{"cve": [{"lastseen": "2022-03-23T19:00:46", "description": "Microsoft Edge (Chromium-based) Tampering Vulnerability", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-09-15T12:15:00", "type": "cve", "title": "CVE-2021-38669", "cwe": ["NVD-CWE-noinfo"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-38669"], "modified": "2021-09-28T15:51:00", "cpe": [], "id": "CVE-2021-38669", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-38669", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "cpe23": []}], "cnvd": [{"lastseen": "2022-08-30T03:51:35", "description": "Microsoft Edge is a web browser that comes with versions of Windows 10 onwards. Microsoft Edge (Chromium-based) is vulnerable to tampering, and no details of the vulnerability are available.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-09-13T00:00:00", "type": "cnvd", "title": "Microsoft Edge (Chromium-based)\u7be1\u6539\u6f0f\u6d1e", "bulletinFamily": "cnvd", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-38669"], "modified": "2022-08-29T00:00:00", "id": "CNVD-2022-60129", "href": "https://www.cnvd.org.cn/flaw/show/CNVD-2022-60129", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "kaspersky": [{"lastseen": "2021-12-22T23:07:36", "description": "### *Detect date*:\n09/09/2021\n\n### *Severity*:\nHigh\n\n### *Description*:\nA tampering vulnerability was found in Microsoft Browser. Malicious users can exploit this vulnerability to spoof user interface.\n\n### *Affected products*:\nMicrosoft Edge (Chromium-based)\n\n### *Solution*:\nInstall necessary updates from the KB section, that are listed in your Windows Update (Windows Update usually can be accessed from the Control Panel)\n\n### *Original advisories*:\n[CVE-2021-38669](<https://nvd.nist.gov/vuln/detail/CVE-2021-38669>) \n\n\n### *Impacts*:\nSUI \n\n### *Related products*:\n[Microsoft Edge](<https://threats.kaspersky.com/en/product/Microsoft-Edge/>)", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 8.8, "privilegesRequired": "LOW", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 5.9}, "published": "2021-09-09T00:00:00", "type": "kaspersky", "title": "KLA12279 SUI vulnerability in Microsoft Browser", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-38669"], "modified": "2021-09-14T00:00:00", "id": "KLA12279", "href": "https://threats.kaspersky.com/en/vulnerability/KLA12279/", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "nessus": [{"lastseen": "2023-01-13T14:50:18", "description": "The version of Microsoft Edge installed on the remote Windows host is prior to 93.0.961.44. It is, therefore, affected by a vulnerability as referenced in the September 9, 2021 advisory.\n\n - Microsoft Edge (Chromium-based) Tampering Vulnerability (CVE-2021-38669)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-09-14T00:00:00", "type": "nessus", "title": "Microsoft Edge (Chromium) < 93.0.961.44 Vulnerability", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-38669"], "modified": "2021-11-16T00:00:00", "cpe": ["cpe:/a:microsoft:edge"], "id": "MICROSOFT_EDGE_CHROMIUM_93_0_961_44.NASL", "href": "https://www.tenable.com/plugins/nessus/153368", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(153368);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/11/16\");\n\n script_cve_id(\"CVE-2021-38669\");\n script_xref(name:\"IAVA\", value:\"2021-A-0432-S\");\n\n script_name(english:\"Microsoft Edge (Chromium) < 93.0.961.44 Vulnerability\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote host has an web browser installed that is affected by a vulnerability\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of Microsoft Edge installed on the remote Windows host is prior to 93.0.961.44. It is, therefore, affected\nby a vulnerability as referenced in the September 9, 2021 advisory.\n\n - Microsoft Edge (Chromium-based) Tampering Vulnerability (CVE-2021-38669)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n # https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security#september-9-2021\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?5b26fe9e\");\n script_set_attribute(attribute:\"see_also\", value:\"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-38669\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Microsoft Edge version 93.0.961.44 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-38669\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/09/14\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/09/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/09/14\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:microsoft:edge\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows\");\n\n script_copyright(english:\"This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"microsoft_edge_chromium_installed.nbin\");\n