KLA12167 Multiple vulnerabilities in Microsoft Products (ESU)

Detect date:

05/11/2021

Severity:

Critical

Description:

Multiple vulnerabilities were found in Microsoft Products (Extended Support Update). Malicious users can exploit these vulnerabilities to execute arbitrary code, gain privileges, obtain sensitive information, spoof user interface.

Exploitation:

Malware exists for this vulnerability. Usually such malware is classified as Exploit. More details.

Affected products:

Windows Server, version 1909 (Server Core installation)
Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation)
Microsoft Office 2013 Service Pack 1 (32-bit editions)
Windows 10 Version 1803 for x64-based Systems
Internet Explorer 11
Windows 10 for x64-based Systems
Windows 10 Version 1809 for x64-based Systems
Windows 8.1 for 32-bit systems
Internet Explorer 9
Windows 10 Version 1809 for ARM64-based Systems
Windows 10 Version 20H2 for ARM64-based Systems
Microsoft Office 2016 (64-bit edition)
Microsoft Office 2016 (32-bit edition)
Windows 10 Version 1909 for ARM64-based Systems
Windows Server, version 2004 (Server Core installation)
Windows 10 Version 1607 for x64-based Systems
Windows 10 Version 20H2 for 32-bit Systems
Windows 10 Version 1909 for 32-bit Systems
Microsoft Office 2013 RT Service Pack 1
Windows 10 Version 2004 for x64-based Systems
Windows Server 2019 (Server Core installation)
Microsoft Office 2019 for 32-bit editions
Windows Server 2012 R2 (Server Core installation)
Windows Server 2008 for x64-based Systems Service Pack 2
Windows 10 Version 1909 for x64-based Systems
Windows Server 2012
Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation)
Windows Server 2012 (Server Core installation)
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)
Windows RT 8.1
Windows 7 for 32-bit Systems Service Pack 1
Windows 10 for 32-bit Systems
Microsoft 365 Apps for Enterprise for 32-bit Systems
Windows Server 2019
Microsoft Office 2019 for 64-bit editions
Windows 10 Version 1607 for 32-bit Systems
Windows Server 2016
Windows Server 2008 for 32-bit Systems Service Pack 2
Windows 10 Version 1809 for 32-bit Systems
Windows 10 Version 1803 for ARM64-based Systems
Windows 10 Version 20H2 for x64-based Systems
Windows 10 Version 2004 for ARM64-based Systems
Microsoft Office 2013 Service Pack 1 (64-bit editions)
Windows 10 Version 2004 for 32-bit Systems
Microsoft 365 Apps for Enterprise for 64-bit Systems
Windows Server 2012 R2
Windows Server 2016 (Server Core installation)
Windows Server 2008 R2 for x64-based Systems Service Pack 1
Windows 7 for x64-based Systems Service Pack 1
Windows 10 Version 1803 for 32-bit Systems
Windows Server, version 20H2 (Server Core Installation)
Windows 8.1 for x64-based systems

Solution:

Install necessary updates from the KB section, that are listed in your Windows Update (Windows Update usually can be accessed from the Control Panel)

Original advisories:

CVE-2021-28476
CVE-2021-31188
CVE-2021-31186
CVE-2020-24588
CVE-2021-31184
CVE-2021-31182
CVE-2020-26144
CVE-2021-31193
CVE-2021-28455
CVE-2021-31194
CVE-2020-24587
CVE-2021-26419

Impacts:

ACE

Related products:

Microsoft Internet Explorer

CVE-IDS:

CVE-2021-284769.9Critical
CVE-2021-311887.8Critical
CVE-2021-311867.4High
CVE-2020-245883.5Warning
CVE-2021-311845.5High
CVE-2021-311827.1High
CVE-2020-261446.5High
CVE-2021-311937.8Critical
CVE-2021-284558.8Critical
CVE-2021-311948.8Critical
CVE-2020-245872.6Warning
CVE-2021-264197.5Critical

Microsoft official advisories:

KB list:

5003228
5003233
5003210
5003165
5003225