DATABASE RESOURCES PRICING ABOUT US

{"id": "KB5000841", "vendorId": null, "type": "mskb", "bulletinFamily": "microsoft", "title": "March 9, 2021\u2014KB5000841 (Monthly Rollup)", "description": "None\n**Important: **Verify that** **you have installed the required updates listed in the **How to get this update** section before installing this update. \n\n**Important: **For information about the various types of Windows updates, such as critical, security, driver, service packs, and so on, please see the following [article](<https://support.microsoft.com/help/824684>). To view other notes and messages, see the Windows 7 SP1 and Windows Server 2008 R2 SP1 update history [home page](<https://support.microsoft.com/help/4009469>).\n\n## Improvements and fixes\n\nThis security update includes improvements and fixes that were a part of update [KB4601347](<https://support.microsoft.com/help/4601347>) (released February 9, 2021) and addresses the following issues: \n\n * Addresses an elevation of privilege security vulnerability documented in [CVE-2021-1640](<https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-1640>) related to print jobs submitted to \u201cFILE:\u201d ports. After installing Windows updates from March 9, 2021 and later, print jobs that are in a pending state before restarting the print spooler service or restarting the OS will remain in an error state. Manually delete the affected print jobs and resubmit them to the print queue when the print spooler service is online.\n * Addresses an issue in which a non-native device that is in the same realm does not receive a Kerberos Service ticket from Active Directory DCs. This issue occurs even though Windows Updates are installed that contain [CVE-2020-17049](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2020-17049>) protections released between November 10 and December 8, 2020 and configured **PerfromTicketSignature** to **1** or larger. Ticket acquisition fails with **KRB_GENERIC_ERROR** if callers submit a PAC-less Ticket Granting Ticket (TGT) as an evidence ticket without the **USER_NO_AUTH_DATA_REQUIRED** flag being set for the user in User Account Controls.\n * Security updates to Windows Fundamentals, Windows Shell, Windows UAC, Windows Hybrid Cloud Networking, and Windows Media.\nFor more information about the resolved security vulnerabilities, please refer to the new [Security Update Guide](<https://msrc.microsoft.com/update-guide>) website. \n\n## Known issues in this update\n\n**Symptom **| **Workaround ** \n---|--- \nAfter installing this update and restarting your device, you might receive the error, \u201cFailure to configure Windows updates. Reverting Changes. Do not turn off your computer,\u201d and the update might show as **Failed** in **Update History**.| This is expected in the following circumstances:\n\n * If you are installing this update on a device that is running an edition that is not supported for ESU. For a complete list of which editions are supported, see [KB4497181](<https://support.microsoft.com/help/4497181>).\n * If you do not have an ESU MAK add-on key installed and activated.\nIf you have purchased an ESU key and have encountered this issue, please verify you have applied all prerequisites and that your key is activated. For information on activation, please see this [blog](<https://aka.ms/Windows7ESU>) post. For information on the prerequisites, see the \"How to get this update\" section of this article. \nCertain operations, such as **rename**, that you perform on files or folders that are on a Cluster Shared Volume (CSV) may fail with the error, \u201cSTATUS_BAD_IMPERSONATION_LEVEL (0xC00000A5)\u201d. This occurs when you perform the operation on a CSV owner node from a process that doesn\u2019t have administrator privilege.| Do one of the following: \n\n * Perform the operation from a process that has administrator privilege.\n * Perform the operation from a node that doesn\u2019t have CSV ownership.\nMicrosoft is working on a resolution and will provide an update in an upcoming release. \nAfter installing updates released March 9, 2021, you might get unexpected results when printing from some apps. Issues might include:\n\n * Elements of the document might print as solid black/color boxes or might be missing, including barcodes, QR codes, and graphics elements, such as logos.\n * Table lines might be missing. Other alignment or formatting issues might also be present.\n * Printing from some apps or to some printers might result in a blank page or label.\n| This issue is resolved in KB5001639. \n \n## How to get this update\n\n### Before installing this update\n\n**IMPORTANT** Customers who have purchased the Extended Security Update (ESU) for on-premises versions of these operating systems must follow the procedures in [KB4522133](<https://support.microsoft.com/help/4522133>) to continue receiving security updates after extended support ends. Extended support ends as follows:\n\n * For Windows 7 Service Pack 1 and Windows Server 2008 R2 Service Pack 1, extended support ends on January 14, 2020.\n * For Windows Embedded Standard 7, extended support ends on October 13, 2020.\nFor more information about ESU and which editions are supported, see [KB4497181](<https://support.microsoft.com/help/4497181>).**Note** For Windows Embedded Standard 7, Windows Management Instrumentation (WMI) must be enabled to get updates from Windows Update or Windows Server Update Services.**Prerequisite:**You must install the updates listed below and **restart your device** before installing the latest Rollup. Installing these updates improves the reliability of the update process and mitigates potential issues while installing the Rollup and applying Microsoft security fixes.\n\n 1. The March 12, 2019 servicing stack update (SSU) ([KB4490628](<https://support.microsoft.com/help/4490628>)). To get the standalone package for this SSU, search for it in the [Microsoft Update Catalog](<http://www.catalog.update.microsoft.com/home.aspx>). This update is required to install updates that are only SHA-2 signed.\n 2. The latest SHA-2 update ([KB4474419](<https://support.microsoft.com/help/4474419>)) released September 10, 2019. If you are using Windows Update, the latest SHA-2 update will be offered to you automatically. This update is required to install updates that are only SHA-2 signed. For more information on SHA-2 updates, see [2019 SHA-2 Code Signing Support requirement for Windows and WSUS](<https://support.microsoft.com/help/4472027>).\n 3. For Windows Thin PC, you must have the August 11, 2020 SSU ([KB4570673](<https://support.microsoft.com/help/4570673>)) or a later SSU installed to make sure you continue to get the extended security updates starting with the October 13, 2020 updates.\n 4. To get this security update, you must reinstall the \"Extended Security Updates (ESU) Licensing Preparation Package\" ([KB4538483](<https://support.microsoft.com/help/4538483>)) or the \"Update for the Extended Security Updates (ESU) Licensing Preparation Package\" ([KB4575903](<https://support.microsoft.com/help/4575903>)) even if you previously installed the ESU key. The ESU licensing preparation package will be offered to you from WSUS. To get the standalone package for ESU licensing preparation package, search for it in the [Microsoft Update Catalog](<https://www.catalog.update.microsoft.com/home.aspx>).\nAfter you install the items above, we strongly recommend that you install the latest SSU ([KB4592510](<https://support.microsoft.com/help/4592510>)). If you are using Windows Update, the latest SSU will be offered to you automatically if you are an ESU customer. To get the standalone package for the latest SSU, search for it in the [Microsoft Update Catalog](<http://www.catalog.update.microsoft.com/home.aspx>). For general information about SSUs, see [Servicing stack updates](<https://docs.microsoft.com/en-us/windows/deployment/update/servicing-stack-updates>) and [Servicing Stack Updates (SSU): Frequently Asked Questions](<https://support.microsoft.com/help/4535697>).\n\n### Install this update\n\n**Release Channel**| **Available**| **Next Step** \n---|---|--- \nWindows Update and Microsoft Update| Yes| None. This update will be downloaded and installed automatically from Windows Update if you are an ESU customer. \nMicrosoft Update Catalog| Yes| To get the standalone package for this update, go to the [Microsoft Update Catalog](<https://www.catalog.update.microsoft.com/Search.aspx?q=KB5000841>) website. \nWindows Server Update Services (WSUS)| Yes| This update will automatically sync with WSUS if you configure **Products and Classifications** as follows:**Product**: Windows 7 Service Pack 1, Windows Server 2008 R2 Service Pack 1, Windows Embedded Standard 7 Service Pack 1, Windows Embedded POSReady 7, Windows Thin PC**Classification**: Security Updates \n \n## File information\n\nFor a list of the files that are provided in this update, download the [file information for cumulative update 5000841](<https://download.microsoft.com/download/a/9/4/a94093b0-8c1e-47e5-80cc-fa4164b21087/5000841.csv>).\n", "published": "2021-03-09T08:00:00", "modified": "2021-03-09T08:00:00", "cvss": {"score": 9.0, "vector": "AV:N/AC:L/Au:S/C:C/I:C/A:C"}, "cvss2": {"cvssV2": {"version": "2.0", "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C", "accessVector": "NETWORK", "accessComplexity": "LOW", "authentication": "SINGLE", "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "baseScore": 9.0}, "severity": "HIGH", "exploitabilityScore": 8.0, "impactScore": 10.0, "acInsufInfo": false, "obtainAllPrivilege": false, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}, "cvss3": {"cvssV3": {"version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH"}, "exploitabilityScore": 1.8, "impactScore": 5.9}, "href": "https://support.microsoft.com/en-us/help/5000841", "reporter": "Microsoft", "references": [], "cvelist": ["CVE-2020-17049", "CVE-2021-1640"], "immutableFields": [], "lastseen": "2023-03-15T10:41:18", "viewCount": 19, "enchantments": {"dependencies": {"references": [{"type": "amazon", "idList": ["ALAS-2022-1642"]}, {"type": "attackerkb", "idList": ["AKB:D354FE9E-B72A-4328-93DD-28578E160D9B"]}, {"type": "avleonov", "idList": ["AVLEONOV:28E47C69DA4A069031694EB4C2C931BA"]}, {"type": "cve", "idList": ["CVE-2020-17049", "CVE-2021-1640", "CVE-2021-26878"]}, {"type": "kaspersky", "idList": ["KLA12003", "KLA12004", "KLA12111", "KLA12112"]}, {"type": "mscve", "idList": ["MS:CVE-2020-17049", "MS:CVE-2021-1640", "MS:CVE-2021-26878"]}, {"type": "mskb", "idList": ["KB4586781", "KB4586786", "KB4586793", "KB4586808", "KB4586823", "KB4586830", "KB4586834", "KB4586845", "KB4598243", "KB4598278", "KB4598279", "KB4598285", "KB4598288", "KB5000802", "KB5000803", "KB5000807", "KB5000808", "KB5000809", "KB5000822", "KB5000840", "KB5000844", "KB5000847", "KB5000848", "KB5000851", "KB5000853", "KB5000856", "KB5001330", "KB5001337", "KB5001342", "KB5001347", "KB5004237", "KB5004238", "KB5004244", "KB5004285", "KB5004289", "KB5004294", "KB5004298", "KB5004299", "KB5004302", "KB5004305", "KB5004307", "KB5014677"]}, {"type": "msrc", "idList": ["MSRC:452B42E4ACDA83C55869411B3D90A2B6"]}, {"type": "nessus", "idList": ["AL2022_ALAS2022-2022-213.NASL", "ALA_ALAS-2022-1642.NASL", "SMB_NT_MS20_NOV_4586793.NASL", "SMB_NT_MS20_NOV_4586830.NASL", "SMB_NT_MS20_NOV_4586834.NASL", "SMB_NT_MS20_NOV_4586845.NASL", "SMB_NT_MS21_MAR_5000802.NASL", "SMB_NT_MS21_MAR_5000803.NASL", "SMB_NT_MS21_MAR_5000807.NASL", "SMB_NT_MS21_MAR_5000808.NASL", "SMB_NT_MS21_MAR_5000809.NASL", "SMB_NT_MS21_MAR_5000822.NASL", "SMB_NT_MS21_MAR_5000841.NASL", "SMB_NT_MS21_MAR_5000844.NASL", "SMB_NT_MS21_MAR_5000847.NASL", "SMB_NT_MS21_MAR_5000848.NASL"]}, {"type": "rapid7blog", "idList": ["RAPID7BLOG:88A83067D8D3C5AEBAF1B793818EEE53"]}, {"type": "redhatcve", "idList": ["RH:CVE-2020-17049"]}, {"type": "securelist", "idList": ["SECURELIST:C540EBB7FD8B7FB9E54E119E88DB5C48"]}, {"type": "suse", "idList": ["OPENSUSE-SU-2021:3647-1"]}, {"type": "zdi", "idList": ["ZDI-21-493"]}]}, "score": {"value": -0.0, "vector": "NONE"}, "backreferences": {"references": [{"type": "attackerkb", "idList": ["AKB:D354FE9E-B72A-4328-93DD-28578E160D9B"]}, {"type": "avleonov", "idList": ["AVLEONOV:28E47C69DA4A069031694EB4C2C931BA"]}, {"type": "cve", "idList": ["CVE-2020-17049", "CVE-2021-1640"]}, {"type": "kaspersky", "idList": ["KLA12004"]}, {"type": "mscve", "idList": ["MS:CVE-2020-17049", "MS:CVE-2021-1640"]}, {"type": "mskb", "idList": ["KB4570673", "KB4575903"]}, {"type": "nessus", "idList": ["MICROSOFT_OFFICE_UNSUPPORTED.NASL"]}, {"type": "rapid7blog", "idList": ["RAPID7BLOG:88A83067D8D3C5AEBAF1B793818EEE53"]}, {"type": "redhatcve", "idList": ["RH:CVE-2020-17049"]}, {"type": "securelist", "idList": ["SECURELIST:C540EBB7FD8B7FB9E54E119E88DB5C48"]}, {"type": "suse", "idList": ["OPENSUSE-SU-2021:3647-1"]}, {"type": "zdi", "idList": ["ZDI-21-493"]}]}, "exploitation": null, "epss": [{"cve": "CVE-2020-17049", "epss": "0.320390000", "percentile": "0.963010000", "modified": "2023-03-17"}, {"cve": "CVE-2021-1640", "epss": "0.000460000", "percentile": "0.127700000", "modified": "2023-03-17"}], "vulnersScore": -0.0}, "_state": {"dependencies": 1678877000, "score": 1678876936, "epss": 1679098904}, "_internal": {"score_hash": "8857aab25c0b8cbdf2c17254c1384bfc"}, "kb": "KB5000841", "msrc": "", "mscve": "CVE-2021-1640", "msplatform": "", "msfamily": "ESU", "msimpact": "Elevation of Privilege", "msseverity": "Important", "superseeds": ["KB956802", "KB2588516", "KB3184471", "KB4012864", "KB2360937", "KB948590", "KB4025341", "KB2660465", "KB969805", "KB3065822", "KB3124275", "KB4474419", "KB3077657", "KB3003743", "KB4525235", "KB2772930", "KB4540688", "KB3072630", "KB4338818", "KB2779562", "KB2930275", "KB4074598", "KB2850851", "KB2585542", "KB4468323", "KB2778344", "KB2926765", "KB2158563", "KB3069392", "KB3088195", "KB4284826", "KB3170377", "KB2849470", "KB956841", "KB3050514", "KB4493472", "KB3124000", "KB4339284", "KB2868623", "KB2536275", "KB2778930", "KB978251", "KB3121212", "KB3013455", "KB4056894", "KB2879017", "KB938464", "KB2859537", "KB3101746", "KB3046306", "KB3164033", "KB3070102", "KB4512506", "KB2544893", "KB3045999", "KB3161664", "KB981852", "KB2779030", "KB3170455", "KB3068457", "KB4565524", "KB4550964", "KB3039066", "KB3148198", "KB3062577", "KB2659262", "KB3046049", "KB2079403", "KB2719985", "KB981550", "KB4467107", "KB3104002", "KB3203884", "KB4556836", "KB2508429", "KB935839", "KB957095", "KB3109094", "KB982802", "KB3087038", "KB4507449", "KB2707511", "KB3087039", "KB2479628", "KB3108670", "KB949014", "KB2829361", "KB4489878", "KB3160005", "KB3156019", "KB3146963", "KB2506223", "KB3034344", "KB2916036", "KB2592799", "KB3100465", "KB3033929", "KB4019264", "KB4049068", "KB3126593", "KB3011780", "KB2893984", "KB3003381", "KB2835361", "KB3035131", "KB2845690", "KB3177186", "KB4015193", "KB3162835", "KB921398", "KB2655992", "KB3100773", "KB4524157", "KB2987107", "KB3212642", "KB3185330", "KB2567053", "KB2839229", "KB3035132", "KB951072", "KB3207752", "KB933729", "KB3069762", "KB2799494", "KB3145739", "KB3076895", "KB4041681", "KB2621146", "KB3081320", "KB2601626", "KB3121918", "KB938829", "KB3167679", "KB2718523", "KB954211", "KB3168965", "KB955069", "KB3061518", "KB3161561", "KB4480970", "KB2922229", "KB969947", "KB3049563", "KB2909212", "KB3097877", "KB4516065", "KB3149090", "KB2485376", "KB2645640", "KB4486563", "KB4130978", "KB2992611", "KB3177723", "KB957097", "KB3124280", "KB2973351", "KB914389", "KB4561643", "KB2756822", "KB3123479", "KB3021674", "KB893086", "KB973037", "KB4038777", "KB3148851", "KB3185319", "KB2712808", "KB4088875, 4100480", "KB3134214", "KB2883150", "KB3126446", "KB923414", "KB3087135", "KB936021", "KB4088875", "KB2525694", "KB2808735", "KB4457144", "KB2688338", "KB3078601", "KB3212646", "KB3124001", "KB2503665", "KB2976897", "KB3003057", "KB2511455", "KB2813170", "KB4534310", "KB2868626", "KB977165", "KB3182203", "KB2507618", "KB931784", "KB3072595", "KB4020322", "KB3140410", "KB2876315", "KB3153171", "KB981793", "KB979683", "KB2839894", "KB3139852", "KB2556532", "KB3000061", "KB2834886", "KB3067904", "KB2676562", "KB982214", "KB4530734", "KB3032323", "KB980232", "KB979559", "KB3164035", "KB3046482", "KB3170106", "KB2918614", "KB2761226", "KB3177725", "KB943484", "KB920958", "KB2731847", "KB3093983", "KB3153731", "KB2296199", "KB955839", "KB2207566", "KB3140735", "KB2691442", "KB958690", "KB2286198", "KB2724197", "KB4499164", "KB3057839", "KB2855844", "KB938127", "KB2757638", "KB3146706", "KB3023562", "KB3058515", "KB3078071", "KB979306", "KB960225", "KB2813345", "KB4537820", "KB2279986", "KB3134814", "KB2478971", "KB3006226", "KB2536276", "KB4601347", "KB4580345", "KB4048957", "KB3075220", "KB3130896", "KB4093753", "KB3154070", "KB3175024", "KB4462923", "KB3139929", "KB2876284", "KB3175443", "KB4051956", "KB2393802", "KB4577051", "KB3080446", "KB970653", "KB3063858", "KB3139940", "KB4598279", "KB3205394", "KB2436673", "KB4012215", "KB981957", "KB4054518", "KB4519976", "KB3101246", "KB4093118", "KB943055", "KB2863058", "KB3192321", "KB2973201", "KB3073921", "KB958687", "KB970238", "KB3045171", "KB4592471", "KB929969", "KB2753842", "KB933360", "KB980436", "KB2633952", "KB3197868", "KB2641653", "KB2503658", "KB2876217", "KB3108669", "KB958869", "KB3033395", "KB2993958", "KB2476490", "KB3072633", "KB3038314", "KB2939576", "KB3029944", "KB4034664", "KB3153199", "KB942763", "KB2160329", "KB4103718", "KB3126041", "KB3156017", "KB2993651", "KB943460", "KB917159", "KB971468", "KB2443685", "KB2563894", "KB971486", "KB2412687", "KB2981580", "KB2875783", "KB4015549", "KB4503292", "KB2555917", "KB2957189", "KB2847311", "KB3079904", "KB2709162", "KB957280", "KB3138962", "KB3032359", "KB2570791", "KB3079757", "KB4343900", "KB2758857", "KB3185911", "KB3156013", "KB3002885", "KB4022719", "KB2876331", "KB4471318", "KB976098", "KB2961072", "KB2639417", "KB2658846", "KB2840149", "KB3160352", "KB2790655", "KB3008923", "KB2904266", "KB4074837", "KB3184122", "KB2633171", "KB2957503", "KB968537", "KB925486", "KB4586827", "KB4571729", "KB2862973"], "parentseeds": ["KB5018454", "KB5010404", "KB5015861", "KB5004951", "KB5023769", "KB5021291", "KB5011552", "KB5014012", "KB5022338", "KB5004953", "KB5014748", "KB5004289", "KB5003667", "KB5005633", "KB5022872", "KB5005088", "KB5009610", "KB5006743", "KB5012626", "KB5003233", "KB5017361", "KB5007236", "KB5008244", "KB5016676", "KB5020000", "KB5001335"], "msproducts": ["10047", "10049", "10486", "10051", "10048"], "affectedProducts": ["Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)", "Internet Explorer 11", "Windows Server 2008 R2 for x64-based Systems Service Pack 1", "Windows 7 for 32-bit Systems Service Pack 1", "Windows 7 for x64-based Systems Service Pack 1"], "supportAreaPaths": [], "supportAreaPathNodes": [], "primarySupportAreaPath": []}