script_require_keys(\"installed_sw/Microsoft Edge (Chromium)\", \"SMB/Registry/Enumerated\");\n\n exit(0);\n}\n\ninclude('vcf.inc');\nget_kb_item_or_exit('SMB/Registry/Enumerated');\nvar app_info = vcf::get_app_info(app:'Microsoft Edge (Chromium)', win_local:TRUE);\nvar constraints = [\n { 'fixed_version' : '93.0.961.44' }\n];\nvcf::check_version_and_report(app_info:app_info, constraints:constraints, severity:SECURITY_HOLE);\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "rapid7blog": [{"lastseen": "2021-09-26T09:00:50", "description": "\n\nMicrosoft has fixed a total of 60 vulnerabilities this month, including two publicly disclosed 0-days. Fortunately there are only a few issues rated critical this month with the vast majority of the remainder being rated important. Here\u2019s three big things you can go patch right now.\n\n### MSHTML Remote Code Execution 0-day ([CVE-2021-40444](<https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-40444>))\n\nThe hot topic this month is the most recent remote code execution 0-day vulnerability in MSHTML. When it was first discovered it was only being used in a limited number of attacks, however this quickly changed once instructions for exploiting the vulnerability were published online. This vulnerability was severe enough to warrant publishing patches for older operating systems including Windows 7, Windows Server 2008 R2, and Windows Server 2008. Now that updates have been published for this vulnerability they should be applied as soon as possible.\n\n### Windows DNS Local Elevation of Privilege ([CVE-2021-36968](<https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-36968>))\n\nThis is the second publicly disclosed vulnerability updated this month. While the details surrounding this CVE are sparse, we do know that Microsoft has not detected exploitation in the wild. \n\n### Updates to PrintNightmare ([CVE-2021-1678](<https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-1678>))\n\nMicrosoft has made additional patches available for older operating systems. If you were previously unable to patch against this vulnerability you may want to review this new information.\n\n## Summary Graphs\n\n\n\n## Summary Tables\n\n## Azure Vulnerabilities\n\nCVE | Title | Exploited | Disclosed | CVSS3 | FAQ \n---|---|---|---|---|--- \n[CVE-2021-38647](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-38647>) | Open Management Infrastructure Remote Code Execution Vulnerability | No | No | 9.8 | Yes \n[CVE-2021-38645](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-38645>) | Open Management Infrastructure Elevation of Privilege Vulnerability | No | No | 7.8 | Yes \n[CVE-2021-38648](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-38648>) | Open Management Infrastructure Elevation of Privilege Vulnerability | No | No | 7.8 | Yes \n[CVE-2021-38649](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-38649>) | Open Management Infrastructure Elevation of Privilege Vulnerability | No | No | 7 | Yes \n[CVE-2021-40448](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-40448>) | Microsoft Accessibility Insights for Android Information Disclosure Vulnerability | No | No | 6.3 | Yes \n[CVE-2021-36956](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-36956>) | Azure Sphere Information Disclosure Vulnerability | No | No | 4.4 | Yes \n \n## Browser Vulnerabilities\n\nCVE | Title | Exploited | Disclosed | CVSS3 | FAQ \n---|---|---|---|---|--- \n[CVE-2021-38642](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-38642>) | Microsoft Edge for iOS Spoofing Vulnerability | No | No | 6.1 | No \n[CVE-2021-38641](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-38641>) | Microsoft Edge for Android Spoofing Vulnerability | No | No | 6.1 | No \n[CVE-2021-26439](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-26439>) | Microsoft Edge for Android Information Disclosure Vulnerability | No | No | 4.6 | No \n[CVE-2021-38669](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-38669>) | Microsoft Edge (Chromium-based) Tampering Vulnerability | No | No | 6.4 | Yes \n[CVE-2021-26436](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-26436>) | Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability | No | No | 6.1 | No \n[CVE-2021-36930](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-36930>) | Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability | No | No | 5.3 | No \n[CVE-2021-30632](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-30632>) | Chromium: CVE-2021-30632 Out of bounds write in V8 | No | No | | Yes \n[CVE-2021-30624](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-30624>) | Chromium: CVE-2021-30624 Use after free in Autofill | No | No | | Yes \n[CVE-2021-30623](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-30623>) | Chromium: CVE-2021-30623 Use after free in Bookmarks | No | No | | Yes \n[CVE-2021-30622](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-30622>) | Chromium: CVE-2021-30622 Use after free in WebApp Installs | No | No | | Yes \n[CVE-2021-30621](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-30621>) | Chromium: CVE-2021-30621 UI Spoofing in Autofill | No | No | | Yes \n[CVE-2021-30620](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-30620>) | Chromium: CVE-2021-30620 Insufficient policy enforcement in Blink | No | No | | Yes \n[CVE-2021-30619](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-30619>) | Chromium: CVE-2021-30619 UI Spoofing in Autofill | No | No | | Yes \n[CVE-2021-30618](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-30618>) | Chromium: CVE-2021-30618 Inappropriate implementation in DevTools | No | No | | Yes \n[CVE-2021-30617](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-30617>) | Chromium: CVE-2021-30617 Policy bypass in Blink | No | No | | Yes \n[CVE-2021-30616](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-30616>) | Chromium: CVE-2021-30616 Use after free in Media | No | No | | Yes \n[CVE-2021-30615](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-30615>) | Chromium: CVE-2021-30615 Cross-origin data leak in Navigation | No | No | | Yes \n[CVE-2021-30614](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-30614>) | Chromium: CVE-2021-30614 Heap buffer overflow in TabStrip | No | No | | Yes \n[CVE-2021-30613](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-30613>) | Chromium: CVE-2021-30613 Use after free in Base internals | No | No | | Yes \n[CVE-2021-30612](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-30612>) | Chromium: CVE-2021-30612 Use after free in WebRTC | No | No | | Yes \n[CVE-2021-30611](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-30611>) | Chromium: CVE-2021-30611 Use after free in WebRTC | No | No | | Yes \n[CVE-2021-30610](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-30610>) | Chromium: CVE-2021-30610 Use after free in Extensions API | No | No | | Yes \n[CVE-2021-30609](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-30609>) | Chromium: CVE-2021-30609 Use after free in Sign-In | No | No | | Yes \n[CVE-2021-30608](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-30608>) | Chromium: CVE-2021-30608 Use after free in Web Share | No | No | | Yes \n[CVE-2021-30607](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-30607>) | Chromium: CVE-2021-30607 Use after free in Permissions | No | No | | Yes \n[CVE-2021-30606](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-30606>) | Chromium: CVE-2021-30606 Use after free in Blink | No | No | | Yes \n \n## Developer Tools Vulnerabilities\n\nCVE | Title | Exploited | Disclosed | CVSS3 | FAQ \n---|---|---|---|---|--- \n[CVE-2021-36952](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-36952>) | Visual Studio Remote Code Execution Vulnerability | No | No | 7.8 | No \n[CVE-2021-26434](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-26434>) | Visual Studio Elevation of Privilege Vulnerability | No | No | 7.8 | No \n[CVE-2021-26437](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-26437>) | Visual Studio Code Spoofing Vulnerability | No | No | 5.5 | No \n \n## ESU Vulnerabilities\n\nCVE | Title | Exploited | Disclosed | CVSS3 | FAQ \n---|---|---|---|---|--- \n[CVE-2021-38625](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-38625>) | Windows Kernel Elevation of Privilege Vulnerability | No | No | 7.8 | No \n[CVE-2021-38626](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-38626>) | Windows Kernel Elevation of Privilege Vulnerability | No | No | 7.8 | No \n[CVE-2021-36968](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-36968>) | Windows DNS Elevation of Privilege Vulnerability | No | Yes | 7.8 | No \n \n## Microsoft Dynamics Vulnerabilities\n\nCVE | Title | Exploited | Disclosed | CVSS3 | FAQ \n---|---|---|---|---|--- \n[CVE-2021-40440](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-40440>) | Microsoft Dynamics Business Central Cross-site Scripting Vulnerability | No | No | 5.4 | No \n \n## Microsoft Office Vulnerabilities\n\nCVE | Title | Exploited | Disclosed | CVSS3 | FAQ \n---|---|---|---|---|--- \n[CVE-2021-38656](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-38656>) | Microsoft Word Remote Code Execution Vulnerability | No | No | 7.8 | Yes \n[CVE-2021-38651](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-38651>) | Microsoft SharePoint Server Spoofing Vulnerability | No | No | 7.6 | No \n[CVE-2021-38652](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-38652>) | Microsoft SharePoint Server Spoofing Vulnerability | No | No | 7.6 | No \n[CVE-2021-38653](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-38653>) | Microsoft