN>) website. \nWindows Server Update Services (WSUS)| Yes| This update will automatically sync with WSUS if you configure **Products and Classifications** as follows:**Product**: Windows Server 2012, Windows Embedded 8 Standard**Classification**: Security Update \n \n## **File information**\n\nFor a list of the files that are provided in this update, download the [file information for update 5005094](<https://download.microsoft.com/download/4/d/f/4dfb503a-e6e6-464c-a027-c7cfe76e0792/5005094.csv>).\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-08-10T07:00:00", "type": "mskb", "title": "August 10, 2021\u2014KB5005094 (Security-only update)", "bulletinFamily": "microsoft", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-34481", "CVE-2021-36937", "CVE-2021-36942"], "modified": "2021-08-10T07:00:00", "id": "KB5005094", "href": "https://support.microsoft.com/en-us/help/5005094", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-05-19T10:52:19", "description": "None\n**Important: **Windows 7 and Windows Server 2008 R2 have reached the end of mainstream support and are now in extended support. Starting in July 2020, there will no longer be optional, non-security releases (known as \"C\" releases) for this operating system. Operating systems in extended support have only cumulative monthly security updates (known as the \"B\" or Update Tuesday release). \n \nVerify that** **you have installed the required updates listed in the **How to get this update** section before installing this update. \n \nFor information about the various types of Windows updates, such as critical, security, driver, service packs, and so on, please see the following [article](<https://support.microsoft.com/help/824684>). To view other notes and messages, see the Windows 7 and Windows Server 2008 R2 update history [home page](<https://support.microsoft.com/help/4009469>).\n\n## **Improvements and fixes**\n\nThis security update includes improvements and fixes that were a part of update [KB5004289](<https://support.microsoft.com/help/5004289>) (released July 13, 2021) and addresses the following issues:\n\n * Changes the default privilege requirement for installing drivers when using Point and Print. After installing this update, you must have administrative privileges to install drivers. If you use Point and Print, see [KB5005652](<https://support.microsoft.com/topic/873642bf-2634-49c5-a23b-6d8e9a302872>), [Point and Print Default Behavior Change](<https://aka.ms/PointPrintMSRCBlog>), and [CVE-2021-34481](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-34481>) for more information.\n * Addresses an issue in which Smart Card Authentication (PIV) fails on non-RFC compliant printers and scanners requiring smartcard authentication. For more information, see [KB5005392](<https://support.microsoft.com/help/5005392>).\n * This update also contains miscellaneous security improvements to internal OS functionality.\nFor more information about the resolved security vulnerabilities, please refer to the new [Security Update Guide](<https://msrc.microsoft.com/update-guide>) website.\n\n## **Known issues in this update**\n\n**How to get this update****Symptom **| **Workaround ** \n---|--- \nAfter installing this update, the Encrypted File System (EFS) API **[OpenEncryptedFileRaw(A/W)](<https://docs.microsoft.com/en-us/windows/win32/api/winbase/nf-winbase-openencryptedfilerawa>)**, often used in backup software, will not work when you back up to or from a Windows Server 2008 SP2 device. **OpenEncryptedFileRaw** will continue to work on all other versions of Windows (local and remote).| This behavior is expected because we addressed the issue in [CVE-2021-36942](<https://portal.msrc.microsoft.com/security-guidance/advisory/CVE-2021-36942>).**Note** If you cannot use backup software on Windows 7 SP1 and Server 2008 R2 SP1 or later after installing this update, contact the manufacturer of your backup software for updates and support. \nAfter installing this update and restarting your device, you might receive the error, \"Failure to configure Windows updates. Reverting Changes. Do not turn off your computer\", and the update might show as **Failed** in **Update History**.| This is expected in the following circumstances:\n\n * If you are installing this update on a device that is running an edition that is not supported for ESU. For a complete list of which editions are supported, see [KB4497181](<https://support.microsoft.com/help/4497181>).\n * If you do not have an ESU MAK add-on key installed and activated.\nIf you have purchased an ESU key and have encountered this issue, please verify you have applied all prerequisites and that your key is activated. For information on activation, please see this [blog](<https://techcommunity.microsoft.com/t5/windows-it-pro-blog/obtaining-extended-security-updates-for-eligible-windows-devices/ba-p/1167091>) post. For information on the prerequisites, see the **How to get this update** section of this article. \nCertain operations, such as **rename**, that you perform on files or folders that are on a Cluster Shared Volume (CSV) may fail with the error, \"STATUS_BAD_IMPERSONATION_LEVEL (0xC00000A5)\". This occurs when you perform the operation on a CSV owner node from a process that doesn\u2019t have administrator privilege.| Do one of the following: \n\n * Perform the operation from a process that has administrator privilege.\n * Perform the operation from a node that doesn\u2019t have CSV ownership.\nMicrosoft is working on a resolution and will provide an update in an upcoming release. \n**Before installing this update****IMPORTANT** Customers who have purchased the Extended Security Update (ESU) for on-premises versions of these operating systems must follow the procedures in [KB4522133](<https://support.microsoft.com/help/4522133>) to continue receiving security updates after extended support ends. Extended support ends as follows:\n\n * For Windows 7 Service Pack 1 and Windows Server 2008 R2 Service Pack 1, extended support ends on January 14, 2020.\n * For Windows Embedded Standard 7, extended support ends on October 13, 2020.\nFor more information about ESU and which editions are supported, see [KB4497181](<https://support.microsoft.com/help/4497181>).**Note** For Windows Embedded Standard 7, Windows Management Instrumentation (WMI) must be enabled to get updates from Windows Update or Windows Server Update Services.**Prerequisite:**You must install the updates listed below and **restart your device** before installing the latest Rollup. Installing these updates improves the reliability of the update process and mitigates potential issues while installing the Rollup and applying Microsoft security fixes.\n\n 1. The March 12, 2019 servicing stack update (SSU) ([KB4490628](<https://support.microsoft.com/help/4490628>)). To get the standalone package for this SSU, search for it in the [Microsoft Update Catalog](<http://www.catalog.update.microsoft.com/home.aspx>). This update is required to install updates that are only SHA-2 signed.\n 2. The latest SHA-2 update ([KB4474419](<https://support.microsoft.com/help/4474419>)) released September 10, 2019. If you are using Windows Update, the latest SHA-2 update will be offered to you automatically. This update is required to install updates that are only SHA-2 signed. For more information on SHA-2 updates, see [2019 SHA-2 Code Signing Support requirement for Windows and WSUS](<https://support.microsoft.com/help/4472027>).\n 3. For Windows Thin PC, you must have the August 11, 2020 SSU ([KB4570673](<https://support.microsoft.com/help/4570673>)) or a later SSU installed to make sure you continue to get the extended security updates starting with the October 13, 2020 updates.\n 4. To get this security update, you must reinstall the \"Extended Security Updates (ESU) Licensing Preparation Package\" ([KB4538483](<https://support.microsoft.com/help/4538483>)) or the \"Update for the Extended Security Updates (ESU) Licensing Preparation Package\" ([KB4575903](<https://support.microsoft.com/help/4575903>)) even if you previously installed the ESU key. The ESU licensing preparation package will be offered to you from WSUS. To get the standalone package for ESU licensing preparation package, search for it in the [Microsoft Update Catalog](<http://www.catalog.update.microsoft.com/home.aspx>).\nAfter you install the items above, we strongly recommend that you install the latest SSU ([KB5004378](<https://support.microsoft.com/help/5004378>)). If you are using Windows Update, the latest SSU will be offered to you automatically if you are an ESU customer. To get the standalone package for the latest SSU, search for it in the [Microsoft Update Catalog](<http://www.catalog.update.microsoft.com/home.aspx>). For general information about SSUs, see [Servicing stack updates](<https://docs.microsoft.com/en-us/windows/deployment/update/servicing-stack-updates>) and [Servicing Stack Updates (SSU): Frequently Asked Questions](<https://support.microsoft.com/help/4535697>).**Install this update****Release Channel**| **Available**| **Next Step** \n---|---|--- \nWindows Update and Microsoft Update| Yes| None. This update will be downloaded and installed automatically from Windows Update if you are an ESU customer. \nMicrosoft Update Catalog| Yes| To get the standalone package for this update, go to the [Microsoft Update Catalog](<https://www.catalog.update.microsoft.com/Search.aspx?q=KB5005088>) website. \nWindows Server Update Services (WSUS)| Yes| This update will automatically sync with WSUS if you configure **Products and Classifications** as follows:**Product**: Windows 7 Service Pack 1, Windows Server 2008 R2 Service Pack 1, Windows Embedded Standard 7 Service Pack 1, Windows Embedded POSReady 7, Windows Thin PC**Classification**: Security Updates \n \n## **File information**\n\nFor a list of the files that are provided in this update, download the [file information for update 5005088](<https://download.microsoft.com/download/5/1/c/51cfa686-f644-4875-b76b-610d21809361/5005088.csv>).\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-08-10T07:00:00", "type": "mskb", "title": "August 10, 2021\u2014KB5005088 (Monthly Rollup)", "bulletinFamily": "microsoft", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-34481", "CVE-2021-36937", "CVE-2021-36942"], "modified": "2021-08-10T07:00:00", "id": "KB5005088", "href": "https://support.microsoft.com/en-us/help/5005088", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-05-19T10:52:20", "description": "None\n**Important: **Windows Server 2008 Service Pack 2 (SP2) has reached the end of mainstream support and is now in extended support. Starting in July 2020, there will no longer be optional, non-security releases (known as \"C\" releases) for this operating system. Operating systems in extended support have only cumulative monthly security updates (known as the \"B\" or Update Tuesday release). \n \nVerify that** **you have installed the required updates listed in the **How to get this update** section before installing this update. \n \nFor information about the various types of Windows updates, such as critical, security, driver, service packs, and so on, please see the following [article](<https://support.microsoft.com/help/824684>). To view other notes and messages, see the Windows Server 2008 Service Pack 2 update history [home page](<https://support.microsoft.com/help/4343218>).\n\n## **Improvements and fixes**\n\nThis security update includes improvements and fixes that were a part of update [KB5004305](<https://support.microsoft.com/help/5004305>) (released July 13, 2021) and addresses the following issues:\n\n * Changes the default privilege requirement for installing drivers when using Point and Print. After installing this update, you must have administrative privileges to install drivers. If you use Point and Print, see [KB5005652](<https://support.microsoft.com/topic/873642bf-2634-49c5-a23b-6d8e9a302872>), [Point and Print Default Behavior Change](<https://aka.ms/PointPrintMSRCBlog>), and [CVE-2021-34481](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-34481>) for more information.\n * Addresses an issue in which Smart Card Authentication (PIV) fails on non-RFC compliant printers and scanners requiring smartcard authentication. For more information, see [KB5005390.](<https://support.microsoft.com/help/5005390>)\n * This update also contains miscellaneous security improvements to internal OS functionality.\nFor more information about the resolved security vulnerabilities, please refer to the new [Security Update Guide](<https://msrc.microsoft.com/update-guide>) website.\n\n## **Known issues in this update**\n\n**Symptom**| **Workaround** \n---|--- \nAfter installing this update, the Encrypted File System (EFS) API **[OpenEncryptedFileRaw(A/W)](<https://docs.microsoft.com/en-us/windows/win32/api/winbase/nf-winbase-openencryptedfilerawa>)**, often used in backup software, will not work when you back up to or from a Windows Server 2008 SP2 device. **OpenEncryptedFileRaw** will continue to work on all other versions of Windows (local and remote).| This behavior is expected because we addressed the issue in [CVE-2021-36942](<https://portal.msrc.microsoft.com/security-guidance/advisory/CVE-2021-36942>).**Note** If you cannot use backup software on Windows 7 SP1 and Server 2008 R2 SP1 or later after installing this update, contact the manufacturer of your backup software for updates and support. \nAfter installing this update and restarting your device, you might receive the error, \u201cFailure to configure Windows updates. Reverting Changes. Do not turn off your computer\u201d, and the update might show as **Failed** in **Update History**.| This is expected in the following circumstances:\n\n * If you are installing this update on a device that is running an edition that is not supported for ESU. For a complete list of which editions are supported, see [KB4497181](<https://support.microsoft.com/help/4497181>).\n * If you do not have an ESU MAK add-on key installed and activated.\nIf you have purchased an ESU key and have encountered this issue, please verify you have applied all prerequisites and that your key is activated. For information on activation, please see this [blog](<https://aka.ms/Windows7ESU>) post. For information on the prerequisites, see the \"How to get this update\" section of this article. \nCertain operations, such as **rename**, that you perform on files or folders that are on a Cluster Shared Volume (CSV) may fail with the error, \u201cSTATUS_BAD_IMPERSONATION_LEVEL (0xC00000A5)\u201d. This occurs when you perform the operation on a CSV owner node from a process that doesn\u2019t have administrator privilege.| Do one of the following:\n\n * Perform the operation from a process that has administrator privilege.\n * Perform the operation from a node that doesn\u2019t have CSV ownership.\nMicrosoft is working on a resolution and will provide an update in an upcoming release. \n \n## **How to get this update**\n\n**Before installing this update****IMPORTANT** Customers who have purchased the Extended Security Update (ESU) for on-premises versions of these operating systems must follow the procedures in [KB4522133](<https://support.microsoft.com/help/4522133>) to continue receiving security updates after extended support ends on January 14, 2020.For more information about ESU and which editions are supported, see [KB4497181](<https://support.microsoft.com/help/4497181>).**Prerequisite:**You must install the updates listed below and **restart your device** before installing the latest Rollup. Installing these updates improves the reliability of the update process and mitigates potential issues while installing the Rollup and applying Microsoft security fixes.\n\n 1. The April 9, 2019 servicing stack update (SSU) ([KB4493730](<https://support.microsoft.com/help/4493730>)). To get the standalone package for this SSU, search for it in the [Microsoft Update Catalog](<http://www.catalog.update.microsoft.com/home.aspx>). This update is required to install updates that are only SHA-2 signed.\n 2. The latest SHA-2 update ([KB4474419](<https://support.microsoft.com/help/4474419>)) released October 8, 2019. If you are using Windows Update, the latest SHA-2 update will be offered to you automatically. This update is required to install updates that are only SHA-2 signed. For more information on SHA-2 updates, see [2019 SHA-2 Code Signing Support requirement for Windows and WSUS](<https://support.microsoft.com/help/4472027>).\n 3. The Extended Security Updates (ESU) Licensing Preparation Package ([KB4538484](<https://support.microsoft.com/help/4538484>)) or the Update for the Extended Security Updates (ESU) Licensing Preparation Package ([KB4575904](<https://support.microsoft.com/help/4575904>)). The ESU licensing preparation package will be offered to you from WSUS. To get the standalone package for ESU licensing preparation package, search for it in the [Microsoft Update Catalog](<http://www.catalog.update.microsoft.com/home.aspx>).\nAfter installing the items above, Microsoft strongly recommends that you install the latest SSU ([KB4580971](<https://support.microsoft.com/help/4580971>)). If you are using Windows Update, the latest SSU will be offered to you automatically if you are an ESU customer. To get the standalone package for the latest SSU, search for it in the [Microsoft Update Catalog](<http://www.catalog.update.microsoft.com/home.aspx>). For general information about SSUs, see [Servicing stack updates](<https://docs.microsoft.com/en-us/windows/deployment/update/servicing-stack-updates>) and [Servicing Stack Updates (SSU): Frequently Asked Questions](<https://support.microsoft.com/help/4535697>).**Install this update****Release Channel**| **Available**| **Next Step** \n---|---|--- \nWindows Update and Microsoft Update| Yes| None. This update will be downloaded and installed automatically from Windows Update if you are an ESU customer. \nMicrosoft Update Catalog| Yes| To get the standalone package for this update, go to the [Microsoft Update Catalog](<https://www.catalog.update.microsoft.com/Search.aspx?q=KB5005090>) website. \nWindows Server Update Services (WSUS)| Yes| This update will automatically sync with WSUS if you configure **Products and Classifications** as follows:**Product**: Windows Server 2008 Service Pack 2**Classification**: Security Updates \n \n## **File information**\n\nFor a list of the files that are provided in this update, download the [file information for update 5005090](<https://download.microsoft.com/download/3/e/d/3ed5bcad-9cd8-4084-860a-0eeff78ed341/5005090.csv>).\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-08-10T07:00:00", "type": "mskb", "title": "August 10, 2021\u2014KB5005090 (Monthly Rollup)", "bulletinFamily": "microsoft", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-34481", "CVE-2021-36937", "CVE-2021-36942"], "modified": "2021-08-10T07:00:00", "id": "KB5005090", "href": "https://support.microsoft.com/en-us/help/5005090", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-05-19T10:52:21", "description": "None\n**Important: **Windows 8.1 and Windows Server 2012 R2 have reached the end of mainstream support and are now in extended support. Starting in July 2020, there will no longer be optional, non-security releases (known as \"C\" releases) for this operating system. Operating systems in extended support have only cumulative monthly security updates (known as the \"B\" or Update Tuesday release). \n \nFor information about the various types of Windows updates, such as critical, security, driver, service packs, and so on, please see the following [article](<https://support.microsoft.com/help/824684>). To view other notes and messages, see the Windows 8.1 and Windows Server 2012 R2 update history [home page](<https://support.microsoft.com/help/4009470>).\n\n## **Improvements and fixes**\n\nThis security update includes quality improvements. Key changes include:\n\n * Changes the default privilege requirement for installing drivers when using Point and Print. After installing this update, you must have administrative privileges to install drivers. If you use Point and Print, see [KB5005652](<https://support.microsoft.com/topic/873642bf-2634-49c5-a23b-6d8e9a302872>), [Point and Print Default Behavior Change](<https://aka.ms/PointPrintMSRCBlog>), and [CVE-2021-34481](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-34481>) for more information.\n * Addresses an issue in which Smart Card Authentication (PIV) fails on non-RFC compliant printers and scanners requiring smartcard authentication. For more information, see [KB5005391](<https://support.microsoft.com/help/5005391>)\n * This update also contains miscellaneous security improvements to internal OS functionality.\nFor more information about the resolved security vulnerabilities, please refer to the new [Security Update Guide](<https://msrc.microsoft.com/update-guide>) website.\n\n## **Known issues in this update**\n\n**Symptom**| **Workaround** \n---|--- \nAfter installing this update, the Encrypted File System (EFS) API **[OpenEncryptedFileRaw(A/W)](<https://docs.microsoft.com/en-us/windows/win32/api/winbase/nf-winbase-openencryptedfilerawa>)**, often used in backup software, will not work when you back up to or from a Windows Server 2008 SP2 device. **OpenEncryptedFileRaw** will continue to work on all other versions of Windows (local and remote).| This behavior is expected because we addressed the issue in [CVE-2021-36942](<https://portal.msrc.microsoft.com/security-guidance/advisory/CVE-2021-36942>).**Note** If you cannot use backup software on Windows 7 SP1 and Server 2008 R2 SP1 or later after installing this update, contact the manufacturer of your backup software for updates and support. \nCertain operations, such as **rename**, that you perform on files or folders that are on a Cluster Shared Volume (CSV) may fail with the error, \u201cSTATUS_BAD_IMPERSONATION_LEVEL (0xC00000A5)\u201d. This occurs when you perform the operation on a CSV owner node from a process that doesn\u2019t have administrator privilege.| Do one of the following:\n\n * Perform the operation from a process that has administrator privilege.\n * Perform the operation from a node that doesn\u2019t have CSV ownership.\nMicrosoft is working on a resolution and will provide an update in an upcoming release. \n \n## **How to get this update**\n\n**Before installing this update**We strongly recommend that you install the latest servicing stack update (SSU) for your operating system before you install the latest Rollup. SSUs improve the reliability of the update process to mitigate potential issues while installing the Rollup and applying Microsoft security fixes. For general information about SSUs, see [Servicing stack updates](<https://docs.microsoft.com/en-us/windows/deployment/update/servicing-stack-updates>) and [Servicing Stack Updates (SSU): Frequently Asked Questions](<https://support.microsoft.com/help/4535697>).If you use Windows Update, the latest SSU ([KB5001403](<https://support.microsoft.com/help/5001403>)) will be offered to you automatically. To get the standalone package for the latest SSU, search for it in the [Microsoft Update Catalog](<http://www.catalog.update.microsoft.com/home.aspx>). **REMINDER** If you are using Security-only updates, you will also need to install all previous Security-only updates and the latest cumulative update for Internet Explorer ([KB5005036](<https://support.microsoft.com/help/5005036>)).**Install this update****Release Channel**| **Available**| **Next Step** \n---|---|--- \nWindows Update and Microsoft Update| No| See the other options below. \nMicrosoft Update Catalog| Yes| To get the standalone package for this update, go to the [Microsoft Update Catalog](<https://www.catalog.update.microsoft.com/Search.aspx?q=KB5005106>) website. \nWindows Server Update Services (WSUS)| Yes| This update will automatically sync with WSUS if you configure **Products and Classifications** as follows:**Product**: Windows 8.1, Windows Server 2012 R2, Windows Embedded 8.1 Industry Enterprise, Windows Embedded 8.1 Industry Pro**Classification**: Security Update \n \n## **File information**\n\nFor a list of the files that are provided in this update, download the [file information for update 5005106](<https://download.microsoft.com/download/b/d/a/bda94068-ca0a-4edd-825a-7874cd775e75/5005106.csv>). \n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-08-10T07:00:00", "type": "mskb", "title": "August 10, 2021\u2014KB5005106 (Security-only update)", "bulletinFamily": "microsoft", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-34481", "CVE-2021-36937", "CVE-2021-36942"], "modified": "2021-08-10T07:00:00", "id": "KB5005106", "href": "https://support.microsoft.com/en-us/help/5005106", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-05-19T10:52:19", "description": "None\n**7/13/21 \nIMPORTANT **This release includes the Flash Removal Package. Taking this update will remove Adobe Flash from the machine. For more information, see the [Update on Adobe Flash Player End of Support](<https://blogs.windows.com/msedgedev/2020/09/04/update-adobe-flash-end-support/>). \n\n**11/19/20** \nFor information about Windows update terminology, see the article about the [types of Windows updates](<https://docs.microsoft.com/en-us/troubleshoot/windows-client/deployment/standard-terminology-software-updates>) and the [monthly quality update types](<https://techcommunity.microsoft.com/t5/windows-it-pro-blog/windows-quality-updates-primer/ba-p/2569385>). To view other notes and messages, see the Windows 10, version 1607 update history home page. \n\n## Highlights\n\n * Updates an issue that renders some Yu Gothic and Yu Mincho characters incorrectly in vertical writing mode. \n * Updates an issue with zoom that occurs when you use Microsoft Edge IE Mode on devices that use multiple high-DPI monitors.\n * Updates the default installation privilege requirement so that you must be an administrator to install drivers when using [Point and Print](<https://docs.microsoft.com/en-us/windows-hardware/drivers/print/introduction-to-point-and-print>). \n\n## Improvements and fixes\n\nThis security update includes quality improvements. Key changes include:\n\n * Addresses an issue that renders some Yu Gothic and Yu Mincho characters incorrectly in vertical writing mode.\n * Addresses an issue with zoom that occurs when using Microsoft Edge IE Mode on devices that use multiple high-DPI monitors.\n * Addresses an issue that causes Windows to stop working when it uses AppLocker to validate a file that has multiple signatures. The error is 0x3B.\n * Changes the default privilege requirement for installing drivers when using Point and Print. After installing this update, you must have administrative privileges to install drivers. If you use Point and Print, see [KB5005652](<https://support.microsoft.com/topic/873642bf-2634-49c5-a23b-6d8e9a302872>), [Point and Print Default Behavior Change](<https://aka.ms/PointPrintMSRCBlog>), and [CVE-2021-34481](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-34481>) for more information.\n * Addresses an issue with Administrative Template settings you configure using a Group Policy Object (GPO). When you change the value of the policy settings to NOT CONFIGURED, the system continues to apply the previous settings instead of removing them. This issue occurs after installing the June 2020 or later updates and is most noticeable with roaming user profiles.\n * Addresses an issue in which an extra dereference against a sign in session causes **lsass.exe** to stop working after the user signs out.\nIf you installed earlier updates, only the new fixes contained in this package will be downloaded and installed on your device.For more information about the resolved security vulnerabilities, please refer to the new [Security Update Guide](<https://msrc.microsoft.com/update-guide>) website.\n\n**Windows Update Improvements**Microsoft has released an update directly to the Windows Update client to improve reliability. Any device running Windows 10 configured to receive updates automatically from Windows Update, including Enterprise and Pro editions, will be offered the latest Windows 10 feature update based on device compatibility and Windows Update for Business deferral policy. This doesn't apply to long-term servicing editions.\n\n## Known issues in this update\n\n### \n\n__\n\nClick or tap to view the known issues\n\n**Symptom**| **Workaround** \n---|--- \nAfter installing this update, the Encrypted File System (EFS) API [OpenEncryptedFileRaw(A/W)](<https://docs.microsoft.com/en-us/windows/win32/api/winbase/nf-winbase-openencryptedfilerawa>), often used in backup software, will not work when you back up to or from a Windows Server 2008 SP2 device. OpenEncryptedFileRaw will continue to work on all other versions of Windows (local and remote).| This behavior is expected because we addressed the issue in CVE-2021-36942.**Note** If you cannot use backup software on Windows 7 SP1 and Server 2008 R2 SP1 or later after installing this update, contact the manufacturer of your backup software for updates and support. \nAfter installing updates released April 22, 2021 or later, an issue occurs that affects versions of Windows Server that are in use as a Key Management Services (KMS) host. Client devices running Windows 10 Enterprise LTSC 2019 and Windows 10 Enterprise LTSC 2016 might fail to activate. This issue only occurs when using a new Customer Support Volume License Key (CSVLK). **Note** This does not affect activation of any other version or edition of Windows. Client devices that are attempting to activate and are affected by this issue might receive the error, \"Error: 0xC004F074. The Software Licensing Service reported that the computer could not be activated. No Key Management Service (KMS) could be contacted. Please see the Application Event Log for additional information.\"Event Log entries related to activation are another way to tell that you might be affected by this issue. Open **Event Viewer **on the client device that failed activation and go to **Windows Logs **> **Application**. If you see only event ID 12288 without a corresponding event ID 12289, this means one of the following:\n\n * The KMS client could not reach the KMS host.\n * The KMS host did not respond.\n * The client did not receive the response.\nFor more information on these event IDs, see [Useful KMS client events - Event ID 12288 and Event ID 12289](<https://docs.microsoft.com/windows-server/get-started/activation-troubleshoot-kms-general#event-id-12288-and-event-id-12289>).| This issue is resolved in KB5010359. \n \n## How to get this update\n\n**Before installing this update**Microsoft strongly recommends you install the latest servicing stack update (SSU) for your operating system before installing the latest cumulative update (LCU). SSUs improve the reliability of the update process to mitigate potential issues while installing the LCU and applying Microsoft security fixes. For general information about SSUs, see [Servicing stack updates](<https://docs.microsoft.com/en-us/windows/deployment/update/servicing-stack-updates>) and Servicing Stack Updates (SSU): Frequently Asked Questions.If you are using Windows Update, the latest SSU (KB5001402) will be offered to you automatically. To get the standalone package for the latest SSU, search for it in the [Microsoft Update Catalog](<http://www.catalog.update.microsoft.com/home.aspx>). **Install this update****Release Channel**| **Available**| **Next Step** \n---|---|--- \nWindows Update and Microsoft Update| Yes| None. This update will be downloaded and installed automatically from Windows Update. \nWindows Update for Business| Yes| None. This update will be downloaded and installed automatically from Windows Update in accordance with configured policies. \nMicrosoft Update Catalog| Yes| To get the standalone package for this update, go to the [Microsoft Update Catalog](<https://www.catalog.update.microsoft.com/Search.aspx?q=KB5005043>) website. \nWindows Server Update Services (WSUS)| Yes| This update will automatically sync with WSUS if you configure **Products and Classifications** as follows:**Product**: Windows 10**Classification**: Security Updates \n**File information**For a list of the files that are provided in this update, download the [file information for cumulative update 5005043](<https://download.microsoft.com/download/c/8/4/c84ac030-6839-4436-9f81-8090e3f21e79/5005043.csv>).\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-08-10T07:00:00", "type": "mskb", "title": "August 10, 2021\u2014KB5005043 (OS Build 14393.4583)", "bulletinFamily": "microsoft", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-34481", "CVE-2021-36938", "CVE-2021-36942"], "modified": "2021-08-10T07:00:00", "id": "KB5005043", "href": "https://support.microsoft.com/en-us/help/5005043", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "kaspersky": [{"lastseen": "2023-05-27T14:58:15", "description": "### *Detect date*:\n08/10/2021\n\n### *Severity*:\nCritical\n\n### *Description*:\nMultiple vulnerabilities were found in Microsoft Products (Extended Security Update). Malicious users can exploit these vulnerabilities to execute arbitrary code, gain privileges, spoof user interface, cause denial of service.\n\n### *Exploitation*:\nMalware exists for this vulnerability. Usually such malware is classified as Exploit. [More details](<https://threats.kaspersky.com/en/class/Exploit/>).\n\n### *Affected products*:\nWindows 10 Version 1607 for 32-bit Systems \nWindows 10 Version 20H2 for x64-based Systems \nWindows Server 2008 R2 for x64-based Systems Service Pack 1 \nWindows Server 2008 for 32-bit Systems Service Pack 2 \nWindows 8.1 for 32-bit systems \nWindows Server 2016 (Server Core installation) \nWindows 10 Version 1909 for ARM64-based Systems \nWindows Server 2019 (Server Core installation) \nWindows 10 Version 1809 for 32-bit Systems \nWindows 10 for x64-based Systems \nWindows Server 2012 (Server Core installation) \nWindows 7 for 32-bit Systems Service Pack 1 \nWindows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) \nWindows 10 Version 2004 for ARM64-based Systems \nWindows 10 Version 1909 for 32-bit Systems \nWindows Server 2019 \nWindows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) \nWindows 10 Version 1607 for x64-based Systems \nWindows Server 2008 for x64-based Systems Service Pack 2 \nWindows 10 Version 1809 for x64-based Systems \nWindows 10 for 32-bit Systems \nWindows 10 Version 20H2 for 32-bit Systems \nWindows Server, version 20H2 (Server Core Installation) \nWindows Server 2012 R2 \nWindows 10 Version 2004 for x64-based Systems \nWindows 10 Version 21H1 for 32-bit Systems \nWindows Server 2016 \nWindows RT 8.1 \nWindows 10 Version 21H1 for ARM64-based Systems \nWindows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) \nWindows 10 Version 20H2 for ARM64-based Systems \nWindows Server 2012 \nWindows 8.1 for x64-based systems \nRemote Desktop client for Windows Desktop \nWindows 7 for x64-based Systems Service Pack 1 \nWindows 10 Version 1909 for x64-based Systems \nWindows 10 Version 2004 for 32-bit Systems \nWindows 10 Version 1809 for ARM64-based Systems \nWindows 10 Version 21H1 for x64-based Systems \nWindows Server 2012 R2 (Server Core installation) \nWindows Server, version 2004 (Server Core installation)\n\n### *Solution*:\nInstall necessary updates from the KB section, that are listed in your Windows Update (Windows Update usually can be accessed from the Control Panel)\n\n### *Original advisories*:\n[CVE-2021-34533](<https://nvd.nist.gov/vuln/detail/CVE-2021-34533>) \n[CVE-2021-26424](<https://nvd.nist.gov/vuln/detail/CVE-2021-26424>) \n[CVE-2021-34537](<https://nvd.nist.gov/vuln/detail/CVE-2021-34537>) \n[CVE-2021-26425](<https://nvd.nist.gov/vuln/detail/CVE-2021-26425>) \n[CVE-2021-36936](<https://nvd.nist.gov/vuln/detail/CVE-2021-36936>) \n[CVE-2021-34483](<https://nvd.nist.gov/vuln/detail/CVE-2021-34483>) \n[CVE-2021-36937](<https://nvd.nist.gov/vuln/detail/CVE-2021-36937>) \n[CVE-2021-36942](<https://nvd.nist.gov/vuln/detail/CVE-2021-36942>) \n[CVE-2021-36947](<https://nvd.nist.gov/vuln/detail/CVE-2021-36947>) \n[CVE-2021-34484](<https://nvd.nist.gov/vuln/detail/CVE-2021-34484>) \n[CVE-2021-34535](<https://nvd.nist.gov/vuln/detail/CVE-2021-34535>) \n[CVE-2021-36927](<https://nvd.nist.gov/vuln/detail/CVE-2021-36927>) \n[CVE-2021-34480](<https://nvd.nist.gov/vuln/detail/CVE-2021-34480>) \n\n\n### *Impacts*:\nACE \n\n### *Related products*:\n[Microsoft Windows](<https://threats.kaspersky.com/en/product/Microsoft-Windows/>)\n\n### *KB list*:\n[5005090](<http://support.microsoft.com/kb/5005090>) \n[5005089](<http://support.microsoft.com/kb/5005089>) \n[5005036](<http://support.microsoft.com/kb/5005036>) \n[5005095](<http://support.microsoft.com/kb/5005095>) \n[5005088](<http://support.microsoft.com/kb/5005088>) \n[5011525](<http://support.microsoft.com/kb/5011525>) \n[5011534](<http://support.microsoft.com/kb/5011534>) \n[5011552](<http://support.microsoft.com/kb/5011552>) \n[5011529](<http://support.microsoft.com/kb/5011529>)\n\n### *Microsoft official advisories*:", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-08-10T00:00:00", "type": "kaspersky", "title": "KLA12250 Multiple vulnerabilities in Microsoft Products (ESU)", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-26424", "CVE-2021-26425", "CVE-2021-34480", "CVE-2021-34483", "CVE-2021-34484", "CVE-2021-34533", "CVE-2021-34535", "CVE-2021-34537", "CVE-2021-36927", "CVE-2021-36936", "CVE-2021-36937", "CVE-2021-36942", "CVE-2021-36947"], "modified": "2022-03-09T00:00:00", "id": "KLA12250", "href": "https://threats.kaspersky.com/en/vulnerability/KLA12250/", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-05-27T14:57:59", "description": "### *Detect date*:\n08/10/2021\n\n### *Severity*:\nCritical\n\n### *Description*:\nMultiple vulnerabilities were found in Microsoft Windows. Malicious users can exploit these vulnerabilities to execute arbitrary code, gain privileges, spoof user interface, cause denial of service, obtain sensitive information.