{"mskb": [{"lastseen": "2022-08-24T11:31:33", "description": "None\n**Important: ** \n \nWindows Server 2012 has reached the end of mainstream support and is now in extended support. Starting in July 2020, there will no longer be optional releases (known as \"C\" or \"D\" releases) for this operating system. Operating systems in extended support have only cumulative monthly security updates (known as the \"B\" or Update Tuesday release). \n \nFor information about the various types of Windows updates, such as critical, security, driver, service packs, and so on, please see the following [article](<https://support.microsoft.com/help/824684>). To view other notes and messages, see the Windows Server 2012 update history [home page](<https://support.microsoft.com/help/4009471>).\n\n**Important: ****March 9, 2021** \n \nAs part of the end of support for Adobe Flash, [KB4577586](<https://support.microsoft.com/help/4577586>) is now available as an optional update from Windows Update (WU) and Windows Server Update Services (WSUS). Installing [KB4577586](<https://support.microsoft.com/help/4577586>) will remove Adobe Flash Player permanently from your Windows device. Once installed, you cannot uninstall this update. For more details about Microsoft\u2019s plans, see [Update on Adobe Flash Player End of Support](<https://blogs.windows.com/msedgedev/2020/09/04/update-adobe-flash-end-support>)..\n\n## Improvements and fixes\n\nThis security update includes quality improvements. Key changes include: \n\n * Addresses an issue in which a non-native device that is in the same realm does not receive a Kerberos Service ticket from Active Directory DCs. This issue occurs even though Windows Updates are installed that contain [CVE-2020-17049](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2020-17049>) protections released between November 10 and December 8, 2020 and configured **PerfromTicketSignature** to **1** or larger. Ticket acquisition fails with **KRB_GENERIC_ERROR** if callers submit a PAC-less Ticket Granting Ticket (TGT) as an evidence ticket without the **USER_NO_AUTH_DATA_REQUIRED** flag being set for the user in User Account Controls.\n * Security updates to Windows Fundamentals, Windows Shell, Windows UAC, Windows Hybrid Cloud Networking, Windows Graphics, and Windows Media.\nFor more information about the resolved security vulnerabilities, please refer to the [Security Update Guide](<https://portal.msrc.microsoft.com/security-guidance>).\n\n## Known issues in this update\n\n**Symptom**| **Workaround** \n---|--- \nCertain operations, such as **rename**, that you perform on files or folders that are on a Cluster Shared Volume (CSV) may fail with the error, \u201cSTATUS_BAD_IMPERSONATION_LEVEL (0xC00000A5)\u201d. This occurs when you perform the operation on a CSV owner node from a process that doesn\u2019t have administrator privilege.| Do one of the following:\n\n * Perform the operation from a process that has administrator privilege.\n * Perform the operation from a node that doesn\u2019t have CSV ownership.\nMicrosoft is working on a resolution and will provide an update in an upcoming release. \nAfter installing updates released March 9, 2021, you might get unexpected results when printing from some apps. Issues might include:\n\n * Elements of the document might print as solid black/color boxes or might be missing, including barcodes, QR codes, and graphics elements, such as logos.\n * Table lines might be missing. Other alignment or formatting issues might also be present.\n * Printing from some apps or to some printers might result in a blank page or label.\n| This issue is resolved in KB5001641. \n \n## How to get this update\n\n### Before installing this update\n\nWe strongly recommend that you install the latest servicing stack update (SSU) for your operating system before installing the latest Rollup. SSUs improve the reliability of the update process to mitigate potential issues while installing the Rollup and applying Microsoft security fixes. For general information about SSUs, see [Servicing stack updates](<https://docs.microsoft.com/en-us/windows/deployment/update/servicing-stack-updates>) and [Servicing Stack Updates (SSU): Frequently Asked Questions](<https://support.microsoft.com/help/4535697>).If you use Windows Update, the latest SSU ([KB4566426](<https://support.microsoft.com/help/4566426>)) will be offered to you automatically. To get the standalone package for the latest SSU, search for it in the [Microsoft Update Catalog](<http://www.catalog.update.microsoft.com/home.aspx>). **REMINDER** If you are using Security-only updates, you will also need to install all previous Security-only updates and the latest cumulative update for Internet Explorer ([KB5000800](<https://support.microsoft.com/help/5000800>)).\n\n### Install this update\n\n**Release Channel**| **Available**| **Next Step** \n---|---|--- \nWindows Update and Microsoft Update| No| See the other options below. \nMicrosoft Update Catalog| Yes| To get the standalone package for this update, go to the [Microsoft Update Catalog](<https://www.catalog.update.microsoft.com/Search.aspx?q=KB5000840>) website. \nWindows Server Update Services (WSUS)| Yes| This update will automatically sync with WSUS if you configure **Products and Classifications** as follows:**Product**: Windows Server 2012, Windows Embedded 8 Standard**Classification**: Security Update \n \n## File information\n\nFor a list of the files that are provided in this update, download the [file information for cumulative update 5000840](<https://download.microsoft.com/download/0/5/3/0536be84-b1cb-47be-8cae-267f984263e6/5000840.csv>).\n", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-03-09T08:00:00", "type": "mskb", "title": "March 9, 2021\u2014KB5000840 (Security-only update)", "bulletinFamily": "microsoft", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.0, "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-17049", "CVE-2021-1640"], "modified": "2021-03-09T08:00:00", "id": "KB5000840", "href": "https://support.microsoft.com/en-us/help/5000840", "cvss": {"score": 9.0, "vector": "AV:N/AC:L/Au:S/C:C/I:C/A:C"}}, {"lastseen": "2023-03-15T10:41:18", "description": "None\n**Important: ** \n \nWindows Server 2012 has reached the end of mainstream support and is now in extended support. Starting in July 2020, there will no longer be optional releases (known as \"C\" or \"D\" releases) for this operating system. Operating systems in extended support have only cumulative monthly security updates (known as the \"B\" or Update Tuesday release). \n \nFor information about the various types of Windows updates, such as critical, security, driver, service packs, and so on, please see the following [article](<https://support.microsoft.com/help/824684>). To view other notes and messages, see the Windows Server 2012 update history [home page](<https://support.microsoft.com/help/4009471>).\n\n**Important: ****March 9, 2021** \n \nAs part of the end of support for Adobe Flash, [KB4577586](<https://support.microsoft.com/help/4577586>) is now available as an optional update from Windows Update (WU) and Windows Server Update Services (WSUS). Installing KB4577586 will remove Adobe Flash Player permanently from your Windows device. Once installed, you cannot uninstall KB4577586. For more details about Microsoft\u2019s plans, see [Update on Adobe Flash Player End of Support](<https://blogs.windows.com/msedgedev/2020/09/04/update-adobe-flash-end-support>).\n\n## Improvements and fixes\n\nThis security update includes improvements and fixes that were a part of update [KB4601348](<https://support.microsoft.com/help/4601348>) (released previous February 9, 2021) and addresses the following issues: \n\n * Addresses an elevation of privilege security vulnerability documented in [CVE-2021-1640](<https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-1640>) related to print jobs submitted to \u201cFILE:\u201d ports. After installing Windows updates from March 9, 2021 and later, print jobs that are in a pending state before restarting the print spooler service or restarting the OS will remain in an error state. Manually delete the affected print jobs and resubmit them to the print queue when the print spooler service is online.\n * Addresses an issue in which a non-native device that is in the same realm does not receive a Kerberos Service ticket from Active Directory DCs. This issue occurs even though Windows Updates are installed that contain [CVE-2020-17049](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2020-17049>) protections released between November 10 and December 8, 2020 and configured **PerfromTicketSignature** to **1** or larger. Ticket acquisition fails with **KRB_GENERIC_ERROR** if callers submit a PAC-less Ticket Granting Ticket (TGT) as an evidence ticket without the **USER_NO_AUTH_DATA_REQUIRED** flag being set for the user in User Account Controls.\n * Security updates to Windows Fundamentals, Windows Shell, Windows UAC, Windows Hybrid Cloud Networking, Windows Graphics, and Windows Media.\nFor more information about the resolved security vulnerabilities, please refer to the new [Security Update Guide](<https://msrc.microsoft.com/update-guide>) website.\n\n## Known issues in this update\n\n**Symptom**| **Workaround** \n---|--- \nCertain operations, such as **rename**, that you perform on files or folders that are on a Cluster Shared Volume (CSV) may fail with the error, \u201cSTATUS_BAD_IMPERSONATION_LEVEL (0xC00000A5)\u201d. This occurs when you perform the operation on a CSV owner node from a process that doesn\u2019t have administrator privilege.| Do one of the following:\n\n * Perform the operation from a process that has administrator privilege.\n * Perform the operation from a node that doesn\u2019t have CSV ownership.\nMicrosoft is working on a resolution and will provide an update in an upcoming release. \nAfter installing updates released March 9, 2021, you might get unexpected results when printing from some apps. Issues might include:\n\n * Elements of the document might print as solid black/color boxes or might be missing, including barcodes, QR codes, and graphics elements, such as logos.\n * Table lines might be missing. Other alignment or formatting issues might also be present.\n * Printing from some apps or to some printers might result in a blank page or label.\n| This issue is resolved in KB5001641. \n \n## How to get this update\n\n### Before installing this update\n\nWe strongly recommend that you install the latest servicing stack update (SSU) for your operating system before installing the latest Rollup. SSUs improve the reliability of the update process to mitigate potential issues while installing the Rollup and applying Microsoft security fixes. For general information about SSUs, see [Servicing stack updates](<https://docs.microsoft.com/en-us/windows/deployment/update/servicing-stack-updates>) and [Servicing Stack Updates (SSU): Frequently Asked Questions](<https://support.microsoft.com/help/4535697>).If you use Windows Update, the latest SSU ([KB4566426](<https://support.microsoft.com/help/4566426>)) will be offered to you automatically. To get the standalone package for the latest SSU, search for it in the [Microsoft Update Catalog](<https://www.catalog.update.microsoft.com/home.aspx>). \n\n### Install this update\n\n**Release Channel**| **Available**| **Next Step** \n---|---|--- \nWindows Update and Microsoft Update| Yes| None. This update will be downloaded and installed automatically from Windows Update. \nMicrosoft Update Catalog| Yes| To get the standalone package for this update, go to the [Microsoft Update Catalog](<https://www.catalog.update.microsoft.com/Search.aspx?q=KB5000847>) website. \nWindows Server Update Services (WSUS)| Yes| This update will automatically sync with WSUS if you configure **Products and Classifications** as follows:**Product**: Windows Server 2012, Windows Embedded 8 Standard**Classification**: Security Updates \n \n## File information\n\nFor a list of the files that are provided in this update, download the [file information for update 5000847](<https://download.microsoft.com/download/4/2/e/42eb70ea-a2d4-40aa-8e15-2694b8dbf658/5000847.csv>).\n", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-03-09T08:00:00", "type": "mskb", "title": "March 9, 2021\u2014KB5000847 (Monthly Rollup)", "bulletinFamily": "microsoft", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.0, "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-17049", "CVE-2021-1640"], "modified": "2021-03-09T08:00:00", "id": "KB5000847", "href": "https://support.microsoft.com/en-us/help/5000847", "cvss": {"score": 9.0, "vector": "AV:N/AC:L/Au:S/C:C/I:C/A:C"}}, {"lastseen": "2022-08-24T11:31:35", "description": "None\n**Important: ** \n \nWindows 8.1 and Windows Server 2012 R2 have reached the end of mainstream support and are now in extended support. Starting in July 2020, there will no longer be optional, non-security releases (known as \"C\" releases) for this operating system. Operating systems in extended support have only cumulative monthly security updates (known as the \"B\" or Update Tuesday release). \n \nFor information about the various types of Windows updates, such as critical, security, driver, service packs, and so on, please see the following [article](<https://support.microsoft.com/help/824684>). To view other notes and messages, see the Windows 8.1 and Windows Server 2012 R2 update history [home page](<https://support.microsoft.com/help/4009470>).\n\n**Important: ****March 9, 2021** \n \nAs part of the end of support for Adobe Flash, [KB4577586](<https://support.microsoft.com/help/4577586>) is now available as an optional update from Windows Update (WU) and Windows Server Update Services (WSUS). Installing [KB4577586](<https://support.microsoft.com/help/4577586>) will remove Adobe Flash Player permanently from your Windows device. Once installed, you cannot uninstall this update. For more details about Microsoft\u2019s plans, see [Update on Adobe Flash Player End of Support](<https://blogs.windows.com/msedgedev/2020/09/04/update-adobe-flash-end-support>).\n\n## Improvements and fixes\n\nThis security update includes quality improvements. Key changes include: \n\n * Addresses an issue in which a non-native device that is in the same realm does not receive a Kerberos Service ticket from Active Directory DCs. This issue occurs even though Windows Updates are installed that contain [CVE-2020-17049](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2020-17049>) protections released between November 10 and December 8, 2020 and configured **PerfromTicketSignature** to **1** or larger. Ticket acquisition fails with **KRB_GENERIC_ERROR** if callers submit a PAC-less Ticket Granting Ticket (TGT) as an evidence ticket without the **USER_NO_AUTH_DATA_REQUIRED** flag being set for the user in User Account Controls.\n * Security updates to Windows Fundamentals, Windows Shell, Windows UAC, Windows Hybrid Cloud Networking, Windows Media, and Windows Graphics.\nFor more information about the resolved security vulnerabilities, please refer to the new [Security Update Guide](<https://msrc.microsoft.com/update-guide>) website.\n\n## Known issues in this update\n\n**Symptom**| **Workaround** \n---|--- \nCertain operations, such as **rename**, that you perform on files or folders that are on a Cluster Shared Volume (CSV) may fail with the error, \u201cSTATUS_BAD_IMPERSONATION_LEVEL (0xC00000A5)\u201d. This occurs when you perform the operation on a CSV owner node from a process that doesn\u2019t have administrator privilege.| Do one of the following:\n\n * Perform the operation from a process that has administrator privilege.\n * Perform the operation from a node that doesn\u2019t have CSV ownership.\nMicrosoft is working on a resolution and will provide an update in an upcoming release. \nAfter installing updates released March 9, 2021, you might get unexpected results when printing from some apps. Issues might include:\n\n * Elements of the document might print as solid black/color boxes or might be missing, including barcodes, QR codes, and graphics elements, such as logos.\n * Table lines might be missing. Other alignment or formatting issues might also be present.\n * Printing from some apps or to some printers might result in a blank page or label.\n| This issue is resolved in KB5001640. \n \n## How to get this update\n\n### Before installing this update\n\nWe strongly recommend that you install the latest servicing stack update (SSU) for your operating system before you install the latest Rollup. SSUs improve the reliability of the update process to mitigate potential issues while installing the Rollup and applying Microsoft security fixes. For general information about SSUs, see [Servicing stack updates](<https://docs.microsoft.com/en-us/windows/deployment/update/servicing-stack-updates>) and [Servicing Stack Updates (SSU): Frequently Asked Questions](<https://support.microsoft.com/help/4535697>).If you use Windows Update, the latest SSU ([KB4566425](<https://support.microsoft.com/help/4566425>)) will be offered to you automatically. To get the standalone package for the latest SSU, search for it in the [Microsoft Update Catalog](<http://www.catalog.update.microsoft.com/home.aspx>). **REMINDER** If you are using Security-only updates, you will also need to install all previous Security-only updates and the latest cumulative update for Internet Explorer ([KB5000800](<https://support.microsoft.com/help/5000800>)).\n\n### Install this update\n\n**Release Channel**| **Available**| **Next Step** \n---|---|--- \nWindows Update and Microsoft Update| No| See the other options below. \nMicrosoft Update Catalog| Yes| To get the standalone package for this update, go to the [Microsoft Update Catalog](<https://www.catalog.update.microsoft.com/Search.aspx?q=KB5000853>) website. \nWindows Server Update Services (WSUS)| Yes| This update will automatically sync with WSUS if you configure **Products and Classifications** as follows:**Product**: Windows 8.1, Windows Server 2012 R2, Windows Embedded 8.1 Industry Enterprise, Windows Embedded 8.1 Industry Pro**Classification**: Security Updates \n \n## File information\n\nFor a list of the files that are provided in this update, download the [file information for update 5000853](<https://download.microsoft.com/download/c/6/6/c66f8597-5e15-4d1f-9aaf-55abbe41f1b0/5000853.csv>).\n", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-03-09T08:00:00", "type": "mskb", "title": "March 9, 2021\u2014KB5000853 (Security-only update)", "bulletinFamily": "microsoft", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.0, "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-17049", "CVE-2021-1640"], "modified": "2021-03-09T08:00:00", "id": "KB5000853", "href": "https://support.microsoft.com/en-us/help/5000853", "cvss": {"score": 9.0, "vector": "AV:N/AC:L/Au:S/C:C/I:C/A:C"}}, {"lastseen": "2022-08-24T11:31:35", "description": "None\n**Important: **Verify that** **you have installed the required updates listed in the **How to get this update** section before installing this update. \n\n**Important: **For information about the various types of Windows updates, such as critical, security, driver, service packs, and so on, please see the following [article](<https://support.microsoft.com/help/824684>). To view other notes and messages, see the Windows 7 SP1 and Windows Server 2008 R2 SP1 update history [home page](<https://support.microsoft.com/help/4009469>).\n\n## Improvements and fixes\n\nThis security update includes quality improvements. Key changes include: \n\n * Addresses an issue in which a non-native device that is in the same realm does not receive a Kerberos Service ticket from Active Directory DCs. This issue occurs even though Windows Updates are installed that contain [CVE-2020-17049](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2020-17049>) protections released between November 10 and December 8, 2020 and configured **PerfromTicketSignature** to **1** or larger. Ticket acquisition fails with **KRB_GENERIC_ERROR** if callers submit a PAC-less Ticket Granting Ticket (TGT) as an evidence ticket without the **USER_NO_AUTH_DATA_REQUIRED** flag being set for the user in User Account Controls.\n * Security updates to Windows Fundamentals, Windows Shell, Windows UAC, Windows Hybrid Cloud Networking, and Windows Media.\nFor more information about the resolved security vulnerabilities, please refer to the new [Security Update Guide](<https://msrc.microsoft.com/update-guide>) website.\n\n## Known issues in this update\n\n**Symptom**| **Workaround** \n---|--- \nAfter installing this update and restarting your device, you might receive the error, \u201cFailure to configure Windows updates. Reverting Changes. Do not turn off your computer,\u201d and the update might show as **Failed** in **Update History**.| This is expected in the following circumstances:\n\n * If you are installing this update on a device that is running an edition that is not supported for ESU. For a complete list of which editions are supported, see [KB4497181](<https://support.microsoft.com/help/4497181>).\n * If you do not have an ESU MAK add-on key installed and activated.\nIf you have purchased an ESU key and have encountered this issue, please verify you have applied all prerequisites and that your key is activated. For information on activation, please see this [blog](<https://aka.ms/Windows7ESU>) post. For information on the prerequisites, see the \"How to get this update\" section of this article. \nCertain operations, such as **rename**, that you perform on files or folders that are on a Cluster Shared Volume (CSV) may fail with the error, \u201cSTATUS_BAD_IMPERSONATION_LEVEL (0xC00000A5)\u201d. This occurs when you perform the operation on a CSV owner node from a process that doesn\u2019t have administrator privilege.