Office Visio Remote Code Execution Vulnerability | No | No | 7.8 | No \n[CVE-2021-38654](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-38654>) | Microsoft Office Visio Remote Code Execution Vulnerability | No | No | 7.8 | Yes \n[CVE-2021-38650](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-38650>) | Microsoft Office Spoofing Vulnerability | No | No | 7.6 | Yes \n[CVE-2021-38659](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-38659>) | Microsoft Office Remote Code Execution Vulnerability | No | No | 7.8 | Yes \n[CVE-2021-38658](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-38658>) | Microsoft Office Graphics Remote Code Execution Vulnerability | No | No | 7.8 | Yes \n[CVE-2021-38660](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-38660>) | Microsoft Office Graphics Remote Code Execution Vulnerability | No | No | 7.8 | Yes \n[CVE-2021-38657](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-38657>) | Microsoft Office Graphics Component Information Disclosure Vulnerability | No | No | 6.1 | Yes \n[CVE-2021-38646](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-38646>) | Microsoft Office Access Connectivity Engine Remote Code Execution Vulnerability | No | No | 7.8 | Yes \n[CVE-2021-38655](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-38655>) | Microsoft Excel Remote Code Execution Vulnerability | No | No | 7.8 | Yes \n \n## Windows Vulnerabilities\n\nCVE | Title | Exploited | Disclosed | CVSS3 | FAQ \n---|---|---|---|---|--- \n[CVE-2021-36967](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-36967>) | Windows WLAN AutoConfig Service Elevation of Privilege Vulnerability | No | No | 8 | No \n[CVE-2021-36966](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-36966>) | Windows Subsystem for Linux Elevation of Privilege Vulnerability | No | No | 7.8 | No \n[CVE-2021-38637](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-38637>) | Windows Storage Information Disclosure Vulnerability | No | No | 5.5 | Yes \n[CVE-2021-36972](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-36972>) | Windows SMB Information Disclosure Vulnerability | No | No | 5.5 | Yes \n[CVE-2021-36974](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-36974>) | Windows SMB Elevation of Privilege Vulnerability | No | No | 7.8 | No \n[CVE-2021-36973](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-36973>) | Windows Redirected Drive Buffering System Elevation of Privilege Vulnerability | No | No | 7.8 | No \n[CVE-2021-38624](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-38624>) | Windows Key Storage Provider Security Feature Bypass Vulnerability | No | No | 6.5 | Yes \n[CVE-2021-36954](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-36954>) | Windows Bind Filter Driver Elevation of Privilege Vulnerability | No | No | 8.8 | No \n[CVE-2021-36975](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-36975>) | Win32k Elevation of Privilege Vulnerability | No | No | 7.8 | No \n[CVE-2021-38634](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-38634>) | Microsoft Windows Update Client Elevation of Privilege Vulnerability | No | No | 7.1 | No \n[CVE-2021-38644](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-38644>) | Microsoft MPEG-2 Video Extension Remote Code Execution Vulnerability | No | No | 7.8 | Yes \n[CVE-2021-38661](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-38661>) | HEVC Video Extensions Remote Code Execution Vulnerability | No | No | 7.8 | Yes \n[CVE-2021-38632](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-38632>) | BitLocker Security Feature Bypass Vulnerability | No | No | 5.7 | Yes \n \n## Windows ESU Vulnerabilities\n\nCVE | Title | Exploited | Disclosed | CVSS3 | FAQ \n---|---|---|---|---|--- \n[CVE-2021-36965](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-36965>) | Windows WLAN AutoConfig Service Remote Code Execution Vulnerability | No | No | 8.8 | No \n[CVE-2021-26435](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-26435>) | Windows Scripting Engine Memory Corruption Vulnerability | No | No | 8.1 | Yes \n[CVE-2021-36960](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-36960>) | Windows SMB Information Disclosure Vulnerability | No | No | 7.5 | Yes \n[CVE-2021-36969](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-36969>) | Windows Redirected Drive Buffering SubSystem Driver Information Disclosure Vulnerability | No | No | 5.5 | Yes \n[CVE-2021-38635](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-38635>) | Windows Redirected Drive Buffering SubSystem Driver Information Disclosure Vulnerability | No | No | 5.5 | Yes \n[CVE-2021-38636](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-38636>) | Windows Redirected Drive Buffering SubSystem Driver