\n\n### *Exploitation*:\nMalware exists for this vulnerability. Usually such malware is classified as Exploit. [More details](<https://threats.kaspersky.com/en/class/Exploit/>).\n\n### *Affected products*:\nWindows 10 Version 1607 for 32-bit Systems \nWindows 10 Version 20H2 for x64-based Systems \nWindows 10 Version 1909 for ARM64-based Systems \nWindows Server 2008 R2 for x64-based Systems Service Pack 1 \nWindows Server 2008 for 32-bit Systems Service Pack 2 \nWindows 8.1 for 32-bit systems \nWindows Server 2019 (Server Core installation) \nWindows 10 Version 1809 for 32-bit Systems \nWindows Server 2016 (Server Core installation) \nWindows 10 for x64-based Systems \nWindows Server 2012 (Server Core installation) \nWindows 7 for 32-bit Systems Service Pack 1 \nWindows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) \nWindows 10 Version 2004 for ARM64-based Systems \nWindows 10 Version 1909 for 32-bit Systems \nWindows Server 2019 \nWindows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) \nWindows 10 Version 1607 for x64-based Systems \nWindows Server 2008 for x64-based Systems Service Pack 2 \nWindows 10 Version 1809 for x64-based Systems \nWindows 10 for 32-bit Systems \nWindows 10 Version 20H2 for 32-bit Systems \nWindows Server, version 20H2 (Server Core Installation) \nWindows 10 Version 2004 for x64-based Systems \nWindows Server 2012 R2 \nWindows 10 Version 21H1 for 32-bit Systems \nWindows Server 2016 \nWindows RT 8.1 \nWindows 10 Version 21H1 for ARM64-based Systems \nWindows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) \nWindows 10 Version 20H2 for ARM64-based Systems \nWindows Server 2012 \nWindows 8.1 for x64-based systems \nRemote Desktop client for Windows Desktop \nWindows 7 for x64-based Systems Service Pack 1 \nWindows 10 Version 1909 for x64-based Systems \nWindows 10 Version 2004 for 32-bit Systems \nWindows 10 Version 1809 for ARM64-based Systems \nWindows 10 Version 21H1 for x64-based Systems \nWindows Server 2012 R2 (Server Core installation) \nWindows Server, version 2004 (Server Core installation)\n\n### *Solution*:\nInstall necessary updates from the KB section, that are listed in your Windows Update (Windows Update usually can be accessed from the Control Panel)\n\n### *Original advisories*:\n[CVE-2021-36948](<https://nvd.nist.gov/vuln/detail/CVE-2021-36948>) \n[CVE-2021-26424](<https://nvd.nist.gov/vuln/detail/CVE-2021-26424>) \n[CVE-2021-26433](<https://nvd.nist.gov/vuln/detail/CVE-2021-26433>) \n[CVE-2021-36945](<https://nvd.nist.gov/vuln/detail/CVE-2021-36945>) \n[CVE-2021-26432](<https://nvd.nist.gov/vuln/detail/CVE-2021-26432>) \n[CVE-2021-36926](<https://nvd.nist.gov/vuln/detail/CVE-2021-36926>) \n[CVE-2021-36942](<https://nvd.nist.gov/vuln/detail/CVE-2021-36942>) \n[CVE-2021-36947](<https://nvd.nist.gov/vuln/detail/CVE-2021-36947>) \n[CVE-2021-34487](<https://nvd.nist.gov/vuln/detail/CVE-2021-34487>) \n[CVE-2021-34530](<https://nvd.nist.gov/vuln/detail/CVE-2021-34530>) \n[CVE-2021-34480](<https://nvd.nist.gov/vuln/detail/CVE-2021-34480>) \n[CVE-2021-34534](<https://nvd.nist.gov/vuln/detail/CVE-2021-34534>) \n[CVE-2021-36927](<https://nvd.nist.gov/vuln/detail/CVE-2021-36927>) \n[CVE-2021-34486](<https://nvd.nist.gov/vuln/detail/CVE-2021-34486>) \n[CVE-2021-36932](<https://nvd.nist.gov/vuln/detail/CVE-2021-36932>) \n[CVE-2021-34533](<https://nvd.nist.gov/vuln/detail/CVE-2021-34533>) \n[CVE-2021-34537](<https://nvd.nist.gov/vuln/detail/CVE-2021-34537>) \n[CVE-2021-36937](<https://nvd.nist.gov/vuln/detail/CVE-2021-36937>) \n[CVE-2021-36936](<https://nvd.nist.gov/vuln/detail/CVE-2021-36936>) \n[CVE-2021-26425](<https://nvd.nist.gov/vuln/detail/CVE-2021-26425>) \n[CVE-2021-34483](<https://nvd.nist.gov/vuln/detail/CVE-2021-34483>) \n[CVE-2021-26431](<https://nvd.nist.gov/vuln/detail/CVE-2021-26431>) \n[CVE-2021-26426](<https://nvd.nist.gov/vuln/detail/CVE-2021-26426>) \n[CVE-2021-34536](<https://nvd.nist.gov/vuln/detail/CVE-2021-34536>) \n[CVE-2021-34484](<https://nvd.nist.gov/vuln/detail/CVE-2021-34484>) \n[CVE-2021-34535](<https://nvd.nist.gov/vuln/detail/CVE-2021-34535>) \n[CVE-2021-36933](<https://nvd.nist.gov/vuln/detail/CVE-2021-36933>) \n[CVE-2021-36938](<https://nvd.nist.gov/vuln/detail/CVE-2021-36938>) \n\n\n### *Impacts*:\nACE \n\n### *Related products*:\n[Microsoft Windows](<https://threats.kaspersky.com/en/product/Microsoft-Windows/>)\n\n### *KB list*:\n[4023814](<http://support.microsoft.com/kb/4023814>) \n[5005036](<http://support.microsoft.com/kb/5005036>) \n[5005031](<http://support.microsoft.com/kb/5005031>) \n[5005033](<http://support.microsoft.com/kb/5005033>) \n[5005030](<http://support.microsoft.com/kb/5005030>) \n[5005106](<http://support.microsoft.com/kb/5005106>) \n[5005040](<http://support.microsoft.com/kb/5005040>) \n[5005099](<http://support.microsoft.com/kb/5005099>) \n[5005043](<http://support.microsoft.com/kb/5005043>) \n[5005076](<http://support.microsoft.com/kb/5005076>) \n[5005094](<http://support.microsoft.com/kb/5005094>) \n[5011535](<http://support.microsoft.com/kb/5011535>) \n[5011564](<http://support.microsoft.com/kb/5011564>) \n[5011560](<http://support.microsoft.com/kb/5011560>) \n[5011527](<http://support.microsoft.com/kb/5011527>)\n\n### *Microsoft official advisories*:", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-08-10T00:00:00", "type": "kaspersky", "title": "KLA12259 Multiple vulnerabilities in Microsoft Windows", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-26424", "CVE-2021-26425", "CVE-2021-26426", "CVE-2021-26431", "CVE-2021-26432", "CVE-2021-26433", "CVE-2021-34480", "CVE-2021-34483", "CVE-2021-34484", "CVE-2021-34486", "CVE-2021-34487", "CVE-2021-34530", "CVE-2021-34533", "CVE-2021-34534", "CVE-2021-34535", "CVE-2021-34536", "CVE-2021-34537", "CVE-2021-36926", "CVE-2021-36927", "CVE-2021-36932", "CVE-2021-36933", "CVE-2021-36936", "CVE-2021-36937", "CVE-2021-36938", "CVE-2021-36942", "CVE-2021-36945", "CVE-2021-36947", "CVE-2021-36948"], "modified": "2022-10-18T00:00:00", "id": "KLA12259", "href": "https://threats.kaspersky.com/en/vulnerability/KLA12259/", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "cve": [{"lastseen": "2023-05-23T15:30:41", "description": "Windows MSHTML Platform Remote Code Execution Vulnerability", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2021-08-12T18:15:00", "type": "cve", "title": "CVE-2021-34534", "cwe": ["NVD-CWE-noinfo"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 4.9, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "HIGH", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 5.1, "vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-34534"], "modified": "2021-08-23T21:05:00", "cpe": ["cpe:/o:microsoft:windows_10:2004", "cpe:/o:microsoft:windows_10:1809", "cpe:/o:microsoft:windows_server_2019:-", "cpe:/o:microsoft:windows_10:21h1", "cpe:/o:microsoft:windows_10:1607", "cpe:/o:microsoft:windows_10:20h2", "cpe:/o:microsoft:windows_10:-", "cpe:/o:microsoft:windows_10:1909", "cpe:/o:microsoft:windows_server_2016:-"], "id": "CVE-2021-34534", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-34534", "cvss": {"score": 5.1, "vector": "AV:N/AC:H/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:o:microsoft:windows_10:20h2:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1909:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:2004:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2019:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1607:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:21h1:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1809:*:*:*:*:*:*:*"]}, {"lastseen": "2023-05-23T15:30:41", "description": "Windows Graphics Component Remote Code Execution Vulnerability", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2021-08-12T18:15:00", "type": "cve", "title": "CVE-2021-34530", "cwe": ["NVD-CWE-noinfo"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-34530"], "modified": "2021-08-23T20:47:00", "cpe": ["cpe:/o:microsoft:windows_10:2004", "cpe:/o:microsoft:windows_10:1809", "cpe:/o:microsoft:windows_server_2019:-", "cpe:/o:microsoft:windows_10:21h1", "cpe:/o:microsoft:windows_10:1607", "cpe:/o:microsoft:windows_10:20h2", "cpe:/o:microsoft:windows_10:-", "cpe:/o:microsoft:windows_10:1909", "cpe:/o:microsoft:windows_server_2016:20h2", "cpe:/o:microsoft:windows_server_2016:2004", "cpe:/o:microsoft:windows_server_2016:-"], "id": "CVE-2021-34530", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-34530", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:o:microsoft:windows_10:20h2:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:20h2:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1909:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:2004:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:21h1:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2019:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1607:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:2004:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1809:*:*:*:*:*:*:*"]}, {"lastseen": "2023-05-27T14:31:48", "description": "Windows Services for NFS ONCRPC XDR Driver Remote Code Execution Vulnerability", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-08-12T18:15:00", "type": "cve", "title": "CVE-2021-26432", "cwe": ["NVD-CWE-noinfo"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-26432"], "modified": "2021-08-23T11:59:00", "cpe": ["cpe:/o:microsoft:windows_server_2019:-", "cpe:/o:microsoft:windows_server_2016:-", "cpe:/o:microsoft:windows_10:1607", "cpe:/o:microsoft:windows_10:20h2", "cpe:/o:microsoft:windows_10:1809", "cpe:/o:microsoft:windows_8.1:-", "cpe:/o:microsoft:windows_10:-", "cpe:/o:microsoft:windows_server_2016:20h2", "cpe:/o:microsoft:windows_server_2012:-", "cpe:/o:microsoft:windows_10:2004", "cpe:/o:microsoft:windows_10:1909", "cpe:/o:microsoft:windows_server_2016:2004", "cpe:/o:microsoft:windows_rt_8.1:-", "cpe:/o:microsoft:windows_10:21h1", "cpe:/o:microsoft:windows_server_2012:r2"], "id": "CVE-2021-26432", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-26432", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:o:microsoft:windows_10:20h2:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:2004:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2019:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1607:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1809:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:2004:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1909:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_rt_8.1:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:20h2:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:21h1:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_8.1:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*"]}, {"lastseen": "2023-05-23T15:30:42", "description": "Remote Desktop Client Remote Code Execution Vulnerability", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2021-08-12T18:15:00", "type": "cve", "title": "CVE-2021-34535", "cwe": ["NVD-CWE-noinfo"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-34535"], "modified": "2021-08-23T20:57:00", "cpe": ["cpe:/o:microsoft:windows_10:2004", "cpe:/o:microsoft:windows_server_2012:r2", "cpe:/o:microsoft:windows_10:1809", "cpe:/o:microsoft:windows_server_2019:-", "cpe:/a:microsoft:remote_desktop:-", "cpe:/o:microsoft:windows_10:21h1", "cpe:/o:microsoft:windows_10:1607", "cpe:/o:microsoft:windows_server_2008:r2", "cpe:/o:microsoft:windows_rt_8.1:-", "cpe:/o:microsoft:windows_10:-", "cpe:/o:microsoft:windows_10:20h2", "cpe:/o:microsoft:windows_server_2012:-", "cpe:/o:microsoft:windows_7:-", "cpe:/o:microsoft:windows_10:1909", "cpe:/o:microsoft:windows_8.1:-", "cpe:/o:microsoft:windows_server_2016:-"], "id": "CVE-2021-34535", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-34535", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:o:microsoft:windows_10:20h2:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1909:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:2004:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*", "cpe:2.3:a:microsoft:remote_desktop:-:*:*:*:*:windows:*:*", "cpe:2.3:o:microsoft:windows_7:-:sp1:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2019:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_8.1:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1607:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:21h1:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_rt_8.1:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_10:1809:*:*:*:*:*:*:*"]}, {"lastseen": "2023-05-27T14:31:51", "description": "Windows TCP/IP Remote Code Execution Vulnerability", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-08-12T18:15:00", "type": "cve", "title": "CVE-2021-26424", "cwe": ["NVD-CWE-noinfo"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-26424"], "modified": "2021-08-20T13:45:00", "cpe": ["cpe:/o:microsoft:windows_server_2019:-", "cpe:/o:microsoft:windows_server_2016:-", "cpe:/o:microsoft:windows_10:1607", "cpe:/o:microsoft:windows_10:20h2", "cpe:/o:microsoft:windows_server_2008:r2", "cpe:/o:microsoft:windows_10:1809", "cpe:/o:microsoft:windows_8.1:-", "cpe:/o:microsoft:windows_server_2008:-", "cpe:/o:microsoft:windows_10:-", "cpe:/o:microsoft:windows_server_2016:20h2", "cpe:/o:microsoft:windows_server_2012:-", "cpe:/o:microsoft:windows_7:-", "cpe:/o:microsoft:windows_10:2004", "cpe:/o:microsoft:windows_10:1909", "cpe:/o:microsoft:windows_server_2016:2004", "cpe:/o:microsoft:windows_rt_8.1:-", "cpe:/o:microsoft:windows_10:21h1", "cpe:/o:microsoft:windows_server_2012:r2"], "id": "CVE-2021-26424", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-26424", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:o:microsoft:windows_10:20h2:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_7:-:sp1:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:2004:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2019:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1607:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1809:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:2004:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1909:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_rt_8.1:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:20h2:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_10:21h1:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_8.1:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*"]}, {"lastseen": "2023-05-23T15:35:39", "description": "Windows Update Medic Service Elevation of Privilege Vulnerability", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-08-12T18:15:00", "type": "cve", "title": "CVE-2021-36948", "cwe": ["CWE-269"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 4.6, "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-36948"], "modified": "2021-08-20T18:58:00", "cpe": ["cpe:/o:microsoft:windows_10:2004", "cpe:/o:microsoft:windows_10:1809", "cpe:/o:microsoft:windows_server_2019:-", "cpe:/o:microsoft:windows_10:21h1", "cpe:/o:microsoft:windows_10:20h2", "cpe:/o:microsoft:windows_10:1909", "cpe:/o:microsoft:windows_server_2016:20h2", "cpe:/o:microsoft:windows_server_2016:2004"], "id": "CVE-2021-36948", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-36948", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:o:microsoft:windows_10:20h2:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:20h2:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1909:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:2004:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:21h1:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2019:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:2004:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1809:*:*:*:*:*:*:*"]}, {"lastseen": "2023-05-23T15:30:35", "description": "Scripting Engine Memory Corruption Vulnerability", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2021-08-12T18:15:00", "type": "cve", "title": "CVE-2021-34480", "cwe": ["CWE-787"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-34480"], "modified": "2021-09-16T13:10:00", "cpe": ["cpe:/o:microsoft:windows_10:2004", "cpe:/o:microsoft:windows_server_2012:r2", "cpe:/o:microsoft:windows_10:1809", "cpe:/o:microsoft:windows_server_2019:-", "cpe:/o:microsoft:windows_10:21h1", "cpe:/o:microsoft:windows_10:1607", "cpe:/o:microsoft:windows_server_2008:r2", "cpe:/o:microsoft:windows_rt_8.1:-", "cpe:/o:microsoft:windows_10:-", "cpe:/o:microsoft:windows_10:20h2", "cpe:/o:microsoft:windows_server_2012:-", "cpe:/o:microsoft:windows_7:-", "cpe:/o:microsoft:windows_10:1909", "cpe:/o:microsoft:windows_8.1:-", "cpe:/o:microsoft:windows_server_2016:-"], "id": "CVE-2021-34480", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-34480", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:o:microsoft:windows_10:20h2:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1909:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:2004:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_7:-:sp1:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2019:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_8.1:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1607:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:21h1:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_rt_8.1:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_10:1809:*:*:*:*:*:*:*"]}, {"lastseen": "2023-05-23T15:35:39", "description": "Windows LSA Spoofing Vulnerability", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "baseScore": 5.3, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 1.4}, "published": "2021-08-12T18:15:00", "type": "cve", "title": "CVE-2021-36942", "cwe": ["CWE-290"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-36942"], "modified": "2022-04-01T13:10:00", "cpe": ["cpe:/o:microsoft:windows_server_2012:r2", "cpe:/o:microsoft:windows_server_2019:-", "cpe:/o:microsoft:windows_server_2008:r2", "cpe:/o:microsoft:windows_server_2008:-", "cpe:/o:microsoft:windows_server_2012:-", "cpe:/o:microsoft:windows_server_2016:20h2", "cpe:/o:microsoft:windows_server_2016:2004", "cpe:/o:microsoft:windows_server_2016:-"], "id": "CVE-2021-36942", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-36942", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}, "cpe23": ["cpe:2.3:o:microsoft:windows_server_2016:20h2:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2019:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:2004:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x64:*"]}, {"lastseen": "2023-05-23T15:35:40", "description": "Windows Print Spooler Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-36936, CVE-2021-36947.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2021-08-12T18:15:00", "type": "cve", "title": "CVE-2021-36958", "cwe": ["NVD-CWE-noinfo"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-36936", "CVE-2021-36947", "CVE-2021-36958"], "modified": "2021-08-24T15:32:00", "cpe": ["cpe:/o:microsoft:windows:-"], "id": "CVE-2021-36958", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-36958", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}, "cpe23": ["cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*"]}, {"lastseen": "2023-05-23T15:35:38", "description": "Windows Print Spooler Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-36947, CVE-2021-36958.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-08-12T18:15:00", "type": "cve", "title": "CVE-2021-36936", "cwe": ["NVD-CWE-noinfo"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-36936", "CVE-2021-36947", "CVE-2021-36958"], "modified": "2021-08-20T19:04:00", "cpe": ["cpe:/o:microsoft:windows_10:2004", "cpe:/o:microsoft:windows_server_2016:20h2", "cpe:/o:microsoft:windows_server_2012:r2", "cpe:/o:microsoft:windows_10:1809", "cpe:/o:microsoft:windows_server_2019:-", "cpe:/o:microsoft:windows_10:21h1", "cpe:/o:microsoft:windows_10:1607", "cpe:/o:microsoft:windows_server_2008:r2", "cpe:/o:microsoft:windows_rt_8.1:-", "cpe:/o:microsoft:windows_10:-", "cpe:/o:microsoft:windows_10:20h2", "cpe:/o:microsoft:windows_server_2008:-", "cpe:/o:microsoft:windows_server_2012:-", "cpe:/o:microsoft:windows_7:-", "cpe:/o:microsoft:windows_10:1909", "cpe:/o:microsoft:windows_8.1:-", "cpe:/o:microsoft:windows_server_2016:2004", "cpe:/o:microsoft:windows_server_2016:-"], "id": "CVE-2021-36936", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-36936", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:o:microsoft:windows_10:20h2:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:20h2:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1909:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:2004:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:21h1:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_7:-:sp1:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2019:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_8.1:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1607:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:2004:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_rt_8.1:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_10:1809:*:*:*:*:*:*:*"]}, {"lastseen": "2023-05-23T15:35:39", "description": "Windows Print Spooler Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-36936, CVE-2021-36958.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-08-12T18:15:00", "type": "cve", "title": "CVE-2021-36947", "cwe": ["NVD-CWE-noinfo"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.5, "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-36936", "CVE-2021-36947", "CVE-2021-36958"], "modified": "2021-08-20T18:58:00", "cpe": ["cpe:/o:microsoft:windows_10:2004", "cpe:/o:microsoft:windows_server_2016:20h2", "cpe:/o:microsoft:windows_server_2012:r2", "cpe:/o:microsoft:windows_10:1809", "cpe:/o:microsoft:windows_server_2019:-", "cpe:/o:microsoft:windows_10:21h1", "cpe:/o:microsoft:windows_10:1607", "cpe:/o:microsoft:windows_server_2008:r2", "cpe:/o:microsoft:windows_rt_8.1:-", "cpe:/o:microsoft:windows_10:-", "cpe:/o:microsoft:windows_10:20h2", "cpe:/o:microsoft:windows_server_2008:-", "cpe:/o:microsoft:windows_server_2012:-", "cpe:/o:microsoft:windows_7:-", "cpe:/o:microsoft:windows_10:1909", "cpe:/o:microsoft:windows_8.1:-", "cpe:/o:microsoft:windows_server_2016:2004", "cpe:/o:microsoft:windows_server_2016:-"], "id": "CVE-2021-36947", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-36947", "cvss": {"score": 6.5, "vector": "AV:N/AC:L/Au:S/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:o:microsoft:windows_10:20h2:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:20h2:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1909:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:2004:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:21h1:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_7:-:sp1:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2019:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_8.1:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1607:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:2004:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_rt_8.1:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_10:1809:*:*:*:*:*:*:*"]}], "mscve": [{"lastseen": "2023-05-23T16:35:57", "description": "Windows MSHTML Platform Remote Code Execution Vulnerability", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2021-08-10T07:00:00", "type": "mscve", "title": "Windows MSHTML Platform Remote Code Execution Vulnerability", "bulletinFamily": "microsoft", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 4.9, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "HIGH", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 5.1, "vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-34534"], "modified": "2021-08-10T07:00:00", "id": "MS:CVE-2021-34534", "href": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-34534", "cvss": {"score": 5.1, "vector": "AV:N/AC:H/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-05-23T16:35:54", "description": "Windows Graphics Component Remote Code Execution Vulnerability", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2021-08-10T07:00:00", "type": "mscve", "title": "Windows Graphics Component Remote Code Execution Vulnerability", "bulletinFamily": "microsoft", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-34530"], "modified": "2021-08-10T07:00:00", "id": "MS:CVE-2021-34530", "href": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-34530", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-05-27T14:46:35", "description": "Windows Services for NFS ONCRPC XDR Driver Remote Code Execution Vulnerability", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-08-10T07:00:00", "type": "mscve", "title": "Windows Services for NFS ONCRPC XDR Driver Remote Code Execution Vulnerability", "bulletinFamily": "microsoft", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-26432"], "modified": "2021-08-12T07:00:00", "id": "MS:CVE-2021-26432", "href": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-26432", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-05-23T16:35:53", "description": "Remote Desktop Client Remote Code Execution Vulnerability", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2021-08-10T07:00:00", "type": "mscve", "title": "Remote Desktop Client Remote Code Execution Vulnerability", "bulletinFamily": "microsoft", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-34535"], "modified": "2021-08-10T07:00:00", "id": "MS:CVE-2021-34535", "href": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-34535", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-05-27T14:46:39", "description": "Windows TCP/IP Remote Code Execution Vulnerability", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-08-10T07:00:00", "type": "mscve", "title": "Windows TCP/IP Remote Code Execution Vulnerability", "bulletinFamily": "microsoft", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-26424"], "modified": "2021-08-17T07:00:00", "id": "MS:CVE-2021-26424", "href": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-26424", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-05-23T16:35:54", "description": "Windows Update Medic Service Elevation of Privilege Vulnerability", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-08-10T07:00:00", "type": "mscve", "title": "Windows Update Medic Service Elevation of Privilege Vulnerability", "bulletinFamily": "microsoft", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 4.6, "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-36948"], "modified": "2021-08-10T07:00:00", "id": "MS:CVE-2021-36948", "href": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-36948", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-05-23T16:35:57", "description": "Scripting Engine Memory Corruption Vulnerability", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2021-08-10T07:00:00", "type": "mscve", "title": "Scripting Engine Memory Corruption Vulnerability", "bulletinFamily": "microsoft", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-34480"], "modified": "2021-08-10T07:00:00", "id": "MS:CVE-2021-34480", "href": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-34480", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-05-23T16:35:55", "description": "Windows LSA Spoofing Vulnerability", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "baseScore": 5.3, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 1.4}, "published": "2021-08-10T07:00:00", "type": "mscve", "title": "Windows LSA Spoofing Vulnerability", "bulletinFamily": "microsoft", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-36942"], "modified": "2021-08-10T07:00:00", "id": "MS:CVE-2021-36942", "href": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-36942", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2023-05-23T16:35:55", "description": "Windows Print Spooler Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-36947, CVE-2021-36958.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-08-10T07:00:00", "type": "mscve", "title": "Windows Print Spooler Remote Code Execution Vulnerability", "bulletinFamily": "microsoft", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-36936", "CVE-2021-36947", "CVE-2021-36958"], "modified": "2021-08-10T07:00:00", "id": "MS:CVE-2021-36936", "href": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-36936", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-05-23T16:35:54", "description": "Windows Print Spooler Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-36936, CVE-2021-36958.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-08-10T07:00:00", "type": "mscve", "title": "Windows Print Spooler Remote Code Execution Vulnerability", "bulletinFamily": "microsoft", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.5, "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-36936", "CVE-2021-36947", "CVE-2021-36958"], "modified": "2021-08-10T07:00:00", "id": "MS:CVE-2021-36947", "href": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-36947", "cvss": {"score": 6.5, "vector": "AV:N/AC:L/Au:S/C:P/I:P/A:P"}}], "checkpoint_advisories": [{"lastseen": "2022-02-16T19:38:12", "description": "A remote code execution vulnerability exists in Microsoft Windows. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 5.9}, "published": "2021-08-10T00:00:00", "type": "checkpoint_advisories", "title": "Microsoft Windows Services for NFS ONCRPC XDR Driver Remote Code Execution (CVE-2021-26432)", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-26432"], "modified": "2021-08-10T00:00:00", "id": "CPAI-2021-0493", "href": "", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-02-16T19:38:09", "description": "A remote code execution vulnerability exists in Microsoft Windows. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 8.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.1"}, "impactScore": 5.9}, "published": "2021-08-10T00:00:00", "type": "checkpoint_advisories", "title": "Microsoft Remote Desktop Client Remote Code Execution (CVE-2021-34535)", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-34535"], "modified": "2021-08-10T00:00:00", "id": "CPAI-2021-0491", "href": "", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-02-16T19:38:06", "description": "An elevation of privilege vulnerability exists in Microsoft Windows. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 7.8, "privilegesRequired": "LOW", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 5.9}, "published": "2021-08-12T00:00:00", "type": "checkpoint_advisories", "title": "Microsoft Windows Update Medic Service Privilege Escalation (CVE-2021-36948)", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 4.6, "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-36948"], "modified": "2021-08-12T00:00:00", "id": "CPAI-2021-0508", "href": "", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-02-16T19:38:09", "description": "A memory corruption vulnerability exists in Microsoft Windows. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 8.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.1"}, "impactScore": 5.9}, "published": "2021-08-10T00:00:00", "type": "checkpoint_advisories", "title": "Microsoft Scripting Engine Memory Corruption (CVE-2021-34480)", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-34480"], "modified": "2021-08-10T00:00:00", "id": "CPAI-2021-0490", "href": "", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-05-20T03:33:07", "description": "An NTLM relay vulnerability exists in Microsoft Active Directory Certificate Services. A remote attack can coerce Windows hosts to authenticate to other machines via the MS-EFSRPC protocol and obtain its NTLM credential. Successful exploitation could lead to complete takeover of the target domain.", "cvss3": {"exploitabilityScore": 2.2, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 5.9, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2021-07-27T00:00:00", "type": "checkpoint_advisories", "title": "Microsoft Active Directory Certificate Services NTLM Relay (CVE-2021-36942; CVE-2022-26925)", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-36942", "CVE-2022-26925"], "modified": "2022-05-10T00:00:00", "id": "CPAI-2021-0487", "href": "", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}}], "cnvd": [{"lastseen": "2022-08-27T05:12:02", "description": "Microsoft Windows Print Spooler is a print backend processor component of Microsoft Corporation (USA).A remote code execution vulnerability exists in Microsoft Windows Print Spooler, which can be exploited by attackers to run malicious code on the system.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-08-12T00:00:00", "type": "cnvd", "title": "Microsoft Windows Print Spooler Remote Code Execution Vulnerability (CNVD-2022-10025)", "bulletinFamily": "cnvd", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-36936"], "modified": "2022-02-14T00:00:00", "id": "CNVD-2022-10025", "href": "https://www.cnvd.org.cn/flaw/show/CNVD-2022-10025", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "attackerkb": [{"lastseen": "2023-05-23T17:21:14", "description": "Windows Update Medic Service Elevation of Privilege Vulnerability\n\n \n**Recent assessments:** \n \nAssessed Attacker Value: 0 \nAssessed Attacker Value: 0Assessed Attacker Value: 0\n", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-08-12T00:00:00", "type": "attackerkb", "title": "CVE-2021-36948", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 4.6, "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-36948"], "modified": "2021-08-21T00:00:00", "id": "AKB:D92D1688-7724-40C4-AD86-DF44F4611D40", "href": "https://attackerkb.com/topics/aTP6m1u6PE/cve-2021-36948", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-05-23T17:20:04", "description": "Windows LSA Spoofing Vulnerability\n\n \n**Recent assessments:** \n \n**jbaines-r7** at January 25, 2022 4:35pm UTC reported:\n\nRecently, I was attempting to combine James Forshaw\u2019s [remote EFSRPC file write \u201cbug\u201d](<https://twitter.com/tiraniddo/status/1481633916507209737>) with a local privilege escalation that I\u2019d discovered. I was getting strange results. Working on one system, but not another at the same patch level. I\u2019d seriously polluted that environment with Windows Endpoint Manager, so I decided to spin up a fresh AD environment in hopes of establishing a trustworthy baseline.\n\nOnce I\u2019d stood up the new AD environment, and patched everything completely (through January 2022), I retested my proof of concept and was\u2026 unhappy and more than a bit confused with the result. Seeking additional feedback, I grabbed PetitPotam off the shelf since it\u2019s a simpler attack. But that didn\u2019t work either! That\u2019s when I found the following in the event log.