| Do one of the following:\n\n * Perform the operation from a process that has administrator privilege.\n * Perform the operation from a node that doesn\u2019t have CSV ownership.\nMicrosoft is working on a resolution and will provide an update in an upcoming release. \nAfter installing updates released March 9, 2021, you might get unexpected results when printing from some apps. Issues might include:\n\n * Elements of the document might print as solid black/color boxes or might be missing, including barcodes, QR codes, and graphics elements, such as logos.\n * Table lines might be missing. Other alignment or formatting issues might also be present.\n * Printing from some apps or to some printers might result in a blank page or label.\n| This issue is resolved in KB5001639. \n \n## How to get this update\n\n### Before installing this update\n\n**IMPORTANT** Customers who have purchased the Extended Security Update (ESU) for on-premises versions of these operating systems must follow the procedures in [KB4522133](<https://support.microsoft.com/help/4522133>) to continue receiving security updates after extended support ends. Extended support ends as follows:\n\n * For Windows 7 Service Pack 1 and Windows Server 2008 R2 Service Pack 1, extended support ends on January 14, 2020.\n * For Windows Embedded Standard 7, extended support ends on October 13, 2020.\nFor more information about ESU and which editions are supported, see [KB4497181](<https://support.microsoft.com/help/4497181>).**Note** For Windows Embedded Standard 7, Windows Management Instrumentation (WMI) must be enabled to get updates from Windows Update or Windows Server Update Services.**Prerequisite:**You must install the updates listed below and **restart your device** before installing the latest Rollup. Installing these updates improves the reliability of the update process and mitigates potential issues while installing the Rollup and applying Microsoft security fixes.\n\n 1. The March 12, 2019 servicing stack update (SSU) ([KB4490628](<https://support.microsoft.com/help/4490628>)). To get the standalone package for this SSU, search for it in the [Microsoft Update Catalog](<http://www.catalog.update.microsoft.com/home.aspx>). This update is required to install updates that are only SHA-2 signed.\n 2. The latest SHA-2 update ([KB4474419](<https://support.microsoft.com/help/4474419>)) released September 10, 2019. If you are using Windows Update, the latest SHA-2 update will be offered to you automatically. This update is required to install updates that are only SHA-2 signed. For more information on SHA-2 updates, see [2019 SHA-2 Code Signing Support requirement for Windows and WSUS](<https://support.microsoft.com/help/4472027>).\n 3. For Windows Thin PC, you must have the August 11, 2020 SSU ([KB4570673](<https://support.microsoft.com/help/4570673>)) or a later SSU installed to make sure you continue to get the extended security updates starting with the October 13, 2020 updates.\n 4. To get this security update, you must reinstall the \"Extended Security Updates (ESU) Licensing Preparation Package\" ([KB4538483](<https://support.microsoft.com/help/4538483>)) or the \"Update for the Extended Security Updates (ESU) Licensing Preparation Package\" ([KB4575903](<https://support.microsoft.com/help/4575903>)) even if you previously installed the ESU key. The ESU licensing preparation package will be offered to you from WSUS. To get the standalone package for ESU licensing preparation package, search for it in the [Microsoft Update Catalog](<http://www.catalog.update.microsoft.com/home.aspx>).\nAfter installing the items above, Microsoft strongly recommends that you install the latest SSU ([KB4592510](<https://support.microsoft.com/help/4592510>)). If you are using Windows Update, the latest SSU will be offered to you automatically if you are an ESU customer. To get the standalone package for the latest SSU, search for it in the [Microsoft Update Catalog](<http://www.catalog.update.microsoft.com/home.aspx>). For general information about SSUs, see [Servicing stack updates](<https://docs.microsoft.com/en-us/windows/deployment/update/servicing-stack-updates>) and [Servicing Stack Updates (SSU): Frequently Asked Questions](<https://support.microsoft.com/help/4535697>).**REMINDER** If you are using Security-only updates, you will also need to install all previous Security-only updates and the latest cumulative update for Internet Explorer ([KB5000800](<https://support.microsoft.com/help/5000800>)).\n\n### Install this update\n\n**Release Channel**| **Available**| **Next Step** \n---|---|--- \nWindows Update and Microsoft Update| No| See the other options below. \nMicrosoft Update Catalog| Yes| To get the standalone package for this update, go to the [Microsoft Update Catalog](<https://www.catalog.update.microsoft.com/Search.aspx?q=KB5000851>) website. \nWindows Server Update Services (WSUS)| Yes| This update will automatically sync with WSUS if you configure **Products and Classifications** as follows:**Product**: Windows 7 Service Pack 1, Windows Server 2008 R2 Service Pack 1, Windows Embedded Standard 7 Service Pack 1, Windows Embedded POSReady 7, Windows Thin PC**Classification**: Security Updates \n \n## File information\n\nFor a list of the files that are provided in this update, download the [file information for cumulative update 5000851](<https://download.microsoft.com/download/1/d/3/1d339bad-54f6-42de-a6ff-54d21c6fbdf3/5000851.csv>).\n", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-03-09T08:00:00", "type": "mskb", "title": "March 9, 2021\u2014KB5000851 (Security-only update)", "bulletinFamily": "microsoft", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.0, "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-17049", "CVE-2021-1640"], "modified": "2021-03-09T08:00:00", "id": "KB5000851", "href": "https://support.microsoft.com/en-us/help/5000851", "cvss": {"score": 9.0, "vector": "AV:N/AC:L/Au:S/C:C/I:C/A:C"}}, {"lastseen": "2022-08-24T11:31:35", "description": "None\n**Important: **Verify that** **you have installed the required updates listed in the **How to get this update** section before installing this update. \n\n**Important: **WSUS scan cab files will continue to be available for Windows Server 2008 SP2. If you have a subset of devices running this operating system without ESU, they might show as non-compliant in your patch management and compliance toolsets.\n\n## Improvements and fixes\n\nThis security update includes quality improvements. Key changes include: \n\n * Addresses an issue in which a non-native device that is in the same realm does not receive a Kerberos Service ticket from Active Directory DCs. This issue occurs even though Windows Updates are installed that contain [CVE-2020-17049](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2020-17049>) protections released between November 10 and December 8, 2020 and configured **PerfromTicketSignature** to **1** or larger. Ticket acquisition fails with **KRB_GENERIC_ERROR** if callers submit a PAC-less Ticket Granting Ticket (TGT) as an evidence ticket without the **USER_NO_AUTH_DATA_REQUIRED** flag being set for the user in User Account Controls.\n * Security updates to Windows Fundamentals, Windows Shell, and Windows Hybrid Cloud Networking.\nFor more information about the resolved security vulnerabilities, please refer to the new [Security Update Guide](<https://msrc.microsoft.com/update-guide>) website.\n\n## Known issues in this update\n\n**Symptom**| **Workaround** \n---|--- \nAfter installing this update and restarting your device, you might receive the error, \u201cFailure to configure Windows updates. Reverting Changes. Do not turn off your computer\u201d, and the update might show as **Failed** in **Update History**.| This is expected in the following circumstances:\n\n * If you are installing this update on a device that is running an edition that is not supported for ESU. For a complete list of which editions are supported, see [KB4497181](<https://support.microsoft.com/help/4497181>).\n * If you do not have an ESU MAK add-on key installed and activated.\nIf you have purchased an ESU key and have encountered this issue, please verify you have applied all prerequisites and that your key is activated. For information on activation, please see this [blog](<https://aka.ms/Windows7ESU>) post. For information on the prerequisites, see the \"How to get this update\" section of this article. \nCertain operations, such as **rename**, that you perform on files or folders that are on a Cluster Shared Volume (CSV) may fail with the error, \u201cSTATUS_BAD_IMPERSONATION_LEVEL (0xC00000A5)\u201d. This occurs when you perform the operation on a CSV owner node from a process that doesn\u2019t have administrator privilege.| Do one of the following:\n\n * Perform the operation from a process that has administrator privilege.\n * Perform the operation from a node that doesn\u2019t have CSV ownership.\nMicrosoft is working on a resolution and will provide an update in an upcoming release. \nAfter installing updates released March 9, 2021, you might get unexpected results when printing from some apps. Issues might include:\n\n * Elements of the document might print as solid black/color boxes or might be missing, including barcodes, QR codes, and graphics elements, such as logos.\n * Table lines might be missing. Other alignment or formatting issues might also be present.\n * Printing from some apps or to some printers might result in a blank page or label.\n| This issue is resolved in KB5001642. \n \n## How to get this update\n\n### Before installing this update\n\n**IMPORTANT** Customers who have purchased the [Extended Security Update (ESU)](<https://www.microsoft.com/en-us/cloud-platform/extended-security-updates>) for on-premises versions of this OS must follow the procedures in [KB4522133](<https://support.microsoft.com/help/4522133>) to continue receiving security updates after extended support ends on January 14, 2020.For more information on ESU and which editions are supported, see [KB4497181](<https://support.microsoft.com/help/4497181>).\n\n### Prerequisite\n\nYou must install the updates listed below and **restart your device** before installing the latest Rollup. Installing these updates improves the reliability of the update process and mitigates potential issues while installing the Rollup and applying Microsoft security fixes.\n\n 1. The April 9, 2019 servicing stack update (SSU) ([KB4493730](<https://support.microsoft.com/help/4493730>)). To get the standalone package for this SSU, search for it in the [Microsoft Update Catalog](<http://www.catalog.update.microsoft.com/home.aspx>). This update is required to install updates that are only SHA-2 signed.\n 2. The latest SHA-2 update ([KB4474419](<https://support.microsoft.com/help/4474419>)) released October 8, 2019. If you are using Windows Update, the latest SHA-2 update will be offered to you automatically. This update is required to install updates that are only SHA-2 signed. For more information on SHA-2 updates, see [2019 SHA-2 Code Signing Support requirement for Windows and WSUS](<https://support.microsoft.com/help/4472027>).\n 3. The Extended Security Updates (ESU) Licensing Preparation Package ([KB4538484](<https://support.microsoft.com/help/4538484>)) or the Update for the Extended Security Updates (ESU) Licensing Preparation Package ([KB4575904](<https://support.microsoft.com/help/4575904>)). The ESU licensing preparation package will be offered to you from WSUS. To get the standalone package for ESU licensing preparation package, search for it in the [Microsoft Update Catalog](<http://www.catalog.update.microsoft.com/home.aspx>).\nAfter installing the items above, we strongly recommend that you install the latest SSU ([KB4580971](<https://support.microsoft.com/help/4580971>)). If you are using Windows Update, the latest SSU will be offered to you automatically if you are an ESU customer. To get the standalone package for the latest SSU, search for it in the [Microsoft Update Catalog](<http://www.catalog.update.microsoft.com/home.aspx>). For general information about SSUs, see [Servicing stack updates](<https://docs.microsoft.com/en-us/windows/deployment/update/servicing-stack-updates>) and [Servicing Stack Updates (SSU): Frequently Asked Questions](<https://support.microsoft.com/help/4535697>).**REMINDER** If you are using Security-only updates, you will also need to install all previous Security-only updates and the latest cumulative update for Internet Explorer ([KB5000800](<https://support.microsoft.com/help/5000800>)).\n\n### Install this update\n\n**Release Channel**| **Available**| **Next Step** \n---|---|--- \nWindows Update and Microsoft Update| No| See the other options below. \nMicrosoft Update Catalog| Yes| To get the standalone package for this update, go to the [Microsoft Update Catalog](<https://www.catalog.update.microsoft.com/Search.aspx?q=KB5000856>) website. \nWindows Server Update Services (WSUS)| Yes| This update will automatically sync with WSUS if you configure **Products and Classifications** as follows:**Product**: Windows Server 2008 Service Pack 2**Classification**: Security Updates \n \n## File information\n\nFor a list of the files that are provided in this update, download the [file information for cumulative update 5000856](<https://download.microsoft.com/download/5/d/4/5d4ab820-dbb3-46ab-bc55-096898eee7c6/5000856.csv>).\n", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-03-09T08:00:00", "type": "mskb", "title": "March 9, 2021\u2014KB5000856 (Security-only update)", "bulletinFamily": "microsoft", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.0, "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-17049", "CVE-2021-1640"], "modified": "2021-03-09T08:00:00", "id": "KB5000856", "href": "https://support.microsoft.com/en-us/help/5000856", "cvss": {"score": 9.0, "vector": "AV:N/AC:L/Au:S/C:C/I:C/A:C"}}, {"lastseen": "2023-03-15T10:41:18", "description": "None\n**Important: **Verify that** **you have installed the required updates listed in the **How to get this update** section before installing this update. \n\n**Important: **For information about the various types of Windows updates, such as critical, security, driver, service packs, and so on, please see the following [article](<https://support.microsoft.com/help/824684>). To view other notes and messages, see the Windows Server 2008 Service Pack 2 update history [home page](<https://support.microsoft.com/help/4343218>).\n\n## Improvements and fixes\n\nThis security update includes improvements and fixes that were a part of update [KB4601360](<https://support.microsoft.com/help/4601360>) (released February 9, 2021) and addresses the following issues: \n\n * Addresses an elevation of privilege security vulnerability documented in [CVE-2021-1640](<https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-1640>) related to print jobs submitted to \u201cFILE:\u201d ports. After installing Windows updates from March 9, 2021 and later, print jobs that are in a pending state before restarting the print spooler service or restarting the OS will remain in an error state. Manually delete the affected print jobs and resubmit them to the print queue when the print spooler service is online.\n * Addresses an issue in which a non-native device that is in the same realm does not receive a Kerberos Service ticket from Active Directory DCs. This issue occurs even though Windows Updates are installed that contain [CVE-2020-17049](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2020-17049>) protections released between November 10 and December 8, 2020 and configured **PerfromTicketSignature** to **1** or larger. Ticket acquisition fails with **KRB_GENERIC_ERROR** if callers submit a PAC-less Ticket Granting Ticket (TGT) as an evidence ticket without the **USER_NO_AUTH_DATA_REQUIRED** flag being set for the user in User Account Controls.\n * Security updates to Windows Fundamentals, Windows Shell, and Windows Hybrid Cloud Networking.\nFor more information about the resolved security vulnerabilities, please refer to the new [Security Update Guide](<https://msrc.microsoft.com/update-guide>) website.\n\n## Known issues in this update\n\n**Symptom**| **Workaround** \n---|--- \nAfter installing this update and restarting your device, you might receive the error, \u201cFailure to configure Windows updates. Reverting Changes. Do not turn off your computer\u201d, and the update might show as **Failed** in **Update History**.| This is expected in the following circumstances:\n\n * If you are installing this update on a device that is running an edition that is not supported for ESU. For a complete list of which editions are supported, see [KB4497181](<https://support.microsoft.com/help/4497181>).\n * If you do not have an ESU MAK add-on key installed and activated.\nIf you have purchased an ESU key and have encountered this issue, please verify you have applied all prerequisites and that your key is activated. For information on activation, please see this [blog](<https://aka.ms/Windows7ESU>) post. For information on the prerequisites, see the \"How to get this update\" section of this article. \nCertain operations, such as **rename**, that you perform on files or folders that are on a Cluster Shared Volume (CSV) may fail with the error, \u201cSTATUS_BAD_IMPERSONATION_LEVEL (0xC00000A5)\u201d. This occurs when you perform the operation on a CSV owner node from a process that doesn\u2019t have administrator privilege.| Do one of the following:\n\n * Perform the operation from a process that has administrator privilege.\n * Perform the operation from a node that doesn\u2019t have CSV ownership.\nMicrosoft is working on a resolution and will provide an update in an upcoming release. \nAfter installing updates released March 9, 2021, you might get unexpected results when printing from some apps. Issues might include:\n\n * Elements of the document might print as solid black/color boxes or might be missing, including barcodes, QR codes, and graphics elements, such as logos.\n * Table lines might be missing. Other alignment or formatting issues might also be present.\n * Printing from some apps or to some printers might result in a blank page or label.\n| This issue is resolved in KB5001642. \n \n## How to get this update\n\n### Before installing this update\n\n**IMPORTANT** Customers who have purchased the Extended Security Update (ESU) for on-premises versions of these operating systems must follow the procedures in [KB4522133](<https://support.microsoft.com/help/4522133>) to continue receiving security updates after extended support ends on January 14, 2020.For more information about ESU and which editions are supported, see [KB4497181](<https://support.microsoft.com/help/4497181>).\n\n### **Prerequisite**\n\nYou must install the updates listed below and **restart your device** before installing the latest Rollup. Installing these updates improves the reliability of the update process and mitigates potential issues while installing the Rollup and applying Microsoft security fixes.\n\n 1. The April 9, 2019 servicing stack update (SSU) ([KB4493730](<https://support.microsoft.com/help/4493730>)). To get the standalone package for this SSU, search for it in the [Microsoft Update Catalog](<http://www.catalog.update.microsoft.com/home.aspx>). This update is required to install updates that are only SHA-2 signed.\n 2. The latest SHA-2 update ([KB4474419](<https://support.microsoft.com/help/4474419>)) released October 8, 2019. If you are using Windows Update, the latest SHA-2 update will be offered to you automatically. This update is required to install updates that are only SHA-2 signed. For more information on SHA-2 updates, see [2019 SHA-2 Code Signing Support requirement for Windows and WSUS](<https://support.microsoft.com/help/4472027>).