Information Disclosure Vulnerability | No | No | 5.5 | Yes \n[CVE-2021-38667](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-38667>) | Windows Print Spooler Elevation of Privilege Vulnerability | No | No | 7.8 | Yes \n[CVE-2021-38671](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-38671>) | Windows Print Spooler Elevation of Privilege Vulnerability | No | No | 7.8 | No \n[CVE-2021-40447](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-40447>) | Windows Print Spooler Elevation of Privilege Vulnerability | No | No | 7.8 | No \n[CVE-2021-36962](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-36962>) | Windows Installer Information Disclosure Vulnerability | No | No | 5.5 | Yes \n[CVE-2021-36961](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-36961>) | Windows Installer Denial of Service Vulnerability | No | No | 5.5 | No \n[CVE-2021-36964](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-36964>) | Windows Event Tracing Elevation of Privilege Vulnerability | No | No | 7.8 | No \n[CVE-2021-38630](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-38630>) | Windows Event Tracing Elevation of Privilege Vulnerability | No | No | 7.8 | No \n[CVE-2021-36955](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-36955>) | Windows Common Log File System Driver Elevation of Privilege Vulnerability | No | No | 7.8 | No \n[CVE-2021-36963](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-36963>) | Windows Common Log File System Driver Elevation of Privilege Vulnerability | No | No | 7.8 | No \n[CVE-2021-38633](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-38633>) | Windows Common Log File System Driver Elevation of Privilege Vulnerability | No | No | 7.8 | No \n[CVE-2021-36959](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-36959>) | Windows Authenticode Spoofing Vulnerability | No | No | 5.5 | No \n[CVE-2021-38629](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-38629>) | Windows Ancillary Function Driver for WinSock Information Disclosure Vulnerability | No | No | 6.5 | Yes \n[CVE-2021-38628](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-38628>) | Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability | No | No | 7.8 | No \n[CVE-2021-38638](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-38638>) | Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability | No | No | 7.8 | No \n[CVE-2021-38639](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-38639>) | Win32k Elevation of Privilege Vulnerability | No | No | 7.8 | No \n[CVE-2021-40444](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-40444>) | Microsoft MSHTML Remote Code Execution Vulnerability | Yes | Yes | 8.8 | Yes", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 7.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 3.6}, "published": "2021-09-15T03:44:31", "type": "rapid7blog", "title": "Patch Tuesday - September 2021", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-1678", "CVE-2021-26434", "CVE-2021-26435", "CVE-2021-26436", "CVE-2021-26437", "CVE-2021-26439", "CVE-2021-30606", "CVE-2021-30607", "CVE-2021-30608", "CVE-2021-30609", "CVE-2021-30610", "CVE-2021-30611", "CVE-2021-30612", "CVE-2021-30613", "CVE-2021-30614", "CVE-2021-30615", "CVE-2021-30616", "CVE-2021-30617", "CVE-2021-30618", "CVE-2021-30619", "CVE-2021-30620", "CVE-2021-30621", "CVE-2021-30622", "CVE-2021-30623", "CVE-2021-30624", "CVE-2021-30632", "CVE-2021-36930", "CVE-2021-36952", "CVE-2021-36954", "CVE-2021-36955", "CVE-2021-36956", "CVE-2021-36959", "CVE-2021-36960", "CVE-2021-36961", "CVE-2021-36962", "CVE-2021-36963", "CVE-2021-36964", "CVE-2021-36965", "CVE-2021-36966", "CVE-2021-36967", "CVE-2021-36968", "CVE-2021-36969", "CVE-2021-36972", "CVE-2021-36973", "CVE-2021-36974", "CVE-2021-36975", "CVE-2021-38624", "CVE-2021-38625", "CVE-2021-38626", "CVE-2021-38628", "CVE-2021-38629", "CVE-2021-38630", "CVE-2021-38632", "CVE-2021-38633", "CVE-2021-38634", "CVE-2021-38635", "CVE-2021-38636", "CVE-2021-38637", "CVE-2021-38638", "CVE-2021-38639", "CVE-2021-38641", "CVE-2021-38642", "CVE-2021-38644", "CVE-2021-38645", "CVE-2021-38646", "CVE-2021-38647", "CVE-2021-38648", "CVE-2021-38649", "CVE-2021-38650", "CVE-2021-38651", "CVE-2021-38652", "CVE-2021-38653", "CVE-2021-38654", "CVE-2021-38655", "CVE-2021-38656", "CVE-2021-38657", "CVE-2021-38658", "CVE-2021-38659", "CVE-2021-38660", "CVE-2021-38661", "CVE-2021-38667", "CVE-2021-38669", "CVE-2021-38671", "CVE-2021-40440", "CVE-2021-40444", "CVE-2021-40447", "CVE-2021-40448"], "modified": "2021-09-15T03:44:31", "id": "RAPID7BLOG:CC071AA6971D64B0F7A596B2BBD5F046", "href": "https://blog.rapid7.com/2021/09/15/patch-tuesday-september-2021/", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}]}
Microsoft Edge (Chromium-based) Tampering Vulnerability