\n\n\n\nWhich lead me to [KB5009763: EFS security hardening changes in CVE-2021-43217](<https://support.microsoft.com/en-au/topic/kb5009763-efs-security-hardening-changes-in-cve-2021-43217-719fbc9d-ad9b-4f90-a964-0afe40338002>). [CVE-2021-43217](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-43217>) is a buffer overflow affecting EFS, but it isn\u2019t related to what I was attempting to do. Regardless, the way Microsoft decided to address this CVE was to require EFSRPC clients to use packet-level privacy, and, at the time of testing, the PetitPotam proof of concept didn\u2019t.\n\nWe can further prove that out by creating the registry key mentioned by the KB to disable this behavior: HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\EFS\\AllowAllCliAuth. Setting this key to \u20181\u2019 allows PetitPotam to successfully leak the NTLM hash, but it also leaves this log message:\n\n\n\nGreat! PetitPotam still works, but this registry key is unlikely to be enabled in the wild. It doesn\u2019t even exist by default!\n\nThe obvious solution is just to enable privacy level authentication in PetitPotam. That happens to be quite trivial. Just use the [`RpcBindingSetAuthInfo`](<https://docs.microsoft.com/en-us/windows/win32/api/rpcdce/nf-rpcdce-rpcbindingsetauthinfow>) function after the binding handle has been created. The following is a patch I added to my local PetitPotam to test enabling privacy level authentication.\n \n \n albinolobster@ubuntu:~/PetitPotam$ cat diff \n diff --git a/PetitPotam/PetitPotam.cpp b/PetitPotam/PetitPotam.cpp\n index 1885eb2..debbd1e 100644\n --- a/PetitPotam/PetitPotam.cpp\n +++ b/PetitPotam/PetitPotam.cpp\n @@ -1,6 +1,7 @@\n // PetitPotam.cpp : Ce fichier contient la fonction 'main'. L'ex\u00e9cution du programme commence et se termine \u00e0 cet endroit.\n // Author: GILLES Lionel aka topotam (@topotam77)\n \n +#include <string>\n #include <stdio.h>\n #include <tchar.h>\n #include <assert.h>\n @@ -60,6 +61,18 @@ handle_t Bind(wchar_t* target)\n \t\twprintf(L\"Error in RpcBindingFromStringBindingW\\n\");\n \t\treturn(0);\n \t}\n +\n +\tstd::wstring spn(L\"HOST/\");\n +\tspn.append(target);\n +\n +\tRpcStatus = RpcBindingSetAuthInfoW(BindingHandle, reinterpret_cast<RPC_WSTR>(&spn[0]), RPC_C_AUTHN_LEVEL_PKT_PRIVACY,\n +\t\tRPC_C_AUTHN_GSS_NEGOTIATE, nullptr, RPC_C_AUTHZ_NONE);\n +\tif (RpcStatus != 0)\n +\t{\n +\t\twprintf(L\"Error in RpcBindingFromStringBindingW\\n\");\n +\t\treturn(0);\n +\t}\n +\n \t\n \tRpcStringFreeW(&StringBinding);\n \n\nNote the use of `RPC_C_AUTHN_LEVEL_PKT_PRIVACY` for the `AuthnLevel`. This small change is all that is needed to make PetitPotam work again.\n\nBecause I experienced a weird update in one of my AD environments, I figured a video demonstrating all of the above would be useful. You can find the video on [here](<https://share.vidyard.com/watch/s12ar9ni6fGLBwdnSW1ywn?>).\n\nAssessed Attacker Value: 5 \nAssessed Attacker Value: 5Assessed Attacker Value: 3\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-08-12T00:00:00", "type": "attackerkb", "title": "CVE-2021-36942", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-36942", "CVE-2021-43217"], "modified": "2021-08-21T00:00:00", "id": "AKB:1196BAF9-A467-480D-A40C-F3E93D5888D6", "href": "https://attackerkb.com/topics/TEBmUAfeCs/cve-2021-36942", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "cisa_kev": [{"lastseen": "2023-05-25T15:17:44", "description": "Microsoft Windows Update Medic Service contains an unspecified vulnerability that allows for privilege escalation.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-11-03T00:00:00", "type": "cisa_kev", "title": "Microsoft Windows Update Medic Service Privilege Escalation Vulnerability", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 4.6, "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-36948"], "modified": "2021-11-03T00:00:00", "id": "CISA-KEV-CVE-2021-36948", "href": "", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-05-25T15:17:44", "description": "Microsoft Windows Local Security Authority (LSA) contains a spoofing vulnerability allowing an unauthenticated attacker to call a method on the LSARPC interface and coerce the domain controller to authenticate against another server using NTLM.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "baseScore": 5.3, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 1.4}, "published": "2021-11-03T00:00:00", "type": "cisa_kev", "title": "Microsoft Windows Local Security Authority (LSA) Spoofing Vulnerability", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-36942"], "modified": "2021-11-03T00:00:00", "id": "CISA-KEV-CVE-2021-36942", "href": "", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}}], "rapid7blog": [{"lastseen": "2021-08-11T19:20:09", "description": "\n\n \n_The PetitPotam attack vector was assigned CVE-2021-36942 and patched on August 10, 2021. _S_ee the `Updates` section at the end of this post for more information._\n\nLate last month (July 2021), security researcher [Topotam](<https://github.com/topotam>) published a [proof-of-concept (PoC) implementation](<https://github.com/topotam/PetitPotam>) of a novel NTLM relay attack christened \u201cPetitPotam.\u201d The technique used in the PoC allows a remote, **unauthenticated** attacker to completely take over a Windows domain with the Active Directory Certificate Service (AD CS) running \u2014 including domain controllers. Rapid7 researchers have tested public proof-of-concept code against a Windows domain controller setup and confirmed exploitability. One of our [senior researchers](<https://twitter.com/wvuuuuuuuuuuuuu>) summed it up with: \"This attack is too easy.\" \n\nPetitPotam works by abusing Microsoft\u2019s Encrypting File System Remote Protocol (MS-EFSRPC) to trick one Windows host into authenticating to another over LSARPC on TCP port 445. Successful exploitation means that the target server will perform NTLM authentication to an arbitrary server, allowing an attacker who is able to leverage the technique to do... pretty much anything they want with a Windows domain (e.g., deploy ransomware, create nefarious new group policies, and so on). The folks over at SANS ISC have a great write-up [here](<https://isc.sans.edu/diary/Active+Directory+Certificate+Services+%28ADCS+-+PKI%29+domain+admin+vulnerability/27668>).\n\nAccording to Microsoft\u2019s [ADV210003 advisory](<https://msrc.microsoft.com/update-guide/vulnerability/ADV210003>), Windows users are potentially vulnerable to this attack if they are using Active Directory Certificate Services (AD CS) with any of the following services:\n\n * Certificate Authority Web Enrollment\n * Certificate Enrollment Web Service\n\nNTLM relay attacks aren\u2019t new\u2014they\u2019ve [been around for decades](<https://owasp.org/www-pdf-archive/NTLM_Relay_Attacks.pdf>). However, a few things make PetitPotam and its [variants](<https://github.com/bats3c/ADCSPwn>) of higher interest than your more run-of-the-mill NTLM relay attack. As noted above, remote attackers don\u2019t need credentials to make this thing work, but more importantly, there\u2019s no user interaction required to coerce a target domain controller to authenticate to a threat actor\u2019s server. Not only is this easier to do \u2014 it\u2019s faster (though admittedly, well-known tools like Mimikatz are also extremely effective for gathering domain administrator-level service accounts). PetitPotam is the latest attack vector to underscore the fundamental fragility of the Active Directory privilege model. \n\nMicrosoft released [an advisory](<https://msrc.microsoft.com/update-guide/vulnerability/ADV210003>) with a series of updates in response to community concern about the attack \u2014 which, as they point out, is \u201ca classic NTLM relay attack\u201d that abuses intended functionality. Users concerned about the PetitPotam attack should review Microsoft\u2019s guidance on mitigating NTLM relay attacks against Active Directory Certificate Services in [KB500413](<https://support.microsoft.com/en-us/topic/kb5005413-mitigating-ntlm-relay-attacks-on-active-directory-certificate-services-ad-cs-3612b773-4043-4aa9-b23d-b87910cd3429>). Since it looks like Microsoft [will not issue an official fix](<https://twitter.com/msftsecresponse/status/1419025196044865539>) for this vector, community researchers have added PetitPotam to [a running list](<https://github.com/cfalta/MicrosoftWontFixList/blob/main/README.md>) of \u201cwon\u2019t fix\u201d exploitable conditions in Microsoft products.\n\nThe PetitPotam PoC is already popular with red teams and community researchers. We expect that interest to increase as Black Hat brings further scrutiny to [Active Directory Certificate Services attack surface area](<https://posts.specterops.io/certified-pre-owned-d95910965cd2>). \n\n## Mitigation Guidance\n\nA patch that mitigates this attack chain is available as of August 10, 2021. Windows administrators should apply the August 10, 2021 patch for CVE-2021-36942 as soon as possible, prioritizing domain controllers, and then follow the guidance below as specified in [KB5005413](<https://support.microsoft.com/en-us/topic/kb5005413-mitigating-ntlm-relay-attacks-on-active-directory-certificate-services-ad-cs-3612b773-4043-4aa9-b23d-b87910cd3429>).\n\nIn general, to prevent NTLM relay attacks on networks with NTLM enabled, domain administrators should ensure that services that permit NTLM authentication make use of protections such as [Extended Protection for Authentication](<https://docs.microsoft.com/en-us/security-updates/securityadvisories/2009/973811>) (EPA) coupled with \u201c[Require SSL](<https://support.microsoft.com/en-us/topic/kb5005413-mitigating-ntlm-relay-attacks-on-active-directory-certificate-services-ad-cs-3612b773-4043-4aa9-b23d-b87910cd3429>)\u201d for affected virtual sites, or signing features such as SMB signing. Implementing \u201cRequire SSL\u201d is a critical step: Without it, EPA is ineffective.\n\nAs an NTLM relay attack, PetitPotam takes advantage of servers on which Active Directory Certificate Services (AD CS) is not configured with the protections mentioned above. Microsoft\u2019s [KB5005413: Mitigating NTLM Relay Attacks on Active Directory Certificate Services (AD CS)](<https://support.microsoft.com/help/5005413>) emphasizes that the primary mitigation for PetitPotam consists of three configuration changes (and an IIS restart). In addition to primary mitigations, Microsoft also recommends disabling NTLM authentication where possible, starting with domain controllers. \n\nIn this order, [KB5005413](<https://support.microsoft.com/help/5005413>) recommends:\n\n * Disabling NTLM Authentication on Windows domain controllers. Documentation on doing this can be found [here](<https://docs.microsoft.com/windows/security/threat-protection/security-policy-settings/network-security-restrict-ntlm-ntlm-authentication-in-this-domain>).\n * Disabling NTLM on any AD CS Servers in your domain using the group policy [Network security: Restrict NTLM: Incoming NTLM traffic](<https://docs.microsoft.com/windows/security/threat-protection/security-policy-settings/network-security-restrict-ntlm-incoming-ntlm-traffic>). For step-by-step directions, see [KB5005413](<https://support.microsoft.com/help/5005413>).\n * Disabling NTLM for Internet Information Services (IIS) on AD CS Servers in your domain running the \"Certificate Authority Web Enrollment\" or \"Certificate Enrollment Web Service\" services.\n\nWhile not included in Microsoft\u2019s official guidance, community researchers [have tested](<https://twitter.com/gentilkiwi/status/1421949715986403329>) using NETSH RPC filtering to block PetitPotam attacks [with apparent success](<https://twitter.com/CraigKirby/status/1422569782088388611>). Rapid7 research teams have not verified this behavior, but it may be [an option](<https://www.bleepingcomputer.com/news/microsoft/windows-petitpotam-attacks-can-be-blocked-using-new-method/>) for blocking the attack vector without negatively impacting local EFS functionality.\n\n## Rapid7 Customers\n\nInsightVM and Nexpose customers can assess their exposure to PetitPotam via the local vulnerability checks `msft-adv210003`, which looks for the registry settings described in [ADV210003](<https://msrc.microsoft.com/update-guide/vulnerability/ADV210003>), and `msft-cve-2021-36942`, which checks for the patches released by Microsoft on August 10.\n\n## Updates\n\n**August 10, 2021:** Microsoft has released a patch that addresses the PetitPotam NTLM relay attack vector in today's Patch Tuesday. Tracked as [CVE-2021-36942](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-36942>), the August 2021 Patch Tuesday security update blocks the affected API calls [OpenEncryptedFileRawA](<https://docs.microsoft.com/en-us/windows/win32/api/winbase/nf-winbase-openencryptedfilerawa>) and [OpenEncryptedFileRawW](<https://docs.microsoft.com/en-us/windows/win32/api/winbase/nf-winbase-openencryptedfileraww>) through the LSARPC interface. Windows administrators should prioritize patching domain controllers and will still need to take additional steps listed in [KB5005413](<https://support.microsoft.com/en-us/topic/kb5005413-mitigating-ntlm-relay-attacks-on-active-directory-certificate-services-ad-cs-3612b773-4043-4aa9-b23d-b87910cd3429>) to ensure their systems are fully mitigated. \n\n#### NEVER MISS A BLOG\n\nGet the latest stories, expertise, and news about security today.\n\nSubscribe", "cvss3": {}, "published": "2021-08-03T20:13:50", "type": "rapid7blog", "title": "PetitPotam: Novel Attack Chain Can Fully Compromise Windows Domains Running AD CS", "bulletinFamily": "info", "cvss2": {}, "cvelist": ["CVE-2021-36942"], "modified": "2021-08-03T20:13:50", "id": "RAPID7BLOG:D9E3C0B84D67BD0A26DEAD5F6F4EAAC4", "href": "https://blog.rapid7.com/2021/08/03/petitpotam-novel-attack-chain-can-fully-compromise-windows-domains-running-ad-cs/", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2022-02-11T21:27:50", "description": "## Welcome, Little Hippo: PetitPotam\n\n\n\nOur very own [@zeroSteiner](<https://github.com/zeroSteiner>) [ported](<https://github.com/rapid7/metasploit-framework/pull/16136>) the [PetitPotam](<https://github.com/topotam/PetitPotam>) exploit to Metasploit this week. This module leverages [CVE-2021-36942](<https://attackerkb.com/topics/TEBmUAfeCs/cve-2021-36942?referrer=blog>), a vulnerability in the Windows Encrypting File System (EFS) API, to capture machine NTLM hashes. This uses the `EfsRpcOpenFileRaw` function of the Microsoft\u2019s Encrypting File System Remote Protocol API ([MS-EFSRPC](<https://docs.microsoft.com/en-us/openspecs/windows_protocols/ms-efsr/08796ba8-01c8-4872-9221-1000ec2eff31>)) to coerce machine authentication to a user-controlled listener host. Metasploit's [SMB capture server](<https://github.com/rapid7/metasploit-framework/blob/master/modules/auxiliary/server/capture/smb.rb>) module can be used for this. The captured hashes are typically used as part of a NTLM relaying attack to take over other Windows hosts. Note that Microsoft has published some [guidance](<https://support.microsoft.com/en-us/topic/kb5005413-mitigating-ntlm-relay-attacks-on-active-directory-certificate-services-ad-cs-3612b773-4043-4aa9-b23d-b87910cd3429>) about how to mitigate NTLM relay attacks.\n\n## QEMU Human Monitor Interface RCE\n\nContributor [@bcoles](<https://github.com/bcoles>) added an exploit [module](<https://github.com/rapid7/metasploit-framework/pull/16151>) that abuse QEMU's Monitor Human Monitor Interface (HMP) TCP server to execute arbitrary commands by using the `migrate` HMP command. Furthermore, since the HMP TCP service is reachable from emulated devices, it is possible to escape QEMU from a guest system using this module. Note that it doesn't work on Windows hosts since the `migrate` command cannot spawn processes on this platform.\n\n## New module content (2)\n\n * [PetitPotam](<https://github.com/rapid7/metasploit-framework/pull/16136>) by [GILLES Lionel](<https://github.com/topotam>) and [Spencer McIntyre](<https://github.com/zeroSteiner>), which exploits [CVE-2021-36942](<https://attackerkb.com/topics/TEBmUAfeCs/cve-2021-36942?referrer=blog>) \\- This adds a new auxiliary scanner module that ports the PetitPotam tool to Metasploit andleverages CVE-2021-36942 to coerce Windows hosts to authenticate to a user-specific host, which enables an attacker to capture NTLM credentials for further actions, such as relay attacks.\n * [QEMU Monitor HMP 'migrate' Command Execution](<https://github.com/rapid7/metasploit-framework/pull/16151>) by [bcoles](<https://github.com/bcoles>) \\- This adds a module that can exploit the QEMU HMP service to execute OS commands. The HMP TCP service is reachable from emulated devices, so it is possible to escape QEMU by exploiting this vulnerability.\n\n## Enhancements and features\n\n * [#16010](<https://github.com/rapid7/metasploit-framework/pull/16010>) from [lap1nou](<https://github.com/lap1nou>) \\- This updates the zabbix_script_exec module with support for Zabbix version 5.0 and later. It also adds a new item-based execution technique and support for delivering Linux native payloads.\n * [#16163](<https://github.com/rapid7/metasploit-framework/pull/16163>) from [zeroSteiner](<https://github.com/zeroSteiner>) \\- Support has been added for the ClaimsPrincipal .NET deserialization gadget chain, which was found by [jang](<https://github.com/testanull>). An exploit which utilizes this enhancement will arrive shortly.\n * [#16125](<https://github.com/rapid7/metasploit-framework/pull/16125>) from [bcoles](<https://github.com/bcoles>) \\- This module can exploit GXV3140 models now that an `ARCH_CMD` target has been added.\n\n## Bugs fixed\n\n * [#16121](<https://github.com/rapid7/metasploit-framework/pull/16121>) from [timwr](<https://github.com/timwr>) \\- This fixes an exception caused by exploits that call `rhost()` in `Msf::Post::Common` without a valid session.\n * [#16142](<https://github.com/rapid7/metasploit-framework/pull/16142>) from [timwr](<https://github.com/timwr>) \\- This fixes an issue with Meterpreter's `getenv` command that was not returning `NULL` when querying for a non-existing environment variable.\n * [#16143](<https://github.com/rapid7/metasploit-framework/pull/16143>) from [sjanusz-r7](<https://github.com/sjanusz-r7>) \\- This fixes an issue where a Cygwin SSH session was not correctly identified being a Windows device, due to a case sensitivity issue\n * [#16147](<https://github.com/rapid7/metasploit-framework/pull/16147>) from [zeroSteiner](<https://github.com/zeroSteiner>) \\- This fixes a bug where `ssh_enumusers` would only use one source in the generation of its user word list if both `USERNAME` and `USER_FILE` options were set. The module now pulls from all possible datastore options if they are set, including a new option `DB_ALL_USERS`.\n * [#16160](<https://github.com/rapid7/metasploit-framework/pull/16160>) from [zeroSteiner](<https://github.com/zeroSteiner>) \\- This fixes a crash when `msfconsole` is unable to correctly determine the hostname and current user within a shell prompt.\n\n## Get it\n\nAs always, you can update to the latest Metasploit Framework with `msfupdate` \nand you can get more details on the changes since the last blog post from \nGitHub:\n\n * [Pull Requests 6.1.28...6.1.29](<https://github.com/rapid7/metasploit-framework/pulls?q=is:pr+merged:%222022-02-03T12%3A28%3A59%2B00%3A00..2022-02-09T14%3A46%3A38-06%3A00%22>)\n * [Full diff 6.1.28...6.1.29](<https://github.com/rapid7/metasploit-framework/compare/6.1.28...6.1.29>)\n\nIf you are a `git` user, you can clone the [Metasploit Framework repo](<https://github.com/rapid7/metasploit-framework>) (master branch) for the latest. \nTo install fresh without using git, you can use the open-source-only [Nightly Installers](<https://github.com/rapid7/metasploit-framework/wiki/Nightly-Installers>) or the \n[binary installers](<https://www.rapid7.com/products/metasploit/download.jsp>) (which also include the commercial edition).", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "LOW", "baseScore": 5.3, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 1.4}, "published": "2022-02-11T21:07:08", "type": "rapid7blog", "title": "Metasploit Wrap-Up", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-36942"], "modified": "2022-02-11T21:07:08", "id": "RAPID7BLOG:D214650E6EFB584624DA76ACB1573C1B", "href": "https://blog.rapid7.com/2022/02/11/metasploit-wrap-up-148/", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2023-03-10T20:15:00", "description": "## Wowza, a new credential gatherer and login scanner!\n\n\n\nThis week Metasploit Framework gained a credential gatherer for Wowza Streaming Engine Manager. Credentials for this application are stored in a file named `admin.password` in a known location and the file is readable by default by `BUILTIN\\Users` on Windows and is world readable on Linux.. The module was written by community contributor [bcoles](<https://github.com/bcoles>) who also wrote a login scanner for Wowza this week. The login scanner can be used to validate the credentials found by the gatherer. The two modules complement each other quite nicely.\n\n## New module content (3)\n\n### Wowza Streaming Engine Manager Login Utility\n\nAuthor: bcoles \nType: Auxiliary \nPull request: [#17733](<https://github.com/rapid7/metasploit-framework/pull/17733>) contributed by [bcoles](<https://github.com/bcoles>)\n\nDescription: This adds a login scanner module to brute force credentials of Wowza Streaming Engine Manager.\n\n### SugarCRM unauthenticated Remote Code Execution (RCE)\n\nAuthors: Sw33t.0day and h00die-gr3y \nType: Exploit \nPull request: [#17507](<https://github.com/rapid7/metasploit-framework/pull/17507>) contributed by [h00die-gr3y](<https://github.com/h00die-gr3y>) \nAttackerKB reference: [CVE-2023-22952](<https://attackerkb.com/topics/E486ui94II/cve-2023-22952?referrer=blog>)\n\nDescription: A module has been added which exploits CVE-2023-22952, a RCE vulnerability in SugarCRM 11.0 Enterprise, Professional, Sell, Serve, and Ultimate versions prior to 11.0.5 and SugarCRM 12.0 Enterprise, Sell, and Serve versions prior to 12.0.2. Successful exploitation as an unauthenticated attacker will result in remote code execution as the user running the web services, which is typically `www-data`.\n\n### Gather Wowza Streaming Engine Credentials\n\nAuthor: bcoles \nType: Post \nPull request: [#17737](<https://github.com/rapid7/metasploit-framework/pull/17737>) contributed by [bcoles](<https://github.com/bcoles>)\n\nDescription: This adds a post module that collects Wowza Streaming Engine user credentials from the `admin.password` local configuration file. This file is world-readable by default on Linux and readable by `BUILTIN\\Users` on Windows.\n\n## Enhancements and features (9)\n\n * [#17675](<https://github.com/rapid7/metasploit-framework/pull/17675>) from [adfoster-r7](<https://github.com/adfoster-r7>) \\- Updates the `admin/kerberos/forge_ticket` to support a new `extra_sids` option which can be useful for including cross-domain SIDs for forging external Kerberos trust tickets as part of cross-trust domain escalation. The `admin/kerberos/inspect_ticket` has also been updated to support viewing these extra SID values.\n * [#17686](<https://github.com/rapid7/metasploit-framework/pull/17686>) from [zeroSteiner](<https://github.com/zeroSteiner>) \\- This adds 3 additional methods to the existing PetitPotam module to make it work even if the patch for CVE-2021-36942 has been installed. Note that it won't work after the December 2021 patch.\n * [#17715](<https://github.com/rapid7/metasploit-framework/pull/17715>) from [zeroSteiner](<https://github.com/zeroSteiner>) \\- The Metasploit Payload gem has been bumped to 2.0.115, bringing in support for the `arp` command to Python Meterpreter on Linux, and adding support for displaying IPv6 routing tables using the `route` command on Windows.\n * [#17727](<https://github.com/rapid7/metasploit-framework/pull/17727>) from [rohitkumarankam](<https://github.com/rohitkumarankam>) \\- Two new options have been added to the login scanner library: `max_consecutive_error_count` and `max_error_count`. These options allow users to set the maximum number of errors that are allowed to occur when connecting as well as the maximum number of consecutive errors that are allowed when connecting before the login scanner will give up on a target.\n * [#17744](<https://github.com/rapid7/metasploit-framework/pull/17744>) from [adfoster-r7](<https://github.com/adfoster-r7>) \\- The code for `msfconsole` has been updated so that performance profiling can also take into account the time it takes to load `msfenv` and console related libraries, thereby allowing for more accurate performance profiling.\n * [#17745](<https://github.com/rapid7/metasploit-framework/pull/17745>) from [gwillcox-r7](<https://github.com/gwillcox-r7>) \\- This updates the metasploit-payloads gem to pull in changes to the Python Meterpreter on Windows to add the `route add` and `route delete` commands as well as the ability to get process information such as process names and paths.\n * [#17746](<https://github.com/rapid7/metasploit-framework/pull/17746>) from [todb-r7](<https://github.com/todb-r7>) \\- The `data/wordlists/password.lst` password list has been updated to include the master password that LastPass suggests as an example when a user goes to create a new master password, `r50$K28vaIFiYxaY`, into the password list, as well as to fix some encoding issues.\n * [#17749](<https://github.com/rapid7/metasploit-framework/pull/17749>) from [adfoster-r7](<https://github.com/adfoster-r7>) \\- Updates the `auxiliary/admin/kerberos/keytab.rb` module to additionally export any NTHASHES, which can be useful for decrypting Kerberos network traffic in Wireshark.\n * [#17756](<https://github.com/rapid7/metasploit-framework/pull/17756>) from [adfoster-r7](<https://github.com/adfoster-r7>) \\- Updates secrets dump to generate the Kerberos RC4 key for the machine account.\n\n## Bugs fixed (8)\n\n * [#17673](<https://github.com/rapid7/metasploit-framework/pull/17673>) from [bcoles](<https://github.com/bcoles>) \\- `lib/msf/core/payload/apk.rb` has been updated so that by default it only decompiles the main classes instead of all classes, fixing some issues whereby decompiling all classes would prevent creation of a backdoored APK. This also bumps up the minimum `apktool` version to 2.4.1 and makes it so that versions prior to 2.7.0 of `apktool` will throw a warning about being potentially out of date.\n * [#17716](<https://github.com/rapid7/metasploit-framework/pull/17716>) from [zeroSteiner](<https://github.com/zeroSteiner>) \\- A bug has been fixed whereby the reverse port forward information message was displayed incorrectly, and the same information was shown on both the local and remote parts of the message.\n * [#17721](<https://github.com/rapid7/metasploit-framework/pull/17721>) from [zeroSteiner](<https://github.com/zeroSteiner>) \\- This fixes an issue where payloads that were adapted failed when stage encoding was enabled because the stage encoding was based on the stager arch and platform values. These values were always the same until we introduced adapted payloads, which can vary.\n * [#17723](<https://github.com/rapid7/metasploit-framework/pull/17723>) from [jvoisin](<https://github.com/jvoisin>) \\- A bug has been fixed in the `modules/encoders/php/base64.rb` encoder whereby strings were being passed as literal strings without being properly quoted, which could result in errors on newer versions of PHP.\n * [#17726](<https://github.com/rapid7/metasploit-framework/pull/17726>) from [zeroSteiner](<https://github.com/zeroSteiner>) \\- The Metasploit Payloads gem has been updated bringing in initial support for attaching to processes on Python Meterpreter shells on Windows, a bug fix for the `route` command on newer versions of Windows on Windows Meterpreter, and a fix so that both C Meterpreter and Python Meterpreter sessions will attempt to enable the same set of permissions when running `getprivs`.\n * [#17729](<https://github.com/rapid7/metasploit-framework/pull/17729>) from [bcoles](<https://github.com/bcoles>) \\- Fixes an edge case crash when running Ruby 3.2\n * [#17738](<https://github.com/rapid7/metasploit-framework/pull/17738>) from [adfoster-r7](<https://github.com/adfoster-r7>) \\- Fix Ruby 3.2 crash when running certain tools\n * [#17758](<https://github.com/rapid7/metasploit-framework/pull/17758>) from [zeroSteiner](<https://github.com/zeroSteiner>) \\- The metasploit-payloads gem has been bumped to fix a token handle leak that was causing Python Meterpreters to leave dangling handles after using `getprivs`, fix a error in `packet_transmit_http` whereby error codes were not appropriately returned, and update the `arp` command to properly return the interface name instead of the index for the `interface` column.\n\n## Documentation added (3)\n\n * [#17684](<https://github.com/rapid7/metasploit-framework/pull/17684>) from [adfoster-r7](<https://github.com/adfoster-r7>) \\- This PR adds the RBCD exploitation documentation to the docs site.\n * [#17688](<https://github.com/rapid7/metasploit-framework/pull/17688>) from [adfoster-r7](<https://github.com/adfoster-r7>) \\- This PR fixes several broken wiki links, as well as adding validation to users users don't use the wrong syntax when making docs changes.\n * [#17743](<https://github.com/rapid7/metasploit-framework/pull/17743>) from [adfoster-r7](<https://github.com/adfoster-r7>) \\- A new page has been added to explain the `METASPLOIT_CPU_PROFILE` and `METASPLOIT_MEMORY_PROFILE` options and to explain how to profile `msfconsole`'s and `msfvenom`'s performance on systems.\n\nYou can always find more documentation on our docsite at [docs.metasploit.com](<https://docs.metasploit.com/>).\n\n## Get it\n\nAs always, you can update to the latest Metasploit Framework with `msfupdate` \nand you can get more details on the changes since the last blog post from \nGitHub:\n\n * [Pull Requests 6.3.5...6.3.6](<https://github.com/rapid7/metasploit-framework/pulls?q=is:pr+merged:%222023-03-02T14%3A22%3A58%2B00%3A00..2023-03-09T19%3A29%3A16%2B01%3A00%22>)\n * [Full diff 6.3.5...6.3.6](<https://github.com/rapid7/metasploit-framework/compare/6.3.5...6.3.6>)\n\nIf you are a `git` user, you can clone the [Metasploit Framework repo](<https://github.com/rapid7/metasploit-framework>) (master branch) for the latest. \nTo install fresh without using git, you can use the open-source-only [Nightly Installers](<https://github.com/rapid7/metasploit-framework/wiki/Nightly-Installers>) or the \n[binary installers](<https://www.rapid7.com/products/metasploit/download.jsp>) (which also include the commercial edition).", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2023-03-10T19:00:00", "type": "rapid7blog", "title": "Metasploit Weekly Wrap-Up", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-36942", "CVE-2023-22952"], "modified": "2023-03-10T19:00:00", "id": "RAPID7BLOG:A7E1C05842DF5C07D9B1BA23B2235727", "href": "https://blog.rapid7.com/2023/03/10/metasploit-weekly-wrap-up-196/", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2021-08-21T10:49:33", "description": "\n\nHot off the press, it\u2019s another issue of the Patch Tuesday blog! While the number of vulnerabilities is low this month, there are a number of high risk items administrators will want to patch right away including a few that will require additional remediation steps. This Patch Tuesday also includes updates for three vulnerabilities that were publicly disclosed earlier this month. Let\u2019s jump in.\n\n## Windows Elevation of Privilege Vulnerability aka HiveNightmare/SeriousSAM\n\n<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-36934> \nWith a public proof-of-concept having been available for some time, administrators should prioritize taking action on CVE-2021-36934. Remediation for this vulnerability requires volume shadow copies for system files to be deleted. This is due to the nature of the vulnerability, as the files with the vulnerable permissions could be restored from a backup and accessed even after the patch is installed. Microsoft indicates they took caution not to delete users' backups, but the trade-off is that customers will need to do the chore themselves. We've updated [our blog post](<https://www.rapid7.com/blog/post/2021/07/21/microsoft-sam-file-readability-cve-2021-36934-what-you-need-to-know/>) with this additional information.\n\n## Windows LSA Spoofing Vulnerability aka ADV210003\n\n<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-36942> \nAnother high priority action for patching teams is CVE-2021-36942. This update patches one of the vectors used in the PetitPotam attack. After applying this update there are additional configurations required in order to protect systems from other attack vectors using registry keys. The InsightVM team has included detection for the registry keys needed to enable EPA and SMB Signing in addition to the normal update. Please see [our blog post](<https://www.rapid7.com/blog/post/2021/08/03/petitpotam-novel-attack-chain-can-fully-compromise-windows-domains-running-ad-cs/>) for more information.\n\n## Windows Services for NFS ONCRPC XDR Driver Remote Code Execution Vulnerability\n\n<https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-26432> \nWhile Microsoft has not offered up any details for this vulnerability we can glean some info from the CVSS information. This remote code execution vulnerability is reachable from the network service with no authentication or user action required. There may not be an exploit available for this yet, but Microsoft indicates that \u201cExploitation [is] more likely\u201d. Put this update near the top of your TODO list.