\n 3. The Extended Security Updates (ESU) Licensing Preparation Package ([KB4538484](<https://support.microsoft.com/help/4538484>)) or the Update for the Extended Security Updates (ESU) Licensing Preparation Package ([KB4575904](<https://support.microsoft.com/help/4575904>)). The ESU licensing preparation package will be offered to you from WSUS. To get the standalone package for ESU licensing preparation package, search for it in the [Microsoft Update Catalog](<http://www.catalog.update.microsoft.com/home.aspx>).\nAfter installing the items above, Microsoft strongly recommends that you install the latest SSU ([KB4580971](<https://support.microsoft.com/help/4580971>)). If you are using Windows Update, the latest SSU will be offered to you automatically if you are an ESU customer. To get the standalone package for the latest SSU, search for it in the [Microsoft Update Catalog](<http://www.catalog.update.microsoft.com/home.aspx>). For general information about SSUs, see [Servicing stack updates](<https://docs.microsoft.com/en-us/windows/deployment/update/servicing-stack-updates>) and [Servicing Stack Updates (SSU): Frequently Asked Questions](<https://support.microsoft.com/help/4535697>).\n\n### Install this update\n\n**Release Channel**| **Available**| **Next Step** \n---|---|--- \nWindows Update and Microsoft Update| Yes| None. This update will be downloaded and installed automatically from Windows Update if you are an ESU customer. \nMicrosoft Update Catalog| Yes| To get the standalone package for this update, go to the [Microsoft Update Catalog](<https://www.catalog.update.microsoft.com/Search.aspx?q=KB5000844>) website. \nWindows Server Update Services (WSUS)| Yes| This update will automatically sync with WSUS if you configure **Products and Classifications** as follows:**Product**: Windows Server 2008 Service Pack 2**Classification**: Security Updates \n \n## File information\n\nFor a list of the files that are provided in this update, download the [file information for cumulative update 5000844](<https://download.microsoft.com/download/b/4/c/b4ca9728-4c2d-46fd-b3b9-769235c4305a/5000844.csv>).\n", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-03-09T08:00:00", "type": "mskb", "title": "March 9, 2021\u2014KB5000844 (Monthly Rollup)", "bulletinFamily": "microsoft", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.0, "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-17049", "CVE-2021-1640", "CVE-2021-26411"], "modified": "2021-03-09T08:00:00", "id": "KB5000844", "href": "https://support.microsoft.com/en-us/help/5000844", "cvss": {"score": 9.0, "vector": "AV:N/AC:L/Au:S/C:C/I:C/A:C"}}, {"lastseen": "2023-03-15T10:41:19", "description": "None\n**Important: ** \n \nWindows 8.1 and Windows Server 2012 R2 have reached the end of mainstream support and are now in extended support. Starting in July 2020, there will no longer be optional, non-security releases (known as \"C\" releases) for this operating system. Operating systems in extended support have only cumulative monthly security updates (known as the \"B\" or Update Tuesday release). \n \nFor information about the various types of Windows updates, such as critical, security, driver, service packs, and so on, please see the following [article](<https://support.microsoft.com/help/824684>). To view other notes and messages, see the Windows 8.1 and Windows Server 2012 R2 update history [home page](<https://support.microsoft.com/help/4009470>).\n\n**Important: ****March 9, 2021** \nAs part of the end of support for Adobe Flash, [KB4577586](<https://support.microsoft.com/help/4577586>) is now available as an optional update from Windows Update (WU) and Windows Server Update Services (WSUS). Installing KB4577586 will remove Adobe Flash Player permanently from your Windows device. Once installed, you cannot uninstall KB4577586[ ](<https://support.microsoft.com/help/4577586>). For more details about Microsoft\u2019s plans, see [Update on Adobe Flash Player End of Support](<https://blogs.windows.com/msedgedev/2020/09/04/update-adobe-flash-end-support>).\n\n## Improvements and fixes\n\nThis security update includes improvements and fixes that were a part of update [KB4601384](<https://support.microsoft.com/help/4601384>) (released February 9, 2021) and addresses the following issues:\n\n * Addresses an issue in which a non-native device that is in the same realm does not receive a Kerberos Service ticket from Active Directory DCs. This issue occurs even though Windows Updates are installed that contain [CVE-2020-17049](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2020-17049>) protections released between November 10 and December 8, 2020 and configured **PerfromTicketSignature** to **1** or larger. Ticket acquisition fails with **KRB_GENERIC_ERROR** if callers submit a PAC-less Ticket Granting Ticket (TGT) as an evidence ticket without the **USER_NO_AUTH_DATA_REQUIRED** flag being set for the user in User Account Controls.\n * Addresses an elevation of privilege security vulnerability documented in [CVE-2021-1640](<https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-1640>) related to print jobs submitted to \u201cFILE:\u201d ports. After installing Windows updates from March 9, 2021 and later, print jobs that are in a pending state before restarting the print spooler service or restarting the OS will remain in an error state. Manually delete the affected print jobs and resubmit them to the print queue when the print spooler service is online.\n * Security updates to Windows Fundamentals, Windows Shell, Windows UAC, Windows Hybrid Cloud Networking, Windows Media, and Windows Graphics.\nFor more information about the resolved security vulnerabilities, please refer to the new [Security Update Guide](<https://msrc.microsoft.com/update-guide>) website.\n\n## Known issues in this update\n\n**Symptom**| **Workaround** \n---|--- \nCertain operations, such as **rename**, that you perform on files or folders that are on a Cluster Shared Volume (CSV) may fail with the error, \u201cSTATUS_BAD_IMPERSONATION_LEVEL (0xC00000A5)\u201d. This occurs when you perform the operation on a CSV owner node from a process that doesn\u2019t have administrator privilege.| Do one of the following:\n\n * Perform the operation from a process that has administrator privilege.\n * Perform the operation from a node that doesn\u2019t have CSV ownership.\nMicrosoft is working on a resolution and will provide an update in an upcoming release. \nAfter installing updates released March 9, 2021, you might get unexpected results when printing from some apps. Issues might include:\n\n * Elements of the document might print as solid black/color boxes or might be missing, including barcodes, QR codes, and graphics elements, such as logos.\n * Table lines might be missing. Other alignment or formatting issues might also be present.\n * Printing from some apps or to some printers might result in a blank page or label.\n| This issue is resolved in KB5001640. \n \n## How to get this update\n\n### Before installing this update\n\nWe strongly recommend that you install the latest servicing stack update (SSU) for your operating system before you install the latest Rollup. SSUs improve the reliability of the update process to mitigate potential issues while installing the Rollup and applying Microsoft security fixes. For general information about SSUs, see [Servicing stack updates](<https://docs.microsoft.com/en-us/windows/deployment/update/servicing-stack-updates>) and [Servicing Stack Updates (SSU): Frequently Asked Questions](<https://support.microsoft.com/help/4535697>).If you use Windows Update, the latest SSU ([KB4566425](<https://support.microsoft.com/help/4566425>)) will be offered to you automatically. To get the standalone package for the latest SSU, search for it in the [Microsoft Update Catalog](<http://www.catalog.update.microsoft.com/home.aspx>). \n\n### Install this update\n\n**Release Channel**| **Available**| **Next Step** \n---|---|--- \nWindows Update and Microsoft Update| Yes| None. This update will be downloaded and installed automatically from Windows Update. \nMicrosoft Update Catalog| Yes| To get the standalone package for this update, go to the [Microsoft Update Catalog](<https://www.catalog.update.microsoft.com/Search.aspx?q=KB5000848>) website. \nWindows Server Update Services (WSUS)| Yes| This update will automatically sync with WSUS if you configure **Products and Classifications** as follows:**Product**: Windows 8.1, Windows Server 2012 R2, Windows Embedded 8.1 Industry Enterprise, Windows Embedded 8.1 Industry Pro**Classification**: Security Updates \n \n## File information\n\nFor a list of the files that are provided in this update, download the [file information for update 5000848](<https://download.microsoft.com/download/0/0/3/0036604e-4a48-4a7e-a819-1a9c3657f829/5000848.csv>).\n", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-03-09T08:00:00", "type": "mskb", "title": "March 9, 2021\u2014KB5000848 (Monthly Rollup)", "bulletinFamily": "microsoft", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.0, "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-17049", "CVE-2021-1640", "CVE-2021-26411"], "modified": "2021-03-09T08:00:00", "id": "KB5000848", "href": "https://support.microsoft.com/en-us/help/5000848", "cvss": {"score": 9.0, "vector": "AV:N/AC:L/Au:S/C:C/I:C/A:C"}}, {"lastseen": "2023-03-15T10:41:13", "description": "None\n**NEW 3/9/21** \n**IMPORTANT **As part of the end of support for Adobe Flash, KB4577586 is now available as an optional update from Windows Update (WU) and Windows Server Update Services (WSUS). Installing KB4577586 will remove Adobe Flash Player permanently from your Windows device. Once installed, you cannot uninstall KB4577586. For more details about Microsoft\u2019s plans, see [Update on Adobe Flash Player End of Support](<https://blogs.windows.com/msedgedev/2020/09/04/update-adobe-flash-end-support>).\n\n**11/19/20** \nFor information about Windows update terminology, see the article about the [types of Windows updates](<https://docs.microsoft.com/en-us/troubleshoot/windows-client/deployment/standard-terminology-software-updates>) and the [monthly quality update types](<https://techcommunity.microsoft.com/t5/windows-it-pro-blog/windows-10-update-servicing-cadence/ba-p/222376>). To view other notes and messages, see the Windows 10, version 1607 update history home page. \n\n## Highlights\n\n * Updates security for the Windows user interface.\n * Updates to improve security when Windows performs basic operations.\n * Updates to improve security when using Microsoft Office products.\n\n## Improvements and fixes\n\nThis security update includes quality improvements. Key changes include:\n\n * Turns off token binding by default in Windows Internet (WinINet).\n * Addresses an issue in the Windows Management Instrumentation (WMI) service that causes a heap leak each time security settings are applied to WMI namespace permissions.\n * Addresses an issue in which a principal in a trusted MIT realm fails to obtain a Kerberos service ticket from Active Directory domain controllers (DC). This occurs on devices that installed Windows Updates that contain CVE-2020-17049 protections and configured PerfromTicketSignature to 1 or higher. These updates were released between November 10, 2020 and December 8, 2020. Ticket acquisition also fails with the error, \u201cKRB_GENERIC_ERROR\u201d, if callers submit a PAC-less Ticket Granting Ticket (TGT) as an evidence ticket without providing the USER_NO_AUTH_DATA_REQUIRED flag.\n * Addresses an elevation of privilege security vulnerability documented in [CVE-2021-1640](<https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-1640>) related to print jobs submitted to \u201cFILE:\u201d ports. After installing Windows updates from March 9, 2021 and later, print jobs that are in a pending state before restarting the print spooler service or restarting the OS will remain in an error state. Manually delete the affected print jobs and resubmit them to the print queue when the print spooler service is online. \n * Addresses a reliability issue in Remote Desktop.\n * Addresses an issue that might cause stop error 7E in **nfssvr.sys** on servers running the Network File System (NFS) service.\n * Addresses an issue that excessively logs DfsSvc Event 14554 in the System event log by default once every hour for each DFS Namespace (DFSN). This update adds a new registry key, RootShareAcquireSuccessEvent, to enable or disable Event 14554.Keypath: HKEY_LOCAL_MACHINE/L\"System\\CurrentControlSet\\Services\\Dfs\\Parameters\"Default value = 0If RootShareAcquireSuccessEvent is not 0 or is not present = Enable log.If RootShareAcquireSuccessEvent is 0 = Disable log.Whenever you change RootShareAcquireSuccessEvent, you must restart the DFSN service.\n * Addresses an issue that causes an increase in network traffic during update detection for Windows Updates. This issue occurs on devices that are configured to use an authenticated user proxy as the fallback method if update detection with a system proxy fails or there is no proxy.\n * Security updates to the Windows Shell, Windows User Account Control (UAC), Windows Fundamentals, Windows Core Networking, Windows Hybrid Cloud Networking, Windows Kernel, Windows Virtualization, the Microsoft Graphics Component, Internet Explorer, Microsoft Edge Legacy, and Windows Media.\nIf you installed earlier updates, only the new fixes contained in this package will be downloaded and installed on your device.For more information about the resolved security vulnerabilities, please refer to the new [Security Update Guide](<https://msrc.microsoft.com/update-guide>) website.\n\n**Windows Update Improvements**Microsoft has released an update directly to the Windows Update client to improve reliability. Any device running Windows 10 configured to receive updates automatically from Windows Update, including Enterprise and Pro editions, will be offered the latest Windows 10 feature update based on device compatibility and Windows Update for Business deferral policy. This doesn't apply to long-term servicing editions.\n\n## Known issues in this update\n\n**Symptom**| **Workaround** \n---|--- \nAfter installing updates released March 9, 2021 or March 15, 2021, you might get unexpected results when printing from some apps. Issues might include:\n\n * Elements of the document might print as solid black/color boxes or might be missing, including barcodes, QR codes, and graphics elements, such as logos.\n * Table lines might be missing. Other alignment or formatting issues might also be present.\n * Printing from some apps or to some printers might result in a blank page or label.\n| This issue is resolved in KB5001633. \n \n## How to get this update\n\n**Before installing this update**Microsoft strongly recommends you install the latest servicing stack update (SSU) for your operating system before installing the latest cumulative update (LCU). SSUs improve the reliability of the update process to mitigate potential issues while installing the LCU and applying Microsoft security fixes. For general information about SSUs, see [Servicing stack updates](<https://docs.microsoft.com/en-us/windows/deployment/update/servicing-stack-updates>) and Servicing Stack Updates (SSU): Frequently Asked Questions.If you are using Windows Update, the latest SSU (KB5001078) will be offered to you automatically. To get the standalone package for the latest SSU, search for it in the [Microsoft Update Catalog](<http://www.catalog.update.microsoft.com/home.aspx>). **Install this update****Release Channel**| **Available**| **Next Step** \n---|---|--- \nWindows Update and Microsoft Update| Yes| None. This update will be downloaded and installed automatically from Windows Update. \nMicrosoft Update Catalog| Yes| To get the standalone package for this update, go to the [Microsoft Update Catalog](<https://www.catalog.update.microsoft.com/Search.aspx?q=KB5000803>) website. \nWindows Server Update Services (WSUS)| Yes| This update will automatically sync with WSUS if you configure **Products and Classifications** as follows:**Product**: Windows 10**Classification**: Security Updates \n**File information**For a list of the files that are provided in this update, download the [file information for cumulative update 5000803](<https://download.microsoft.com/download/7/5/6/756f589c-b505-4341-b064-3f5e93f08aee/5000803.csv>). \n", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-03-09T08:00:00", "type": "mskb", "title": "March 9, 2021\u2014KB5000803 (OS Build 14393.4283)", "bulletinFamily": "microsoft", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.0, "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-17049", "CVE-2021-1640", "CVE-2021-26411"], "modified": "2021-03-09T08:00:00", "id": "KB5000803", "href": "https://support.microsoft.com/en-us/help/5000803", "cvss": {"score": 9.0, "vector": "AV:N/AC:L/Au:S/C:C/I:C/A:C"}}, {"lastseen": "2023-03-15T10:41:13", "description": "None\n**NEW 3/9/21** \n**IMPORTANT **As part of the end of support for Adobe Flash, KB4577586 is now available as an optional update from Windows Update (WU) and Windows Server Update Services (WSUS). Installing KB4577586 will remove Adobe Flash Player permanently from your Windows device. Once installed, you cannot uninstall KB4577586. For more details about Microsoft\u2019s plans, see [Update on Adobe Flash Player End of Support](<https://blogs.windows.com/msedgedev/2020/09/04/update-adobe-flash-end-support>).\n\n**12/8/20** \nFor information about Windows update terminology, see the article about the [types of Windows updates](<https://docs.microsoft.com/en-us/troubleshoot/windows-client/deployment/standard-terminology-software-updates>) and the [monthly quality update types](<https://techcommunity.microsoft.com/t5/windows-it-pro-blog/windows-10-update-servicing-cadence/ba-p/222376>). To view other notes and messages, see the Windows 10, version 1507 update history home page.\n\n## Highlights\n\n * Updates to improve security when using Microsoft Office products.\n * Updates security for the Windows user interface.\n\n## Improvements and fixes\n\nThis security update includes quality improvements. Key changes include:\n\n * Addresses an elevation of privilege security vulnerability documented in [CVE-2021-1640](<https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-1640>) related to print jobs submitted to \u201cFILE:\u201d ports. After installing Windows updates from March 9, 2021 and later, print jobs that are in a pending state before restarting the print spooler service or restarting the OS will remain in an error state. Manually delete the affected print jobs and resubmit them to the print queue when the print spooler service is online.\n * Security updates to the Windows Shell, Windows User Account Control (UAC), Windows Fundamentals, Windows Core Networking, the Microsoft Graphics Component, Internet Explorer, Microsoft Edge Legacy, and Windows Media.\nIf you installed earlier updates, only the new fixes contained in this package will be downloaded and installed on your device.For more information about the resolved security vulnerabilities, please refer to the new [Security Update Guide](<https://msrc.microsoft.com/update-guide>) website.\n\n**Windows Update Improvements**Microsoft has released an update directly to the Windows Update client to improve reliability. Any device running Windows 10 configured to receive updates automatically from Windows Update, including Enterprise and Pro editions, will be offered the latest Windows 10 feature update based on device compatibility and Windows Update for Business deferral policy. This doesn't apply to long-term servicing editions.\n\n## Known issues in this update\n\n**Symptom**| **Workaround** \n---|--- \nAfter installing updates released March 9, 2021 or March 15, 2021, you might get unexpected results when printing from some apps. Issues might include:\n\n * Elements of the document might print as solid black/color boxes or might be missing, including barcodes, QR codes, and graphics elements, such as logos.\n * Table lines might be missing. Other alignment or formatting issues might also be present.\n * Printing from some apps or to some printers might result in a blank page or label.\n| This issue is resolved in KB5001631. \n \n## How to get this update\n\n**Before installing this update**Microsoft strongly recommends you install the latest servicing stack update (SSU) for your operating system before installing the latest cumulative update (LCU). SSUs improve the reliability of the update process to mitigate potential issues while installing the LCU and applying Microsoft security fixes. For general information about SSUs, see [Servicing stack updates](<https://docs.microsoft.com/en-us/windows/deployment/update/servicing-stack-updates>) and Servicing Stack Updates (SSU): Frequently Asked Questions.If you are using Windows Update, the latest SSU (KB5001079) will be offered to you automatically. To get the standalone package for the latest SSU, search for it in the [Microsoft Update Catalog](<http://www.catalog.update.microsoft.com/home.aspx>).**Install this update****Release Channel**| **Available**| **Next Step** \n---|---|--- \nWindows Update and Microsoft Update| Yes| None. This update will be downloaded and installed automatically from Windows Update. \nMicrosoft Update Catalog| Yes| To get the standalone package for this update, go to the [Microsoft Update Catalog](<https://www.catalog.update.microsoft.com/Search.aspx?q=KB5000807>) website. \nWindows Server Update Services (WSUS)| Yes| This update will automatically sync with WSUS if you configure **Products and Classifications** as follows:**Product**: Windows 10**Classification**: Security Updates \n**File information**For a list of the files that are provided in this update, download the [file information for cumulative update 5000807](<https://download.microsoft.com/download/d/b/8/db8ecf43-5ffc-4a50-b422-6add89c7d6de/5000807.csv>). \n", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-03-09T08:00:00", "type": "mskb", "title": "March 9, 2021\u2014KB5000807 (OS Build 10240.18874)", "bulletinFamily": "microsoft", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 4.6, "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-1640"], "modified": "2021-03-09T08:00:00", "id": "KB5000807", "href": "https://support.microsoft.com/en-us/help/5000807", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-08-24T11:30:46", "description": "None\n**IMPORTANT** Windows Server 2012 has reached the end of mainstream support and is now in extended support. Starting in July 2020, there will no longer be optional releases (known as \"C\" or \"D\" releases) for this operating system. Operating systems in extended support have only cumulative monthly security updates (known as the \"B\" or Update Tuesday release).\n\n**NEW 11/10/20** \nFor more information about the various types of Windows updates, such as critical, security, driver, service packs, and so on, please see the following [article](<https://support.microsoft.com/help/824684>). To view other notes and messages, see the Windows Server 2012 update history [home page](<https://support.microsoft.com/help/4009471>).\n\n## Improvements and fixes\n\nThis security update includes quality improvements. Key changes include:\n\n * Corrects the DST start date for the Fiji Islands to December 20, 2020.\n * Addresses a security vulnerability by preventing applications that run as a SYSTEM account from printing to local ports that point to a file. Failing print jobs log error 50, \u201cThe request is not supported.\u201d in event ID 372 in the PrintService\\Admin event log. To address this issue going forward, make sure your applications or services run as a specific user or service account.\n * Security updates to Windows Graphics, Windows Silicon Platform, Windows Authentication, Windows Core Networking, Windows Peripherals, Windows Network Security and Containers, Windows Hybrid Storage Services, and Windows Remote Desktop.\nFor more information about the resolved security vulnerabilities, please refer to the [Security Update Guide](<https://portal.msrc.microsoft.com/security-guidance>).\n\n## Known issues in this update\n\n**Symptom**| **Workaround** \n---|--- \nCertain operations, such as **rename**, that you perform on files or folders that are on a Cluster Shared Volume (CSV) may fail with the error, \u201cSTATUS_BAD_IMPERSONATION_LEVEL (0xC00000A5)\u201d. This occurs when you perform the operation on a CSV owner node from a process that doesn\u2019t have administrator privilege.| Do one of the following:\n\n * Perform the operation from a process that has administrator privilege.\n * Perform the operation from a node that doesn\u2019t have CSV ownership.\nMicrosoft is working on a resolution and will provide an update in an upcoming release. \nAfter installing this update on domain controllers (DCs) and read-only domain controllers (RODCs) in your environment, you might encounter Kerberos authentication and ticket renewal issues. This is caused by an issue in how [CVE-2020-17049](<https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2020-17049>) was addressed in these updates.For specific symptoms and behaviors related to this issue, please see the [Windows release health](<https://docs.microsoft.com/windows/release-information/status-windows-server-2012#1522msgdesc>) page. **Note **This issue only affects Windows Servers, Windows 10 devices and applications in enterprise environments.| This issue is resolved in KB4594438. \n \n## How to get this update\n\n**Before installing this update**We strongly recommend that you install the latest servicing stack update (SSU) for your operating system before installing the latest Rollup. SSUs improve the reliability of the update process to mitigate potential issues while installing the Rollup and applying Microsoft security fixes. For general information about SSUs, see [Servicing stack updates](<https://docs.microsoft.com/en-us/windows/deployment/update/servicing-stack-updates>) and [Servicing Stack Updates (SSU): Frequently Asked Questions](<https://support.microsoft.com/help/4535697>).If you use Windows Update, the latest SSU ([KB4566426](<https://support.microsoft.com/help/4566426>)) will be offered to you automatically. To get the standalone package for the latest SSU, search for it in the [Microsoft Update Catalog](<http://www.catalog.update.microsoft.com/home.aspx>). \n\n**REMINDER** If you are using Security-only updates, you will also need to install all previous Security-only updates and the latest cumulative update for Internet Explorer ([KB4586768](<https://support.microsoft.com/help/4586768>)).\n\n**Install this update****Release Channel**| **Available**| **Next Step** \n---|---|--- \nWindows Update and Microsoft Update| No| See the other options below. \nMicrosoft Update Catalog| Yes| To get the standalone package for this update, go to the [Microsoft Update Catalog](<https://www.catalog.update.microsoft.com/Search.aspx?q=KB4586808>) website. \nWindows Server Update Services (WSUS)| Yes| This update will automatically sync with WSUS if you configure **Products and Classifications** as follows:**Product**: Windows Server 2012, Windows Embedded 8 Standard**Classification**: Security Update \n**File information**For a list of the files that are provided in this update, download the [file information for cumulative update 4586808](<https://download.microsoft.com/download/7/6/6/766e60b6-effb-432b-93ef-d280852cafe1/4586808.csv>).\n", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2020-11-10T08:00:00", "type": "mskb", "title": "November 10, 2020\u2014KB4586808 (Security-only update)", "bulletinFamily": "microsoft", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.0, "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-17049", "CVE-2020-17088"], "modified": "2020-11-10T08:00:00", "id": "KB4586808", "href": "https://support.microsoft.com/en-us/help/4586808", "cvss": {"score": 9.0, "vector": "AV:N/AC:L/Au:S/C:C/I:C/A:C"}}, {"lastseen": "2023-03-15T10:40:37", "description": "None\n**IMPORTANT** Windows Server 2012 has reached the end of mainstream support and is now in extended support. Starting in July 2020, there will no longer be optional releases (known as \"C\" or \"D\" releases) for this operating system. Operating systems in extended support have only cumulative monthly security updates (known as the \"B\" or Update Tuesday release).\n\n**NEW 11/10/20** \nFor more information about the various types of Windows updates, such as critical, security, driver, service packs, and so on, please see the following [article](<https://support.microsoft.com/help/824684>). To view other notes and messages, see the Windows Server 2012 update history [home page](<https://support.microsoft.com/help/4009471>).\n\n## Improvements and fixes\n\nThis security update includes improvements and fixes that were a part of update [KB4580382](<https://support.microsoft.com/help/4580382>) (released October 13, 2020) and addresses the following issues:\n\n * Corrects the DST start date for the Fiji Islands to December 20, 2020.\n * Addresses a security vulnerability by preventing applications that run as a SYSTEM account from printing to local ports that point to a file. Failing print jobs log error 50, \u201cThe request is not supported.\u201d in event ID 372 in the PrintService\\Admin event log. To address this issue going forward, make sure your applications or services run as a specific user or service account.\n * Security updates to Windows Graphics, Windows Silicon Platform, Windows Authentication, Windows Core Networking, Windows Peripherals, Windows Network Security and Containers, Windows Hybrid Storage Services, and Windows Remote Desktop.\nFor more information about the resolved security vulnerabilities, please refer to the new [Security Update Guide](<https://msrc.microsoft.com/update-guide>) website.\n\n## Known issues in this update\n\n**Symptom**| **Workaround** \n---|--- \nCertain operations, such as **rename**, that you perform on files or folders that are on a Cluster Shared Volume (CSV) may fail with the error, \u201cSTATUS_BAD_IMPERSONATION_LEVEL (0xC00000A5)\u201d. This occurs when you perform the operation on a CSV owner node from a process that doesn\u2019t have administrator privilege.| Do one of the following:\n\n * Perform the operation from a process that has administrator privilege.\n * Perform the operation from a node that doesn\u2019t have CSV ownership.\nMicrosoft is working on a resolution and will provide an update in an upcoming release. \nAfter installing this update on domain controllers (DCs) and read-only domain controllers (RODCs) in your environment, you might encounter Kerberos authentication and ticket renewal issues. This is caused by an issue in how [CVE-2020-17049](<https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2020-17049>) was addressed in these updates.For specific symptoms and behaviors related to this issue, please see the [Windows release health](<https://docs.microsoft.com/windows/release-information/status-windows-server-2012#1522msgdesc>) page. **Note **This issue only affects Windows Servers, Windows 10 devices and applications in enterprise environments.| This issue is resolved in KB4594438. \n \n## How to get this update\n\n**Before installing this update**We strongly recommend that you install the latest servicing stack update (SSU) for your operating system before installing the latest Rollup. SSUs improve the reliability of the update process to mitigate potential issues while installing the Rollup and applying Microsoft security fixes. For general information about SSUs, see [Servicing stack updates](<https://docs.microsoft.com/en-us/windows/deployment/update/servicing-stack-updates>) and [Servicing Stack Updates (SSU): Frequently Asked Questions](<https://support.microsoft.com/help/4535697>).If you use Windows Update, the latest SSU ([KB4566426](<https://support.microsoft.com/help/4566426>)) will be offered to you automatically. To get the standalone package for the latest SSU, search for it in the [Microsoft Update Catalog](<http://www.catalog.update.microsoft.com/home.aspx>). **Install this update****Release Channel**| **Available**| **Next Step** \n---|---|--- \nWindows Update and Microsoft Update| Yes| None. This update will be downloaded and installed automatically from Windows Update. \nMicrosoft Update Catalog| Yes| To get the standalone package for this update, go to the [Microsoft Update Catalog](<https://www.catalog.update.microsoft.com/Search.aspx?q=KB4586834>) website. \nWindows Server Update Services (WSUS)| Yes| This update will automatically sync with WSUS if you configure **Products and Classifications** as follows:**Product**: Windows Server 2012, Windows Embedded 8 Standard**Classification**: Security Updates \n**File information**For a list of the files that are provided in this update, download the [file information for update 4586834](<https://download.microsoft.com/download/3/7/5/37555c0d-b338-4516-8c2d-e3cab16c2829/4586834.csv>). \n", "cvss3": {"exploitabilityScore": 2.2, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.1, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2020-11-10T08:00:00", "type": "mskb", "title": "November 10, 2020\u2014KB4586834 (Monthly Rollup)", "bulletinFamily": "microsoft", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.0, "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-17049", "CVE-2020-17052"], "modified": "2020-11-10T08:00:00", "id": "KB4586834", "href": "https://support.microsoft.com/en-us/help/4586834", "cvss": {"score": 9.0, "vector": "AV:N/AC:L/Au:S/C:C/I:C/A:C"}}, {"lastseen": "2023-03-15T10:40:35", "description": "None\n**NEW 8/5/21 \nEXPIRATION NOTICE****IMPORTANT **As of 8/5/2021, this KB is no longer available from Windows Update, the Microsoft Update Catalog, or other release channels. We recommend that you update your devices to the latest security quality update. \n\n**UPDATED 11/10/20** \nFor more information about the various types of Windows updates, such as critical, security, driver, service packs, and so on, please see the following article. To view other notes and messages, see the Windows 10, version 1607 update history home page.\n\n## Highlights\n\n * Updates the 2020 DST start date for the Fiji Islands to December 20, 2020.\n * Updates to improve security when using Microsoft Office products.\n * Updates to improve security when Windows performs basic operations.\n\n## Improvements and fixes\n\nThis security update includes quality improvements. Key changes include:\n\n * Allows administrators to use a Group Policy to enable Save Target As for users in Microsoft Edge IE Mode.\n * Allows you to restrict the JScript Scripting Engine to a process.\n * Address an issue that causes an application to stop working if the app uses a hook.\n * Addresses an issue that causes the Microsoft Management Console (MMC) Group Policy application to stop working when you are editing the Group Policy Security settings. The error message is, \u201cMMC cannot initialize the snap-in.\u201d\n * Addresses an issue with devices on which Credential Guard is enabled; if these devices use a Machine Bound certificate, authentication requests might fail. This occurs because Windows 2016 and Windows 2019 domain controllers add duplicate KeyID values to the **msDS-KeyCredentialLink** attribute of these devices.\n * Addresses an issue that might cause stop error 7E in **nfssvr.sys** on servers running the Network File System (NFS) service.\n * Addresses an issue with Remote Desktop Session Host (RDSH) connection brokers that prevents users from connecting to a Remote Desktop in collections. This issue occurs because of an access violation in **tssdis.exe**.\n * Addresses an issue that causes the Windows Management Instrumentation (WMI) Provider Host (**WmiPrvSE.exe**) to leak registry key handles when querying **Win32_RDCentralPublishedDeploymentSettings**.\n * Updates the 2020 DST start date for the Fiji Islands to December 20, 2020.\n * Addresses an issue that might cause Windows 10 devices that enable Credential Guard to fail authentication requests when they use the machine certificate.\n * Addresses an issue with incorrect Canonical Display Driver (CDD) buffer flushing, which degrades performance in Remote Desktop Protocol (RDP) Windows 2000 Display Driver Model (XDDM) scenarios. This issue affects applications that use graphics processing units (GPU) to operate, such as Microsoft Teams, Microsoft Office, and web browsers.\n * Addresses a security vulnerability by preventing applications that run as a SYSTEM account from printing to local ports that point to a file. Failing print jobs log error 50, \u201cThe request is not supported.\u201d in event ID 372 in the PrintService\\Admin event log. To address this issue in the future, make sure your applications or services run as a specific user or service account.\n * Addresses an issue with remote procedure call (RPC) runtime that might cause memory to leak. As a result, performance degrades, which causes high CPU usage, slowness, or resource depletion.\n * Security updates to the Microsoft Scripting Engine, the Microsoft Graphics Component, the Windows Wallet Service, Windows Fundamentals, the Windows Kernel, and Windows Virtualization.\nIf you installed earlier updates, only the new fixes contained in this package will be downloaded and installed on your device.For more information about the resolved security vulnerabilities, please refer to the new [Security Update Guide](<https://msrc.microsoft.com/update-guide>) website.\n\n**Windows Update Improvements**Microsoft has released an update directly to the Windows Update client to improve reliability. Any device running Windows 10 configured to receive updates automatically from Windows Update, including Enterprise and Pro editions, will be offered the latest Windows 10 feature update based on device compatibility and Windows Update for Business deferral policy. This doesn't apply to long-term servicing editions.\n\n## Known issues in this update\n\n**Symptom**| **Workaround** \n---|--- \nAfter installing KB4467684, the cluster service may fail to start with the error \u201c2245 (NERR_PasswordTooShort)\u201d if the group policy \u201cMinimum Password Length\u201d is configured with greater than 14 characters.| Set the domain default \"Minimum Password Length\" policy to less than or equal to 14 characters.Microsoft is working on a resolution and will provide an update in an upcoming release. \nAfter installing this update on domain controllers (DCs) and read-only domain controllers (RODCs) in your environment, you might encounter Kerberos authentication and ticket renewal issues. This is caused by an issue in how [CVE-2020-17049](<https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2020-17049>) was addressed in these updates.For specific symptoms and behaviors related to this issue, please see the [Windows release health](<https://docs.microsoft.com/windows/release-information/status-windows-10-1607-and-windows-server-2016#1522msgdesc>) page. **Note **This issue only affects Windows Servers, Windows 10 devices and applications in enterprise environments.| This issue is resolved in KB4594441. \n \n## How to get this update\n\n**Before installing this update**Microsoft strongly recommends you install the latest servicing stack update (SSU) for your operating system before installing the latest cumulative update (LCU). SSUs improve the reliability of the update process to mitigate potential issues while installing the LCU and applying Microsoft security fixes. For general information about SSUs, see [Servicing stack updates](<https://docs.microsoft.com/en-us/windows/deployment/update/servicing-stack-updates>) and Servicing Stack Updates (SSU): Frequently Asked Questions.If you are using Windows Update, the latest SSU (KB4576750) will be offered to you automatically. To get the standalone package for the latest SSU, search for it in the [Microsoft Update Catalog](<http://www.catalog.update.microsoft.com/home.aspx>). **Install this update****Release Channel**| **Available**| **Next Step** \n---|---|--- \nWindows Update and Microsoft Update| Yes| None. This update will be downloaded and installed automatically from Windows Update. \nMicrosoft Update Catalog| Yes| To get the standalone package for this update, go to the [Microsoft Update Catalog](<https://www.catalog.update.microsoft.com/Search.aspx?q=KB4586830>) website. \nWindows Server Update Services (WSUS)| Yes| This update will automatically sync with WSUS if you configure **Products and Classifications** as follows:**Product**: Windows 10**Classification**: Security Updates \n**File information**For a list of the files that are provided in this update, download the [file information for cumulative update 4586830](<https://download.microsoft.com/download/4/5/a/45ab9419-b92c-4a5f-812a-a9bcbff58398/4586830.csv>).