\n\n## Windows TCP/IP Remote Code Execution Vulnerability\n\n<https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-26424> \nLast on our list is a vulnerability that can result in remote execution on a Hyper-V host via the IPv6 networking stack. If Hyper-V is used in your environment this should be first on your list this month. \n\n## Summary Graphs\n\n\n\n## Summary Tables\n\n## Azure Vulnerabilities\n\nCVE | Title | Exploited | Disclosed | CVSS3 | FAQ \n---|---|---|---|---|--- \n[CVE-2021-36949](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-36949>) | Microsoft Azure Active Directory Connect Authentication Bypass Vulnerability | No | No | 7.1 | Yes \n[CVE-2021-26428](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-26428>) | Azure Sphere Information Disclosure Vulnerability | No | No | 4.4 | Yes \n[CVE-2021-26429](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-26429>) | Azure Sphere Elevation of Privilege Vulnerability | No | No | 7.7 | Yes \n[CVE-2021-26430](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-26430>) | Azure Sphere Denial of Service Vulnerability | No | No | 6 | Yes \n[CVE-2021-33762](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-33762>) | Azure CycleCloud Elevation of Privilege Vulnerability | No | No | 7 | No \n[CVE-2021-36943](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-36943>) | Azure CycleCloud Elevation of Privilege Vulnerability | No | No | 4 | No \n \n## Browser Vulnerabilities\n\nCVE | Title | Exploited | Disclosed | CVSS3 | FAQ \n---|---|---|---|---|--- \n[CVE-2021-30597](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-30597>) | Chromium: CVE-2021-30597 Use after free in Browser UI | No | No | | Yes \n[CVE-2021-30596](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-30596>) | Chromium: CVE-2021-30596 Incorrect security UI in Navigation | No | No | | Yes \n[CVE-2021-30594](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-30594>) | Chromium: CVE-2021-30594 Use after free in Page Info UI | No | No | | Yes \n[CVE-2021-30593](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-30593>) | Chromium: CVE-2021-30593 Out of bounds read in Tab Strip | No | No | | Yes \n[CVE-2021-30592](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-30592>) | Chromium: CVE-2021-30592 Out of bounds write in Tab Groups | No | No | | Yes \n[CVE-2021-30591](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-30591>) | Chromium: CVE-2021-30591 Use after free in File System API | No | No | | Yes \n[CVE-2021-30590](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-30590>) | Chromium: CVE-2021-30590 Heap buffer overflow in Bookmarks | No | No | | Yes \n \n## Developer Tools Vulnerabilities\n\nCVE | Title | Exploited | Disclosed | CVSS3 | FAQ \n---|---|---|---|---|--- \n[CVE-2021-34532](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-34532>) | ASP.NET Core and Visual Studio Information Disclosure Vulnerability | No | No | 5.5 | Yes \n[CVE-2021-34485](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-34485>) | .NET Core and Visual Studio Information Disclosure Vulnerability | No | No | 5 | Yes \n[CVE-2021-26423](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-26423>) | .NET Core and Visual Studio Denial of Service Vulnerability | No | No | 7.5 | No \n \n## Microsoft Dynamics Vulnerabilities\n\nCVE | Title | Exploited | Disclosed | CVSS3 | FAQ \n---|---|---|---|---|--- \n[CVE-2021-36946](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-36946>) | Microsoft Dynamics Business Central Cross-site Scripting Vulnerability | No | No | 5.4 | No \n[CVE-2021-34524](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-34524>) | Microsoft Dynamics 365 (on-premises) Remote Code Execution Vulnerability | No | No | 8.1 | No \n[CVE-2021-36950](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-36950>) | Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability | No | No | 5.4 | No \n \n## Microsoft Office Vulnerabilities\n\nCVE | Title | Exploited | Disclosed | CVSS3 | FAQ \n---|---|---|---|---|--- \n[CVE-2021-36941](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-36941>) | Microsoft Word Remote Code Execution Vulnerability | No | No | 7.8 | Yes \n[CVE-2021-36940](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-36940>) | Microsoft SharePoint Server Spoofing Vulnerability | No | No | 7.6 | No \n[CVE-2021-34478](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-34478>) | Microsoft Office Remote Code Execution Vulnerability | No | No | 7.8 | Yes \n \n## System Center Vulnerabilities\n\nCVE | Title | Exploited | Disclosed | CVSS3 | FAQ \n---|---|---|---|---|--- \n[CVE-2021-34471](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-34471>) | Microsoft Windows Defender Elevation of Privilege Vulnerability | No | No | 7.8 | Yes \n \n## Windows Vulnerabilities\n\nCVE | Title | Exploited | Disclosed | CVSS3 | FAQ \n---|---|---|---|---|--- \n[CVE-2021-26426](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-26426>) | Windows User Account Profile Picture Elevation of Privilege Vulnerability | No | No | 7 | No \n[CVE-2021-36948](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-36948>) | Windows Update Medic Service Elevation of Privilege Vulnerability | Yes | No | 7.8 | No \n[CVE-2021-26432](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-26432>) | Windows Services for NFS ONCRPC XDR Driver Remote Code Execution Vulnerability | No | No | 9.8 | No \n[CVE-2021-26433](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-26433>) | Windows Services for NFS ONCRPC XDR Driver Information Disclosure Vulnerability | No | No | 7.5 | Yes \n[CVE-2021-36926](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-36926>) | Windows Services for NFS ONCRPC XDR Driver Information Disclosure Vulnerability | No | No | 7.5 | Yes \n[CVE-2021-36932](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-36932>) | Windows Services for NFS ONCRPC XDR Driver Information Disclosure Vulnerability | No | No | 7.5 | Yes \n[CVE-2021-36933](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-36933>) | Windows Services for NFS ONCRPC XDR Driver Information Disclosure Vulnerability | No | No | 7.5 | Yes \n[CVE-2021-26431](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-26431>) | Windows Recovery Environment Agent Elevation of Privilege Vulnerability | No | No | 7.8 | No \n[CVE-2021-34534](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-34534>) | Windows MSHTML Platform Remote Code Execution Vulnerability | No | No | 6.8 | Yes \n[CVE-2021-34530](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-34530>) | Windows Graphics Component Remote Code Execution Vulnerability | No | No | 7.8 | No \n[CVE-2021-34486](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-34486>) | Windows Event Tracing Elevation of Privilege Vulnerability | No | No | 7.8 | No \n[CVE-2021-34487](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-34487>) | Windows Event Tracing Elevation of Privilege Vulnerability | No | No | 7 | No \n[CVE-2021-36938](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-36938>) | Windows Cryptographic Primitives Library Information Disclosure Vulnerability | No | No | 5.5 | No \n[CVE-2021-36945](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-36945>) | Windows 10 Update Assistant Elevation of Privilege Vulnerability | No | No | 7.3 | No \n[CVE-2021-34536](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-34536>) | Storage Spaces Controller Elevation of Privilege Vulnerability | No | No | 7.8 | No \n \n## Windows ESU Vulnerabilities\n\nCVE | Title | Exploited | Disclosed | CVSS3 | FAQ \n---|---|---|---|---|--- \n[CVE-2021-34484](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-34484>) | Windows User Profile Service Elevation of Privilege Vulnerability | No | No | 7.8 | No \n[CVE-2021-26424](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-26424>) | Windows TCP/IP Remote Code Execution Vulnerability | No | No | 9.9 | Yes \n[CVE-2021-36936](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-36936>) | Windows Print Spooler Remote Code Execution Vulnerability | No | Yes | 8.8 | No \n[CVE-2021-36947](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-36947>) | Windows Print Spooler Remote Code Execution Vulnerability | No | No | 8.8 | No \n[CVE-2021-34483](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-34483>) | Windows Print Spooler Elevation of Privilege Vulnerability | No | No | 7.8 | No \n[CVE-2021-36937](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-36937>) | Windows Media MPEG-4 Video Decoder Remote Code Execution Vulnerability | No | No | 7.8 | No \n[CVE-2021-36942](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-36942>) | Windows LSA Spoofing Vulnerability | No | Yes | 7.5 | Yes \n[CVE-2021-34533](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-34533>) | Windows Graphics Component Font Parsing Remote Code Execution Vulnerability | No | No | 7.8 | No \n[CVE-2021-26425](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-26425>) | Windows Event Tracing Elevation of Privilege Vulnerability | No | No | 7.8 | No \n[CVE-2021-36927](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-36927>) | Windows Digital TV Tuner device registration application Elevation of Privilege Vulnerability | No | No | 7.8 | No \n[CVE-2021-34537](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-34537>) | Windows Bluetooth Driver Elevation of Privilege Vulnerability | No | No | 7.8 | Yes \n[CVE-2021-34480](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-34480>) | Scripting Engine Memory Corruption Vulnerability | No | No | 6.8 | Yes \n[CVE-2021-34535](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-34535>) | Remote Desktop Client Remote Code Execution Vulnerability | No | No | 8.8 | Yes", "cvss3": {}, "published": "2021-08-11T03:19:33", "type": "rapid7blog", "title": "Patch Tuesday - August 2021", "bulletinFamily": "info", "cvss2": {}, "cvelist": ["CVE-2021-26423", "CVE-2021-26424", "CVE-2021-26425", "CVE-2021-26426", "CVE-2021-26428", "CVE-2021-26429", "CVE-2021-26430", "CVE-2021-26431", "CVE-2021-26432", "CVE-2021-26433", "CVE-2021-30590", "CVE-2021-30591", "CVE-2021-30592", "CVE-2021-30593", "CVE-2021-30594", "CVE-2021-30596", "CVE-2021-30597", "CVE-2021-33762", "CVE-2021-34471", "CVE-2021-34478", "CVE-2021-34480", "CVE-2021-34483", "CVE-2021-34484", "CVE-2021-34485", "CVE-2021-34486", "CVE-2021-34487", "CVE-2021-34524", "CVE-2021-34530", "CVE-2021-34532", "CVE-2021-34533", "CVE-2021-34534", "CVE-2021-34535", "CVE-2021-34536", "CVE-2021-34537", "CVE-2021-36926", "CVE-2021-36927", "CVE-2021-36932", "CVE-2021-36933", "CVE-2021-36934", "CVE-2021-36936", "CVE-2021-36937", "CVE-2021-36938", "CVE-2021-36940", "CVE-2021-36941", "CVE-2021-36942", "CVE-2021-36943", "CVE-2021-36945", "CVE-2021-36946", "CVE-2021-36947", "CVE-2021-36948", "CVE-2021-36949", "CVE-2021-36950"], "modified": "2021-08-11T03:19:33", "id": "RAPID7BLOG:DE426F8A59CA497BB6C0B90C0F1849CD", "href": "https://blog.rapid7.com/2021/08/11/patch-tuesday-august-2021/", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-11-04T21:03:07", "description": "### What is this thing?\n\n\n\nResearchers at the University of Cambridge and the University of Edinburgh recently published [a paper](<https://www.trojansource.codes/trojan-source.pdf>) on an attack technique they call \u201cTrojan Source.\u201d The attack targets a weakness in text-encoding standard Unicode\u2014which allows computers to handle text across many different languages\u2014to trick compilers into emitting binaries that do not actually match the logic visible in source code. In other words, what a developer or security analyst sees in source code with their own eyes could be different from how a compiler interprets it\u2014leading, in effect, to an attack that is not easily discernible. This weakness arises from Unicode\u2019s bidirectional [\u201cBiDi\u201d algorithm](<https://www.w3.org/International/articles/inline-bidi-markup/uba-basics>) and affects most compilers, or perhaps more accurately, most editing and code review tooling; the idea that source code will be compiled the way it is displayed to the human eye is a fundamental assumption.\n\n### How the attack works.\n\nIt is possible, and often necessary, to have both left-to-right and right-to-left glyphs appear in the same sentence. A classic example from O\u2019Reilly\u2019s \u201c[Unicode Explained](<https://www.oreilly.com/library/view/unicode-explained/059610121X/>)\u201d book shows Arabic embedded in an English sentence and the direction readers familiar with both languages will read the section in: \n\n\n\n\n \nThe official Unicode site also has [additional information and examples](<https://www.unicode.org/reports/tr36/#Bidirectional_Text_Spoofing>).\n\nThere are a few options available to creators when the need for a document or section of a document to support bidirectional content, one of which is to insert \u201cinvisible\u201d control characters that dictate the directionality of text following the directive. This is how the \u201cTrojan Source\u201d attack works. Let\u2019s use one of the examples from the paper to illustrate what\u2019s going on.\n\n\n\nThe screenshot above is from the GitHub repository associated with the paper and shows the C language source code that looks like it should not print anything when compiled and run. (Also note that there is a very explicit safety banner, which you should absolutely take very seriously in any source code you see it displayed in).\n\nWhen we copy that code from the browser and paste it into the popular [Sublime Text](<https://www.sublimetext.com/>) editor with the [Gremlins](<https://packagecontrol.io/packages/Gremlins>) package installed and enabled, we can see the attempted shenanigans pretty clearly:\n\n\n\nThe line number sidebar shows where sneaky directives have been inserted, and the usually invisible content is explicitly highlighted and _not_ interpreted, so you can see what\u2019s actually getting compiled. In this case, one is always \u201cadmin\u201d when they run this program.** The bottom line is that you cannot fully trust just your eyes without some assistance**.\n\nNote that `cat` Linux command (available on Windows via the Windows Subsystem for Linux and via macOS by installing the GNU version of the utility) can also be used to display these invisible gremlins:\n \n \n cat -A -v commentint-out.c #include <stdio.h>$\n #include <stdbool.h>$\n $\n int main() {$\n bool isAdmin = false;$\n /*M-bM-^@M-. } M-bM-^AM-&if (isAdmin)M-bM-^AM-) M-bM-^AM-& begin admins only */$\n printf(\"You are an admin.\\n\");$\n /* end admins only M-bM-^@M-. { M-bM-^AM-&*/$\n return 0;$\n }$\n $\n \n\nUnfortunately, GitHub\u2019s safety banner and code-editor plugins do not scale very well. Thankfully, Red Hat has come to the rescue with a [simple Python script](<https://access.redhat.com/security/vulnerabilities/RHSB-2021-007#diagnostic-tools:>) which can help us identify potential issues across an entire codebase with relative ease. It should also be possible to use this script in pre-commit hooks or in CI/CD workflows to prevent malicious code from entering into production.\n\n### CVSSv3 9.8?! Orly?!\n\nWhile this isn\u2019t really a \u201cvulnerability\u201d in the traditional sense of the word, it\u2019s been assigned [CVE-2021-42574](<https://nvd.nist.gov/vuln/detail/CVE-2021-42574>) and given a \u201cCritical\u201d CVSSv3 score of 9.8. (The [\u201cPetitPotam\u201d attack chain](<https://www.rapid7.com/blog/post/2021/08/03/petitpotam-novel-attack-chain-can-fully-compromise-windows-domains-running-ad-cs/>) targeting Windows domains is another example of a technique that was [recently assigned a CVE](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-36942>).) It\u2019s a little puzzling why CVE-2021-42574 merited a \u201cCritical\u201d severity score, though. According to [our calculations](<https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator?vector=AV:L/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:N&version=3.1>), this weakness should be more like a 5.6 on the CVSSv3 scale. \n\n### Should I be super scared?\n\nIt\u2019s an interesting attack, and its universality is certainly attention-grabbing. With that said, there are some caveats to both novelty and exploitability. Attack techniques that leverage Unicode\u2019s text expression [aren\u2019t new](<https://www.detectx.com.au/rtlo-right-to-left-override-technique-for-file-extension-spoofing/>). The CVSS score assigned to this is overblown. To exploit this weakness, an attacker would need to have direct access to developers\u2019 workstations, source code management system, or CI pipelines. If an attacker has direct access to your source code management system, frankly, you probably have bigger problems than this attack. Note that said \u201cattacker\u201d could be a legitimate, malicious insider; those types of attackers are notoriously difficult to fully defend against.\n\n### What should I do?\n\nYou should apply patches from vendors whose products you rely on just as you normally would, keeping in mind that because this flaw is present in so many tooling implementations, you could apply many patches and still be considered \u201cvulnerable\u201d in other implementations. The better thing to do would be to apply a fairly straightforward mitigation: Disallow BiDi directives in your code base if you're writing in only English or only Arabic.\n\nAs noted above, you should absolutely heed the Unicode safety warnings (if available) in any source code repositories you use, and strongly consider using something like the aforementioned Red Hat Unicode directionality directive checker-script in source code control and continuous integration and deployment workflows.\n\nWe advise prioritizing truly critical patches and limiting service and system exposure before worrying about source code-level attacks that require local or physical access.\n\n#### NEVER MISS A BLOG\n\nGet the latest stories, expertise, and news about security today.\n\nSubscribe", "cvss3": {}, "published": "2021-11-04T19:47:45", "type": "rapid7blog", "title": "Trojan Source CVE-2021-42572: No Panic Necessary", "bulletinFamily": "info", "cvss2": {}, "cvelist": ["CVE-2021-36942", "CVE-2021-42572", "CVE-2021-42574"], "modified": "2021-11-04T19:47:45", "id": "RAPID7BLOG:9171BB636F16B6AC97B939C701ABE971", "href": "https://blog.rapid7.com/2021/11/04/trojan-source-cve-2021-42572/", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-08-25T18:57:37", "description": "\n\n_This attack is ongoing. See the `Updates` section at the end of this post for new information as it comes to light. Rapid7 also has a [technical analysis of the ProxyShell exploit chain](<https://attackerkb.com/topics/xbr3tcCFT3/proxyshell-exploit-chain/rapid7-analysis>) in AttackerKB._\n\nOn August 5, 2021, in [a Black Hat USA talk](<https://i.blackhat.com/USA21/Wednesday-Handouts/us-21-ProxyLogon-Is-Just-The-Tip-Of-The-Iceberg-A-New-Attack-Surface-On-Microsoft-Exchange-Server.pdf>), DEVCORE researcher Orange Tsai shared information on [several exploit chains](<https://blog.orange.tw/2021/08/proxylogon-a-new-attack-surface-on-ms-exchange-part-1.html>) targeting on-premises installations of Microsoft Exchange Server. Among the exploit chains presented were ProxyLogon, which was [exploited en masse in February and March](<https://www.rapid7.com/blog/post/2021/03/03/mass-exploitation-of-exchange-server-zero-day-cves-what-you-need-to-know/>) of 2021, and ProxyShell, an attack chain originally demonstrated at the Pwn2Own hacking competition this past April. As of August 12, 2021, multiple researchers have detected widespread opportunistic [scanning](<https://twitter.com/bad_packets/status/1425598895569006594>) and [exploitation](<https://twitter.com/GossiTheDog/status/1425844380376735746>) of Exchange servers using the ProxyShell chain.\n\nAccording to Orange Tsai's demonstration, the ProxyShell exploit chain allows a remote unauthenticated attacker to execute arbitrary commands on a vulnerable on-premises instance of Microsoft Exchange Server via port 443. The exploit is comprised of three discrete CVEs:\n\n * [CVE-2021-34473](<https://www.rapid7.com/db/vulnerabilities/msft-cve-2021-34473/>), a remote code execution vulnerability [patched April 13, 2021](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-34473>)\n * [CVE-2021-34523](<https://www.rapid7.com/db/vulnerabilities/msft-cve-2021-34523/>), an elevation of privilege vulnerability [patched April 13, 2021](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-34523>)\n * [CVE-2021-31207](<https://www.rapid7.com/db/vulnerabilities/msft-cve-2021-31207/>), a security feature bypass [patched May 11, 2021](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-31207>)\n\n_While CVE-2021-34473 and CVE-2021-34523 were patched in April, Microsoft\u2019s advisories note that they were inadvertently omitted from publication until July._\n\nWhen chained, these vulnerabilities allow the attacker to bypass ACL controls, send a request to a PowerShell back-end, and elevate privileges, effectively authenticating the attacker and allowing for remote code execution. Both public and private proof-of-concept exploits have been released as of August 18, 2021\u2014not surprising, since ProxyShell was first demonstrated more than four months ago at Pwn2Own. A number of [technical analyses](<https://y4y.space/2021/08/12/my-steps-of-reproducing-proxyshell/>) of the chain have also [been published](<https://peterjson.medium.com/reproducing-the-proxyshell-pwn2own-exploit-49743a4ea9a1>). See Rapid7's exploit chain analysis [in AttackerKB](<https://attackerkb.com/topics/xbr3tcCFT3/proxyshell-exploit-chain/rapid7-analysis>).\n\nNotably, there has been confusion about which CVE is which across various advisories and research descriptions \u2014 Microsoft, for instance, describes CVE-2021-34473 as a remote code execution vulnerability, but [Orange Tsai\u2019s Black Hat slides](<https://i.blackhat.com/USA21/Wednesday-Handouts/us-21-ProxyLogon-Is-Just-The-Tip-Of-The-Iceberg-A-New-Attack-Surface-On-Microsoft-Exchange-Server.pdf>) list CVE-2021-34473 as the initial ACL bypass. Community researchers have also [expressed confusion](<https://twitter.com/GossiTheDog/status/1424791670076411905>) over CVE numbering across the ProxyShell chain, but ultimately, the takeaway is the same: Organizations that have not patched these vulnerabilities should do so on an emergency basis and invoke incident response protocols to look for indicators of compromise.\n\n## Affected products\n\nThe following versions of Exchange Server are vulnerable to all three ProxyShell CVEs:\n\n * Microsoft Exchange Server 2019 Cumulative Update 9\n * Microsoft Exchange Server 2019 Cumulative Update 8\n * Microsoft Exchange Server 2016 Cumulative Update 20\n * Microsoft Exchange Server 2016 Cumulative Update 19\n * Microsoft Exchange Server 2013 Cumulative Update 23\n\nOrganizations that rely on on-premises installations of Exchange Server and are not able to move to O365 should ensure that all Exchange instances are patched on a zero-day basis. In order to do this, it is vital that defenders keep up-to-date with quarterly Cumulative Updates, since Microsoft only releases security fixes for [the most recent Cumulative Update versions](<https://docs.microsoft.com/en-us/exchange/new-features/updates>).\n\nWhile ProxyShell and March\u2019s ProxyLogon exploit chain are the two attacks that have already resulted in widespread exploitation, they are not the only exploit chains targeting on-premises Exchange servers. Exchange continues to be valuable and accessible attack surface area for both sophisticated and run-of-the-mill threat actors, and we will certainly see additional widespread exploitation in the future.\n\nRead more from our emergent threat response team on [high-priority attack surface area](<https://www.rapid7.com/blog/post/2021/08/12/popular-attack-surfaces-august-2021-what-you-need-to-know/>), including Windows Print Spooler and Pulse Connect Secure VPNs.\n\n## Rapid7 customers\n\nInsightVM and Nexpose customers can assess their exposure to all three ProxyShell CVEs with authenticated vulnerability checks.\n\nThe following attacker behavior detection is available InsightIDR customers:\n\n * Suspicious Process - Process Spawned By Outlook Web Access\n\nThis detection will identify processes spawned by Microsoft IIS processes that have been configured to serve as Outlook Web Access web servers for Microsoft Exchange. Rogue processes being spawned may be an indication of a successful attack against these systems and has been observed targeted by various malicious actors.\n\nIf this detection fires in your environment, you should determine whether it is part of authorized administrator activity. Examine the parent process that spawned the command, and anything else that process may have spawned. If this activity is not benign or expected, consider rebuilding the host from a known, good source and having any possibly affected users change their passwords.\n\n## Updates\n\n**August 25, 2021:** Rapid7 estimates that there are over 84,000 Exchange servers that appear vulnerable to the ProxyShell attack chain. \n\n\n**August 23, 2021:** Multiple sources have now [reported](<https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/lockfile-ransomware-new-petitpotam-windows>) that at least one ransomware gang (LockFile) is chaining ProxyShell with PetitPotam (CVE-2021-36942) to compromise Windows domain controllers. See [Rapid7's blog on PetitPotam](<https://www.rapid7.com/blog/post/2021/08/03/petitpotam-novel-attack-chain-can-fully-compromise-windows-domains-running-ad-cs/>) for patching and additional required mitigation advice.\n\n**August 21, 2021:** Rapid7's Managed Detection and Response (MDR) and Incident Response (IR) teams have noted a significant uptick in Exchange exploitation by multiple threat actors. Community researchers have also noted that attackers are exploiting the ProxyShell vulnerabilities to drop webshells and [spread ransomware](<https://doublepulsar.com/multiple-threat-actors-including-a-ransomware-gang-exploiting-exchange-proxyshell-vulnerabilities-c457b1655e9c>) on vulnerable targets.\n\nWe are monitoring for additional attacker behavior and will update this blog as further information comes to light.\n\n**August 16, 2021:** We have begun to see public proof-of-concept (PoC) code implementing the ProxyShell exploit chain. Exploitation is ongoing.\n\n#### NEVER MISS A BLOG\n\nGet the latest stories, expertise, and news about security today.\n\nSubscribe", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 5.9}, "published": "2021-08-12T21:08:43", "type": "rapid7blog", "title": "ProxyShell: More Widespread Exploitation of Microsoft Exchange Servers", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-31207", "CVE-2021-34473", "CVE-2021-34523", "CVE-2021-36942"], "modified": "2021-08-12T21:08:43", "id": "RAPID7BLOG:03B1EB65D8A7CFE486943E2472225BA1", "href": "https://blog.rapid7.com/2021/08/12/proxyshell-more-widespread-exploitation-of-microsoft-exchange-servers/", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-08-25T01:34:04", "description": "\n\n_See the `Updates` section at the end of this post for new information as it comes to light._\n\nWhether you attended virtually, IRL, or not at all, Black Hat and DEF CON have officially wrapped, and security folks\u2019 brains are replete with fresh information on new (and some not-so-new) vulnerabilities and exploit chains. The \u201chacker summer camp\u201d conferences frequently also highlight attack surface area that may _not_ be net-new \u2014 but that is subjected to renewed and redoubled community interest coming out of Vegas week. See Rapid7\u2019s summaries [here](<https://www.rapid7.com/blog/post/2021/08/05/black-hat-recap-1/>) and [here](<https://www.rapid7.com/blog/post/2021/08/06/black-hat-recap-2/>).\n\nHere\u2019s the specific attack surface area and a few of the exploit chains we\u2019re keeping our eye on right now:\n\n * Orange Tsai stole the show (as always) at Black Hat with a talk on fresh **Microsoft Exchange** attack surface area. All in all, Orange discussed CVEs from [what appears to be four separate attack chains](<https://blog.orange.tw/2021/08/proxylogon-a-new-attack-surface-on-ms-exchange-part-1.html>) \u2014including the ProxyLogon exploit chain that made headlines when it hit exposed Exchange servers as a zero-day attack [back in March](<https://www.rapid7.com/blog/post/2021/03/03/mass-exploitation-of-exchange-server-zero-day-cves-what-you-need-to-know/>) and the \u201cProxyShell\u201d exploit chain, which debuted at Pwn2Own and targets three now-patched CVEs in Exchange. Exchange continues to be a critically important attack surface area, and defenders should keep patched on a top-priority or zero-day basis wherever possible.\n * Print spooler vulnerabilities continue to cause nightmares. DEF CON saw the release of new privilege escalation exploits for Windows Print Spooler, and Black Hat featured a talk by Sangfor Technologies researchers that chronicled both [new Windows Print Spooler vulnerabilities](<https://attackerkb.com/assessments/85a30c9a-e126-4ec0-bda4-d166e03c5390>) and past patch bypasses for vulns like CVE-2020-1048 (whose patch was bypassed three times). Given that many defenders are still trying to remediate the \u201cPrintNightmare\u201d vulnerability from several weeks ago, it\u2019s fair to say that Windows Print Spooler will remain an important attack surface area to prioritize in future Patch Tuesdays.\n * There\u2019s also a new vulnerability in Pulse Connect Secure VPNs that caught our attention \u2014 the vuln is actually a bypass for CVE-2020-8260, which came out last fall and evidently didn\u2019t completely fade away \u2014 despite the fact that it\u2019s authenticated and requires admin access. With CISA\u2019s warnings about APT attacks against Pulse Connect Secure devices, it\u2019s probably wise to patch CVE-2021-22937 quickly.\n * And finally, the SpecterOps crew gave a highly anticipated Black Hat talk on several new attack techniques that [abuse Active Directory Certificate Services](<https://posts.specterops.io/certified-pre-owned-d95910965cd2>) \u2014 something we covered previously in our summary of the [PetitPotam attack chain](<https://www.rapid7.com/blog/post/2021/08/03/petitpotam-novel-attack-chain-can-fully-compromise-windows-domains-running-ad-cs/>). This is neat research for red teams, and it may well show up on blue teams\u2019 pentest reports.\n\n### Microsoft Exchange ProxyShell chain\n\n**Patches:** Available \n**Threat status:** Possible threat (at least one report of exploitation in the wild)\n\nIt goes without saying that Microsoft Exchange is a high-value, popular attack surface that gets constant attention from threat actors and researchers alike. That attention is increasing yet again after prominent security researcher Orange Tsai gave a talk at Black Hat USA last week revealing details on an attack chain first demonstrated at Pwn2Own. The chain, dubbed \u201cProxyShell,\u201d allows an attacker to take over an unpatched Exchange server. ProxyShell is similar to ProxyLogon (i.e., [CVE-2021-26855](<https://attackerkb.com/assessments/a5c77ede-3824-4176-a955-d6cf9a6a7417>) and [CVE-2021-27065](<https://attackerkb.com/assessments/74177979-e2ef-4078-9f91-993964292cfa>)), which continues to be popular in targeted attacks and opportunistic scans despite the fact that it was patched in March 2021.\n\nTwo of the three vulnerabilities used for ProxyShell were patched in April by Microsoft and the third was patched in July. As of August 9, 2021, private exploits have already been developed, and it\u2019s probably only a matter of time before public exploit code is released, which may allow for broader exploitation of the vulns in this attack chain (in spite of its complexity!). Rapid7 estimates that there are, at least, nearly 75,000 ProxyShell-vulnerable exchange servers online:\n\n\n\nWe strongly recommend that Exchange admins confirm that updates have been applied appropriately; if you haven\u2019t patched yet, you should do so immediately on an emergency basis.\n\nOne gotcha when it comes to Exchange administration is that Microsoft only releases security fixes for the [most recent Cumulative Update versions](<https://docs.microsoft.com/en-us/exchange/new-features/updates>), so it\u2019s vital to stay up to date with these quarterly releases in order to react quickly when new patches are published.\n\nProxyShell CVEs:\n\n * [CVE-2021-31207](<https://nvd.nist.gov/vuln/detail/CVE-2021-31207>)\n * [CVE-2021-34473](<https://nvd.nist.gov/vuln/detail/CVE-2021-34473>)\n * [CVE-2021-34523\u200b](<https://nvd.nist.gov/vuln/detail/CVE-2021-34523>)\n\n### Windows Print Spooler \u2014 and more printer woes\n\n**Patches:** Varies by CVE, mostly available \n**Threat status:** Varies by CVE, active and impending\n\nThe Windows Print Spooler was the subject of renewed attention after the premature disclosure of the PrintNightmare vulnerability earlier this summer, followed by new Black Hat and DEF CON talks last week. Among the CVEs discussed were a quartet of 2020 vulns (three of which were bypasses descended from CVE-2020-1048, which has been exploited in the wild since last year), three new remote code execution vulnerabilities arising from memory corruption flaws, and two new local privilege escalation vulnerabilities highlighted by researcher [Jacob Baines](<https://twitter.com/Junior_Baines>). Of this last group, one vulnerability \u2014 CVE-2021-38085 \u2014 remains unpatched.\n\nOn August 11, 2021, Microsoft assigned [CVE-2021-36958](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-36958>) to the latest Print Spooler remote code execution vulnerability which appears to require local system access and user interaction. Further details are limited at this time. However, as mitigation, Microsoft is continuing to recommend stopping and disabling the Print Spooler service. Even after this latest zero-day vulnerability is patched, we strongly recommend leaving the Print Spooler service disabled wherever possible. Read Rapid7\u2019s [blog on PrintNightmare](<https://www.rapid7.com/blog/post/2021/06/30/cve-2021-1675-printnightmare-patch-does-not-remediate-vulnerability/>) for further details and updates.\n\nWindows Print Spooler and related CVEs:\n\n * [CVE-2020-1048](<https://attackerkb.com/topics/QoQvwrIqEV/cve-2020-1048-windows-print-spooler-elevation-of-privilege-vulnerability?referrer=blog>) (elevation of privilege vuln in Windows Print Spooler presented at Black Hat 2020; exploited in the wild, Metasploit module available)\n * [CVE-2020-1337](<https://attackerkb.com/topics/mEEwlfrTK3/cve-2020-1337?referrer=blog>) (patch bypass for CVE-2020-1048; Metasploit module available)\n * [CVE-2020-17001](<https://attackerkb.com/topics/oGAzAwKy1N/cve-2020-17001?referrer=blog>) (patch bypass variant for CVE-2020-1048)\n * [CVE-2020-17014](<https://attackerkb.com/topics/N9XhrkViyk/cve-2020-17014?referrer=blog>) (patch bypass variant for CVE-2020-1048)\n * [CVE-2020-1300](<https://attackerkb.com/topics/43jdEqsVY1/cve-2020-1300?referrer=blog>) (local privilege escalation technique known as \u201c[EvilPrinter](<https://twitter.com/R3dF09/status/1271485928989528064>)\u201d presented at DEF CON 2020)\n * [CVE-2021-24088](<https://attackerkb.com/assessments/85a30c9a-e126-4ec0-bda4-d166e03c5390>) (new remote code execution vulnerability in the Windows local spooler, as presented at Black Hat 2021)\n * [CVE-2021-24077](<https://attackerkb.com/topics/wiyGYban1l/cve-2021-24077?referrer=blog>) (new remote code execution vulnerability in the Windows Fax Service, as presented at Black Hat 2021)\n * [CVE-2021-1722](<https://attackerkb.com/topics/v1Qm7veSwf/cve-2021-1722?referrer=blog>) (new remote code execution vulnerability in the Windows Fax Service, as presented at Black Hat 2021)\n * [CVE-2021-1675](<https://attackerkb.com/topics/dI1bxlM0ay/cve-2021-1675?referrer=blog>) (elevation of privilege vuln in Windows Print Spooler patched in June 2021)\n * [CVE-2021-34527](<https://attackerkb.com/topics/MIHLz4sY3s/cve-2021-34527-printnightmare?referrer=blog>), aka \u201cPrintNightmare\u201d\n * [CVE-2021-35449](<https://attackerkb.com/topics/9sV2bS0OSj/cve-2021-35449?referrer=blog>) (print driver local privilege escalation vulnerability, as [presented](<https://www.youtube.com/watch?v=vdesswZYz-8>) at DEF CON 2021; Metasploit module in progress)\n * [CVE-2021-38085](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-38085>) (**unpatched** print driver local privilege escalation vulnerability, as [presented](<https://www.youtube.com/watch?v=vdesswZYz-8>) at DEF CON 2021; Metasploit module in progress)\n * [CVE-2021-36958](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-36958>) (**unpatched** remote code execution vulnerability; announced August 11, 2021)\n\nCurrently, both [PrintNightmare](<https://www.rapid7.com/blog/post/2021/06/30/cve-2021-1675-printnightmare-patch-does-not-remediate-vulnerability/>) CVE-2021-34527 and CVE-2020-1048 are known to be exploited in the wild. As the list above demonstrates, patching print spooler and related vulns quickly and completely has been a challenge for Microsoft for the past year or so. The multi-step mitigations required for some vulnerabilities also give attackers an advantage. Defenders should harden printer setups wherever possible, including against malicious driver installation.\n\n### Pulse Connect Secure CVE-2021-22937\n\n**Patch:** Available \n**Threat status:** Impending (Exploitation expected soon)\n\nOn Monday, August 2, 2021, Ivanti published [Security Advisory SA44858](<https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44858>) which, among other fixes, includes a fix for CVE-2021-22937 for Pulse Connect Secure VPN Appliances running 9.1R11 or prior. Successful exploitation of this vulnerability, which carries a CVSSv3 score of 9.1, requires the use of an authenticated administrator account to achieve remote code execution (RCE) as user `root`.\n\nPublic proof-of-concept (PoC) exploit code has not been released as of this writing. However, this vulnerability is simply a workaround for [CVE-2020-8260](<https://blog.rapid7.com/2021/08/12/popular-attack-surfaces-august-2021-what-you-need-to-know/%E2%80%8B%E2%80%8Bhttps://attackerkb.com/topics/MToDzANCY4/cve-2020-8260?referrer=search#vuln-details>), an authentication bypass vulnerability that was heavily utilized by attackers, released in October 2020.\n\nThe Cybersecurity and Infrastructure Security Agency (CISA) has been monitoring the [Exploitation of Pulse Connect Secure Vulnerabilities](<https://us-cert.cisa.gov/ncas/alerts/aa21-110a>) demonstrating that attackers have been targeting Ivanti Pulse Connect Secure products for over a year. Due to attacker focus on Pulse Connect Secure products, and especially last year\u2019s CVE-2020-8260, Rapid7 recommends patching CVE-2021-22937 as soon as possible.\n\n### PetitPotam: Windows domain compromise\n\n**Patches:** Available \n**Threat status:** Threat (Exploited in the wild)\n\nIn July 2021, security researcher [Topotam](<https://github.com/topotam>) published a [PoC implementation](<https://github.com/topotam/PetitPotam>) of a novel NTLM relay attack christened \u201cPetitPotam.