\n", "cvss3": {"exploitabilityScore": 2.2, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.1, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2020-11-10T08:00:00", "type": "mskb", "title": "November 10, 2020\u2014KB4586830 (OS Build 14393.4046) - EXPIRED", "bulletinFamily": "microsoft", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.0, "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-17049", "CVE-2020-17052"], "modified": "2020-11-10T08:00:00", "id": "KB4586830", "href": "https://support.microsoft.com/en-us/help/4586830", "cvss": {"score": 9.0, "vector": "AV:N/AC:L/Au:S/C:C/I:C/A:C"}}, {"lastseen": "2023-03-15T10:40:24", "description": "None\n**NEW 11/10/20 \nIMPORTANT** Because of minimal operations during the holidays and the upcoming Western new year, there won\u2019t be a preview release (known as a \u201cC\u201d release) for the month of December 2020. There will be a monthly security release (known as a \u201cB\u201d release) for December 2020. Normal monthly servicing for both B and C releases will resume in January 2021.\n\n**UPDATED 11/10/20** \nFor more information about the various types of Windows updates, such as critical, security, driver, service packs, and so on, please see the following article. To view other notes and messages, see the Windows 10, version 2004 update history home page.**Note **Follow [@WindowsUpdate](<https://twitter.com/windowsupdate>) to find out when new content is published to the release information dashboard.\n\n## Highlights\n\n * Updates to improve security when using input devices such as a mouse, keyboard, or pen.\n * Updates to improve security when using Microsoft Office products.\n * Updates to improve security when Windows performs basic operations.\n * Updates the 2020 DST start date for the Fiji Islands to December 20, 2020.\n\n## Improvements and fixes\n\n## \n\n__\n\nWindows 10, version 20H2\n\nThis security update includes quality improvements. Key changes include:\n\n * This build includes all the improvements from Windows 10, version 2004.\n * No additional issues were documented for this release.\n\n## \n\n__\n\nWindows 10, version 2004\n\n**Note **This release also contains updates for Microsoft HoloLens (OS Build 19041.1128) released November 10, 2020. Microsoft will release an update directly to the Windows Update Client to improve Windows Update reliability on Microsoft HoloLens that have not updated to this most recent OS Build.\n\nThis security update includes quality improvements. Key changes include:\n\n * Updates the 2020 DST start date for the Fiji Islands to December 20, 2020.\n * Addresses a security vulnerability by preventing applications that run as a SYSTEM account from printing to local ports that point to a file. Failing print jobs log error 50, \u201cThe request is not supported.\u201d in event ID 372 in the PrintService\\Admin event log. To address this issue in the future, make sure your applications or services run as a specific user or service account.\n * Security updates to the Microsoft Scripting Engine, Windows Input and Composition, Microsoft Graphics Component, the Windows Wallet Service, Windows Fundamentals, and the Windows Kernel.\nIf you installed earlier updates, only the new fixes contained in this package will be downloaded and installed on your device.For more information about the resolved security vulnerabilities, please refer to the new [Security Update Guide](<https://msrc.microsoft.com/update-guide>) website.\n\n**Windows Update Improvements**Microsoft has released an update directly to the Windows Update client to improve reliability. Any device running Windows 10 configured to receive updates automatically from Windows Update, including Enterprise and Pro editions, will be offered the latest Windows 10 feature update based on device compatibility and Windows Update for Business deferral policy. This doesn't apply to long-term servicing editions.\n\n## Known issues in this update\n\n**Symptom**| **Workaround** \n---|--- \nUsers of the Microsoft Input Method Editor (IME) for Japanese or Chinese languages might experience issues when attempting various tasks. You might have issues with input, receive unexpected results, or might not be able to enter text.| All IME issues listed in KB4564002 were resolved in KB4586853. \nSystem and user certificates might be lost when updating a device from Windows 10, version 1809 or later to a later version of Windows 10. Devices will only be impacted if they have already installed any Latest cumulative update (LCU) released September 16, 2020 or later and then proceed to update to a later version of Windows 10 from media or an installation source which does not have an LCU released October 13, 2020 or later integrated. This primarily happens when managed devices are updated using outdated bundles or media through an update management tool such as Windows Server Update Services (WSUS) or Microsoft Endpoint Configuration Manager. This might also happen when using outdated physical media or ISO images that do not have the latest updates integrated.**Note **Devices using Windows Update for Business or that connect directly to Windows Update are not impacted. Any device connecting to Windows Update should always receive the latest versions of the feature update, including the latest LCU, without any extra steps.| This issue is resolved in KB4592438. \nAfter installing this update on domain controllers (DCs) and read-only domain controllers (RODCs) in your environment, you might encounter Kerberos authentication and ticket renewal issues. This is caused by an issue in how [CVE-2020-17049](<https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2020-17049>) was addressed in these updates.For specific symptoms and behaviors related to this issue, please see the Windows release health page for [Windows Server, version 20H2](<https://docs.microsoft.com/windows/release-information/status-windows-10-20h2#1522msgdesc>) or [Windows Server, version 2004](<https://docs.microsoft.com/windows/release-information/status-windows-10-2004#1522msgdesc>) . **Note **This issue only affects Windows Servers, Windows 10 devices and applications in enterprise environments.| This issue is resolved in KB4594440. \nWhen using the Microsoft Japanese Input Method Editor (IME) to enter Kanji characters in an app that automatically allows the input of Furigana characters, you might not get the correct Furigana characters. You might need to enter the Furigana characters manually.**Note** The affected apps are using the **ImmGetCompositionString()** function.| This issue is resolved in KB5005101. \n \n## How to get this update\n\n**Before installing this update**Microsoft strongly recommends you install the latest servicing stack update (SSU) for your operating system before installing the latest cumulative update (LCU). SSUs improve the reliability of the update process to mitigate potential issues while installing the LCU and applying Microsoft security fixes. For general information about SSUs, see [Servicing stack updates](<https://docs.microsoft.com/en-us/windows/deployment/update/servicing-stack-updates>) and Servicing Stack Updates (SSU): Frequently Asked Questions.If you are using Windows Update, the latest SSU (KB4586864) will be offered to you automatically. To get the standalone package for the latest SSU, search for it in the [Microsoft Update Catalog](<http://www.catalog.update.microsoft.com/home.aspx>).**Release Channel**| **Available**| **Next Step** \n---|---|--- \nWindows Update and Microsoft Update| Yes| None. This update will be downloaded and installed automatically from Windows Update. \nMicrosoft Update Catalog| Yes| To get the standalone package for this update, go to the [Microsoft Update Catalog](<https://www.catalog.update.microsoft.com/Search.aspx?q=KB4586781>) website. \nWindows Server Update Services (WSUS)| Yes| This update will automatically sync with WSUS if you configure **Products and Classifications** as follows:**Product**: Windows 10, version 1903 and later**Classification**: Security Updates \n**File information**For a list of the files that are provided in this update, download the [file information for cumulative update 4586781](<https://download.microsoft.com/download/9/0/c/90c20c3f-2cae-4cbb-93ab-ef00942e46d2/4586781.csv>). **Note** Some files erroneously have \u201cNot applicable\u201d in the \u201cFile version\u201d column of the CSV file. This might lead to false positives or false negatives when using some third-party scan detection tools to validate the build.\n", "cvss3": {"exploitabilityScore": 2.2, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.1, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2020-11-10T08:00:00", "type": "mskb", "title": "November 10, 2020\u2014KB4586781 (OS Builds 19041.630 and 19042.630)", "bulletinFamily": "microsoft", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.0, "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-17049", "CVE-2020-17052"], "modified": "2020-11-10T08:00:00", "id": "KB4586781", "href": "https://support.microsoft.com/en-us/help/4586781", "cvss": {"score": 9.0, "vector": "AV:N/AC:L/Au:S/C:C/I:C/A:C"}}, {"lastseen": "2022-08-24T11:30:47", "description": "None\n**IMPORTANT** Windows 8.1 and Windows Server 2012 R2 have reached the end of mainstream support and are now in extended support. Starting in July 2020, there will no longer be optional, non-security releases (known as \"C\" releases) for this operating system. Operating systems in extended support have only cumulative monthly security updates (known as the \"B\" or Update Tuesday release).\n\n**NEW 11/10/20** \nFor more information about the various types of Windows updates, such as critical, security, driver, service packs, and so on, please see the following [article](<https://support.microsoft.com/help/824684>). To view other notes and messages, see the Windows 8.1 and Windows Server 2012 R2 update history [home page](<https://support.microsoft.com/help/4009470>).\n\n## Improvements and fixes\n\nThis security update includes quality improvements. Key changes include:\n\n * Corrects the DST start date for the Fiji Islands to December 20, 2020.\n * Addresses a security vulnerability by preventing applications that run as a SYSTEM account from printing to local ports that point to a file. Failing print jobs log error 50, \u201cThe request is not supported.\u201d in event ID 372 in the PrintService\\Admin event log. To address this issue going forward, make sure your applications or services run as a specific user or service account.\n * Security updates to Windows Graphics, Windows Silicon Platform, Windows Authentication, Windows Core Networking, Windows Peripherals, Windows Network Security and Containers, Windows Hybrid Storage Services, and Windows Remote Desktop.\nFor more information about the resolved security vulnerabilities, please refer to the new [Security Update Guide](<https://msrc.microsoft.com/update-guide>) website.\n\n## Known issues in this update\n\n**Symptom**| **Workaround** \n---|--- \nCertain operations, such as **rename**, that you perform on files or folders that are on a Cluster Shared Volume (CSV) may fail with the error, \u201cSTATUS_BAD_IMPERSONATION_LEVEL (0xC00000A5)\u201d. This occurs when you perform the operation on a CSV owner node from a process that doesn\u2019t have administrator privilege.| Do one of the following:\n\n * Perform the operation from a process that has administrator privilege.\n * Perform the operation from a node that doesn\u2019t have CSV ownership.\nMicrosoft is working on a resolution and will provide an update in an upcoming release. \nAfter installing this update on domain controllers (DCs) and read-only domain controllers (RODCs) in your environment, you might encounter Kerberos authentication and ticket renewal issues. This is caused by an issue in how [CVE-2020-17049](<https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2020-17049>) was addressed in these updates.For specific symptoms and behaviors related to this issue, please see the [Windows release health](<https://docs.microsoft.com/windows/release-information/status-windows-8.1-and-windows-server-2012-r2#1522msgdesc>) page. **Note **This issue only affects Windows Servers, Windows 10 devices and applications in enterprise environments.| This issue is resolved in KB4594439. \n \n## How to get this update\n\n**Before installing this update**We strongly recommend that you install the latest servicing stack update (SSU) for your operating system before you install the latest Rollup. SSUs improve the reliability of the update process to mitigate potential issues while installing the Rollup and applying Microsoft security fixes. For general information about SSUs, see [Servicing stack updates](<https://docs.microsoft.com/en-us/windows/deployment/update/servicing-stack-updates>) and [Servicing Stack Updates (SSU): Frequently Asked Questions](<https://support.microsoft.com/help/4535697>).If you use Windows Update, the latest SSU ([KB4566425](<https://support.microsoft.com/help/4566425>)) will be offered to you automatically. To get the standalone package for the latest SSU, search for it in the [Microsoft Update Catalog](<http://www.catalog.update.microsoft.com/home.aspx>). \n\n**REMINDER** If you are using Security-only updates, you will also need to install all previous Security-only updates and the latest cumulative update for Internet Explorer ([KB4586768](<https://support.microsoft.com/help/4586768>)).\n\n**Install this update****Release Channel**| **Available**| **Next Step** \n---|---|--- \nWindows Update and Microsoft Update| No| See the other options below. \nMicrosoft Update Catalog| Yes| To get the standalone package for this update, go to the [Microsoft Update Catalog](<https://www.catalog.update.microsoft.com/Search.aspx?q=KB4586823>) website. \nWindows Server Update Services (WSUS)| Yes| This update will automatically sync with WSUS if you configure **Products and Classifications** as follows:**Product**: Windows 8.1, Windows Server 2012 R2, Windows Embedded 8.1 Industry Enterprise, Windows Embedded 8.1 Industry Pro**Classification**: Security Updates \n**File information**For a list of the files that are provided in this update, download the [file information for update 4586823](<https://download.microsoft.com/download/f/a/9/fa9ab938-dc38-44c6-84de-f5a964c3d8b2/4586823.csv>). \n", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2020-11-10T08:00:00", "type": "mskb", "title": "November 10, 2020\u2014KB4586823 (Security-only update)", "bulletinFamily": "microsoft", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.0, "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-17049", "CVE-2020-17088"], "modified": "2020-11-10T08:00:00", "id": "KB4586823", "href": "https://support.microsoft.com/en-us/help/4586823", "cvss": {"score": 9.0, "vector": "AV:N/AC:L/Au:S/C:C/I:C/A:C"}}, {"lastseen": "2022-08-24T11:30:45", "description": "None\n**NEW 8/5/21 \nEXPIRATION NOTICE****IMPORTANT **As of 8/5/2021, this KB is no longer available from Windows Update, the Microsoft Update Catalog, or other release channels. We recommend that you update your devices to the latest security quality update. \n\n**NEW 11/10/20 \nIMPORTANT** Because of minimal operations during the holidays and the upcoming Western new year, there won\u2019t be a preview release (known as a \u201cC\u201d release) for the month of December 2020. There will be a monthly security release (known as a \u201cB\u201d release) for December 2020. Normal monthly servicing for both B and C releases will resume in January 2021.\n\n**UPDATED 11/10/20** \nFor more information about the various types of Windows updates, such as critical, security, driver, service packs, and so on, please see the following article. To view other notes and messages, see the Windows 10, version 1903 update history home page.**Note **Follow [@WindowsUpdate](<https://twitter.com/windowsupdate>) to find out when new content is published to the release information dashboard.\n\n## Highlights\n\n * Updates the 2020 DST start date for the Fiji Islands to December 20, 2020.\n * Updates to improve security when using Microsoft Office products.\n * Updates to improve security when using input devices such as a mouse, keyboard, or pen.\n * Updates to improve security when Windows performs basic operations.\n\n## Improvements and fixes\n\n## \n\n__\n\nWindows 10, version 1909\n\nThis security update includes quality improvements. Key changes include:\n\n * This build includes all the improvements from Windows 10, version 1903.\n * No additional issues were documented for this release.\n\n## \n\n__\n\nWindows 10, version 1903\n\n**Note **This release also contains updates for Microsoft HoloLens (OS Build 18362.1085) released November 10, 2020. Microsoft will release an update directly to the Windows Update Client to improve Windows Update reliability on Microsoft HoloLens that have not updated to this most recent OS Build.\n\nThis security update includes quality improvements. Key changes include:\n\n * Updates the 2020 DST start date for the Fiji Islands to December 20, 2020.\n * Addresses an issue with the package frame launcher (PSF) that passes a malformed parameter to a shim.\n * Addresses a security vulnerability by preventing applications that run as a SYSTEM account from printing to local ports that point to a file. Failing print jobs log error 50, \u201cThe request is not supported.\u201d in event ID 372 in the PrintService\\Admin event log. To address this issue in the future, make sure your applications or services run as a specific user or service account.\n * Security updates to the Microsoft Scripting Engine, the Microsoft Graphics Component, Windows Input and Composition, the Windows Wallet Service, Windows Fundamentals, and the Windows Kernel.\nIf you installed earlier updates, only the new fixes contained in this package will be downloaded and installed on your device.For more information about the resolved security vulnerabilities, please refer to the new [Security Update Guide](<https://msrc.microsoft.com/update-guide>) website.\n\n**Windows Update Improvements**Microsoft has released an update directly to the Windows Update client to improve reliability. Any device running Windows 10 configured to receive updates automatically from Windows Update, including Enterprise and Pro editions, will be offered the latest Windows 10 feature update based on device compatibility and Windows Update for Business deferral policy. This doesn't apply to long-term servicing editions.\n\n## Known issues in this update\n\n**Symptom**| **Workaround** \n---|--- \nSystem and user certificates might be lost when updating a device from Windows 10, version 1809 or later to a later version of Windows 10. Devices will only be impacted if they have already installed any Latest cumulative update (LCU) released September 16, 2020 or later and then proceed to update to a later version of Windows 10 from media or an installation source which does not have an LCU released October 13, 2020 or later integrated. This primarily happens when managed devices are updated using outdated bundles or media through an update management tool such as Windows Server Update Services (WSUS) or Microsoft Endpoint Configuration Manager. This might also happen when using outdated physical media or ISO images that do not have the latest updates integrated.**Note **Devices using Windows Update for Business or that connect directly to Windows Update are not impacted. Any device connecting to Windows Update should always receive the latest versions of the feature update, including the latest LCU, without any extra steps.| This issue is resolved in KB4592449. \nAfter installing this update on domain controllers (DCs) and read-only domain controllers (RODCs) in your environment, you might encounter Kerberos authentication and ticket renewal issues. This is caused by an issue in how [CVE-2020-17049](<https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2020-17049>) was addressed in these updates.For specific symptoms and behaviors related to this issue, please see the Windows release health page for [Windows Server, version 1909](<https://docs.microsoft.com/windows/release-information/status-windows-10-1909#1522msgdesc>) or [Windows Server, version 1903](<https://docs.microsoft.com/windows/release-information/status-windows-10-1903#1522msgdesc>). **Note **This issue only affects Windows Servers, Windows 10 devices and applications in enterprise environments.| This issue is resolved in KB4594443. \n \n## How to get this update\n\n**Before installing this update**Microsoft strongly recommends you install the latest servicing stack update (SSU) for your operating system before installing the latest cumulative update (LCU). SSUs improve the reliability of the update process to mitigate potential issues while installing the LCU and applying Microsoft security fixes. For general information about SSUs, see [Servicing stack updates](<https://docs.microsoft.com/en-us/windows/deployment/update/servicing-stack-updates>) and Servicing Stack Updates (SSU): Frequently Asked Questions.If you are using Windows Update, the latest SSU (KB4586863) will be offered to you automatically. To get the standalone package for the latest SSU, search for it in the [Microsoft Update Catalog](<http://www.catalog.update.microsoft.com/home.aspx>).**Install this update****Release Channel**| **Available**| **Next Step** \n---|---|--- \nWindows Update and Microsoft Update| Yes| None. This update will be downloaded and installed automatically from Windows Update. \nMicrosoft Update Catalog| Yes| To get the standalone package for this update, go to the [Microsoft Update Catalog](<https://www.catalog.update.microsoft.com/Search.aspx?q=KB4586786>) website. \nWindows Server Update Services (WSUS)| Yes| This update will automatically sync with WSUS if you configure **Products and Classifications** as follows:**Product**: Windows 10, version 1903 and later**Classification**: Security Updates \n**File information**For a list of the files that are provided in this update, download the [file information for cumulative update 4586786](<https://download.microsoft.com/download/b/f/d/bfd14412-228d-4d32-9445-baa32275c0d5/4586786.csv>). **Note** Some files erroneously have \u201cNot applicable\u201d in the \u201cFile version\u201d column of the CSV file. This might lead to false positives or false negatives when using some third-party scan detection tools to validate the build.\n", "cvss3": {"exploitabilityScore": 2.2, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.1, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2020-11-10T08:00:00", "type": "mskb", "title": "November 10, 2020\u2014KB4586786 (OS Builds 18362.1198 and 18363.1198) - EXPIRED", "bulletinFamily": "microsoft", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.0, "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-17049", "CVE-2020-17052"], "modified": "2020-11-10T08:00:00", "id": "KB4586786", "href": "https://support.microsoft.com/en-us/help/4586786", "cvss": {"score": 9.0, "vector": "AV:N/AC:L/Au:S/C:C/I:C/A:C"}}, {"lastseen": "2023-03-15T10:40:37", "description": "None\n**IMPORTANT** Windows 8.1 and Windows Server 2012 R2 have reached the end of mainstream support and are now in extended support. Starting in July 2020, there will no longer be optional, non-security releases (known as \"C\" releases) for this operating system. Operating systems in extended support have only cumulative monthly security updates (known as the \"B\" or Update Tuesday release).\n\n**NEW 11/10/20** \nFor more information about the various types of Windows updates, such as critical, security, driver, service packs, and so on, please see the following [article](<https://support.microsoft.com/help/824684>). To view other notes and messages, see the Windows 8.1 and Windows Server 2012 R2 update history [home page](<https://support.microsoft.com/help/4009470>).\n\n## Improvements and fixes\n\nThis security update includes improvements and fixes that were a part of update [KB4580347](<https://support.microsoft.com/help/4580347>) (released October 13, 2020) and addresses the following issues:\n\n * Corrects the DST start date for the Fiji Islands to December 20, 2020.\n * Allows administrators to enable \"Save target as\" through Group Policy for users in Microsoft Edge IE mode.\n * Addresses a security vulnerability by preventing applications that run as a SYSTEM account from printing to local ports that point to a file. Failing print jobs log error 50, \u201cThe request is not supported.\u201d in event ID 372 in the PrintService\\Admin event log. To address this issue going forward, make sure your applications or services run as a specific user or service account.\n * Security updates to Windows Graphics, Windows Silicon Platform, Windows Authentication, Windows Core Networking, Windows Peripherals, Windows Network Security and Containers, Windows Hybrid Storage Services, Windows Remote Desktop, and Microsoft Scripting Engine.\nFor more information about the resolved security vulnerabilities, please refer to the new [Security Update Guide](<https://msrc.microsoft.com/update-guide>) website.\n\n## Known issues in this update\n\n**Symptom**| **Workaround** \n---|--- \nCertain operations, such as **rename**, that you perform on files or folders that are on a Cluster Shared Volume (CSV) may fail with the error, \u201cSTATUS_BAD_IMPERSONATION_LEVEL (0xC00000A5)\u201d. This occurs when you perform the operation on a CSV owner node from a process that doesn\u2019t have administrator privilege.| Do one of the following:\n\n * Perform the operation from a process that has administrator privilege.\n * Perform the operation from a node that doesn\u2019t have CSV ownership.\nMicrosoft is working on a resolution and will provide an update in an upcoming release. \nAfter installing this update on domain controllers (DCs) and read-only domain controllers (RODCs) in your environment, you might encounter Kerberos authentication and ticket renewal issues. This is caused by an issue in how [CVE-2020-17049](<https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2020-17049>) was addressed in these updates.For specific symptoms and behaviors related to this issue, please see the [Windows release health](<https://docs.microsoft.com/windows/release-information/status-windows-8.1-and-windows-server-2012-r2#1522msgdesc>) page. **Note **This issue only affects Windows Servers, Windows 10 devices and applications in enterprise environments.| This issue is resolved in [KB4594439](<https://support.microsoft.com/help/4594439>). \n \n## How to get this update\n\n**Before installing this update**We strongly recommend that you install the latest servicing stack update (SSU) for your operating system before you install the latest Rollup. SSUs improve the reliability of the update process to mitigate potential issues while installing the Rollup and applying Microsoft security fixes. For general information about SSUs, see [Servicing stack updates](<https://docs.microsoft.com/en-us/windows/deployment/update/servicing-stack-updates>) and [Servicing Stack Updates (SSU): Frequently Asked Questions](<https://support.microsoft.com/help/4535697>).If you use Windows Update, the latest SSU ([KB4566425](<https://support.microsoft.com/help/4566425>)) will be offered to you automatically. To get the standalone package for the latest SSU, search for it in the [Microsoft Update Catalog](<http://www.catalog.update.microsoft.com/home.aspx>). **Install this update****Release Channel**| **Available**| **Next Step** \n---|---|--- \nWindows Update and Microsoft Update| Yes| None. This update will be downloaded and installed automatically from Windows Update. \nMicrosoft Update Catalog| Yes| To get the standalone package for this update, go to the [Microsoft Update Catalog](<https://www.catalog.update.microsoft.com/Search.aspx?q=KB4586845>) website. \nWindows Server Update Services (WSUS)| Yes| This update will automatically sync with WSUS if you configure **Products and Classifications** as follows:**Product**: Windows 8.1, Windows Server 2012 R2, Windows Embedded 8.1 Industry Enterprise, Windows Embedded 8.1 Industry Pro**Classification**: Security Updates \n**File information**For a list of the files that are provided in this update, download the [file information for update 4586845](<https://download.microsoft.com/download/3/9/b/39bf949e-bdf1-45bd-aa1d-0a7568d0e3f2/4586845.csv>). \n", "cvss3": {"exploitabilityScore": 2.2, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.1, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2020-11-10T08:00:00", "type": "mskb", "title": "November 10, 2020\u2014KB4586845 (Monthly Rollup)", "bulletinFamily": "microsoft", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.0, "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-17049", "CVE-2020-17052"], "modified": "2020-11-10T08:00:00", "id": "KB4586845", "href": "https://support.microsoft.com/en-us/help/4586845", "cvss": {"score": 9.0, "vector": "AV:N/AC:L/Au:S/C:C/I:C/A:C"}}, {"lastseen": "2023-03-15T10:40:58", "description": "None\n**IMPORTANT** Adobe Flash Player went out of support on December 31, 2020. For more information, see [Adobe Flash end of support on December 31, 2020](<https://docs.microsoft.com/en-us/lifecycle/announcements/adobe-flash-end-of-support#:~:text=Adobe%20will%20end%20support%20of,site%2Dby%2Dsite%20basis.>). Flash content will be blocked from running in Flash Player beginning January 12, 2021. For more information, see [Adobe Flash Player EOL General Information Page](<https://www.adobe.com/products/flashplayer/end-of-life.html>).\n\n**IMPORTANT** Windows Server 2012 has reached the end of mainstream support and is now in extended support. Starting in July 2020, there will no longer be optional releases (known as \"C\" or \"D\" releases) for this operating system. Operating systems in extended support have only cumulative monthly security updates (known as the \"B\" or Update Tuesday release).\n\nFor information about the various types of Windows updates, such as critical, security, driver, service packs, and so on, please see the following [article](<https://support.microsoft.com/help/824684>). To view other notes and messages, see the Windows Server 2012 update history [home page](<https://support.microsoft.com/help/4009471>).\n\n## Improvements and fixes\n\nThis security update includes improvements and fixes that were a part of update [KB4592468](<https://support.microsoft.com/help/4592468>) (released previous December 8, 2020) and addresses the following issues:\n\n * Addresses a security bypass vulnerability that exists in the way the Printer Remote Procedure Call (RPC) binding handles authentication for the remote Winspool interface. For more information, see [KB4599464](<https://support.microsoft.com/help/4599464>).\n * Addresses a security vulnerability issue with HTTPS-based intranet servers. After you install this update, HTTPS-based intranet servers cannot leverage a user proxy to detect updates by default. Scans that use these servers will fail if the clients do not have a configured system proxy. \n \nIf you must leverage a user proxy, you must configure the behavior by using the Windows Update policy **Allow user proxy to be used as a fallback if detection using system proxy fails**. To make sure that the highest levels of security, additionally leverage Windows Server Update Services (WSUS) Transport Layer Security (TLS) certificate pinning on all devices. For more information, see [Changes to scans, improved security for Windows devices](<https://aka.ms/WSUS-scans-part2>). \n \n**Note** This change does not affect customers who use HTTP WSUS servers.\n * Addresses an issue in which a principal in a trusted Managed Identity for Application (MIT) realm does not obtain a Kerberos Service ticket from Active Directory domain controllers (DCs). This issue occurs after Windows Updates that contains [CVE-2020-17049](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2020-17049>) protections released between November 10 and December 8, 2020 are installed and **PerfromTicketSignature** is configured to **1** or higher. Ticket acquisition fails with **KRB_GENERIC_ERROR** if callers submit a PAC-less Ticket Granting Ticket (TGT) as an evidence ticket without providing the **USER_NO_AUTH_DATA_REQUIRED** flag.\n * Security updates to Windows App Platform and Frameworks, Windows Graphics, Windows Media, Windows Fundamentals, Windows Cryptography, Windows Virtualization, and Windows Hybrid Storage Services.\nFor more information about the resolved security vulnerabilities, please refer to the new [Security Update Guide](<https://msrc.microsoft.com/update-guide>) website.\n\n## Known issues in this update\n\n**Symptom**| **Workaround** \n---|--- \nCertain operations, such as **rename**, that you perform on files or folders that are on a Cluster Shared Volume (CSV) may fail with the error, \u201cSTATUS_BAD_IMPERSONATION_LEVEL (0xC00000A5)\u201d. This occurs when you perform the operation on a CSV owner node from a process that doesn\u2019t have administrator privilege.| Do one of the following:\n\n * Perform the operation from a process that has administrator privilege.\n * Perform the operation from a node that doesn\u2019t have CSV ownership.\nMicrosoft is working on a resolution and will provide an update in an upcoming release. \n \n## How to get this update\n\n**Before installing this update**We strongly recommend that you install the latest servicing stack update (SSU) for your operating system before installing the latest Rollup. SSUs improve the reliability of the update process to mitigate potential issues while installing the Rollup and applying Microsoft security fixes. For general information about SSUs, see [Servicing stack updates](<https://docs.microsoft.com/en-us/windows/deployment/update/servicing-stack-updates>) and [Servicing Stack Updates (SSU): Frequently Asked Questions](<https://support.microsoft.com/help/4535697>).If you use Windows Update, the latest SSU ([KB4566426](<https://support.microsoft.com/help/4566426>)) will be offered to you automatically. To get the standalone package for the latest SSU, search for it in the [Microsoft Update Catalog](<http://www.catalog.update.microsoft.com/home.aspx>). **Install this update****Release Channel**| **Available**| **Next Step** \n---|---|--- \nWindows Update and Microsoft Update| Yes| None. This update will be downloaded and installed automatically from Windows Update. \nMicrosoft Update Catalog| Yes| To get the standalone package for this update, go to the [Microsoft Update Catalog](<https://www.catalog.update.microsoft.com/Search.aspx?q=KB4598278>) website. \nWindows Server Update Services (WSUS)| Yes| This update will automatically sync with WSUS if you configure **Products and Classifications** as follows:**Product**: Windows Server 2012, Windows Embedded 8 Standard**Classification**: Security Updates \n**File information**For a list of the files that are provided in this update, download the [file information for update 4598278](<https://download.microsoft.com/download/2/c/c/2cc78328-eccd-4783-9752-db07d15856f6/4598278.csv>). \n", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2021-01-12T08:00:00", "type": "mskb", "title": "January 12, 2021\u2014KB4598278 (Monthly Rollup)", "bulletinFamily": "microsoft", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.0, "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-17049", "CVE-2021-1665"], "modified": "2021-01-12T08:00:00", "id": "KB4598278", "href": "https://support.microsoft.com/en-us/help/4598278", "cvss": {"score": 9.0, "vector": "AV:N/AC:L/Au:S/C:C/I:C/A:C"}}, {"lastseen": "2023-03-15T10:40:58", "description": "None\n**IMPORTANT **Verify that you have installed the required updates listed in the **How to get this update** section _before_ installing this update. \n\n**NEW 11/10/20** \nFor information about the various types of Windows updates, such as critical, security, driver, service packs, and so on, please see the following [article](<https://support.microsoft.com/help/824684>). To view other notes and messages, see the Windows 7 SP1 and Windows Server 2008 R2 SP1 update history [home page](<https://support.microsoft.com/help/4009469>).\n\n## Improvements and fixes\n\nThis security update includes improvements and fixes that were a part of update [KB4592471](<https://support.microsoft.com/help/4592471>) (released December 8, 2020) and addresses the following issues:\n\n * Addresses a security bypass vulnerability that exists in the way the Printer Remote Procedure Call (RPC) binding handles authentication for the remote Winspool interface. For more information, see [KB4599464](<https://support.microsoft.com/help/4599464>).\n * Addresses a security vulnerability issue with HTTPS-based intranet servers. After you install this update, HTTPS-based intranet servers cannot leverage a user proxy to detect updates by default. Scans that use these servers will fail if the clients do not have a configured system proxy. \n \nIf you must leverage a user proxy, you must configure the behavior by using the Windows Update policy **Allow user proxy to be used as a fallback if detection using system proxy fails**. To make sure that the highest levels of security, additionally leverage Windows Server Update Services (WSUS) Transport Layer Security (TLS) certificate pinning on all devices. For more information, see [Changes to scans, improved security for Windows devices](<https://aka.ms/WSUS-scans-part2>). \n \n**Note** This change does not affect customers who use HTTP WSUS servers.\n * Addresses an issue in which a principal in a trusted Managed Identity for Application (MIT) realm does not obtain a Kerberos Service ticket from Active Directory domain controllers (DCs). This issue occurs after Windows Updates that contains [CVE-2020-17049](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2020-17049>) protections released between November 10 and December 8, 2020 are installed and **PerfromTicketSignature** is configured to **1** or higher. Ticket acquisition fails with **KRB_GENERIC_ERROR** if callers submit a PAC-less Ticket Granting Ticket (TGT) as an evidence ticket without providing the **USER_NO_AUTH_DATA_REQUIRED** flag.\n * Security updates to Windows App Platform and Frameworks, Windows Graphics, Windows Media, Windows Fundamentals, Windows Cryptography, Windows Virtualization, and Windows Hybrid Storage Services.\nFor more information about the resolved security vulnerabilities, please refer to the new [Security Update Guide](<https://msrc.microsoft.com/update-guide>) website.\n\n## Known issues in this update\n\n**Symptom **| **Workaround ** \n---|--- \nAfter installing this update and restarting your device, you might receive the error, \u201cFailure to configure Windows updates. Reverting Changes. Do not turn off your computer,\u201d and the update might show as **Failed** in **Update History**.| This is expected in the following circumstances:\n\n * If you are installing this update on a device that is running an edition that is not supported for ESU. For a complete list of which editions are supported, see [KB4497181](<https://support.microsoft.com/help/4497181>).\n * If you do not have an ESU MAK add-on key installed and activated.\nIf you have purchased an ESU key and have encountered this issue, please verify you have applied all prerequisites and that your key is activated. For information on activation, please see this [blog](<https://aka.ms/Windows7ESU>) post. For information on the prerequisites, see the \"How to get this update\" section of this article. \nCertain operations, such as **rename**, that you perform on files or folders that are on a Cluster Shared Volume (CSV) may fail with the error, \u201cSTATUS_BAD_IMPERSONATION_LEVEL (0xC00000A5)\u201d. This occurs when you perform the operation on a CSV owner node from a process that doesn\u2019t have administrator privilege.