\u201d The technique used in the PoC allows a remote, unauthenticated attacker to completely take over a Windows domain with the Active Directory Certificate Service (AD CS) running \u2014 including domain controllers. Rapid7 researchers have tested public PoC code against a Windows domain controller setup and confirmed exploitability. One of our [senior researchers](<https://twitter.com/wvuuuuuuuuuuuuu>) summed it up with: "This attack is too easy." You can read Rapid7\u2019s full blog post [here](<https://www.rapid7.com/blog/post/2021/08/03/petitpotam-novel-attack-chain-can-fully-compromise-windows-domains-running-ad-cs/>).\n\nOn August 10, 2021, Microsoft released a patch that addresses the PetitPotam NTLM relay attack vector in today's Patch Tuesday. Tracked as [CVE-2021-36942](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-36942>), the August 2021 Patch Tuesday security update blocks the affected API calls [OpenEncryptedFileRawA](<https://docs.microsoft.com/en-us/windows/win32/api/winbase/nf-winbase-openencryptedfilerawa>) and [OpenEncryptedFileRawW](<https://docs.microsoft.com/en-us/windows/win32/api/winbase/nf-winbase-openencryptedfileraww>) through the LSARPC interface. Windows administrators should prioritize patching domain controllers and will still need to take additional steps listed in [KB5005413](<https://support.microsoft.com/en-us/topic/kb5005413-mitigating-ntlm-relay-attacks-on-active-directory-certificate-services-ad-cs-3612b773-4043-4aa9-b23d-b87910cd3429>) to ensure their systems are fully mitigated.\n\n### Rapid7 customers\n\nInsightVM and Nexpose customers can assess their exposure to the vulnerabilities in this post with authenticated vulnerability checks. Please note that details haven\u2019t yet been released on CVE-2021-38085 and CVE-2021-36958; therefore, it\u2019s still awaiting analysis and check development.\n\n### Updates\n\n**Pulse Connect Secure CVE-2021-22937** \nOn August 24, 2021, the Cybersecurity & Infrastructure Security Agency (CISA) released [Malware Analysis Report (AR21-236E)](<https://us-cert.cisa.gov/ncas/analysis-reports/ar21-236e>) which includes indicators of compromise (IOCs) to assist with Pulse Connect Secure investigations.\n\n#### NEVER MISS A BLOG\n\nGet the latest stories, expertise, and news about security today.\n\nSubscribe", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 5.9}, "published": "2021-08-12T17:13:25", "type": "rapid7blog", "title": "Popular Attack Surfaces, August 2021: What You Need to Know", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-1048", "CVE-2020-1300", "CVE-2020-1337", "CVE-2020-17001", "CVE-2020-17014", "CVE-2020-8260", "CVE-2021-1675", "CVE-2021-1722", "CVE-2021-22937", "CVE-2021-24077", "CVE-2021-24088", "CVE-2021-26855", "CVE-2021-27065", "CVE-2021-31207", "CVE-2021-34473", "CVE-2021-34523", "CVE-2021-34527", "CVE-2021-35449", "CVE-2021-36942", "CVE-2021-36958", "CVE-2021-38085"], "modified": "2021-08-12T17:13:25", "id": "RAPID7BLOG:5CDF95FB2AC31414FD390E0E0A47E057", "href": "https://blog.rapid7.com/2021/08/12/popular-attack-surfaces-august-2021-what-you-need-to-know/", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "cisa": [{"lastseen": "2021-11-26T18:11:40", "description": "**_Updated: August 24, 2021_**\n\nCISA is aware of open source reporting on the active exploitation of [CVE-2021-36942 (PetitPotam)](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-36942>). To address this vulnerability, Microsoft released a patch and [mitigation guidance](<https://support.microsoft.com/en-us/topic/kb5005413-mitigating-ntlm-relay-attacks-on-active-directory-certificate-services-ad-cs-3612b773-4043-4aa9-b23d-b87910cd3429>) as part of its August 2021 security updates. CISA strongly encourages users and administrators to review those updates and take the necessary actions as soon as possible.\n\n_**Original: August 10, 2021**_\n\nMicrosoft has released updates to address multiple vulnerabilities in Microsoft software. A remote attacker could exploit some of these vulnerabilities to take control of an affected system.\n\nCISA encourages users and administrators to review Microsoft\u2019s August 2021 [Security Update Summary](<https://msrc.microsoft.com/update-guide/releaseNote/2021-Aug>) and [Deployment Information](<https://msrc.microsoft.com/update-guide/releaseNote/2021-Aug>) and apply the necessary updates.\n\nThis product is provided subject to this Notification and this [Privacy & Use](<https://www.dhs.gov/privacy-policy>) policy.\n\n**Please share your thoughts.**\n\nWe recently updated our anonymous [product survey](<https://www.surveymonkey.com/r/CISA-cyber-survey?product=https://us-cert.cisa.gov/ncas/current-activity/2021/08/10/microsoft-releases-august-2021-security-updates>); we'd welcome your feedback.\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "LOW", "baseScore": 5.3, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 1.4}, "published": "2021-08-10T00:00:00", "type": "cisa", "title": "Microsoft Releases August 2021 Security Updates", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-36942"], "modified": "2021-08-24T00:00:00", "id": "CISA:1AD0E0C2A1CB165DDD5F6A0F4C21101D", "href": "https://us-cert.cisa.gov/ncas/current-activity/2021/08/10/microsoft-releases-august-2021-security-updates", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}}], "qualysblog": [{"lastseen": "2022-06-22T20:42:07", "description": "Over the last five years, the number of vulnerabilities disclosed has doubled. The speed at which vulnerabilities are weaponized and leveraged for mass exploitation is down to mere days (from weeks). For example, mass exploitation of the Log4Shell vulnerability at the end of 2021 occurred <48 hours after initial disclosure. Yet organizations take more than 30 days on average to patch critical vulnerabilities, leaving organizations exposed to unnecessary risk.\n\nQualys pioneered cloud-based vulnerability management software more than two decades ago. When we announced Qualys VMDR in 2020, these broader trends were evident to us. Qualys VMDR consolidated four foundational aspects of vulnerability management into a single all-in-one integrated solution to discover, assess, prioritize, and patch critical vulnerabilities at scale.\n\nThe first generation of Qualys VMDR helped organizations get instant visibility into an increasingly hybrid and fragmented IT infrastructure \u201cin under two seconds\u201d, detected new vulnerabilities faster than ever before (on average in four hours or less), prioritized based on threat intelligence, and remediated faster than traditional patch management solutions.\n\nIn our most recent analysis, Qualys VMDR customers using Qualys Patch Management patched CISA\u2019s Top 15 known exploited vulnerabilities of 2021 up to 60% faster than customers with traditional patch management solutions, dramatically reducing mean time to remediation (MTTR). In short, \u201cQualys VMDR 1.0\u201d revolutionized vulnerability management.\n\n## Defining the Future of Qualys VMDR\n\nAfter we released Qualys VMDR in 2020, we embarked on an in-depth listening tour with our customers. What did they want us to focus on next?\n\nThe recurring theme that emerged was Cyber Risk Management.\n\n[CIOs and CISOs crave answers and insights](<https://blog.qualys.com/qualys-insights/2022/05/31/transitioning-to-a-risk-based-approach-to-cybersecurity>) on some critical questions:\n\n * How can we quantify enterprise risk to measure it reliably and consistently over time?\n * Where is our organization exposed to the highest risk?\n * Which vulnerabilities pose the highest risk to our organization?\n * What actions do we need to take to reduce risk?\n * Which assets or groups of assets pose the highest risk to our organization?\n * How can we measure and communicate the effectiveness of our cybersecurity programs?\n * How can we automate our manual processes so that we respond to threats faster and reduce risk?\n\nIt was clear that to these cybersecurity leaders, it was all about managing cyber risk.\n\nWith that in mind, we've built the next generation of VMDR. We call it Qualys VMDR 2.0.\n\n[Read the Press Release](<https://www.qualys.com/vmdr-2-press-release>)\n\n## About Qualys VMDR 2.0\n\n\n\n[Qualys VMDR 2.0](<https://www.qualys.com/apps/vulnerability-management-detection-response/>) is an all-in-one risk-based vulnerability management solution that quantifies cyber risk. It gives organizations unprecedented insights into their risk posture and provides actionable steps to reduce risk. It also gives cybersecurity and IT teams a shared platform to collaborate and the power to quickly align and automate no-code workflows to respond to threats, thanks to seamless integration with QFlow and [ServiceNow ITSM](<https://www.servicenow.com/products/itsm.html>).\n\nLet\u2019s unpack everything that\u2019s new in this update of Qualys VMDR.\n\n### Accurately Quantify Cyber Risk\n\nRisks posed by modern cybersecurity threats are multifaceted. To accurately assess the true risk to your specific organization from vulnerabilities, assets, or groups of assets requires taking multiple factors into account.\n\nFor example, a vulnerability with CVSS rating of 9, with no exploits available, is a lower risk than a vulnerability that has a CVSS rating of 7.5 but has a weaponized exploit available and is being actively exploited in the wild.\n\nSimilarly, an actively exploited vulnerability is a low risk on an asset if mitigation or compensating controls are applied. One of the classic examples was to disable SMBv1 to defend against WannaCry exploitation (a.k.a. MS17-010). If SMBv1 was disabled, then the risk of exploitation was greatly reduced, hence the risk from that vulnerability on that asset should be lower.\n\nAt the asset level, similar dynamics are at play. Multiple factors need to be considered to determine the true risk of an asset to the organization. Consider questions such as: \n\n * How critical is the asset? \n * Where is it located? Is it internal or internet-facing? \n * What is the criticality of the vulnerabilities on the system? \n * Is the system hardened based on best practice guidance? \n * Is there evidence of malware or end-of-life software or other risk factors? \n\nAfter all, a squeaky-clean asset with no vulnerabilities but poorly misconfigured, thus giving broad unauthorized access to customer data, can be equally damaging to an organization.\n\nVMDR 2.0 with Qualys TruRiskTM automatically assesses multiple factors such as the asset criticality, its location, the vulnerabilities/misconfigurations found on the system, any compensating controls applied on the asset to reduce risk, exploit code maturity on the vulnerabilities, evidence of active exploitation, and many more such factors. Qualys TruRisk quantifies an organization's true risk so that IT and Security teams can focus on what\u2019s important. It does this by introducing multiple risk scores. \n\nLet\u2019s review the kinds of risk scores delivered by Qualys TruRisk.\n\n### Qualys Detection Score (QDS)\n\nQualys Detection Score (QDS) transparently rates the criticality of the Qualys vulnerability finding (i.e. QID) by considering multiple factors such as CVSS base score, exploit code maturity, active exploitation by malware or threat groups, real-time threat indicators, active exploitation in the wild, and most importantly any mitigation or compensating controls applied on the system.\n\nThe QDS score for a QID is specific to the asset on which it is detected. If an asset is protected from a vulnerability due to a compensating control, then the risk is rated lower.\n\nQualys Detection Score (QDS)\n\n### Asset Risk Score (ARS)\n\nQualys Asset Risk Score determines the score of an asset by considering multiple aspects of the asset and provides a transparent, easy-to-understand risk score. The key ingredient to the ARS is the asset\u2019s criticality, which is automatically determined from integration with the customer\u2019s CMDB. It also considers the location of the asset as well as the vulnerabilities and misconfigurations found on the system to determine the score.\n\nAsset Risk Score (ARS)\n\n### Identify Highest Risk Assets in Seconds\n\nThe Qualys risk scores described above form the foundation to quickly assess risk across the organization and understand where the highest risk resides. By combining them with asset tags, asset groups, business units, and Qualys Query Language (QQL) queries, organizations can quickly get a heat map of their risk exposure within seconds, take actions to reduce risk, and track risk reduction over time. These key features help organizations measure the effectiveness of their cybersecurity program.\n\nVDMR 2.0 with Qualys TruRisk Dashboard\n\n## Prioritize the Unprioritized\n\nQualys QDS and Qualys ARS risk scores are powered by in-depth exploit and threat intelligence for more than 180,000 vulnerabilities, sourced from 25+ different threat intelligence sources. These range from exploits available in commercial tools such as Canvas to open-source tools such as Metasploit to trending data that tracks active exploitation of vulnerabilities in the wild. Qualys also tracks exploits published daily on GitHub, which is increasingly becoming the go-to place to publish exploits.\n\nThe real-time collection of both exploit and threat intelligence allows organizations to effectively prioritize vulnerabilities based on risk. These would not have been prioritized by traditional CVSS score-based prioritization since they lack both threat and risk context. In the example below, a medium CVSS score is assigned to CVE-2021-36942 based on [NVD](<https://nvd.nist.gov/vuln/detail/CVE-2021-36942>) data, yet it is rated higher by Qualys TruRisk since it has weaponized exploit code available, evidence of active exploitation by malware and threat groups, and is actively exploited in the wild.\n\n\n\nOur transparent risk prioritization algorithm gives enterprises complete confidence to prioritize even unprioritized vulnerabilities and then to explain these decisions to all relevant stakeholders.\n\n### Close the Gap between IT & Security\n\nFor a vulnerability management program to be successful in any organization, three key elements \u2013 people, processes, and tools \u2013 need to converge and collaborate.\n\nThis is easier said than done.\n\nVulnerability management teams continue to struggle with manual processes relying on spreadsheets or passing PDF reports to IT teams to remediate and track the status of vulnerabilities. This process is inherently prone to errors and exposes organizations to unnecessary risks when critical vulnerabilities take too long to remediate.\n\nOn the other hand, IT teams are overwhelmed with a long list of vulnerabilities to patch\u2026 without a clear understanding of what to patch first, how to track the status of remediation, and how to ensure that SLAs are not breached.\n\nTo address these challenges, Qualys has introduced _Qualys VMDR for ITSM_, a [new certified ServiceNow app](<https://store.servicenow.com/sn_appstore_store.do#!/store/application/3bd20edd1b56fc10203dca22604bcb7c/1.0.5?referer=%2Fstore%2Fsearch%3Flistingtype%3Dallintegrations%25253Bancillary_app%25253Bcertified_apps%25253Bcontent%25253Bindustry_solution%25253Boem%25253Butility%25253Btemplate%26q%3DQualys%2520VMDR&sl=sh>) on the Now Platform, which allows IT and Security teams to share context while working to address vulnerability remediation end to end.\n\nQualys VMDR Apps on ServiceNow Store\n\nIt allows IT teams to import Qualys findings directly into ServiceNow ITSM on-demand or scheduled based on pre-defined criteria. IT can create tickets, assign them to rightful owners, and automatically close them out once the vulnerabilities are remediated.\n\nIt also automatically matches the assets to the configuration items (CI) by default. The CI matching is greatly enhanced with the optional [Qualys CMDB Sync app](<https://store.servicenow.com/sn_appstore_store.do#!/store/application/3ff07b0edba70010c1b3da75ca9619d8/1.3.1?referer=%2Fstore%2Fsearch%3Flistingtype%3Dallintegrations%25253Bancillary_app%25253Bcertified_apps%25253Bcontent%25253Bindustry_solution%25253Boem%25253Butility%25253Btemplate%26q%3DCMDB%2520sync&sl=sh>) available on the ServiceNow store.\n\nQualys VMDR with ITSM Dashboard\n\n### Automate Operational Tasks\n\nQualys VMDR 2.0 also integrates with QFlow technology which delivers drag-and-drop visual workflows that empower team collaboration. They can easily orchestrate complex vulnerability management tasks such as launching scans on ephemeral cloud assets or quarantining high-risk assets, purging terminated assets saving valuable time and resources for both IT and Security teams.\n\nAutomated workflows with QFlow\n\n### Receive Preemptive Attack Alerts\n\nQualys VMDR 2.0 leverages comprehensive threat and exploit intelligence to automatically map malware to CVE's and proactively alert teams on vulnerabilities exploited by malware or those used in an active malicious campaign known to target your organization or industry.\n\nReal time Threat Intelligence\n\n### API-first Solution\n\nQualys VMDR with TruRisk is designed with an API-first approach that helps IT and Security teams get risk insights over API's which can be directly imported from third party platforms to support reporting and analytics use cases. \n\n### All-inclusive with Qualys VMDR\n\nQualys VMDR with TruRisk, Qualys VMDR for ITSM, and all other capabilities discussed in this blog are included with a Qualys VMDR 2.0 license.\n\n## Turbo Charge VMDR 2.0 with Qualys Cloud Platform \n\nThat\u2019s not all. Qualys VMDR 2.0 turbo charges other cloud services on the Qualys Cloud Platform.\n\n### Qualys Cyber Security Asset Management (CSAM)\n\nAutomatically bring attack surface visibility directly into Qualys VMDR with integrations such as Shodan to prioritize assets exposed to the internet.\n\nAutomatically sync business criticality with asset criticality in Qualys to drive accurate asset risk scores.\n\nAccurately identify all assets in Qualys VMDR for ITSM based on accurate matching using our CMDB Sync app.\n\n### Qualys Patch Management (PM)\n\nLeverage Qualys QDS risk scores and patch reliability score to automatically patch vulnerabilities based on risk, including those known to have minimal impact from a operational point of view. Use zero-touch patching to reduce risk instantly. \n\n### Qualys Multi-Vector EDR\n\nCorrelate malware events with vulnerability exploitation, quickly assess other assets vulnerable to the same CVE, and then patch them to stop the propagation of malware.\n\n### Availability \n\nVMDR 2.0 with Qualys TruRisk will be available in late June, 2022. To request a free trial, visit <https://www.qualys.com/forms/vmdr/>.\n\n## Watch VMDR 2.0 LIVE Event\n\nQualys invites you to learn how to manage your company's true risk.\n\nWe launched VMDR 2.0 with a huge event at QSC San Francisco (in parallel with the RSA show) on June 7, 2022. [Register to watch the video](<https://www.qualys.com/vmdr-live>).\n\n## Ready to learn more?\n\n * [Learn more about VMDR 2.0 with Qualys TruRisk](<https://www.qualys.com/apps/vulnerability-management-detection-response/>)\n * [Read blog: Transitioning to a Risk-based Approach to Cybersecurity](<https://blog.qualys.com/qualys-insights/2022/05/31/transitioning-to-a-risk-based-approach-to-cybersecurity>)\n * [Download the updated Qualys VMDR Datasheet](<https://www.qualys.com/docs/vmdr-datasheet.pdf>)", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "baseScore": 5.3, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 1.4}, "published": "2022-06-06T12:55:00", "type": "qualysblog", "title": "Introducing Qualys VMDR 2.0", "bulletinFamily": "blog", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-36942"], "modified": "2022-06-06T12:55:00", "id": "QUALYSBLOG:EB91FABB1A5D9C2526980E996ED61260", "href": "https://blog.qualys.com/category/product-tech", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2021-08-21T10:10:11", "description": "### Microsoft Patch Tuesday \u2013 August 2021\n\nMicrosoft patched 51 vulnerabilities in their August 2021 Patch Tuesday release, and 7 of them are rated as critical severity. Three 0-day vulnerability patches were included in the release.\n\n#### Critical Microsoft Vulnerabilities Patched\n\n[CVE-2021-36942](<https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-36942>) - Windows LSA Spoofing Vulnerability\n\nAn unauthenticated attacker could call a method on the LSARPC interface and coerce the domain controller to authenticate against another server using NTLM. A malicious user can use this attack to take complete control over windows domain Per Microsoft, this vulnerability affects all servers, but domain controllers should be prioritized in terms of applying security updates.\n\n[CVE-2021-34481](<https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-34481>) \u2013 Windows Print Spooler Remote Code Execution Vulnerability\n\nA remote code execution vulnerability exists when the Windows Print Spooler service improperly performs privileged file operations. An attacker who successfully exploited this vulnerability could run arbitrary code with SYSTEM privileges. This Patch Tuesday Microsoft released security updates to address this vulnerability and should be prioritized.\n\n#### Three 0-Day Vulnerabilities Patched\n\n * [CVE-2021-36936](<https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-36936>) - Windows Print Spooler Remote Code Execution Vulnerability\n * [CVE-2021-36942](<https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-36942>) - Windows LSA Spoofing Vulnerability\n * [CVE-2021-36948](<https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-36948>) - Windows Update Medic Service Elevation of Privilege Vulnerability - This has been actively exploited, per Microsoft.\n\n#### Qualys QIDs Providing Coverage\n\n**QID**| **Title**| **Severity**| **CVE ID** \n---|---|---|--- \n110388| Microsoft SharePoint Enterprise Server Multiple Vulnerabilities August 2021| Medium| [_CVE-2021-36940_](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-36940>) \n110389| Microsoft Office and Microsoft Office Services and Web Apps Security Update August 2021 | High| [_CVE-2021-34478_](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-34478>), [_CVE-2021-36941_](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-36941>) \n375798| Microsoft Azure CycleCloud Elevation of Privilege Vulnerability August 2021 | Medium| [_CVE-2021-33762_](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-33762>), [_CVE-2021-36943_](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-36943>), [_KB3142345_](<https://www.microsoft.com/en-us/download/details.aspx?id=103313>) \n91801| Microsoft Dynamics Business Central Cross-Site (XSS) Scripting Vulnerability August 2021 | Medium | [_CVE-2021-36946_](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-36946>) \n91802| Microsoft Windows Security Update for August 2021 \n \n | High| CVE-2021-26424, [_CVE-2021-26425_](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-26425>), [_CVE-2021-26426_](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-26426>), [_CVE-2021-26431_](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-26431>), [_CVE-2021-26432_](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-26432>), [_CVE-2021-26433_](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-26433>), [_CVE-2021-34480_](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-34480>), [_CVE-2021-34483_](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-34483>), [_CVE-2021-34484_](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-34484>), [_CVE-2021-34486_](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-34486>), [_CVE-2021-34487_](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-34487>), [_CVE-2021-34530_](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-34530>), [_CVE-2021-34533_](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-34533>), [_CVE-2021-34534_](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-34534>), [_CVE-2021-34535_](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-34535>), [_CVE-2021-34536_](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-34536>), [_CVE-2021-34537_](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-34537>), [_CVE-2021-36926_](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-36926>), [_CVE-2021-36927_](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-36927>), [_CVE-2021-36932_](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-36932>), [_CVE-2021-36933_](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-36933>), [_CVE-2021-36936_](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-36936>), [_CVE-2021-36937_](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-36937>), [_CVE-2021-36938_](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-36938>), [_CVE-2021-36947_](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-36947>), [_CVE-2021-36948_](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-36948>) \n91803| Microsoft Windows Local Security Authority (LSA) Spoofing Vulnerability August 2021 | High| [_CVE-2021-36942_](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-36942>) \n91804| Microsoft Windows Defender Elevation of Privilege Vulnerability August 2021 | Medium| [_CVE-2021-34471_](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-34471>) \n91805| Microsoft Windows 10 Update Assistant Elevation of Privilege Vulnerability August 2021 | Medium | [_CVE-2021-36945_](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-36945>) \n91806| Microsoft Azure Active Directory Connect Authentication Bypass Vulnerability August 2021 | Medium| [_CVE-2021-36949_](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-36949>) \n91774| Microsoft .NET Core and ASP.NET Core Security Update for August 2021 | High| [_CVE-2021-26423_](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-26423>), [_CVE-2021-34485_](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-34485>), [_CVE-2021-34532_](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-34532>) \n91809| Microsoft Visual Studio Security Update for August 2021 | Medium| [_CVE-2021-26423_](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-26423>), [_CVE-2021-34485_](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-34485>), [_CVE-2021-34532_](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-34532>) \n \n### Adobe Patch Tuesday \u2013 August 2021\n\nAdobe addressed 29 CVEs this Patch Tuesday impacting Adobe Connect and Magento product. The patches for Magento are labeled as [Priority 2](<https://helpx.adobe.com/security/severity-ratings.html>), while the remaining patches are set to [Priority 3](<https://helpx.adobe.com/security/severity-ratings.html>).\n\n**Adobe Security Bulletin**| **QID**| **Severity**| **CVE ID** \n---|---|---|--- \nAdobe Connect Multiple Vulnerabilities (APSB21-66) | 730152| Medium| [CVE-2021-36061](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-36061>), [CVE-2021-36062](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-36062>), [CVE-2021-36063](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-36063>) \n \n### Discover Patch Tuesday Vulnerabilities in VMDR\n\nQualys VMDR automatically detects new Patch Tuesday vulnerabilities using continuous updates to its Knowledge Base (KB).\n\nYou can see all your impacted hosts by these vulnerabilities using the following QQL query:\n\n`vulnerabilities.vulnerability:(qid:`91774` OR qid:`91801` OR qid:`91802` OR qid:`91803` OR qid:`91804` OR qid:`91805` OR qid:`91806` OR qid:`91809` OR qid:`375798` OR qid:`110389` OR qid:`110388` OR qid:`730152`)`\n\n\n\n### Respond by Patching\n\nVMDR rapidly remediates Windows hosts by deploying the most relevant and applicable per-technology version patches. You can simply select respective QIDs in the Patch Catalog and filter on the \u201cMissing\u201d patches to identify and deploy the applicable, available patches in one go.\n\nThe following QQL will return the missing patches pertaining to this Patch Tuesday.\n\n`(qid:`91774` OR qid:`91801` OR qid:`91802` OR qid:`91803` OR qid:`91804` OR qid:`91805` OR qid:`91806` OR qid:`91809` OR qid:`375798` OR qid:`110389` OR qid:`110388` OR qid:`730152`)`\n\n\n\n### Patch Tuesday Dashboard\n\nThe current updated Patch Tuesday dashboards are available in [Dashboard Toolbox: 2021 Patch Tuesday Dashboard](<https://success.qualys.com/discussions/s/article/000006505>).\n\n### Webinar Series: This Month in Vulnerabilities and Patches\n\nTo help customers leverage the seamless integration between Qualys VMDR and Patch Management and reduce the median time to remediate critical vulnerabilities, the Qualys Research team is hosting a monthly webinar series [_This Month in Vulnerabilities and Patches_](<https://www.brighttalk.com/webcast/11673/502309>).\n\nWe discuss some of the key vulnerabilities disclosed in the past month and how to patch them:\n\n * Microsoft Patch Tuesday, August 2021\n * Adobe Patch Tuesday, August 2021\n\n[Join us live or watch on demand!](<https://www.brighttalk.com/webcast/11673/502309>)\n\n[Webinar August 12, 2021 or on demand](<https://www.brighttalk.com/webcast/11673/502309>).\n\n### About Patch Tuesday\n\nPatch Tuesday QIDs are published at [Security Alerts](<https://www.qualys.com/research/security-alerts/>), typically late in the evening of [Patch Tuesday](<https://blog.qualys.com/tag/patch-tuesday>), followed shortly after by [PT dashboards](<https://qualys-secure.force.com/discussions/s/article/000006505>).", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 7.8, "privilegesRequired": "LOW", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 5.9}, "published": "2021-08-10T19:58:49", "type": "qualysblog", "title": "Microsoft and Adobe Patch Tuesday (August 2021) \u2013 Microsoft 51 Vulnerabilities with 7 Critical, Adobe 29 Vulnerabilities", "bulletinFamily": "blog", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 4.6, "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-26423", "CVE-2021-26424", "CVE-2021-26425", "CVE-2021-26426", "CVE-2021-26431", "CVE-2021-26432", "CVE-2021-26433", "CVE-2021-33762", "CVE-2021-34471", "CVE-2021-34478", "CVE-2021-34480", "CVE-2021-34481", "CVE-2021-34483", "CVE-2021-34484", "CVE-2021-34485", "CVE-2021-34486", "CVE-2021-34487", "CVE-2021-34530", "CVE-2021-34532", "CVE-2021-34533", "CVE-2021-34534", "CVE-2021-34535", "CVE-2021-34536", "CVE-2021-34537", "CVE-2021-36061", "CVE-2021-36062", "CVE-2021-36063", "CVE-2021-36926", "CVE-2021-36927", "CVE-2021-36932", "CVE-2021-36933", "CVE-2021-36936", "CVE-2021-36937", "CVE-2021-36938", "CVE-2021-36940", "CVE-2021-36941", "CVE-2021-36942", "CVE-2021-36943", "CVE-2021-36945", "CVE-2021-36946", "CVE-2021-36947", "CVE-2021-36948", "CVE-2021-36949"], "modified": "2021-08-10T19:58:49", "id": "QUALYSBLOG:0F0ACCA731E84F3B1067935E483FC950", "href": "https://blog.qualys.com/category/vulnerabilities-threat-research", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-08-09T00:01:22", "description": "_The old way of ranking vulnerabilities doesn\u2019t work anymore. Instead, enterprise security teams need to rate the true risks to their business. In this blog, we examine each of the risk scores delivered by Qualys TruRisk, the criteria used to compute them, and how they can be used to prioritize remediation._\n\nCybersecurity and IT teams are overwhelmed with the sheer number of vulnerabilities that are disclosed daily. More than 40% of the vulnerabilities that are reported are either high or critical in severity. IT teams also have limited resources to patch vulnerabilities so they cannot patch everything. As a result, they need to focus on the right set of vulnerabilities that reduce the maximum amount of risk. \n\nAssessing the risk for a given vulnerability or misconfiguration is easier said than done. Most enterprises prioritize vulnerabilities today based on the [Common Vulnerability Scoring System](<https://www.first.org/cvss/>) (CVSS) rating system. Yet a CVSS rating represents the technical severity of a vulnerability, not the risk it poses to any given organization. This is an inefficient model because organizations end up patching vulnerabilities that may not reduce risk for their specific and unique business. \n\nFor example, CVSS rates the vulnerability CVE-2020-13112 (concerning Amazon Linux Security Advisory for libexif: AL2012-2020-320) at a score of 9.1. This CVE has no known exploits available, and yet is considered a \u201ccritical\u201d vulnerability based on severity. \n\nOn the other hand, CVE-2021-36942 (the Windows LSA Spoofing Vulnerability) is rated at 5.3 by the [National Vulnerability Database (NVD) ](<https://nvd.nist.gov/vuln/detail/CVE-2021-36942>), yet it\u2019s actively exploited today by malware groups and threat actors. The exploit code maturity is weaponized, making it easy for attackers to exploit the vulnerability to compromise and infect systems (see Figure 1). \n\nFig. 1: CVE low severity rating, yet weaponized exploit code\n\nFrom a cyber risk perspective, CVE-2021-36942 is a far greater risk to an organization than CVE-2020-13112 and should be patched sooner. But due to the lack of threat and risk context available in CVSS based ratings, many organizations would prioritize and remediate CVE-2020-13112 first, even though this won\u2019t reduce much risk to the organization. \n\n### Qualys TruRiskTM Weighs Multiple Risk Factors \n\nQualys has introduced a new approach to prioritize vulnerabilities, assets, and groups of assets based on the actual risk, or \u201ctrue risk\u201d, they pose to the organization. This allows the average enterprise to focus on 40% fewer critical vulnerabilities, assets, or groups of assets for priority remediation, resulting in maximum risk reduction to the business. \n\n[Read the VMDR 2.0 Press Release](<https://www.qualys.com/vmdr-2-press-release>) \n\n\n\nOur new offering, [Qualys TruRisk](<https://www.qualys.com/apps/vulnerability-management-detection-response/>)TM, also helps organizations quantify cyber risk so that they can accurately measure it, take steps to reduce exposure, track risk reduction trends over time, and better measure effectiveness of their cyber security program.\n\nHow? Qualys TruRisk compiles two key risk-based scores in [Qualys VMDR 2.0](<https://www.qualys.com/apps/vulnerability-management-detection-response/>) that are made available to all services of the Qualys Cloud Platform:\n\n 1. Qualys Detection Score \n 2. Asset Risk Score \n\nLet\u2019s examine the formulas behind each of these scores more closely\u2026\n\n### About Qualys Detection Score (QDS)\n\n**Qualys Detection Score** is our new proprietary risk scoring algorithm that measures the true risk of the vulnerability to the customer\u2019s specific, unique IT environment by considering seven different criteria. It returns a holistic risk assessment rather than relying solely on the technical severity of the vulnerability as assessed by the CVSS rating system. This more fine-grained approach allows Cybersecurity teams to focus only on vulnerabilities critical to their business.\n\nHere are the criteria used as input to the algorithm (Fig. 2).\n\n**CVSS Base Score**\n\nThe QDS algorithm starts with the CVSS score as only one of the many inputs to assess the risk of the vulnerability.\n\n**Real-Time Threat Indicators (RTIs)** \n\nThe algorithm next considers the type of vulnerability. For example, is it a Denial-of-Service (DoS) vulnerability or a remotely exploitable vulnerability? In the case of remote vulnerability or a web application vulnerability, the risk is rated higher. \n\n**Exploit Code Maturity ** \n\nThe algorithm then analyzes the exploit code maturity for the given vulnerability. The exploit code maturity could be a Proof-Of-Concept (POC) which suggests a theoretical exploit exists. It may already work against systems, or it could be weaponized, in which case the exploit code is considered very mature and can be easily used to compromise a system. The algorithm rates weaponized exploits higher than POC exploits. \n\n**Malware ** \n\nNext, QDS verifies if the vulnerability is actively exploited by malware. If it is actively exploited by any malware, then the risk is rated higher. \n\n**Threat Actors** \n\nQDS validates if any threat actors or ransomware groups are actively exploiting the vulnerability. If that\u2019s the case, the risk is rated even higher. \n\n**Trending Risk** \n\nThe algorithm also checks if the vulnerability has been actively exploited in the last 14 days by monitoring the Dark Web, social media, GitHub accounts, and many other such sources. The risk is further increased if the vulnerability is determined to be trending and exploited in the wild. \n\n**Applied Mitigation Controls** \n\nFinally, the algorithm correlates the risk from the vulnerability with the intelligence on the asset to assess whether the vulnerability represents a threat to the system. For example, the vulnerability may exist on the system, but the system may have mitigation controls already applied which greatly reduce the risk of exploitation of the vulnerability in the customer\u2019s specific environment. \n\nA classic example of this scenario is the vulnerability MS171-010 (aka WannaCry). The risk from this vulnerability can be greatly mitigated if the SMBV1 protocol is disabled on the system. If that\u2019s the case, QDS would rate the risk of exploitation as very low. \n\nConsideration of applied mitigation controls is a unique capability of Qualys TruRisk to assess the true risk of any given vulnerability. \n\nFig. 2: The many factors considered by Qualys algorithm \n\nLast but not least, the QDS score is specific to a Qualys ID (QID), which is an assigned vulnerability identifier in Qualys. A QID can potentially have multiple CVEs associated with it, in which case the QDS is equivalent to the _highest _Qualys Vulnerability Score (QVS) for the CVE, _minus _the mitigation factors that have been applied on the asset. \n\n### Powered by a Comprehensive Exploit & Threat Intelligence Database \n\nThe above listed factors are assessed by analyzing more than 185,000 CVEs tracked from 25+ different exploit and threat intelligence sources such as Canvas, Metasploit, Exploit DB, and many more. Qualys also tracks GitHub which is increasingly becoming the favored domain for published exploits once a new vulnerability is disclosed. \n\nBuilding an accurate risk profile for any CVE requires combining multiple factors to assess its risk. Qualys Detection Score leverages these factors to compute the true risk of the vulnerability. \n\n### About Asset Risk Score (ARS) \n\nQualys TruRisk\u2019s next type of risk score allows organizations to identify the riskiest assets in their organization. To assess the risk an asset poses to an organization, the** Asset Risk Score** considers multiple factors. \n\nThe primary measure that\u2019s considered is what we call Asset Criticality. To assess the risk an asset poses to the organization is to determine the business value of that asset. For example: Is the asset part of a production system, or a system hosting a production database, or is it purely an internal system used for development and test purposes. Clearly production assets should be rated higher. \n\nQualys TruRisk determines the business criticality of the asset using multiple approaches, including: \n\n * **Manual** **Ratings **\u2013 TruRisk allows users to set the criticality of the system by using asset tags \n * **Synchronization with CMDB** \u2013 Most enterprises store business criticality information for assets in a configuration management database, Qualys automatically maps to CMDB data to match the criticality of the system \n * **API\u2019s \u2013 **Using [Qualys APIs for Asset Management and Tagging](<https://www.qualys.com/docs/qualys-asset-management-tagging-api-v2-user-guide.pdf>), users can assign business criticality to an asset, which helps automate the process \n * **Vulnerabilities found of the system **\u2013 Finally, TruRisk analyzes the vulnerabilities found on the system and determines the asset\u2019s risk based on the QDS scores. Vulnerabilities with higher QDS scores on the asset result in a higher Asset Risk Score. \n\n### Asset Risk Score Formula\n\nBased on the above criteria Qualys TruRisk assigns an Asset Risk Score to the asset.\n\nAs shown in Figure 3, the ARS is computed based on the above criteria to the following formula: \n\n`_Asset Risk Score = Asset Criticality Score * {Weighted.average of vulnerabilities}_`\n\n`Weighted.average of vulnerabilities = wc(Avg(QDSc)) + wh(Avg(QDSh)) + wm(Avg(QDSm)) + wl(Avg(QDSl))`\n\nFigure 3: Representation of the Asset Risk Score formula in Qualys TruRisk\n\n### How Qualys TruRisk Visualizes Risk for an Organization \n\nThe new Risk Score widget introduced in VMDR 2.0 with Qualys TruRisk helps to visualize an overall cyber risk score for an organization, or a risk score for a specific environment or asset groups within the organization. \n\nIt helps to visualize how cyber risk is being mitigated and will show the reduced score if the vulnerabilities on the group of assets are fixed. The trending details help to visualize risk reduction in a better way. Risk score widgets show how different teams across the organization are performing and how they are maintaining cyber risk to the business under an acceptable limit. \n\nThis Risk Score is an average of all the asset risk scores within the tag selected. If there is no tag selection, then the average for all the assets within the environment is calculated to show overall cyber risk for the organization (Fig. 4). \n\nFigure 4: Qualys TruRisk shows the average of all risks in the environment or asset group\n\n### How to Prioritize Remediation using Qualys TruRisk scores \n\nVMDR 2.0 with Qualys TruRisk has introduced several new filters which help to prioritize vulnerability remediation based on risk scores. The new feature \u201c**Qualys TruRisk Mode**\u201d under the prioritization menu tab offers three main filters on TruRisk: \n\n 1. **Filter by Asset criticality** \u2013 Allows users to select asset criticality ranging from 1 to 5 \n 2. **Filter by Qualys Detection score** \u2013 Allows users to filter vulnerabilities for the assets within the selected tag by QDS scores \n 3. **Filter by Asset Risk score** \u2013 Allows users to filter number of assets based on their risk score and helps focus on riskiest assets during prioritization \n\nUsing these filters (Fig. 5), users can focus on the riskiest assets and their critical vulnerabilities easily without needing to understand complex criteria like different kinds of RTIs and other parameters associated with vulnerabilities. \n\nFigure 5: Qualys TruRisk Mode applies filters for easy prioritization\n\n### Qualys VMDR Reporting Now Includes TruRisk \n\nThe enhanced reports in VMDR 2.0 now include all TruRisk details. Risk score columns are now included toward the end of the host-based scan reports. \n\nReports include QDS, ACS and ARS values. \n\nPortal vulnerability reports are another way offered in VMDR 2.0 that helps users to export Risk Score details. \n\n### Qualys TruRisk API Support \n\nA new API has been introduced as part of the release of Qualys VMDR 2.0. This API is CVE centric and helps users get details about each CVE and its corresponding Qualys Vulnerability Score (QVS). Even if the CVE doesn\u2019t have any associated QIDs, the API helps users retrieve the QVS score and contributing factors to the score, as shown in Figure 6. \n\nUsers can search the Qualys knowledgebase for information on a CVE using this API Endpoint string: `https://<POD name>/api/2.0/fo/knowledge_base/qvs/?action=list&details=All&cve=<CVE ID>`\n\nFigure 6: API Endpoint helps to extract threat intelligence data for a CVE\n\nWe have also modified our existing APIs for Hosts. Host list and Host list detection have been modified to give users the option of exporting the details of TruRisk scores. \n\nFor the Host list API, the new parameter introduced is: `- show_ars=1`. When this optional parameter is added, ARS detail will appear in the output XML (Fig. 7). \n\nFigure 7: API Endpoint to look for Asset Risk Score & Criticality\n\nFor Host list detection, the new parameters introduced are: show_qds=1, qds_min=1, qds_max=100, and show_qds_factors=1. These parameters help to retrieve the QDS and its contributing factors as part of the output XML (Fig. 8). \n\nFigure 8: API Endpoint to get QVS score details for each vulnerability detected on an asset\n\n### Qualys TruRisk Frequently Asset Questions (FAQ\u2019s) \n\n**How are QDS scores calculated for each vulnerability?** \n\nThe scores are updated during the asset scan. When the vulnerabilities are detected, we determine which CVE contributes the most. The CVE with the highest QVS score is selected. The formula also looks for the details of mitigation controls applied and then calculates the QDS score. \n\n**Why is the QDS score blank for some Qualys IDs?** \n\nIf the QID is associated to a latest CVE for which the National Vulnerability Database doesn\u2019t hold any details, then for such vulnerabilities the QDS score is blank. \n\n**If there are multiple tags on an asset that represent different criticality, which tag is used in the Asset Risk Score formula?** \n\nThe tag that has the highest criticality value is chosen for Asset Risk Score formula. \n\n**Why are some of vulnerabilities scored higher by QDS compared to the CVSS score?** \n\nWhen the QDS score is calculated, the formula looks at the details of each criterion mentioned in the QDS section above. If the formula determines that the CVE has active threats and falls under an exploitable category, it will result in a higher QDS score as compared with its CVSS score, which is a static score assigned at the time when the vulnerability is first disclosed and filed. \n\n**How does the formula determine whether the mitigation control has been applied?** \n\nOn an Asset when the user enables SCA or PC module and runs SCA or PC scan, the compliance module evaluates the mitigation controls on the asset. Based on the scan results the formula determines whether the mitigation control has been applied on the asset.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 9.1, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.2}, "published": "2022-08-08T21:54:42", "type": "qualysblog", "title": "A Deep Dive into VMDR 2.0 with Qualys TruRisk\u2122", "bulletinFamily": "blog", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 6.4, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 4.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-13112", "CVE-2021-36942"], "modified": "2022-08-08T21:54:42", "id": "QUALYSBLOG:EBDC158D70A96D1C65D2AEE5C285A069", "href": "https://blog.qualys.com/category/product-tech", "cvss": {"score": 6.4, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:P"}}, {"lastseen": "2022-10-11T22:50:52", "description": "Vulnerability Management is a foundational component of any cybersecurity program for the implementation of appropriate security controls and the management of cyber risk. Earlier this year Qualys introduced the latest iteration of its vulnerability management product [VMDR 2.0 with TruRisk](<https://blog.qualys.com/product-tech/2022/06/06/introducing-qualys-vmdr-2-0>) which focusses on helping organizations understand and manage cyber risk. Qualys TruRisk assesses risk by taking into account multiple factors such as evidence of vulnerability exploitation, asset criticality, its location, and evidence of compensating controls on the asset among many other factors to assess the accurate risk posture for an organization.\n\nIn this blog we do a deep-dive into the vulnerability prioritization algorithm for TruRisk, compare it to existing vulnerability scoring systems, such as Common Vulnerability Scoring System (CVSS) and Exploit Prediction Scoring System (EPSS), to demonstrate why TruRisk is a better method for prioritizing risk than existing methods. This blog is the first of many blogs focused on different aspects of TruRisk, with other aspects covered in later blogs.\n\n### **Key Takeaways**\n\n * Since 2016, every subsequent year has reported more vulnerabilities than the year before (on average 8%-10% more)\n * CVSS based prioritization results in 51% of vulnerabilities marked as high or critical which leads to ineffective, low-value prioritization\n * Less than 3% of vulnerabilities have weaponized exploits or evidence of exploitation in the wild, two attributes posing the highest risk.\n * Exploit Prediction Scoring System (EPSS) is a step in the right direction to predict vulnerability exploitation. However, it still ranks some vulnerabilities that are actively exploited with a lower probability of exploitation\n * Qualys TruRisk helps organizations prioritize risk by focusing on exploitability, evidence of exploitability, and likelihood of exploitability resulting in up to 85% fewer vulnerabilities to prioritize compared to CVSS.\n\nQualys TruRisk brings asset context, threat context and vulnerability intelligence data under one platform empowering IT and security teams to make better, informed prioritization decisions.\n\nBut first let\u2019s talk about few key challenges.\n\n### Vulnerabilities Are on the Rise\n\nEvery year since 2016, (see Fig. 1) the number of the vulnerabilities reported by NIST has been greater than the year before. According to the [National Vulnerability Database](<https://nvd.nist.gov/vuln/search/statistics?form_type=Basic&results_type=statistics&search_type=all&isCpeNameSearch=false>) (NVD) the number of vulnerabilities reported in 2022 (18,841) has already surpassed the vulnerabilities reported in 2020. And we still have three months to go.\n\nFigure 1: Number of Vulnerabilities by Year (Source: NVD)\n\n### **Vulnerability Threat Landscape**\n\nAs the number of vulnerabilities increase, so does the risk to enterprises. But not all vulnerabilities are created equally. Some vulnerabilities pose greater risk to organizations than others. For example, less than 3% of the vulnerabilities have exploit code weaponized. It is crucial to prioritize vulns like these, that are some of the most critical vulnerabilities first. \n\nFigure 2: Vulnerability Threat Landscape\n\nTraditionally, organizations have relied on CVSS scores for prioritization. However, as we will see in the next section, there are limitations in using CVSS as the only vulnerability prioritization method.\n\n### Challenges With CVSS Based Prioritization \n\nThe **Common Vulnerability Scoring System (CVSS) was introduced in the early 2000s to address the need for **a common method to rate the severity of vulnerabilities. Previously, two researchers could rate the same exact vulnerability in different ways based on their subjective understanding of the vulnerability. This created confusion for security practitioners because they could not accurately determine the actual severity of vulnerabilities. The CVSS system was developed to address this issue by enabling the uniform _technical_ severity assessment of vulnerabilities.\n\nA key factor to keep in mind is CVSS only calculates the technical severity of the vulnerability, not the risk it poses to an organization. Over time, CVSS has been used as a proxy for determining the risk a vulnerability posed to the organization, leading to unintended consequences. This includes patching cycles spent fixing countless vulnerabilities with a CVSS score of 7.5 or higher, while some medium severity vulnerabilities were deprioritized even if they posed a greater risk.\n\nCVSS scores are categorized into four categories low, medium, high, critical. \n\nCVSS Score| CVSS Severity \n---|--- \n0.1 \u2013 3.9| Low \n4.0 \u2013 6.9| Medium \n7.0 \u2013 8.9| High \n9.0 \u2013 10.0| Critical \n \nFigure 3: CVSS Score distribution grouped by CVSS severity\n\nAs shown in Fig.3, **51% (96,340) of the total vulnerabilities are categorized as Critical or High according to CVSS scores**. However, empirical research shows that not all the vulnerabilities in these CVSS score buckets need equal/high attention. The main issue is that CVSS base scores don\u2019t consider threat information like active exploitation in the wild, likelihood of the exploitation in the wild, activity associated with it in dark web or social media, known exploit categorized by CISA, threat actors associated, etc.\n\nAs shown in Fig. 4, as expected known exploited vulnerabilities (as categorized by [CISA Known Exploited Vulnerabilities (KEV) Catalog](<https://www.cisa.gov/known-exploited-vulnerabilities-catalog>)) are concentrated at higher CVSS scores (the red dots indicate CISA KEV vulnerabilities).\n\nHowever, there are a significant number of exploits discovered even for lower CVSS scores. For example, **there are 92 out of 832 (11%) CISA_KEV vulnerabilities that have a CVSS score of less than 7.** This could be an issue when relying only on CVSS scores.\n\nFigure 4: CISA known vulnerabilities distributed across CVSS score.\n\n### **Exploit Prediction Scoring System**\n\nTo address challenges related to lack of threat context in the CVSS scoring system, first.org in recent years introduced [Exploit Prediction Scoring System (EPSS)](<https://www.first.org/epss/>), an open, data-driven effort for estimating the likelihood (probability) that a software vulnerability will be exploited in the wild. This is a step in the right direction. EPSS\u2019s goal is to help network defenders better prioritize vulnerability remediation efforts. The EPSS model produces a probability score between 0 and 1 (0 and 100%). The higher the score, the greater the probability that a vulnerability will be exploited.\n\nAs evidenced by Figure 5. EPSS helps highlight vulnerabilities with high likelihood of exploitation and correlates well with CISA KEV vulnerabilities.\n\nFigure 5: EPSS Score and CISA Known Vulnerabilities distribution across CVSS score\n\nFigure 6: EPSS Score distribution\n\nThe availability of patches also plays a key role in EPSS scores. If patches are available, the probability of exploitation is ranked lower. Many of the CISA Known Vulnerabilities are scored lower in EPSS if they have patches/fixes available. However when prioritizing what to patch first, we need to consider the whole set, not just the ones with patches. For example, consider the following recent vulnerabilities which have low EPSS scores. If we rely only on EPSS to prioritize them, they will not show up in a priority list of vulnerabilities to be remediated. Several examples of vulnerabilities with low EPSS scores and high TruRisk scores are shown in Figure 5.\n\nCVE| Title| EPSS| TruRisk (QVS) \n---|---|---|--- \nCVE-2021-36942| PetitPotam| 0.26| 95 \nCVE-2021-31207| Proxyshell| 0.02| 95 \nCVE-2021-34523| Proxyshell| 0.16| 100 \nCVE-2022-30190| Follina| 0.69| 100 \nCVE-2016-3351| Microsoft Edge Cumulative Security Update (MS16-105)| 0.24| 95 \n**Critical CVEs with patches available scoring low on EPSS**\n\n### **Qualys Severity Levels**\n\nGiven the challenges with CVSS scores, the Qualys research team introduced [Qualys severity levels](<https://qualysguard.qg2.apps.qualys.com/qwebhelp/fo_portal/knowledgebase/severity_levels.htm>) to assess the severity of Qualys IDs (QIDs). In addition to determining the risk associated with exploitation, Qualys severity levels also focus on potential consequences of vulnerability exploitation from an attacker\u2019s point of view. Each QID severity level is reviewed by the Qualys Research Team, including taking vulnerability chaining, server-side vs client-side vulnerabilities, and information from various threat-intel sources to accurately assess them into consideration.\n\nQualys severity levels are an improvement over CVSS as they helped customers quickly prioritize critical vulnerabilities as can be seen in Fig. 7. \n\nFigure 7: Qualys Severity Level Distribution (Source: Qualys)\n\n### Qualys TruRisk, a Data-Driven Way To Prioritize Risks\n\nAll of the scoring mechanisms presented so far are attempting to answer one key question\n\n_What should defenders focus on first?_\n\nEach model attempts to answer the question in its own way but falls short of its goal. Organizations need a better way to respond quickly and prioritize vulnerabilities based on risk.\n\nTo address these challenges Qualys introduced [Qualys VMDR 2.0 with TruRisk](<https://blog.qualys.com/product-tech/2022/06/06/introducing-qualys-vmdr-2-0>) earlier this year to help organizations prioritize vulnerabilities, assets, and groups of assets based on risk. \n\nQualys VMDR with TruRisk is powered by one of the most comprehensive exploit and threat intelligence databases. It spans over 185k CVEs, and 25+ unique threat and exploit intelligence sources such as Metasploit, Canvas, CISA KEV, and even Github, which is increasingly becoming the go-to place to publish exploits.\n\nWith TruRisk, organizations can pinpoint which CVEs are exploited in the wild (even those that don't have a QID) and which malware, ransomware, or threat actor groups are exploiting them. These insights can then be used to prioritize vulnerabilities based on risk.\n\nLet\u2019s take a closer look into how the TruRisk algorithm works, and how it compares to CVSS and EPSS.\n\nTo determine risk, Qualys TruRisk vulnerability scores rely on multiple factors to build the most accurate risk profile for a vulnerability.\n\n**Qualys Vulnerability Score (QVS)** is a Qualys-assigned score for a vulnerability based on multiple factors associated with the CVE such as CVSS and external threat indicators like active exploitation, likelihood of vulnerability being exploited in wild, sighting in the darkweb and social web, exploit code maturity, CISA known exploitable and many more. \n \n**Qualys Detection Score (QDS)** is assigned to QIDs by Qualys. QDS has a range from 1 to 100. If multiple CVEs contribute to a QID, the CVE with the highest score is considered for the QDS calculation. \n \n**Asset Risk Score (ARS)** is the overall risk score assigned to the asset based on the following contributing factors such as Asset Criticality Score (ACS), QDS scores for each QID level, Auto-assigned weighting factor (w) for each criticality level of QIDs, number of vulnerabilities on an asset.\n\nHere is the list of inputs that go into the algorithm.\n\n### **CVSS Base Score**\n\nThe CVSS base score serves as one of the key inputs to assess the risk of the vulnerability. CVEs with higher CVSS base scores are rated higher than those with lower scores. But a high CVSS score alone doesn\u2019t result in a high TruRisk risk score. Evidence of exploitation or weaponized exploit code maturity is required for the CVE to fall in the critical range.\n\n### **CISA Known Exploited Vulnerability (KEV)**\n\nVulnerabilities that are catalogued by CISA as known exploited vulnerabilities that are actively being exploited in the wild are included in the algorithm\n\n### **Real-Time Threat Indicators (RTIs)**\n\nThe TruRisk algorithm considers the type of vulnerability. For example, is it a Denial-of-Service (DoS) vulnerability or a remotely exploitable vulnerability? In the case of remote vulnerability or a web application vulnerability, the risk is rated higher. Other RTI\u2019s such as zero-day, active attacks, high data loss, high lateral movement, etc. that are collected from various threat feeds are also considered by the algorithm.\n\n### **Exploit Code Maturity **\n\nThe TruRisk algorithm analyzes the exploit code maturity for the given vulnerability. The exploit code maturity could be a Proof-of-Concept (PoC) which suggests a theoretical exploit exists. The exploit may already work against systems, or it could be weaponized, in which case the exploit code is considered very mature and can be easily used to compromise a system. The QDS algorithm rates weaponized exploits higher than PoC exploits. \n\n### **Malware **\n\nThe TruRisk algorithm checks to see if the vulnerability is being actively exploited by malware. If it is, then the risk is rated higher.\n\n### **Threat Actors / Ransomware Groups**\n\nThe TruRisk algorithm validates if any threat actors or ransomware groups are actively exploiting the vulnerability. If that is the case, the risk is rated even higher than if it only being exploited by malware. \n\n### **Trending Risk**\n\nThe TruRisk algorithm checks if the vulnerability has been actively exploited in the last 14 days by monitoring the Dark Web, social media, GitHub accounts, and many other similar sources. The risk is further increased if the vulnerability is determined to be trending and exploited in the wild. \n\n### **Applied Mitigation Controls**\n\nThe algorithm correlates the risk from the vulnerability with intelligence related to the asset to assess whether the vulnerability represents a threat to it. For example, the vulnerability may exist on the asset, but the system may have mitigation controls already applied which greatly reduce the risk of exploitation of the vulnerability in the customer\u2019s specific environment. \n\n### **EPSS Score (from First.org)**\n\nQualys TruRisk also leverages [EPSS](<https://www.first.org/epss/model>) scores which predict the probability of a vulnerability being exploited in the next 30 days. Vulnerabilities with a higher EPSS score are ranked higher.\n\nFigure 8: Contributing factors to Qualys TruRisk Scores\n\n### How Does Qualys TruRisk Compare Against CVSS and EPSS?\n\nAs customers adopt Qualys TruRisk to address their prioritization needs they want to know how CVSS and EPSS and TruRisk compare.\n\nQualys TruRisk is hyper focused on three attributes: exploit availability, evidence of exploitation in the wild, and likelihood of exploitation. This helps organizations focus on the highest risk vulnerabilities.\n\nQualys TruRisk rates less than 1% of vulnerabilities as critical, and less than 7% of vulnerabilities as high. This drastically reduces the number of vulnerabilities (up to 85% fewer compared to CVSS which ranks 51% of vulnerabilities high or critical) that organizations need to focus on to reduce risk. See Fig. 9.\n\nClearly organizations need to remediate other vulnerabilities as well. However, when deciding where to begin, we recommend starting with vulnerabilities that have a TruRisk-QDS risk score of 70 or higher. \n\n### **Qualys Vulnerability Score (QVS) vs CVSS**\n\nFigure 9: Distribution of TruRisk (QVS) Scores vs CVSS\n\n### **Qualys TruRisk vs EPSS**\n\nThe following figure (Fig. 10) shows the distribution of EPSS scores with Qualys Vulnerability Scores (QVS) and CISA known vulnerabilities. QVS scores consistently place vulnerabilities with evidence of exploitation, such as CISA known vulnerabilities, in a higher score range even if the EPSS score is low as annotated in the figure below.\n\nFigure 10: EPSS Score vs TruRisk (QVS) Score\n\n### **Qualys TruRisk (QVS) vs CISA KEV**\n\nEvidence of vulnerability exploitation from sources such as a CISA KEV and other threat intelligence sources tracked by the Qualys research team play a key role in determining the risk of a vulnerability.\n\nAs seen below, vulnerabilities that appear in CISA Known Exploited Vulnerabilities are consistently scored higher (QVS scores of 90 or higher) by the Qualys TruRisk algorithm. (fig. 11).\n\nFigure 11: CISA Known Vulnerabilities distributed across QVS score.\n\nLet's take the example of CVE-2021-36942 (the Windows LSA Spoofing Vulnerability). It is rated at 5.3 by the National Vulnerability Database (NVD), but it\u2019s actively exploited today by malware groups and threat actors. The exploit code maturity is weaponized, making it easy for attackers to exploit the vulnerability to compromise and infect systems). Qualys TruRisk ranks CVE-2021-36942 vulnerability as critical given its exploit availability and evidence of exploitation in the wild.\n\n\n\n### **How to Interpret Qualys TruRisk Scores**\n\nQualys TruRisk builds the vulnerability risk profile of vulnerabilities, assets, and asset groups by using the following three risk scores:\n\n**Qualys Vulnerability Score (QVS)** \u2013 QVS is assessed at each CVE level based on the external threat and exploit intelligence factors listed above. It is also computed for vulnerabilities that don\u2019t have Qualys vulnerability detection signatures (QIDs). These QVS scores can be individually queried for insights from our [dedicated API endpoint](<https://blog.qualys.com/product-tech/2022/08/08/a-deep-dive-into-vmdr-2-0-with-qualys-trurisk>).\n\n**Qualys Detection Score (QDS)** \u2013 QDS is assessed at each QID level. This is the score customers need to focus on for their vulnerability prioritization needs. **QDS builds on the QVS score by adding two key aspects**. Some QIDs can be mapped to multiple CVEs. QDS selects the highest QVS of all associated CVEs to that QID. Next, QDS accounts for any compensating/mitigation controls that are applied to an asset to reduce the risk score for a given vulnerability. For example, QDS will reduce the risk of a Remote Desktop Protocol (RDP) vulnerability if RDP is disabled.\n\nQDS/QVS Range| Description \n---|--- \n>=95| CVSS critical, exploited in the wild, has weaponized exploit available, trending risk on social media, dark web. \n90-95| CVSS critical, weaponized exploit available, and evidence of exploitation by malware, threat actors/ransomware groups \n80-89| CVSS Critical, weaponized exploit available, but no evidence of exploitation. \nCVSS Critical with evidence of exploitation, but mitigation in place. \n70-79| CVSS High, weaponized exploit available, but no evidence of exploitation \n60-69| CVSS critical, no exploits available \n50-60| CVSS High, a Proof of Concept (PoC) exploit is available \n40-50| CVSS High, no exploit available \n30-39| CVSS Medium, a PoC exploit is available \n1-30| CVSS Low vulnerabilities, low risk of exploitation \n \n### **Asset Risk Score (ARS) **\n\nQualys TruRisk\u2019s next type of risk score allows organizations to identify the riskiest assets in their organization. To assess the risk an asset poses to an organization, the** Asset Risk Score** considers multiple factors.\n\nThe primary factor considered by ARS is Asset Criticality, ie, what risk the asset poses based on its business value. For example: Is the asset part of a production system, a system hosting a production database, or is it purely an internal system used for development and test purposes. Production assets should be rated higher than test systems.\n\nQualys TruRisk determines the business criticality of the asset using multiple approaches, including: \n\n * **Manual** **Ratings **\u2013 TruRisk allows users to set the criticality of the system by using asset tags \n * **Synchronization with CMDB** \u2013 Most enterprises store business criticality information for assets in a configuration management database. Qualys automatically maps to CMDB data to determine the criticality of the system \n * **API\u2019s \u2013 **Using [Qualys APIs for Asset Management and Tagging](<https://www.qualys.com/docs/qualys-asset-management-tagging-api-v2-user-guide.pdf>), users can assign business criticality to an asset \n\nFinally, TruRisk analyzes the vulnerabilities found on the system and determines the asset\u2019s risk based on the QDS scores of the vulnerabilities on an asset by a clearly defined formula called the Asset Risk Score formula.\n\n### **Asset Risk Score Formula**\n\nThe Asset Risk Score (ARS) is calculated using the following formula: \n \n \n ARS Score = ACS Score * [wc * Avg (QDS for Critical Vuln) * f (Critical vuln count) + \n \n wh * Avg (QDS for High Vuln) * f (High vuln count) + \n \n wh * Avg (QDS for Medium Vuln) * f (Medium vuln count) + \n \n wh * Avg (QDS for Low Vuln) * f (Low vuln count)] * I(External) \n\nIn the above formula, **_ACS _**is Asset Criticality Score, **_w__**are the weights fine-tuned by TruRisk algorithm to multiply each of the severity, function **_f_**_ ()_, is a non-linear function that increases exponentially as number of vulnerabilities increases. Also, the factor **_I(External)_** is for the case where an asset is external facing or discoverable by Shodan. This factor increases the score appropriately for external facing assets.\n\nARS Range| Severity| Description \n---|---|--- \n850-1000| Critical| Critical asset with multiple critical or high vulnerabilities \n700-849| High| High value asset with multiple number of critical or high vulnerabilities or is exposed to the internet \n500-699| Medium| Moderate value asset with critical or high vulnerabilities \n0-499| Low| Low value asset with multiple vulnerabilities \n \n### Conclusion\n\nQualys TruRisk offers organizations a comprehensive approach to risk prioritization by considering multiple factors such as vulnerability exploitation, presence of compensating controls, asset criticality, its location (internal or external) to name a few to paint an accurate picture of organization\u2019s TruRisk (pun intended). In this blog we did a deep-dive into one aspect of TruRisk (vulnerability prioritization) and showcased how it\u2019s better than existing models. This blog is the first of series of blogs around TruRisk, and in subsequent blogs we will do a similar deep-dives into other aspects of TruRisk for e.g. asset risk, asset group risk, misconfigurations and many more to help organizations prioritize better based on risk.\n\nWith Qualys TruRisk we have introduced foundational building blocks for major cyber risk initiatives like peer benchmarking, risk score customization, third-party risk assessment, and many more. We are very excited about TruRisk and the benefits it provides to our customers. Stay tuned for more updates.\n\n### Additional Contributors\n\n 1. Shreya Salvi, Data Scientist, Qualys\n 2. Mehul Revankar, VP, Product Management & Engineering for VMDR, Qualys\n 3. Payal Mehrotra, Senior Director, Product Management for CyberRisk, Qualys", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-10-10T14:32:29", "type": "qualysblog", "title": "In-Depth Look Into Data-Driven Science Behind Qualys TruRisk", "bulletinFamily": "blog", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-3351", "CVE-2021-31207", "CVE-2021-34523", "CVE-2021-36942", "CVE-2022-30190"], "modified": "2022-10-10T14:32:29", "id": "QUALYSBLOG:9E3CACCA2916D132C2D630A8C15119F3", "href": "https://blog.qualys.com/category/vulnerabilities-threat-research", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-11-09T06:36:02", "description": "[Start your VMDR 30-day, no-cost trial today](<https://www.qualys.com/forms/vmdr/>)\n\n## Overview\n\nOn November 3, 2021, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) released a [Binding Operational Directive 22-01](<https://cyber.dhs.gov/bod/22-01/>), "Reducing the Significant Risk of Known Exploited Vulnerabilities." [This directive](<https://www.cisa.gov/news/2021/11/03/cisa-releases-directive-reducing-significant-risk-known-exploited-vulnerabilities>) recommends urgent and prioritized remediation of the vulnerabilities that adversaries are actively exploiting. It establishes a CISA-managed catalog of known exploited vulnerabilities that carry significant risk to the federal government and establishes requirements for agencies to remediate these vulnerabilities.\n\nThis directive requires agencies to review and update agency internal vulnerability management procedures within 60 days according to this directive and remediate each vulnerability according to the timelines outlined in 'CISA's vulnerability catalog.\n\nQualys helps customers to identify and assess risk to organizations' digital infrastructure and automate remediation. Qualys' guidance for rapid response to Operational Directive is below.\n\n## Directive Scope\n\nThis directive applies to all software and hardware found on federal information systems managed on agency premises or hosted by third parties on an agency's behalf.\n\nHowever, CISA strongly recommends that private businesses and state, local, tribal, and territorial (SLTT) governments prioritize the mitigation of vulnerabilities listed in CISA's public catalog.\n\n## CISA Catalog of Known Exploited Vulnerabilities\n\nIn total, CISA posted a list of [291 Common Vulnerabilities and Exposures (CVEs)](<https://www.cisa.gov/known-exploited-vulnerabilities-catalog>) that pose the highest risk to federal agencies. The Qualys Research team has mapped all these CVEs to applicable QIDs. You can view the complete list of CVEs and the corresponding QIDs [here](<https://success.qualys.com/discussions/s/article/000006791>).\n\n### Not all vulnerabilities are created equal\n\nOur quick review of the 291 CVEs posted by CISA suggests that not all vulnerabilities hold the same priority. CISA has ordered U.S. federal enterprises to apply patches as soon as possible. The remediation guidance can be grouped into three distinct categories:\n\n#### Category 1 \u2013 Past Due\n\nRemediation of 15 CVEs (~5%) are already past due. These vulnerabilities include some of the most significant exploits in the recent past, including PrintNightmare, SigRed, ZeroLogon, and vulnerabilities in CryptoAPI, Pulse Secure, and more. Qualys Patch Management can help you remediate most of these vulnerabilities.\n\n#### Category 2 \u2013 Patch in less than two weeks\n\n100 (34%) Vulnerabilities need to be patched in the next two weeks, or by **November 17, 2022**.\n\n#### Category 3 \u2013 Patch within six months\n\nThe remaining 176 vulnerabilities (60%) must be patched within the next six months or by **May 3, 2022**.\n\n## Detect CISA's Vulnerabilities Using Qualys VMDR\n\nThe Qualys Research team has released several remote and authenticated detections (QIDs) for the vulnerabilities. Since the directive includes 291 CVEs, we recommend executing your search based on vulnerability criticality, release date, or other categories.\n\nFor example, to detect critical CVEs released in 2021:\n\n_vulnerabilities.vulnerability.criticality:CRITICAL and vulnerabilities.vulnerability.cveIds:[ `CVE-2021-1497`,`CVE-2021-1498`,`CVE-2021-1647`,`CVE-2021-1675`,`CVE-2021-1732`,`CVE-2021-1782`,`CVE-2021-1870`,`CVE-2021-1871`,`CVE-2021-1879`,`CVE-2021-1905`,`CVE-2021-1906`,`CVE-2021-20016`,`CVE-2021-21017`,`CVE-2021-21148`,`CVE-2021-21166`,`CVE-2021-21193`,`CVE-2021-21206`,`CVE-2021-21220`,`CVE-2021-21224`,`CVE-2021-21972`,`CVE-2021-21985`,`CVE-2021-22005`,`CVE-2021-22205`,`CVE-2021-22502`,`CVE-2021-22893`,`CVE-2021-22894`,`CVE-2021-22899`,`CVE-2021-22900`,`CVE-2021-22986`,`CVE-2021-26084`,`CVE-2021-26411`,`CVE-2021-26855`,`CVE-2021-26857`,`CVE-2021-26858`,`CVE-2021-27059`,`CVE-2021-27065`,`CVE-2021-27085`,`CVE-2021-27101`,`CVE-2021-27102`,`CVE-2021-27103`,`CVE-2021-27104`,`CVE-2021-28310`,`CVE-2021-28550`,`CVE-2021-28663`,`CVE-2021-28664`,`CVE-2021-30116`,`CVE-2021-30551`,`CVE-2021-30554`,`CVE-2021-30563`,`CVE-2021-30632`,`CVE-2021-30633`,`CVE-2021-30657`,`CVE-2021-30661`,`CVE-2021-30663`,`CVE-2021-30665`,`CVE-2021-30666`,`CVE-2021-30713`,`CVE-2021-30761`,`CVE-2021-30762`,`CVE-2021-30807`,`CVE-2021-30858`,`CVE-2021-30860`,`CVE-2021-30860`,`CVE-2021-30869`,`CVE-2021-31199`,`CVE-2021-31201`,`CVE-2021-31207`,`CVE-2021-31955`,`CVE-2021-31956`,`CVE-2021-31979`,`CVE-2021-33739`,`CVE-2021-33742`,`CVE-2021-33771`,`CVE-2021-34448`,`CVE-2021-34473`,`CVE-2021-34523`,`CVE-2021-34527`,`CVE-2021-35211`,`CVE-2021-36741`,`CVE-2021-36742`,`CVE-2021-36942`,`CVE-2021-36948`,`CVE-2021-36955`,`CVE-2021-37973`,`CVE-2021-37975`,`CVE-2021-37976`,`CVE-2021-38000`,`CVE-2021-38003`,`CVE-2021-38645`,`CVE-2021-38647`,`CVE-2021-38647`,`CVE-2021-38648`,`CVE-2021-38649`,`CVE-2021-40444`,`CVE-2021-40539`,`CVE-2021-41773`,`CVE-2021-42013`,`CVE-2021-42258` ]_\n\n\n\nUsing [Qualys VMDR](<https://www.qualys.com/subscriptions/vmdr/>), you can effectively prioritize those vulnerabilities using the VMDR Prioritization report.\n\n\n\nIn addition, you can locate a vulnerable host through Qualys Threat Protection by simply clicking on the impacted hosts to effectively identify and track this vulnerability.\n\n\n\nWith Qualys Unified Dashboard, you can track your exposure to the CISA Known Exploited Vulnerabilities and gather your status and overall management in real-time. With trending enabled for dashboard widgets, you can keep track of the status of the vulnerabilities in your environment using the ["CISA 2010-21| KNOWN EXPLOITED VULNERABILITIES"](<https://success.qualys.com/support/s/article/000006791>) Dashboard.\n\n### Detailed Operational Dashboard:\n\n\n\n### Summary Dashboard High Level Structured by Vendor:\n\n\n\n## Remediation\n\nTo comply with this directive, federal agencies must remediate most "Category 2" vulnerabilities by **November 17, 2021**, and "Category 3" by May 3, 2021. Qualys Patch Management can help streamline the remediation of many of these vulnerabilities.\n\nCustomers can copy the following query into the Patch Management app to help customers comply with the directive's aggressive remediation date of November 17, 2021. Running this query will find all required patches and allow quick and efficient deployment of those missing patches to all assets directly from within the Qualys Cloud Platform.\n\ncve:[`CVE-2021-1497`,`CVE-2021-1498`,`CVE-2021-1647`,`CVE-2021-1675`,`CVE-2021-1732`,`CVE-2021-1782`,`CVE-2021-1870`,`CVE-2021-1871`,`CVE-2021-1879`,`CVE-2021-1905`,`CVE-2021-1906`,`CVE-2021-20016`,`CVE-2021-21017`,`CVE-2021-21148`,`CVE-2021-21166`,`CVE-2021-21193`,`CVE-2021-21206`,`CVE-2021-21220`,`CVE-2021-21224`,`CVE-2021-21972`,`CVE-2021-21985`,`CVE-2021-22005`,`CVE-2021-22205`,`CVE-2021-22502`,`CVE-2021-22893`,`CVE-2021-22894`,`CVE-2021-22899`,`CVE-2021-22900`,`CVE-2021-22986`,`CVE-2021-26084`,`CVE-2021-26411`,`CVE-2021-26855`,`CVE-2021-26857`,`CVE-2021-26858`,`CVE-2021-27059`,`CVE-2021-27065`,`CVE-2021-27085`,`CVE-2021-27101`,`CVE-2021-27102`,`CVE-2021-27103`,`CVE-2021-27104`,`CVE-2021-28310`,`CVE-2021-28550`,`CVE-2021-28663`,`CVE-2021-28664`,`CVE-2021-30116`,`CVE-2021-30551`,`CVE-2021-30554`,`CVE-2021-30563`,`CVE-2021-30632`,`CVE-2021-30633`,`CVE-2021-30657`,`CVE-2021-30661`,`CVE-2021-30663`,`CVE-2021-30665`,`CVE-2021-30666`,`CVE-2021-30713`,`CVE-2021-30761`,`CVE-2021-30762`,`CVE-2021-30807`,`CVE-2021-30858`,`CVE-2021-30860`,`CVE-2021-30860`,`CVE-2021-30869`,`CVE-2021-31199`,`CVE-2021-31201`,`CVE-2021-31207`,`CVE-2021-31955`,`CVE-2021-31956`,`CVE-2021-31979`,`CVE-2021-33739`,`CVE-2021-33742`,`CVE-2021-33771`,`CVE-2021-34448`,`CVE-2021-34473`,`CVE-2021-34523`,`CVE-2021-34527`,`CVE-2021-35211`,`CVE-2021-36741`,`CVE-2021-36742`,`CVE-2021-36942`,`CVE-2021-36948`,`CVE-2021-36955`,`CVE-2021-37973`,`CVE-2021-37975`,`CVE-2021-37976`,`CVE-2021-38000`,`CVE-2021-38003`,`CVE-2021-38645`,`CVE-2021-38647`,`CVE-2021-38647`,`CVE-2021-38648`,`CVE-2021-38649`,`CVE-2021-40444`,`CVE-2021-40539`,`CVE-2021-41773`,`CVE-2021-42013`,`CVE-2021-42258` ]\n\n\n\nQualys patch content covers many Microsoft, Linux, and third-party applications; however, some of the vulnerabilities introduced by CISA are not currently supported out-of-the-box by Qualys. To remediate those vulnerabilities, Qualys provides the ability to deploy custom patches. The flexibility to customize patch deployment allows customers to patch the remaining CVEs in this list.\n\nNote that the due date for \u201cCategory 1\u201d patches has already passed. To find missing patches in your environment for \u201cCategory 1\u201d past due CVEs, copy the following query into the Patch Management app:\n\ncve:['CVE-2021-1732\u2032,'CVE-2020-1350\u2032,'CVE-2020-1472\u2032,'CVE-2021-26855\u2032,'CVE-2021-26858\u2032,'CVE-2021-27065\u2032,'CVE-2020-0601\u2032,'CVE-2021-26857\u2032,'CVE-2021-22893\u2032,'CVE-2020-8243\u2032,'CVE-2021-22900\u2032,'CVE-2021-22894\u2032,'CVE-2020-8260\u2032,'CVE-2021-22899\u2032,'CVE-2019-11510']\n\n\n\n## Federal Enterprises and Agencies Can Act Now\n\nFor federal enterprises and agencies, it's a race against time to remediate these vulnerabilities across their respective environments and achieve compliance with this binding directive. Qualys solutions can help achieve compliance with this binding directive. Qualys Cloud Platform is FedRAMP authorized, with [107 FedRAMP authorizations](<https://marketplace.fedramp.gov/#!/product/qualys-cloud-platform?sort=-authorizations>).\n\nHere are a few steps Federal enterprises can take immediately:\n\n * Run vulnerability assessments against all your assets by leveraging various sensors such as Qualys agent, scanners, and more\n * Prioritize remediation by due dates\n * Identify all vulnerable assets automatically mapped into the threat feed\n * Use Patch Management to apply patches and other configurations changes\n * Track remediation progress through Unified Dashboards\n\n## Summary\n\nUnderstanding vulnerabilities is a critical but partial part of threat mitigation. Qualys VMDR helps customers discover, assess threats, assign risk, and remediate threats in one solution. Qualys customers rely on the accuracy of Qualys' threat intelligence to protect their digital environments and stay current with patch guidance. Using Qualys VMDR can help any organization efficiently respond to the CISA directive.\n\n## Getting Started\n\nLearn how [Qualys VMDR](<https://www.qualys.com/subscriptions/vmdr/>) provides actionable vulnerability guidance and automates remediation in one solution. Ready to get started? Sign up for a 30-day, no-cost [VMDR trial](<https://www.qualys.com/forms/vmdr/>).", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 10.0, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 6.0}, "published": "2021-11-09T06:15:01", "type": "qualysblog", "title": "Qualys Response to CISA Alert: Binding Operational Directive 22-01", "bulletinFamily": "blog", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-11510", "CVE-2020-0601", "CVE-2020-1350", "CVE-2020-1472", "CVE-2020-8243", "CVE-2020-8260", "CVE-2021-1497", "CVE-2021-1498", "CVE-2021-1647", "CVE-2021-1675", "CVE-2021-1732", "CVE-2021-1782", "CVE-2021-1870", "CVE-2021-1871", "CVE-2021-1879", "CVE-2021-1905", "CVE-2021-1906", "CVE-2021-20016", "CVE-2021-21017", "CVE-2021-21148", "CVE-2021-21166", "CVE-2021-21193", "CVE-2021-21206", "CVE-2021-21220", "CVE-2021-21224", "CVE-2021-21972", "CVE-2021-21985", "CVE-2021-22005", "CVE-2021-22205", "CVE-2021-22502", "CVE-2021-22893", "CVE-2021-22894", "CVE-2021-22899", "CVE-2021-22900", "CVE-2021-22986", "CVE-2021-26084", "CVE-2021-26411", "CVE-2021-26855", "CVE-2021-26857", "CVE-2021-26858", "CVE-2021-27059", "CVE-2021-27065", "CVE-2021-27085", "CVE-2021-27101", "CVE-2021-27102", "CVE-2021-27103", "CVE-2021-27104", "CVE-2021-28310", "CVE-2021-28550", "CVE-2021-28663", "CVE-2021-28664", "CVE-2021-30116", "CVE-2021-30551", "CVE-2021-30554", "CVE-2021-30563", "CVE-2021-30632", "CVE-2021-30633", "CVE-2021-30657", "CVE-2021-30661", "CVE-2021-30663", "CVE-2021-30665", "CVE-2021-30666", "CVE-2021-30713", "CVE-2021-30761", "CVE-2021-30762", "CVE-2021-30807", "CVE-2021-30858", "CVE-2021-30860", "CVE-2021-30869", "CVE-2021-31199", "CVE-2021-31201", "CVE-2021-31207", "CVE-2021-31955", "CVE-2021-31956", "CVE-2021-31979", "CVE-2021-33739", "CVE-2021-33742", "CVE-2021-33771", "CVE-2021-34448", "CVE-2021-34473", "CVE-2021-34523", "CVE-2021-34527", "CVE-2021-35211", "CVE-2021-36741", "CVE-2021-36742", "CVE-2021-36942", "CVE-2021-36948", "CVE-2021-36955", "CVE-2021-37973", "CVE-2021-37975", "CVE-2021-37976", "CVE-2021-38000", "CVE-2021-38003", "CVE-2021-38645", "CVE-2021-38647", "CVE-2021-38648", "CVE-2021-38649", "CVE-2021-40444", "CVE-2021-40539", "CVE-2021-41773", "CVE-2021-42013", "CVE-2021-42258"], "modified": "2021-11-09T06:15:01", "id": "QUALYSBLOG:BC22CE22A3E70823D5F0E944CBD5CE4A", "href": "https://blog.qualys.com/category/vulnerabilities-threat-research", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-02-25T19:27:09", "description": "_CISA released a directive in November 2021, recommending urgent and prioritized remediation of actively exploited vulnerabilities. Both government agencies and corporations should heed this advice. This blog outlines how Qualys Vulnerability Management, Detection & Response can be used by any organization to respond to this directive efficiently and effectively._\n\n### Situation\n\nLast November 2021, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) released a [Binding Operational Directive 22-01](<https://cyber.dhs.gov/bod/22-01/>) called \u201cReducing the Significant Risk of Known Exploited Vulnerabilities.\u201d [This directive](<https://www.cisa.gov/news/2021/11/03/cisa-releases-directive-reducing-significant-risk-known-exploited-vulnerabilities>) recommends urgent and prioritized remediation of the vulnerabilities that adversaries are actively exploiting. It establishes a CISA-managed catalog of Known Exploited Vulnerabilities that carry significant risk to the federal government and sets requirements for agencies to remediate these vulnerabilities.\n\nThis directive requires federal agencies to review and update internal vulnerability management procedures to remediate each vulnerability according to the timelines outlined in CISA\u2019s vulnerability catalog.\n\n### Directive Scope\n\nThis CISA directive applies to all software and hardware found on federal information systems managed on agency premises or hosted by third parties on an agency\u2019s behalf.\n\nHowever, CISA strongly recommends that public and private businesses as well as state, local, tribal, and territorial (SLTT) governments prioritize the mitigation of vulnerabilities listed in CISA\u2019s public catalog. This is truly vulnerability management guidance for all organizations to heed.\n\n### CISA Catalog of Known Exploited Vulnerabilities\n\nIn total, CISA posted a list of [379 Common Vulnerabilities and Exposures (CVEs)](<https://www.cisa.gov/known-exploited-vulnerabilities-catalog>) that pose the highest risk to federal agencies. CISA\u2019s most recent update was issued on February 22, 2022.\n\nThe Qualys Research team is continuously updating CVEs to available QIDs (Qualys vulnerability identifiers) in the Qualys Knowledgebase, with the RTI field \u201cCISA Exploited\u201d and this is going to be a continuous approach, as CISA frequently amends with the latest CVE as part of their regular feeds.\n\nOut of these vulnerabilities, Directive 22-01 urges all organizations to reduce their exposure to cyberattacks by effectively prioritizing the remediation of the identified Vulnerabilities.\n\nCISA has ordered U.S. federal agencies to apply patches as soon as possible. The remediation guidance is grouped into multiple categories by CISA based on attack surface severity and time-to-remediate. The timelines are available in the [Catalog](<https://www.cisa.gov/known-exploited-vulnerabilities-catalog>) for each of the CVEs.\n\n### Detect CISA Vulnerabilities Using Qualys VMDR\n\nQualys helps customers to identify and assess the risk to their organizations\u2019 digital infrastructure, and then to automate remediation. Qualys\u2019 guidance for rapid response to Directive 22-01 follows.\n\nThe Qualys Research team has released multiple remote and authenticated detections (QIDs) for these vulnerabilities. Since the directive includes 379 CVEs (as of February 22, 2022) we recommend executing your search based on QQL (Qualys Query Language), as shown here for released QIDs by Qualys **_vulnerabilities.vulnerability.threatIntel.cisaKnownExploitedVulns:"true"_**\n\n\n\n### CISA Exploited RTI\n\nUsing [Qualys VMDR](<https://www.qualys.com/subscriptions/vmdr/>), you can effectively prioritize those vulnerabilities using VMDR Prioritization. Qualys has introduced an **RTI Category, CISA Exploited**.\n\nThis RTI indicates that the vulnerabilities are associated with the CISA catalog.\n\n\n\nIn addition, you can locate a vulnerable host through Qualys Threat Protection by simply clicking on the impacted hosts to effectively identify and track this vulnerability.\n\n\n\nWith Qualys Unified Dashboard, you can track your exposure to CISA Known Exploited Vulnerabilities and track your status and overall management in real-time. With dashboard widgets, you can keep track of the status of vulnerabilities in your environment using the [\u201cCISA 2010-21| KNOWN EXPLOITED VULNERABILITIES\u201d](<https://success.qualys.com/support/s/article/000006791>) Dashboard.\n\n### Detailed Operational Dashboard\n\n\n\n### Remediation\n\nTo comply with this directive, federal agencies need to remediate all vulnerabilities as per the remediation timelines suggested in [CISA Catalog](<https://www.cisa.gov/known-exploited-vulnerabilities-catalog>)**.**\n\nQualys patch content covers many Microsoft, Linux, and third-party applications. However, some of the vulnerabilities introduced by CISA are not currently supported out-of-the-box by Qualys. To remediate those vulnerabilities, Qualys provides the ability to deploy custom patches. The flexibility to customize patch deployment allows customers to patch all the remaining CVEs in their list.\n\nCustomers can copy the following query into the Patch Management app to help customers comply with the directive\u2019s aggressive remediation timelines set by CISA. Running this query for specific CVEs will find required patches and allow quick and efficient deployment of those missing patches to all assets directly from within Qualys Cloud Platform.\n \n \n cve:[`CVE-2010-5326`,`CVE-2012-0158`,`CVE-2012-0391`,`CVE-2012-3152`,`CVE-2013-3900`,`CVE-2013-3906`,`CVE-2014-1761`,`CVE-2014-1776`,`CVE-2014-1812`,`CVE-2015-1635`,`CVE-2015-1641`,`CVE-2015-4852`,`CVE-2016-0167`,`CVE-2016-0185`,`CVE-2016-3088`,`CVE-2016-3235`,`CVE-2016-3643`,`CVE-2016-3976`,`CVE-2016-7255`,`CVE-2016-9563`,`CVE-2017-0143`,`CVE-2017-0144`,`CVE-2017-0145`,`CVE-2017-0199`,`CVE-2017-0262`,`CVE-2017-0263`,`CVE-2017-10271`,`CVE-2017-11774`,`CVE-2017-11882`,`CVE-2017-5638`,`CVE-2017-5689`,`CVE-2017-6327`,`CVE-2017-7269`,`CVE-2017-8464`,`CVE-2017-8759`,`CVE-2017-9791`,`CVE-2017-9805`,`CVE-2017-9841`,`CVE-2018-0798`,`CVE-2018-0802`,`CVE-2018-1000861`,`CVE-2018-11776`,`CVE-2018-15961`,`CVE-2018-15982`,`CVE-2018-2380`,`CVE-2018-4878`,`CVE-2018-4939`,`CVE-2018-6789`,`CVE-2018-7600`,`CVE-2018-8174`,`CVE-2018-8453`,`CVE-2018-8653`,`CVE-2019-0193`,`CVE-2019-0211`,`CVE-2019-0541`,`CVE-2019-0604`,`CVE-2019-0708`,`CVE-2019-0752`,`CVE-2019-0797`,`CVE-2019-0803`,`CVE-2019-0808`,`CVE-2019-0859`,`CVE-2019-0863`,`CVE-2019-10149`,`CVE-2019-10758`,`CVE-2019-11510`,`CVE-2019-11539`,`CVE-2019-1214`,`CVE-2019-1215`,`CVE-2019-1367`,`CVE-2019-1429`,`CVE-2019-1458`,`CVE-2019-16759`,`CVE-2019-17026`,`CVE-2019-17558`,`CVE-2019-18187`,`CVE-2019-18988`,`CVE-2019-2725`,`CVE-2019-8394`,`CVE-2019-9978`,`CVE-2020-0601`,`CVE-2020-0646`,`CVE-2020-0674`,`CVE-2020-0683`,`CVE-2020-0688`,`CVE-2020-0787`,`CVE-2020-0796`,`CVE-2020-0878`,`CVE-2020-0938`,`CVE-2020-0968`,`CVE-2020-0986`,`CVE-2020-10148`,`CVE-2020-10189`,`CVE-2020-1020`,`CVE-2020-1040`,`CVE-2020-1054`,`CVE-2020-1147`,`CVE-2020-11738`,`CVE-2020-11978`,`CVE-2020-1350`,`CVE-2020-13671`,`CVE-2020-1380`,`CVE-2020-13927`,`CVE-2020-1464`,`CVE-2020-1472`,`CVE-2020-14750`,`CVE-2020-14871`,`CVE-2020-14882`,`CVE-2020-14883`,`CVE-2020-15505`,`CVE-2020-15999`,`CVE-2020-16009`,`CVE-2020-16010`,`CVE-2020-16013`,`CVE-2020-16017`,`CVE-2020-17087`,`CVE-2020-17144`,`CVE-2020-17496`,`CVE-2020-17530`,`CVE-2020-24557`,`CVE-2020-25213`,`CVE-2020-2555`,`CVE-2020-6207`,`CVE-2020-6287`,`CVE-2020-6418`,`CVE-2020-6572`,`CVE-2020-6819`,`CVE-2020-6820`,`CVE-2020-8243`,`CVE-2020-8260`,`CVE-2020-8467`,`CVE-2020-8468`,`CVE-2020-8599`,`CVE-2021-1647`,`CVE-2021-1675`,`CVE-2021-1732`,`CVE-2021-21017`,`CVE-2021-21148`,`CVE-2021-21166`,`CVE-2021-21193`,`CVE-2021-21206`,`CVE-2021-21220`,`CVE-2021-21224`,`CVE-2021-22204`,`CVE-2021-22893`,`CVE-2021-22894`,`CVE-2021-22899`,`CVE-2021-22900`,`CVE-2021-26411`,`CVE-2021-26855`,`CVE-2021-26857`,`CVE-2021-26858`,`CVE-2021-27059`,`CVE-2021-27065`,`CVE-2021-27085`,`CVE-2021-28310`,`CVE-2021-28550`,`CVE-2021-30116`,`CVE-2021-30551`,`CVE-2021-30554`,`CVE-2021-30563`,`CVE-2021-30632`,`CVE-2021-30633`,`CVE-2021-31199`,`CVE-2021-31201`,`CVE-2021-31207`,`CVE-2021-31955`,`CVE-2021-31956`,`CVE-2021-31979`,`CVE-2021-33739`,`CVE-2021-33742`,`CVE-2021-33766`,`CVE-2021-33771`,`CVE-2021-34448`,`CVE-2021-34473`,`CVE-2021-34523`,`CVE-2021-34527`,`CVE-2021-35211`,`CVE-2021-35247`,`CVE-2021-36741`,`CVE-2021-36742`,`CVE-2021-36934`,`CVE-2021-36942`,`CVE-2021-36948`,`CVE-2021-36955`,`CVE-2021-37415`,`CVE-2021-37973`,`CVE-2021-37975`,`CVE-2021-37976`,`CVE-2021-38000`,`CVE-2021-38003`,`CVE-2021-38645`,`CVE-2021-38647`,`CVE-2021-38648`,`CVE-2021-38649`,`CVE-2021-40438`,`CVE-2021-40444`,`CVE-2021-40449`,`CVE-2021-40539`,`CVE-2021-4102`,`CVE-2021-41773`,`CVE-2021-42013`,`CVE-2021-42292`,`CVE-2021-42321`,`CVE-2021-43890`,`CVE-2021-44077`,`CVE-2021-44228`,`CVE-2021-44515`,`CVE-2022-0609`,`CVE-2022-21882`,`CVE-2022-24086`,`CVE-2010-1871`,`CVE-2017-12149`,`CVE-2019-13272` ]\n\n\n\nVulnerabilities can be validated through VMDR and a Patch Job can be configured for vulnerable assets.\n\n\n\n### Federal Enterprises and Agencies Can Act Now\n\nFor federal agencies and enterprises, it\u2019s a race against time to remediate these vulnerabilities across their respective environments and achieve compliance with this binding directive. Qualys solutions can help your organization to achieve compliance with this binding directive. Qualys Cloud Platform is FedRAMP authorized, with [107 FedRAMP authorizations](<https://marketplace.fedramp.gov/#!/product/qualys-cloud-platform?sort=-authorizations>) to our credit.\n\nHere are a few steps Federal entities can take immediately:\n\n * Run vulnerability assessments against all of your assets by leveraging our various sensors such as Qualys agent, scanners, and more\n * Prioritize remediation by due dates\n * Identify all vulnerable assets automatically mapped into the threat feed\n * Use Qualys Patch Management to apply patches and other configuration changes\n * Track remediation progress through our Unified Dashboards\n\n### Summary\n\nUnderstanding just which vulnerabilities exist in your environment is a critical but small part of threat mitigation. Qualys VMDR helps customers discover their exposure, assess threats, assign risk, and remediate threats \u2013 all in a single unified solution. Qualys customers rely on the accuracy of Qualys\u2019 threat intelligence to protect their digital environments and stay current with patch guidance. Using Qualys VMDR can help any size organization efficiently respond to CISA Binding Operational Directive 22-01.\n\n#### Getting Started\n\nLearn how [Qualys VMDR](<https://www.qualys.com/subscriptions/vmdr/>) provides actionable vulnerability guidance and automates remediation in one solution. Ready to get started? Sign up for a 30-day, no-cost [VMDR trial](<https://www.qualys.com/forms/vmdr/>).", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 10.0, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 6.0}, "published": "2022-02-23T05:39:00", "type": "qualysblog", "title": "Managing CISA Known Exploited Vulnerabilities with Qualys VMDR", "bulletinFamily": "blog", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": true, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2010-1871", "CVE-2010-5326", "CVE-2012-0158", "CVE-2012-0391", "CVE-2012-3152", "CVE-2013-3900", "CVE-2013-3906", "CVE-2014-1761", "CVE-2014-1776", "CVE-2014-1812", "CVE-2015-1635", "CVE-2015-1641", "CVE-2015-4852", "CVE-2016-0167", "CVE-2016-0185", "CVE-2016-3088", "CVE-2016-3235", "CVE-2016-3643", "CVE-2016-3976", "CVE-2016-7255", "CVE-2016-9563", "CVE-2017-0143", "CVE-2017-0144", "CVE-2017-0145", "CVE-2017-0199", "CVE-2017-0262", "CVE-2017-0263", "CVE-2017-10271", "CVE-2017-11774", "CVE-2017-11882", "CVE-2017-12149", "CVE-2017-5638", "CVE-2017-5689", "CVE-2017-6327", "CVE-2017-7269", "CVE-2017-8464", "CVE-2017-8759", "CVE-2017-9791", "CVE-2017-9805", "CVE-2017-9841", "CVE-2018-0798", "CVE-2018-0802", "CVE-2018-1000861", "CVE-2018-11776", "CVE-2018-15961", "CVE-2018-15982", "CVE-2018-2380", "CVE-2018-4878", "CVE-2018-4939", "CVE-2018-6789", "CVE-2018-7600", "CVE-2018-8174", "CVE-2018-8453", "CVE-2018-8653", "CVE-2019-0193", "CVE-2019-0211", "CVE-2019-0541", "CVE-2019-0604", "CVE-2019-0708", "CVE-2019-0752", "CVE-2019-0797", "CVE-2019-0803", "CVE-2019-0808", "CVE-2019-0859", "CVE-2019-0863", "CVE-2019-10149", "CVE-2019-10758", "CVE-2019-11510", "CVE-2019-11539", "CVE-2019-1214", "CVE-2019-1215", "CVE-2019-13272", "CVE-2019-1367", "CVE-2019-1429", "CVE-2019-1458", "CVE-2019-16759", "CVE-2019-17026", "CVE-2019-17558", "CVE-2019-18187", "CVE-2019-18988", "CVE-2019-2725", "CVE-2019-8394", "CVE-2019-9978", "CVE-2020-0601", "CVE-2020-0646", "CVE-2020-0674", "CVE-2020-0683", "CVE-2020-0688", "CVE-2020-0787", "CVE-2020-0796", "CVE-2020-0878", "CVE-2020-0938", "CVE-2020-0968", "CVE-2020-0986", "CVE-2020-10148", "CVE-2020-10189", "CVE-2020-1020", "CVE-2020-1040", "CVE-2020-1054", "CVE-2020-1147", "CVE-2020-11738", "CVE-2020-11978", "CVE-2020-1350", "CVE-2020-13671", "CVE-2020-1380", "CVE-2020-13927", "CVE-2020-1464", "CVE-2020-1472", "CVE-2020-14750", "CVE-2020-14871", "CVE-2020-14882", "CVE-2020-14883", "CVE-2020-15505", "CVE-2020-15999", "CVE-2020-16009", "CVE-2020-16010", "CVE-2020-16013", "CVE-2020-16017", "CVE-2020-17087", "CVE-2020-17144", "CVE-2020-17496", "CVE-2020-17530", "CVE-2020-24557", "CVE-2020-25213", "CVE-2020-2555", "CVE-2020-6207", "CVE-2020-6287", "CVE-2020-6418", "CVE-2020-6572", "CVE-2020-6819", "CVE-2020-6820", "CVE-2020-8243", "CVE-2020-8260", "CVE-2020-8467", "CVE-2020-8468", "CVE-2020-8599", "CVE-2021-1647", "CVE-2021-1675", "CVE-2021-1732", "CVE-2021-21017", "CVE-2021-21148", "CVE-2021-21166", "CVE-2021-21193", "CVE-2021-21206", "CVE-2021-21220", "CVE-2021-21224", "CVE-2021-22204", "CVE-2021-22893", "CVE-2021-22894", "CVE-2021-22899", "CVE-2021-22900", "CVE-2021-26411", "CVE-2021-26855", "CVE-2021-26857", "CVE-2021-26858", "CVE-2021-27059", "CVE-2021-27065", "CVE-2021-27085", "CVE-2021-28310", "CVE-2021-28550", "CVE-2021-30116", "CVE-2021-30551", "CVE-2021-30554", "CVE-2021-30563", "CVE-2021-30632", "CVE-2021-30633", "CVE-2021-31199", "CVE-2021-31201", "CVE-2021-31207", "CVE-2021-31955", "CVE-2021-31956", "CVE-2021-31979", "CVE-2021-33739", "CVE-2021-33742", "CVE-2021-33766", "CVE-2021-33771", "CVE-2021-34448", "CVE-2021-34473", "CVE-2021-34523", "CVE-2021-34527", "CVE-2021-35211", "CVE-2021-35247", "CVE-2021-36741", "CVE-2021-36742", "CVE-2021-36934", "CVE-2021-36942", "CVE-2021-36948", "CVE-2021-36955", "CVE-2021-37415", "CVE-2021-37973", "CVE-2021-37975", "CVE-2021-37976", "CVE-2021-38000", "CVE-2021-38003", "CVE-2021-38645", "CVE-2021-38647", "CVE-2021-38648", "CVE-2021-38649", "CVE-2021-40438", "CVE-2021-40444", "CVE-2021-40449", "CVE-2021-40539", "CVE-2021-4102", "CVE-2021-41773", "CVE-2021-42013", "CVE-2021-42292", "CVE-2021-42321", "CVE-2021-43890", "CVE-2021-44077", "CVE-2021-44228", "CVE-2021-44515", "CVE-2022-0609", "CVE-2022-21882", "CVE-2022-24086"], "modified": "2022-02-23T05:39:00", "id": "QUALYSBLOG:0082A77BD8EFFF48B406D107FEFD0DD3", "href": "https://blog.qualys.com/category/product-tech", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "cert": [{"lastseen": "2023-05-23T17:11:51", "description": "### Overview\n\nMicrosoft Windows Active Directory Certificate Services (AD CS) by default can be used as a target for NTLM relay attacks, which can allow a domain-joined computer to take over the entire Active Directory.\n\n### Description\n\n[PetitPotam](<https://github.com/topotam/PetitPotam>) is a tool to force Windows hosts to authenticate to other machines by using the [Encrypting File System Remote (EFSRPC)](<https://docs.microsoft.com/en-us/openspecs/windows_protocols/ms-efsr>) [EfsRpcOpenFileRaw](<https://docs.microsoft.com/en-us/openspecs/windows_protocols/ms-efsr/ccc4fb75-1c86-41d7-bbc4-b278ec13bfb8>) and other methods. When a system handles certain EFSRPC requests, it will by default use NTLM to authenticate with the host that is specified within the path to the file specified in the EFSRPC request. The user specified in the NTLM authentication information is the computer account of the machine that made the EFSRPC request.\n\nCode running on any domain-joined system will leverage Single Sign-On (SSO) to call these EFSRPC functions on a domain controller without needing to know the credentials of the current user or any other user in an Active Directory. And because the EFSRPC methods authenticate as the machine dispatching the request, this means that a user of any system connected to an AD domain can trigger an NTLM authentication request as the domain controller machine account to an arbitrary host, without needing to know any credentials. This can allow for NTLM relay attacks. Furthermore, the `EfsRpcOpenFileRaw` function can be invoked in a truly anonymous manner, without requiring credentials via SSO or other means.\n\nOne publicly-discussed target for an NTLM relay attack from a domain controller is a machine that hosts [Microsoft AD CS](<https://docs.microsoft.com/en-us/windows-server/networking/core-network-guide/cncg/server-certs/install-the-certification-authority>). By relaying an NTLM authentication request from a domain controller to the Certificate Authority Web Enrollment or the Certificate Enrollment Web Service on an AD CS system, an attacker can obtain a certificate that can be used to obtain a Ticket Granting Ticket (TGT) from the domain controller. This attack, known as a \"Golden Ticket\" attack, can be used to fully compromise the entire Active Directory infrastructure.\n\nAlthough Microsoft refers to this entire attack chain as \"PetitPotam\" in [KB5005413](<https://support.microsoft.com/en-us/topic/kb5005413-mitigating-ntlm-relay-attacks-on-active-directory-certificate-services-ad-cs-3612b773-4043-4aa9-b23d-b87910cd3429>), it is important to realize that PetitPotam is simply the single PoC exploit used to invoke an NTLM authentication request by way of a `EfsRpcOpenFileRaw` request. It should be noted that:\n\n 1. There may be other techniques that may cause a Windows system to initiate a connection to an arbitrary host using privileged NTLM credentials.\n 2. There may be services other than AD CS that may be leveraged to use as a target for a relayed NTLM authentication request.\n\n### Impact\n\nBy making a crafted RPC request to a vulnerable Windows system, a remote attacker may be able to leverage the NTLM authentication information that is included in the request that is generated. In the case of AD CS, this can allow an attacker on any domain-joined system to be able to compromise the Active Directory.\n\n### Solution\n\n#### Apply an update\n\nThis issue is partially addressed in the [Microsoft update for CVE-2021-36942](<https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-36942>). This update blocks the unauthenticated `EfsRpcOpenFileRaw` API call that is exposed through the LSARPC interface. Note that the EFSRPC interface for accessing `EfsRpcOpenFileRaw` is still reachable to authenticated users after installing this update. In addition, other EFSRPC functions that require authentication to exploit are still exposed to users via LSARPC after this update is installed. This required authentication may take place silently via SSO on domain-joined systems. Please see [KB5005413](<https://support.microsoft.com/en-us/topic/kb5005413-mitigating-ntlm-relay-attacks-on-active-directory-certificate-services-ad-cs-3612b773-4043-4aa9-b23d-b87910cd3429>) for several additional workarounds that can help mitigate other techniques for relaying NTLM credentials using an AD CS server.\n\n#### Enable Extended Protection for Authentication (EPA) and Require SSL on AD CS systems\n\nPlease see [KB5005413](<https://support.microsoft.com/en-us/topic/kb5005413-mitigating-ntlm-relay-attacks-on-active-directory-certificate-services-ad-cs-3612b773-4043-4aa9-b23d-b87910cd3429>) for more details about enabling EPA to help protect against this weakness. It is important to note:\n\n 1. In addition to configuring EPA through the IIS Manager GUI, the Certificate Enrollment Web Service (CES) also requires modifying the `web.config` file to successfully enable EPA.\n 2. The CES and the CertSrv applications **must** be configured to enable the **Require SSL** option for EPA protection to work. If **Require SSL** is not enabled, then any changes to the EPA settings will not have any effect.\n\n#### Disable incoming NTLM on AD CS servers\n\nThe stage of leveraging an AD CS server to achieve the ability to get a TGT can be mitigated by disabling incoming NTLM support on AD CS servers. To configure this GPO setting, go to: **Configuration -> Windows Settings -> Security Settings -> Local Policies -> Security Options** and set **Network security: Restrict NTLM: Incoming NTLM traffic** to **Deny All Accounts** or **Deny All domain accounts**\n\nNote that the group policy may need to be refreshed on the AD CS server for this mitigation to take effect.\n\n#### Disable the NTLM provider in IIS\n\nFor both the \"Certificate Authority Web Enrollment\" (CES) service (`<CA_INFO>-CA_CES_Kerberos` in IIS Manager) and the \"Certificate Enrollment Web Service\" (`CertSrv` in IIS Manager) services:\n\n 1. Open IIS Manager\n 2. Select Sites -> Default Web Site (or another name if it was manually reconfigured) -> `*-CA_CES_Kerberos` and `CertSrv`\n 3. Select `Windows Authentication`\n 4. Click the `Providers...` link on the right side\n 5. Select `NTLM`\n 6. Click the `Remove` Button\n 7. Restart IIS from an Administrator CMD prompt: `iisreset /restart`\n\n#### Block [MS-ESFR] (EFSRPC) using RPC filters\n\nRPC filters can be used to block the (remote) EFSRPC functionality that PetitPotam uses. This can be done by blocking the [RPC interface UUIDs for EFSRPC](<https://docs.microsoft.com/en-us/openspecs/windows_protocols/ms-efsr/1baaad2f-7a84-4238-b113-f32827a39cd2>).\n\nFirst create a file called `block_efsr.txt` and place the following contents in it:\n \n \n rpc\n filter\n add rule layer=um actiontype=block\n add condition field=if_uuid matchtype=equal data=c681d488-d850-11d0-8c52-00c04fd90f7e\n add filter\n add rule layer=um actiontype=block\n add condition field=if_uuid matchtype=equal data=df1941c5-fe89-4e79-bf10-463657acf44d\n add filter\n quit\n \n\nThen import the filter using the following command from an elevated-privileged command prompt: \n`netsh -f block_efsr.txt`\n\nAlternatively, the above text block can be pasted into an interactive `netsh` session if you wish to avoid the use of a file to import the rules from.\n\nThe current filters can be viewed by running the following command: \n`netsh rpc filter show filter`.\n\nAll RPC filters can be removed using the following command: \n`netsh rpc filter delete filter filterkey=` \nThis will restore Windows to its default configuration of not having any RPC filters. If you have other RPC filters in place and wish to remove only the EFSRPC filters, you can specify the specific `filterKey` values that are reported by the `show filter` command listed above.\n\n#### Disable NTLM Authentication on your Windows domain controller\n\nInstructions for disabling NTLM authentication in your domain can be found in the article [Network security: Restrict NTLM: NTLM authentication in this domain](<https://docs.microsoft.com/windows/security/threat-protection/security-policy-settings/network-security-restrict-ntlm-ntlm-authentication-in-this-domain>).\n\nNote that existing logins may need to be terminated for this mitigation to take effect. Also note that disabling NTLM has been reported by some to be disruptive to expected network functionality. For this reason, please consider the other workarounds in this vulnerability note.\n\n### Acknowledgements\n\nThe PetitPotam aspect of this attack chain was publicly disclosed by topotam. The AD CS aspect was publicly disclosed by harmj0y (Will Schroeder) and tifkin_ (Lee Christensen).\n\nThis document was written by Will Dormann.\n\n### Vendor Information\n\n405600\n\nFilter by status: All Affected Not Affected Unknown\n\nFilter by content: __ Additional information available\n\n__ Sort by: Status Alphabetical\n\nExpand all\n\n### Microsoft Affected\n\nNotified: 2021-07-23 Updated: 2021-08-02\n\n**Statement Date: July 26, 2021**\n\n**CVE-2021-36942**| Affected \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n \n\n\n### References\n\n * <https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-36942>\n * <https://msrc.microsoft.com/update-guide/vulnerability/ADV210003>\n * <https://support.microsoft.com/en-us/topic/kb5005413-mitigating-ntlm-relay-attacks-on-active-directory-certificate-services-ad-cs-3612b773-4043-4aa9-b23d-b87910cd3429>\n * <https://docs.microsoft.com/en-us/openspecs/windows_protocols/ms-efsr>\n * <https://docs.microsoft.com/en-us/openspecs/windows_protocols/ms-efsr/ccc4fb75-1c86-41d7-bbc4-b278ec13bfb8>\n * <https://docs.microsoft.com/en-us/windows-server/networking/core-network-guide/cncg/server-certs/install-the-certification-authority>\n * <https://msrc-blog.microsoft.com/2009/12/08/extended-protection-for-authentication/>\n * <https://github.com/topotam/PetitPotam>\n * <https://posts.specterops.io/certified-pre-owned-d95910965cd2>\n * <https://www.exandroid.dev/2021/06/23/ad-cs-relay-attack-practical-guide/>\n\n### Other Information\n\n**CVE IDs:** | [CVE-2021-36942 ](<http://web.nvd.nist.gov/vuln/detail/CVE-2021-36942>) \n---|--- \n**Date Public:** | 2021-08-02 \n**Date First Published:** | 2021-08-02 \n**Date Last Updated: ** | 2021-10-05 12:12 UTC \n**Document Revision: ** | 14 \n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "baseScore": 5.3, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 1.4}, "published": "2021-08-02T00:00:00", "type": "cert", "title": "Microsoft Windows Active Directory Certificate Services can allow for AD compromise via PetitPotam NTLM relay attacks", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-36942"], "modified": "2021-10-05T12:12:00", "id": "VU:405600", "href": "https://www.kb.cert.org/vuls/id/405600", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}}], "googleprojectzero": [{"lastseen": "2023-05-24T14:22:54", "description": "Posted by James Forshaw, Project Zero\n\nThis blog post is a summary of some research I've been doing into relaying Kerberos authentication in Windows domain environments. To keep this blog shorter I am going to assume you have a working knowledge of Windows network authentication, and specifically Kerberos and NTLM. For a quick primer on Kerberos see [this page](<https://docs.microsoft.com/en-us/openspecs/windows_protocols/ms-kile/b4af186e-b2ff-43f9-b18e-eedb366abf13>) which is part of Microsoft's Kerberos extension documentation or you can always read [RFC4120](<https://www.rfc-editor.org/rfc/rfc4120.txt>).\n\n## Background\n\nWindows based enterprise networks rely on network authentication protocols, such as [NT Lan Manager (NTLM)](<https://docs.microsoft.com/en-us/openspecs/windows_protocols/ms-nlmp/b38c36ed-2804-4868-a9ff-8dd3182128e4>) and Kerberos to implement single sign on. These protocols allow domain users to seamlessly connect to corporate resources without having to repeatedly enter their passwords. This works by the computer's Local Security Authority (LSA) process storing the user's credentials when the user first authenticates. The LSA can then reuse those credentials for network authentication without requiring user interaction.\n\nHowever, the convenience of not prompting the user for their credentials when performing network authentication has a downside. To be most useful, common clients for network protocols such as HTTP or SMB must automatically perform the authentication without user interaction otherwise it defeats the purpose of avoiding asking the user for their credentials. \n\nThis automatic authentication can be a problem if an attacker can trick a user into connecting to a server they control. The attacker could induce the user's network client to start an authentication process and use that information to authenticate to an unrelated service allowing the attacker to access that service's resources as the user. When the authentication protocol is captured and forwarded to another system in this way it's referred to as an Authentication Relay attack.\n\n[](<https://blogger.googleusercontent.com/img/a/AVvXsEjeIXhBwnBcGsUREqJ9YPAEyeTw99GDlcn_PmW7fyuxGGkop9HvtErkOKfvy6WXzeXZFfXdOR8C-StQgu3qPaE-t48EHnQ0xPbUgBDm3-jyO_dij-bFHf4Vw6v-ryL9D7FixnLa6I88bzvbkx-QNGx7Wxhc3GGWmJGa9Xbu1-HIZGM0SA1HQWcERC_y2w=s856>)\n\nAuthentication relay attacks using the NTLM protocol were [f](<https://web.archive.org/web/20030706050349/http://www.xfocus.net/articles/200305/smbrelay.html>)[irst published](<https://web.archive.org/web/20030706050349/http://www.xfocus.net/articles/200305/smbrelay.html>) all the way back in 2001 by Josh Buchbinder (Sir Dystic) of the Cult of the Dead Cow. However, even in 2021 NTLM relay attacks still represent a threat in default configurations of Windows domain networks. The most recent major abuse of NTLM relay was through the [Active Directory Certificate Services web enrollment service](<https://specterops.io/assets/resources/Certified_Pre-Owned.pdf>). This combined with the [PetitPotam](<https://github.com/topotam/PetitPotam>) technique to induce a Domain Controller to perform NTLM authentication allows for a Windows domain to be compromised by an unauthenticated attacker.\n\nOver the years Microsoft has made many efforts to mitigate authentication relay attacks. The best mitigations rely on the fact that the attacker does not have knowledge of the user's password or control over the authentication process. This includes signing and encryption (sealing) of network traffic using a session key which is protected by the user's password or channel binding as part of [Extended Protection for Authentication (EPA)](<https://msrc-blog.microsoft.com/2009/12/08/extended-protection-for-authentication/>) which prevents relay of authentication to a network protocol under TLS.\n\nAnother mitigation regularly proposed is to disable NTLM authentication either for particular services or network wide using [Group Policy](<https://docs.microsoft.com/en-us/windows/security/threat-protection/security-policy-settings/network-security-restrict-ntlm-ntlm-authentication-in-this-domain>). While this has potential compatibility issues, restricting authentication to only Kerberos should be more secure. That got me thinking, is disabling NTLM sufficient to eliminate authentication relay attacks on Windows domains?\n\n## Why are there no Kerberos Relay Attacks?\n\nThe obvious question is, if NTLM is disabled could you relay Kerberos authentication instead? Searching for Kerberos Relay attacks doesn't yield much public research that I could find. There is the [krbrelayx](<https://github.com/dirkjanm/krbrelayx>) tool written by [Dirk-jan](<https://twitter.com/_dirkjan>) which is similar in concept to the [ntlmrelayx](<https://github.com/SecureAuthCorp/impacket/tree/master/impacket/examples/ntlmrelayx>) tool in [impacket](<https://github.com/SecureAuthCorp/impacket>), a common tool for performing NTLM authentication relay attacks. However as the accompanying [blog post](<https://dirkjanm.io/krbrelayx-unconstrained-delegation-abuse-toolkit/>) makes clear this is a tool to abuse [unconstrained delegation](<https://docs.microsoft.com/en-us/defender-for-identity/cas-isp-unconstrained-kerberos>) rather than relay the authentication. \n\nI did find a [recent presentation](<https://media.defcon.org/DEF%20CON%2029/DEF%20CON%2029%20presentations/Sagi%20Sheinfeld%20Eyal%20Karni%20Yaron%20Zinar%20-%20Using%20Machine-in-the-Middle%20to%20Attack%20Active%20Directory%20Authentication%20Schemes.pdf>) by Sagi Sheinfeld, [Eyal Karni](<https://twitter.com/eyal_karni>), [Yaron Zinar](<https://twitter.com/YaronZi>) from Crowdstrike at Defcon 29 (and also coming up at Blackhat EU 2021) which relayed Kerberos authentication. The presentation discussed MitM network traffic to specific servers, then relaying the Kerberos authentication. A MitM attack relies on being able to spoof an existing server through some mechanism, which is a well known risk. The last line in the presentation is \"Microsoft Recommendation: Avoid being MITM\u2019d\u2026\" which seems a reasonable approach to take if possible.\n\nHowever a MitM attack is slightly different to the common NTLM relay attack scenario where you can induce a domain joined system to authenticate to a server an attacker controls and then forward that authentication to an unrelated service. NTLM is easy to relay as it wasn't designed to distinguish authentication to a particular service from any other. The only unique aspect was the server (and later client) challenge but that value wasn't specific to the service and so authentication for say SMB could be forwarded to HTTP and the victim service couldn't tell the difference. Subsequently EPA has been retrofitted onto NTLM to make the authentication specific to a service, but due to backwards compatibility these mitigations aren't always used.\n\nOn the other hand Kerberos has always required the target of the authentication to be specified beforehand through a principal name, typically this is a [Service Principal Name (SPN)](<https://docs.microsoft.com/en-us/windows/win32/ad/service-principal-names>) although in certain circumstances it can be a User Principal Name (UPN). The SPN is usually represented as a string of the form CLASS/INSTANCE:PORT/NAME, where CLASS is the class of service, such as HTTP or CIFS, INSTANCE is typically the DNS name of the server hosting the service and PORT and NAME are optional.\n\nThe SPN is used by the Kerberos Ticket Granting Server (TGS) to select the shared encryption key for a Kerberos service ticket generated for the authentication. This ticket contains the details of the authenticating user based on the contents of the Ticket Granting Ticket (TGT) that was requested during the user's initial Kerberos authentication process. The client can then package the service's ticket into an Authentication Protocol Request (AP_REQ) authentication token to send to the server.\n\nWithout knowledge of the shared encryption key the Kerberos service ticket can't be decrypted by the service and the authentication fails. Therefore if Kerberos authentication is attempted to an SMB service with the SPN CIFS/fileserver.domain.com, then that ticket shouldn't be usable if the relay target is a HTTP service with the SPN HTTP/fileserver.domain.com, as the shared key should be different.\n\nIn practice that's rarely the case in Windows domain networks. The Domain Controller associates the SPN with a user account, most commonly the computer account of the domain joined server and the key is derived from the account's password. The CIFS/fileserver.domain.com and HTTP/fileserver.domain.com SPNs would likely be assigned to the FILESERVER$ computer account, therefore the shared encryption key will be the same for both SPNs and in theory the authentication could be relayed from one service to the other. The receiving service could query for the authenticated SPN string from the authentication APIs and then compare it to its expected value, but this check is typically optional.\n\nThe selection of the SPN to use for the Kerberos authentication is typically defined by the target server's host name. In a relay attack the attacker's server will not be the same as the target. For example, the SMB connection might be targeting the attacker's server, and will assign the SPN CIFS/evil.com. Assuming this SPN is even registered it would in all probability have a different shared encryption key to the CIFS/fileserver.domain.com SPN due to the different computer accounts. Therefore relaying the authentication to the target SMB service will fail as the ticket can't be decrypted.\n\nThe requirement that the SPN is associated with the target service's shared encryption key is why I assume few consider Kerberos relay attacks to be a major risk, if not impossible. There's an assumption that an attacker cannot induce a client into generating a service ticket for an SPN which differs from the host the client is connecting to.\n\nHowever, there's nothing inherently stopping Kerberos authentication being relayed if the attacker can control the SPN. The only way to stop relayed Kerberos authentication is for the service to protect itself through the use of signing/sealing or channel binding which rely on the shared knowledge between the client and server, but crucially not the attacker relaying the authentication. However, even now these service protections aren't the default even on critical protocols such as LDAP.\n\nAs the only limit on basic Kerberos relay (in the absence of service protections) is the selection of the SPN, this research focuses on how common protocols select the SPN and whether it can be influenced by the attacker to achieve Kerberos authentication relay.\n\n## Kerberos Relay Requirements\n\nIt's easy to demonstrate in a controlled environment that Kerberos relay is possible. We can write a simple client which uses the [Security Support Provider Interface (SSPI)](<https://en.wikipedia.org/wiki/Security_Support_Provider_Interface>) APIs to communicate with the LSA and implement the network authentication. This client calls the [InitializeSecurityContext](<https://docs.microsoft.com/en-us/windows/win32/api/sspi/nf-sspi-initializesecuritycontextw>) API which will generate an AP_REQ authentication token containing a Kerberos Service Ticket for an arbitrary SPN. This AP_REQ can be forwarded to an intermediate server and then relayed to the service the SPN represents. You'll find this will work, again to reiterate, assuming that no service protections are in place.\n\nHowever, there are some caveats in the way a client calls InitializeSecurityContext which will impact how useful the generated AP_REQ is even if the attacker can influence the SPN. If the client specifies any one of the following request flags, ISC_REQ_CONFIDENTIALITY, ISC_REQ_INTEGRITY, ISC_REQ_REPLAY_DETECT or ISC_REQ_SEQUENCE_DETECT then the generated AP_REQ will enable encryption and/or integrity checking. When the AP_REQ is received by the server using the [AcceptSecurityContext](<https://docs.microsoft.com/en-us/windows/win32/api/sspi/nf-sspi-acceptsecuritycontext>) API it will return a set of flags which indicate if the client enabled encryption or integrity checking. Some services use these [returned flags](<https://docs.microsoft.com/en-us/windows/win32/secauthn/context-requirements>) to opportunistically enable service protections. \n\nFor example LDAP's default setting is to enable signing/encryption if the client supports it. Therefore you shouldn't be able to relay Kerberos authentication to LDAP if the client enabled any of these protections. However, other services such as HTTP don't typically support signing and sealing and so will happily accept authentication tokens which specify the request flags.\n\nAnother caveat is the client could specify channel binding information, typically derived from the certificate used by the TLS channel used in the communication. The channel binding information can be controlled by the attacker, but not set to arbitrary values without a bug in the TLS implementation or the code which determines the channel binding information itself. \n\nWhile services have an option to only enable channel binding if it's supported by the client, all Windows Kerberos AP_REQ tokens indicate support through the [KERB_AP_OPTIONS_CBT](<https://docs.microsoft.com/en-us/openspecs/windows_protocols/ms-kile/b15648e2-439a-4d04-b8a2-2f34c45690f9>) options flag in the authenticator. Sagi Sheinfeld et al did demonstrate (see slide 22 in [their presentation](<https://media.defcon.org/DEF%20CON%2029/DEF%20CON%2029%20presentations/Sagi%20Sheinfeld%20Eyal%20Karni%20Yaron%20Zinar%20-%20Using%20Machine-in-the-Middle%20to%20Attack%20Active%20Directory%20Authentication%20Schemes.pdf>)) that if you can get the AP_REQ from a non-Windows source it will not set the options flag and so no channel binding is enforced, but that was apparently not something Microsoft will fix. It is also possible that a Windows client disables channel binding through a [registry configuration option](<https://docs.microsoft.com/en-us/troubleshoot/windows-server/windows-security/authentication-fails-non-windows-ntlm-kerberos-server>), although that seems to be unlikely in real world networks.\n\nIf the client specifies the ISC_REQ_MUTUAL_AUTH request flag when generating the initial AP_REQ it will enable mutual authentication between the client and server. The client expects to receive an Authentication Protocol Response (AP_REP) token from the server after sending the AP_REQ to prove it has possession of the shared encryption key. If the server doesn't return a valid AP_REP the client can assume it's a spoofed server and refuse to continue the communication. \n\nFrom a relay perspective, mutual authentication doesn't really matter as the server is the target of the relay attack, not the client. The target server will assume the authentication has completed once it's accepted the AP_REQ, so that's all the attacker needs to forward. While the server will generate the AP_REP and return it to the attacker they can just drop it unless they need the relayed client to continue to participate in the communication for some reason.\n\nOne final consideration is that the SSPI APIs have two security packages which can be used to implement Kerberos authentication, Negotiate and Kerberos. The Negotiate protocol wraps the AP_REQ (and other authentication tokens) in the [SPNEGO protocol](<https://datatracker.ietf.org/doc/html/rfc4178>) whereas Kerberos sends the authentication tokens using a simple GSS-API wrapper (see [RFC4121](<https://datatracker.ietf.org/doc/html/rfc4121>)). \n\nThe first potential issue is Negotiate is by far the most likely package in use as it allows a network protocol the flexibility to use the most appropriate authentication protocol that the client and server both support. However, what happens if the client uses the raw Kerberos package but the server uses Negotiate? \n\nThis isn't a problem as the server implementation of Negotiate will pass the input token to the function NegpDetermineTokenPackage in lsasrv.dll during the first call to AcceptSecurityContext. This function detects if the client has passed a GSS-API Kerberos token (or NTLM) and enables a pass through mode where Negotiate gets out of the way. Therefore even if the client uses the Kerberos package you can still authenticate to the server and keep the client happy without having to extract the inner authentication token or wrap up response tokens.\n\nOne actual issue for relaying is the Negotiate protocol enables integrity protection (equivalent to passing ISC_REQ_INTEGRITY to the underlying package) so that it can generate a Message Integrity Code (MIC) for the authentication exchange to prevent tampering. Using the Kerberos package directly won't add integrity protection automatically. Therefore relaying Kerberos AP_REQs from Negotiate will likely hit issues related to automatic enabling of signing on the server. It is possible for a client to explicitly disable automatic integrity checking by passing the ISC_REQ_NO_INTEGRITY request attribute, but that's not a common case.\n\nIt's possible to disable Negotiate from the relay if the client passes an arbitrary authentication token to the first call of the InitializeSecurityContext API. On the first call the Negotiate implementation will call the NegpDetermineTokenPackage function to determine whether to enable authentication pass through. If the initial token is NTLM or looks like a Kerberos token then it'll pass through directly to the underlying security package and it won't set ISC_REQ_INTEGRITY, unless the client explicitly requested it. The byte sequence [0x00, 0x01, 0x40] is sufficient to get Negotiate to detect Kerberos, and the token is then discarded so it doesn't have to contain any further valid data.\n\n## Sniffing and Proxying Traffic\n\nBefore going into individual protocols that I've researched, it's worth discussing some more obvious ways of getting access to Kerberos authentication targeted at other services. First is sniffing network traffic sent from client to the server. For example, if the Kerberos AP_REQ is sent to a service over an unencrypted network protocol and the attacker can view that traffic the AP_REQ could be extracted and relayed. The selection of the SPN will be based on the expected traffic so the attacker doesn't need to do anything to influence it.\n\nThe Kerberos authentication protocol has protections against this attack vector. The Kerberos AP_REQ doesn't just contain the service ticket, it's also accompanied by an Authenticator which is encrypted using the ticket's session key. This key is accessible by both the legitimate client and the service. The authenticator contains a timestamp of when it was generated, and the service can check if this authenticator is within an allowable time range and whether it has seen the timestamp already. This allows the service to reject replayed authenticators by caching recently received values, and the allowable time window prevents the attacker waiting for any cache to expire before replaying.\n\nWhat this means is that while an attacker could sniff the Kerberos authentication on the wire and relay it, if the service has already received the authenticator it would be rejected as being a replay. The only way to exploit it would be to somehow prevent the legitimate authentication request from reaching the service, or race the request so that the attacker's packet is processed first.\n\nNote, [RFC4120](<https://datatracker.ietf.org/doc/html/rfc4120#section-3.2.3>) mentions the possibility of embedding the client's network address in the authenticator so that the service could reject authentication coming from the wrong host. This isn't used by the Windows Kerberos implementation as far as I can tell. No doubt it would cause too many false positives for the replay protection in anything but the simplest enterprise networks.\n\nTherefore the only reliable way to exploit this scenario would be to actively interpose on the network communications between the client and service. This is of course practical and has been demonstrated many times assuming the traffic isn't protected using something like TLS with server verification. Various attacks would be possible such as ARP or DNS spoofing attacks or HTTP proxy redirection to perform the interposition of the traffic.\n\nHowever, active MitM of protocols is a known risk and therefore an enterprise might have technical defenses in place to mitigate the issue. Of course, if such enterprises have enabled all the recommended relay protections,it's a moot point. Regardless, we'll assume that MitM is impractical for existing services due to protections in place and consider how individual protocols handle SPN selection.\n\n## IPSec and AuthIP\n\nMy research into Kerberos authentication relay came about in part because I was looking into the implementation of IPSec on Windows as part of my firewall research. Specifically I was researching the [AuthIP ISAKMP](<https://docs.microsoft.com/en-us/openspecs/windows_protocols/ms-aips/eee3de64-3847-4451-978e-9513ff187d30>) which allows for Windows authentication protocols to be used to establish IPsec Security Associations. \n\nI noticed that the AuthIP protocol has a [GSS-ID payload](<https://docs.microsoft.com/en-us/openspecs/windows_protocols/ms-aips/9ab1ccc0-d92e-4ca4-bae9-1c93871399ac>) which can be sent from the server to the client. This payload contains the textual SPN to use for the Kerberos authentication during the AuthIP process. This SPN is passed verbatim to the SSPI InitializeSecurityContext call by the AuthIP client.\n\nAs no verification is done on the format of the SPN in the GSS-ID payload, it allows the attacker to fully control the values including the service class and instance name. Therefore if an attacker can induce a domain joined machine to connect to an attacker controlled service and negotiate AuthIP then a Kerberos AP_REQ for an arbitrary SPN can be captured for relay use. As this AP_REQ is never sent to the target of the SPN it will not be detected as a replay.\n\nInducing authentication isn't necessarily difficult. Any IP traffic which is covered by the domain [configured security connection rules](<https://docs.microsoft.com/en-us/windows/security/threat-protection/windows-firewall/configure-the-rules-to-require-encryption>) will attempt to perform AuthIP. For example it's possible that a UDP response for a DNS request from the domain controller might be sufficient. AuthIP supports two authenticated users, the machine and the calling user. By default it seems the machine authenticates first, so if you convinced a Domain Controller to authenticate you'd get the DC computer account which could be fairly exploitable.\n\nFor interest's sake, the SPN is also used to determine the computer account associated with the server. This computer account is then used with [Service For User (S4U)](<https://docs.microsoft.com/en-us/openspecs/windows_protocols/ms-sfu/3bff5864-8135-400e-bdd9-33b552051d94>) to generate a local access token allowing the client to determine the identity of the server. However I don't think this is that useful as the fake server can't complete the authentication and the connection will be discarded.\n\nThe security connection rules use IP address ranges to determine what hosts need IPsec authentication. If these address ranges are too broad it's also possible that ISAKMP AuthIP traffic might leak to external networks. For example if the rules don't limit the network ranges to the enterprise's addresses, then even a connection out to a public service could be accompanied by the ISAKMP AuthIP packet. This can be then exploited by an attacker who is not co-located on the enterprise network just by getting a client to connect to their server, such as through a web URL.\n\n[](<https://blogger.googleusercontent.com/img/a/AVvXsEiDuaDAyi9I9zQlGa5gBZnE1I_KIMDq-jtVM1kni1B7whSMYuGvC2xaQA75T9cjmVkuBzkHxQxWbN3hiEWaEeJ-Ci1aGxReamFMy83glKslnxT_evjrIy7SZl-yMvg3OgdamPqIttMyXw7kzSKjnbyny3qcrUSQFANJCH55j_FaeOaFFnsROkTr8ABomw=s835>)\n\nTo summarize the attack process from the diagram:\n\n 1. Induce a client computer to send some network traffic to EVILHOST. It doesn't really matter what the traffic is, only that the IP address, type and port must match an IP security connection rule to use AuthIP. EVILHOST does not need to be domain joined to perform the attack.\n 2. The network traffic will get the Windows IPsec client to try and establish a security association with the target host.\n 3. A fake AuthIP server on the target host receives the request to establish a security association and returns a GSS-ID payload. This payload contains the target SPN, for example CIFS/FILESERVER.\n 4. The IPsec client uses the SPN to create an AP_REQ token and sends it to EVILHOST.\n 5. EVILHOST relays the Kerberos AP_REQ to the target service on FILESERVER.\n\nRelaying this AuthIP authentication isn't ideal from an attacker's perspective. As the authentication will be used to sign and seal the network traffic, the request context flags for the call to InitializeSecurityContext will require integrity and confidentiality protection. For network protocols such as LDAP which default to requiring signing and sealing if the client supports it, this would prevent the relay attack from working. However if the service ignores the protection and doesn't have any further checks in place this would be sufficient. \n\nThis issue was [reported to MSRC](<https://bugs.chromium.org/p/project-zero/issues/detail?id=2213>) and assigned case number 66900. However Microsoft have indicated that it will not be fixed with a security bulletin. I've described Microsoft's rationale for not fixing this issue later in the blog post. If you want to reproduce this issue there's details on Project Zero's [issue tracker](<https://bugs.chromium.org/p/project-zero/issues/detail?id=2213>).\n\n## MSRPC\n\nAfter discovering that AuthIP could allow for authentication relay the next protocol I looked at is [MSRPC](<https://docs.microsoft.com/en-us/windows/win32/rpc/rpc-start-page>). The protocol supports NTLM, Kerberos or Negotiate authentication protocols over connected network transports such as named pipes or TCP. These authentication protocols need to be opted into by the server using the [RpcServerRegisterAuthInfo](<https://docs.microsoft.com/en-us/windows/win32/api/rpcdce/nf-rpcdce-rpcserverregisterauthinfo>) API by specifying the authentication service constants of RPC_C_AUTHN_WINNT, RPC_C_AUTHN_GSS_KERBEROS or RPC_C_AUTHN_GSS_NEGOTIATE respectively. When registering the authentication information the server can optionally specify the SPN that needs to be used by the client.\n\nHowever, this SPN isn't actually used by the RPC server itself. Instead it's registered with the runtime, and a client can query the server's SPN using the [RpcMgmtInqServerPrincName ](<https://docs.microsoft.com/en-us/windows/win32/api/rpcdce/nf-rpcdce-rpcmgmtinqserverprincname>)management API. Once the SPN is queried the client can configure its authentication for the connection using the [RpcBindingSetAuthInfo](<https://docs.microsoft.com/en-us/windows/win32/api/rpcdce/nf-rpcdce-rpcbindingsetauthinfo>) API. However, this isn't required; the client could just generate the SPN manually and set it. If the client doesn't call RpcBindingSetAuthInfo then it will not perform any authentication on the RPC connection.\n\nAside, curiously when a connection is made to the server it can query the client's authentication information using the [RpcBindingInqAuthClient](<https://docs.microsoft.com/en-us/windows/win32/api/rpcdce/nf-rpcdce-rpcbindinginqauthclient>) API. However, the SPN that this API returns is the one registered by RpcServerRegisterAuthInfo and NOT the one which was used by the client to authenticate. Also Microsoft does mention the call to RpcMgmtInqServerPrincName in the \"[Writing a secure RPC client or server](<https://docs.microsoft.com/en-us/windows/win32/rpc/choosing-security-qos-options>)\" section on MSDN. However they frame it in the context of mutual authentication and not to protect against a relay attack.\n\nIf a client queries for the SPN from a malicious RPC server it will authenticate using a Kerberos AP_REQ for an SPN fully under the attacker's control. Whether the AP_REQ has integrity or confidentiality enabled depends on the authentication level set during the call to RpcBindingSetAuthInfo. If this is set to RPC_C_AUTHN_LEVEL_CONNECT and the client uses RPC_C_AUTHN_GSS_KERBEROS then the AP_REQ won't have integrity enabled. However, if Negotiate is used or anything above RPC_C_AUTHN_LEVEL_CONNECT as a level is used then it will have the integrity/confidentiality flags set.\n\nDoing a quick scan in system32 the following DLLs call the RpcMgmtInqServerPrincName API: certcli.dll, dot3api.dll, dusmsvc.dll, FrameServerClient.dll, L2SecHC.dll, luiapi.dll, msdtcprx.dll, nlaapi.dll, ntfrsapi.dll, w32time.dll, WcnApi.dll, WcnEapAuthProxy.dll, WcnEapPeerProxy.dll, witnesswmiv2provider.dll, wlanapi.dll, wlanext.exe, WLanHC.dll, wlanmsm.dll, wlansvc.dll, wwansvc.dll, wwapi.dll. Some basic analysis shows that none of these clients check the value of the SPN and use it verbatim with RpcBindingSetAuthInfo. That said, they all seem to use RPC_C_AUTHN_GSS_NEGOTIATE and set the authentication level to RPC_C_AUTHN_LEVEL_PKT_PRIVACY which makes them less useful as an attack vector.\n\nIf the client specifies RPC_C_AUTHN_GSS_NEGOTIATE but does not specify an SPN then the runtime generates one automatically. This is based on the target hostname with the RestrictedKrbHost service class. The runtime doesn't process the hostname, it just concatenates strings and for some reason the runtime doesn't support generating the SPN for RPC_C_AUTHN_GSS_KERBEROS.\n\nOne additional quirk of the RPC runtime is that the request attribute flag ISC_REQ_USE_DCE_STYLE is used when calling InitializeSecurityContext. This enables a [special three-leg authentication mode](<https://docs.microsoft.com/en-us/openspecs/windows_protocols/ms-kile/190ab8de-dc42-49cf-bf1b-ea5705b7a087>) which results in the server sending back an AP_RET and then receiving another AP_RET from the client. Until that third AP_RET has been provided to the server it won't consider the authentication complete so it's not sufficient to just forward the initial AP_REQ token and close the connection to the client. This just makes the relay code slightly more complex but not impossible.\n\nA second change that ISC_REQ_USE_DCE_STYLE introduces is that the Kerberos AP_REQ token does not have an GSS-API wrapper. This causes the call to NegpDetermineTokenPackage to fail to detect the package in use, making it impossible to directly forward the traffic to a server using the Negotiate package. However, this prefix is not protected against modification so the relay code can append the appropriate value before forwarding to the server. For example the following C# code can be used to convert a DCE style AP_REQ to a GSS-API format which Negotiate will accept.\n\npublic static byte[] EncodeLength(int length)\n\n{\n\nif (length < 0x80)\n\nreturn new byte[] { (byte)length };\n\nif (length < 0x100)\n\nreturn new byte[] { 0x81, (byte)length };\n\nif (length < 0x10000)\n\nreturn new byte[] { 0x82, (byte)(length >> 8), \n\n(byte)(length & 0xFF) };\n\nthrow new ArgumentException(\"Invalid length\", nameof(length));\n\n}\n\npublic static byte[] ConvertApReq(byte[] token)\n\n{\n\nif (token.Length == 0 || token[0] != 0x6E)\n\nreturn token;\n\nMemoryStream stm = new MemoryStream();\n\nBinaryWriter writer = new BinaryWriter(stm);\n\nConsole.WriteLine(\"Converting DCE AP_REQ to GSS-API format.\");\n\nbyte[] header = new byte[] { 0x06, 0x09, 0x2a, 0x86, 0x48, \n\n0x86, 0xf7, 0x12, 0x01, 0x02, 0x02, 0x01, 0x00 };\n\nwriter.Write((byte)0x60);\n\nwriter.Write(EncodeLength(header.Length + token.Length));\n\nwriter.Write(header);\n\nwriter.Write(token);\n\nreturn stm.ToArray();\n\n} \n \n--- \n \nSubsequent tokens in the authentication process don't need to be wrapped; in fact, wrapping them with their GSS-API headers will cause the authentication to fail. Relaying MSRPC requests would probably be difficult just due to the relative lack of clients which request the server's SPN. Also when the SPN is requested it tends to be a conscious act of securing the client and so best practice tends to require the developer to set the maximum authentication level, making the Kerberos AP_REQ less useful.\n\n## DCOM\n\nThe DCOM protocol uses MSRPC under the hood to access remote COM objects, therefore it should have the same behavior as MSRPC. The big difference is DCOM is designed to automatically handle the authentication requirements of a remote COM object through binding information contained in the [DUALSTRINGARRAY](<https://docs.microsoft.com/en-us/openspecs/windows_protocols/ms-dcom/7fe8200b-dccd-48cf-a2fa-681e3e0a23f4>) returned during Object Exporter ID (OXID) resolving. Therefore the client doesn't need to explicitly call RpcBindingSetAuthInfo to configure the authentication.\n\nThe binding information contains the protocol sequence and endpoint to use (such as TCP on port 30000) as well as the security bindings. Each security binding contains the RPC authentication service (wAuthnSvc in the below screenshot) to use as well as an optional SPN (aPrincName) for the authentication. Therefore a malicious DCOM server can force the client to use the RPC_C_AUTHN_GSS_KERBEROS authentication service with a completely arbitrary SPN by returning an appropriate security binding.\n\n[](<https://blogger.googleusercontent.com/img/a/AVvXsEiN78ReCzU5wVJ3qCozRJ2MSkKX4-Bm_S0zDSU2TNs6BrYoBffMIr7WZuL4AiNiO8rbVWrTkdGwjp6S2yyQptBIh82kWiKNOU-ziSntZpjGETP1TfIvXYzKFQyyW9C_qMEyoM3c1-7tdoqNLWxh2RYuq1pgbBFAtUCTjyQZzrU1h7mOxFnAl2l1PQBEuw=s1372>)\n\nThe authentication level chosen by the client depends on the value of the dwAuthnLevel parameter specified if the COM client calls the [CoInitializeSecurity](<https://docs.microsoft.com/en-us/windows/win32/api/combaseapi/nf-combaseapi-coinitializesecurity>) API. If the client doesn't explicitly call CoInitializeSecurity then a default will be used which is currently RPC_C_AUTHN_LEVEL_CONNECT. This means neither integrity or confidentiality will be enforced on the Kerberos AP_REQ by default.\n\nOne limitation is that without a call to CoInitializeSecurity, the default impersonation level for the client is set to RPC_C_IMP_LEVEL_IDENTIFY. This means the access token generated by the DCOM RPC authentication can only be used for identification and not for impersonation. For some services this isn't an issue, for example LDAP doesn't need an impersonation level token. However for others such as SMB this would prevent access to files. It's possible that you could find a COM client which sets both RPC_C_AUTHN_LEVEL_CONNECT and RPC_C_IMP_LEVEL_IMPERSONATE though there's no trivial process to assess that.\n\nGetting a client to connect to the server isn't trivial as DCOM isn't a widely used protocol on modern Windows networks due to high authentication requirements. However, one use case for this is local privilege escalation. For example you could get a privileged service to connect to the malicious COM server and relay the computer account Kerberos AP_REQ which is generated. I have a working PoC for this which allows a local non-admin user to connect to the domain's LDAP server using the local computer's credentials. \n\nThis attack is somewhat similar to the [RemotePotato](<https://github.com/antonioCoco/RemotePotato0>) attack (which uses NTLM rather than Kerberos) which again Microsoft have refused to fix. I'll describe this in more detail in a separate blog post after this one.\n\n## HTTP\n\nHTTP has supported NTLM and Negotiate authentication for a long time (see [this draft](<https://datatracker.ietf.org/doc/html/draft-brezak-spnego-http-04>) from 2002 although the most recent RFC is [4559](<https://datatracker.ietf.org/doc/html/rfc4559>) from 2006). To initiate a Windows authentication session the server can respond to a request with the status code 401 and specify a WWW-Authenticate header with the value Negotiate. If the client supports
Critical Vulnerabilities revealed in Microsoft’s Patch Tuesday