| Do one of the following: \n\n * Perform the operation from a process that has administrator privilege. \n * Perform the operation from a node that doesn\u2019t have CSV ownership. \nMicrosoft is working on a resolution and will provide an update in an upcoming release. \n \n## How to get this update\n\n**Before installing this update****IMPORTANT** Customers who have purchased the Extended Security Update (ESU) for on-premises versions of these operating systems must follow the procedures in [KB4522133](<https://support.microsoft.com/help/4522133>) to continue receiving security updates after extended support ends. Extended support ends as follows:\n\n * For Windows 7 Service Pack 1 and Windows Server 2008 R2 Service Pack 1, extended support ends on January 14, 2020.\n * For Windows Embedded Standard 7, extended support ends on October 13, 2020.\nFor more information about ESU and which editions are supported, see [KB4497181](<https://support.microsoft.com/help/4497181>).**Note** For Windows Embedded Standard 7, Windows Management Instrumentation (WMI) must be enabled to get updates from Windows Update or Windows Server Update Services.**Prerequisite:**You must install the updates listed below and **_restart your device_** before installing the latest Rollup. Installing these updates improves the reliability of the update process and mitigates potential issues while installing the Rollup and applying Microsoft security fixes.\n\n 1. The March 12, 2019 servicing stack update (SSU) ([KB4490628](<https://support.microsoft.com/help/4490628>)). To get the standalone package for this SSU, search for it in the [Microsoft Update Catalog](<http://www.catalog.update.microsoft.com/home.aspx>). This update is required to install updates that are only SHA-2 signed.\n 2. The latest SHA-2 update ([KB4474419](<https://support.microsoft.com/help/4474419>)) released September 10, 2019. If you are using Windows Update, the latest SHA-2 update will be offered to you automatically. This update is required to install updates that are only SHA-2 signed. For more information on SHA-2 updates, see [2019 SHA-2 Code Signing Support requirement for Windows and WSUS](<https://support.microsoft.com/help/4472027>).\n 3. For Windows Thin PC, you must have the August 11, 2020 SSU ([KB4570673](<https://support.microsoft.com/help/4570673>)) or a later SSU installed to make sure you continue to get the extended security updates starting with the October 13, 2020 updates.\n 4. To get this security update, you must reinstall the \"Extended Security Updates (ESU) Licensing Preparation Package\" ([KB4538483](<https://support.microsoft.com/help/4538483>)) or the \"Update for the Extended Security Updates (ESU) Licensing Preparation Package\" ([KB4575903](<https://support.microsoft.com/help/4575903>)) even if you previously installed the ESU key. The ESU licensing preparation package will be offered to you from WSUS. To get the standalone package for ESU licensing preparation package, search for it in the [Microsoft Update Catalog](<http://www.catalog.update.microsoft.com/home.aspx>).\nAfter you install the items above, we strongly recommend that you install the _latest_ SSU ([KB4592510](<https://support.microsoft.com/help/4592510>)). If you are using Windows Update, the latest SSU will be offered to you automatically if you are an ESU customer. To get the standalone package for the latest SSU, search for it in the [Microsoft Update Catalog](<http://www.catalog.update.microsoft.com/home.aspx>). For general information about SSUs, see [Servicing stack updates](<https://docs.microsoft.com/en-us/windows/deployment/update/servicing-stack-updates>) and [Servicing Stack Updates (SSU): Frequently Asked Questions](<https://support.microsoft.com/help/4535697>).**Install this update****Release Channel**| **Available**| **Next Step** \n---|---|--- \nWindows Update and Microsoft Update| Yes| None. This update will be downloaded and installed automatically from Windows Update if you are an ESU customer. \nMicrosoft Update Catalog| Yes| To get the standalone package for this update, go to the [Microsoft Update Catalog](<https://www.catalog.update.microsoft.com/Search.aspx?q=KB4598279>) website. \nWindows Server Update Services (WSUS)| Yes| This update will automatically sync with WSUS if you configure **Products and Classifications** as follows:**Product**: Windows 7 Service Pack 1, Windows Server 2008 R2 Service Pack 1, Windows Embedded Standard 7 Service Pack 1, Windows Embedded POSReady 7, Windows Thin PC**Classification**: Security Updates \n**File information**For a list of the files that are provided in this update, download the [file information for cumulative update 4598279](<https://download.microsoft.com/download/d/e/f/defaf295-b1d8-43af-98ac-a3a9ddf08b8e/4598279.csv>).\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-01-12T08:00:00", "type": "mskb", "title": "January 12, 2021\u2014KB4598279 (Monthly Rollup)", "bulletinFamily": "microsoft", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.0, "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-17049", "CVE-2021-1701"], "modified": "2021-01-12T08:00:00", "id": "KB4598279", "href": "https://support.microsoft.com/en-us/help/4598279", "cvss": {"score": 9.0, "vector": "AV:N/AC:L/Au:S/C:C/I:C/A:C"}}, {"lastseen": "2023-03-15T10:40:58", "description": "None\n**IMPORTANT **Adobe Flash Player went out of support on December 31, 2020. For more information, see [Adobe Flash end of support on December 31, 2020](<https://docs.microsoft.com/en-us/lifecycle/announcements/adobe-flash-end-of-support#:~:text=Adobe%20will%20end%20support%20of,site%2Dby%2Dsite%20basis.>). Flash content will be blocked from running in Flash Player beginning January 12, 2021. For more information, see [Adobe Flash Player EOL General Information Page](<https://www.adobe.com/products/flashplayer/end-of-life.html>).\n\n**IMPORTANT** Windows 8.1 and Windows Server 2012 R2 have reached the end of mainstream support and are now in extended support. Starting in July 2020, there will no longer be optional, non-security releases (known as \"C\" releases) for this operating system. Operating systems in extended support have only cumulative monthly security updates (known as the \"B\" or Update Tuesday release).\n\nFor information about the various types of Windows updates, such as critical, security, driver, service packs, and so on, please see the following [article](<https://support.microsoft.com/help/824684>). To view other notes and messages, see the Windows 8.1 and Windows Server 2012 R2 update history [home page](<https://support.microsoft.com/help/4009470>).\n\n## Improvements and fixes\n\nThis security update includes improvements and fixes that were a part of update [KB4592484](<https://support.microsoft.com/help/4592484>) (released December 8, 2020) and addresses the following issues:\n\n * Addresses a security bypass vulnerability that exists in the way the Printer Remote Procedure Call (RPC) binding handles authentication for the remote Winspool interface. For more information, see [KB4599464](<https://support.microsoft.com/help/4599464>).\n * Addresses a security vulnerability issue with HTTPS-based intranet servers. After you install this update, HTTPS-based intranet servers cannot leverage a user proxy to detect updates by default. Scans that use these servers will fail if the clients do not have a configured system proxy. \n \nIf you must leverage a user proxy, you must configure the behavior by using the Windows Update policy **Allow user proxy to be used as a fallback if detection using system proxy fails**. To make sure that the highest levels of security, additionally leverage Windows Server Update Services (WSUS) Transport Layer Security (TLS) certificate pinning on all devices. For more information, see [Changes to scans, improved security for Windows devices](<https://aka.ms/WSUS-scans-part2>). \n \n**Note** This change does not affect customers who use HTTP WSUS servers.\n * Addresses an issue in which a principal in a trusted Managed Identity for Application (MIT) realm does not obtain a Kerberos Service ticket from Active Directory domain controllers (DCs). This issue occurs after Windows Updates that contains [CVE-2020-17049](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2020-17049>) protections released between November 10 and December 8, 2020 are installed and **PerfromTicketSignature** is configured to **1** or higher. Ticket acquisition fails with **KRB_GENERIC_ERROR** if callers submit a PAC-less Ticket Granting Ticket (TGT) as an evidence ticket without providing the **USER_NO_AUTH_DATA_REQUIRED** flag.\n * Security updates to Windows App Platform and Frameworks, Windows Graphics, Windows Media, Windows Fundamentals, Windows Cryptography, and Windows Virtualization.\nFor more information about the resolved security vulnerabilities, please refer to the new [Security Update Guide](<https://msrc.microsoft.com/update-guide>) website.\n\n## Known issues in this update\n\n**Symptom**| **Workaround** \n---|--- \nCertain operations, such as **rename**, that you perform on files or folders that are on a Cluster Shared Volume (CSV) may fail with the error, \u201cSTATUS_BAD_IMPERSONATION_LEVEL (0xC00000A5)\u201d. This occurs when you perform the operation on a CSV owner node from a process that doesn\u2019t have administrator privilege.| Do one of the following:\n\n * Perform the operation from a process that has administrator privilege.\n * Perform the operation from a node that doesn\u2019t have CSV ownership.\nMicrosoft is working on a resolution and will provide an update in an upcoming release. \n \n## How to get this update\n\n**Before installing this update**We strongly recommend that you install the latest servicing stack update (SSU) for your operating system before you install the latest Rollup. SSUs improve the reliability of the update process to mitigate potential issues while installing the Rollup and applying Microsoft security fixes. For general information about SSUs, see [Servicing stack updates](<https://docs.microsoft.com/en-us/windows/deployment/update/servicing-stack-updates>) and [Servicing Stack Updates (SSU): Frequently Asked Questions](<https://support.microsoft.com/help/4535697>).If you use Windows Update, the latest SSU ([KB4566425](<https://support.microsoft.com/help/4566425>)) will be offered to you automatically. To get the standalone package for the latest SSU, search for it in the [Microsoft Update Catalog](<http://www.catalog.update.microsoft.com/home.aspx>). **Install this update****Release Channel**| **Available**| **Next Step** \n---|---|--- \nWindows Update and Microsoft Update| Yes| None. This update will be downloaded and installed automatically from Windows Update. \nMicrosoft Update Catalog| Yes| To get the standalone package for this update, go to the [Microsoft Update Catalog](<https://www.catalog.update.microsoft.com/Search.aspx?q=KB4598285>) website. \nWindows Server Update Services (WSUS)| Yes| This update will automatically sync with WSUS if you configure **Products and Classifications** as follows:**Product**: Windows 8.1, Windows Server 2012 R2, Windows Embedded 8.1 Industry Enterprise, Windows Embedded 8.1 Industry Pro**Classification**: Security Updates \n**File information**For a list of the files that are provided in this update, download the [file information for update 4598285](<https://download.microsoft.com/download/c/a/7/ca7841e4-9adc-45ad-9379-c9cb50f3dd0e/4598285.csv>). \n", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2021-01-12T08:00:00", "type": "mskb", "title": "January 12, 2021\u2014KB4598285 (Monthly Rollup)", "bulletinFamily": "microsoft", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.0, "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-17049", "CVE-2021-1665"], "modified": "2021-01-12T08:00:00", "id": "KB4598285", "href": "https://support.microsoft.com/en-us/help/4598285", "cvss": {"score": 9.0, "vector": "AV:N/AC:L/Au:S/C:C/I:C/A:C"}}, {"lastseen": "2023-03-15T10:41:00", "description": "None\n**IMPORTANT **Verify that you have installed the required updates listed in the **How to get this update** section _before_ installing this update. \n\nFor information about the various types of Windows updates, such as critical, security, driver, service packs, and so on, please see the following [article](<https://support.microsoft.com/help/824684>). To view other notes and messages, see the Windows Server 2008 Service Pack 2 update history [home page](<https://support.microsoft.com/help/4343218>).\n\n## Improvements and fixes\n\nThis security update includes improvements and fixes that were a part of update [KB4592498](<https://support.microsoft.com/help/4592498>) (released December 8, 2020) and addresses the following issues:\n\n * Addresses a security bypass vulnerability that exists in the way the Printer Remote Procedure Call (RPC) binding handles authentication for the remote Winspool interface. For more information, see [KB4599464](<https://support.microsoft.com/help/4599464>).\n * Addresses a security vulnerability issue with HTTPS-based intranet servers. After you install this update, HTTPS-based intranet servers cannot leverage a user proxy to detect updates by default. Scans that use these servers will fail if the clients do not have a configured system proxy. \n \nIf you must leverage a user proxy, you must configure the behavior by using the Windows Update policy **Allow user proxy to be used as a fallback if detection using system proxy fails**. To make sure that the highest levels of security, additionally leverage Windows Server Update Services (WSUS) Transport Layer Security (TLS) certificate pinning on all devices. For more information, see [Changes to scans, improved security for Windows devices](<https://aka.ms/WSUS-scans-part2>). \n \n**Note** This change does not affect customers who use HTTP WSUS servers.\n * Addresses an issue in which a principal in a trusted Managed Identity for Application (MIT) realm does not obtain a Kerberos Service ticket from Active Directory domain controllers (DCs). This issue occurs after Windows Updates that contains [CVE-2020-17049](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2020-17049>) protections released between November 10 and December 8, 2020 are installed and **PerfromTicketSignature** is configured to **1** or higher. Ticket acquisition fails with KRB_GENERIC_ERROR if callers submit a PAC-less Ticket Granting Ticket (TGT) as an evidence ticket without providing the **USER_NO_AUTH_DATA_REQUIRED** flag.\n * Security updates to Windows App Platform and Frameworks, Windows Graphics, Windows Fundamentals, Windows Cryptography, Windows Virtualization, and Windows Hybrid Storage Services.\nFor more information about the resolved security vulnerabilities, please refer to the new [Security Update Guide](<https://msrc.microsoft.com/update-guide>) website.\n\n## Known issues in this update\n\n**Symptom**| **Workaround** \n---|--- \nAfter installing this update and restarting your device, you might receive the error, \u201cFailure to configure Windows updates. Reverting Changes. Do not turn off your computer\u201d, and the update might show as **Failed** in **Update History**.| This is expected in the following circumstances:\n\n * If you are installing this update on a device that is running an edition that is not supported for ESU. For a complete list of which editions are supported, see [KB4497181](<https://support.microsoft.com/help/4497181>).\n * If you do not have an ESU MAK add-on key installed and activated.\nIf you have purchased an ESU key and have encountered this issue, please verify you have applied all prerequisites and that your key is activated. For information on activation, please see this [blog](<https://aka.ms/Windows7ESU>) post. For information on the prerequisites, see the \"How to get this update\" section of this article. \nCertain operations, such as **rename**, that you perform on files or folders that are on a Cluster Shared Volume (CSV) may fail with the error, \u201cSTATUS_BAD_IMPERSONATION_LEVEL (0xC00000A5)\u201d. This occurs when you perform the operation on a CSV owner node from a process that doesn\u2019t have administrator privilege.| Do one of the following:\n\n * Perform the operation from a process that has administrator privilege.\n * Perform the operation from a node that doesn\u2019t have CSV ownership.\nMicrosoft is working on a resolution and will provide an update in an upcoming release. \n \n## How to get this update\n\n**Before installing this update****IMPORTANT** Customers who have purchased the Extended Security Update (ESU) for on-premises versions of these operating systems must follow the procedures in [KB4522133](<https://support.microsoft.com/help/4522133>) to continue receiving security updates after extended support ends on January 14, 2020.For more information about ESU and which editions are supported, see [KB4497181](<https://support.microsoft.com/help/4497181>).**Prerequisite:**You must install the updates listed below and **_restart your device_** before installing the latest Rollup. Installing these updates improves the reliability of the update process and mitigates potential issues while installing the Rollup and applying Microsoft security fixes.\n\n 1. The April 9, 2019 servicing stack update (SSU) ([KB4493730](<https://support.microsoft.com/help/4493730>)). To get the standalone package for this SSU, search for it in the [Microsoft Update Catalog](<http://www.catalog.update.microsoft.com/home.aspx>). This update is required to install updates that are only SHA-2 signed.\n 2. The latest SHA-2 update ([KB4474419](<https://support.microsoft.com/help/4474419>)) released October 8, 2019. If you are using Windows Update, the latest SHA-2 update will be offered to you automatically. This update is required to install updates that are only SHA-2 signed. For more information on SHA-2 updates, see [2019 SHA-2 Code Signing Support requirement for Windows and WSUS](<https://support.microsoft.com/help/4472027>).\n 3. The Extended Security Updates (ESU) Licensing Preparation Package ([KB4538484](<https://support.microsoft.com/help/4538484>)) or the Update for the Extended Security Updates (ESU) Licensing Preparation Package ([KB4575904](<https://support.microsoft.com/help/4575904>)). The ESU licensing preparation package will be offered to you from WSUS. To get the standalone package for ESU licensing preparation package, search for it in the [Microsoft Update Catalog](<http://www.catalog.update.microsoft.com/home.aspx>).\nAfter installing the items above, Microsoft strongly recommends that you install the _latest _SSU ([KB4580971](<https://support.microsoft.com/help/4580971>)). If you are using Windows Update, the latest SSU will be offered to you automatically if you are an ESU customer. To get the standalone package for the latest SSU, search for it in the [Microsoft Update Catalog](<http://www.catalog.update.microsoft.com/home.aspx>). For general information about SSUs, see [Servicing stack updates](<https://docs.microsoft.com/en-us/windows/deployment/update/servicing-stack-updates>) and [Servicing Stack Updates (SSU): Frequently Asked Questions](<https://support.microsoft.com/help/4535697>).**Install this update****Release Channel**| **Available**| **Next Step** \n---|---|--- \nWindows Update and Microsoft Update| Yes| None. This update will be downloaded and installed automatically from Windows Update if you are an ESU customer. \nMicrosoft Update Catalog| Yes| To get the standalone package for this update, go to the [Microsoft Update Catalog](<https://www.catalog.update.microsoft.com/Search.aspx?q=KB4598288>) website. \nWindows Server Update Services (WSUS)| Yes| This update will automatically sync with WSUS if you configure **Products and Classifications** as follows:**Product**: Windows Server 2008 Service Pack 2**Classification**: Security Updates \n**File information**For a list of the files that are provided in this update, download the [file information for cumulative update 4598288](<https://download.microsoft.com/download/9/8/0/980f60c3-10e1-40a3-baad-ae04e57bd3a2/4598288.csv>).\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-01-12T08:00:00", "type": "mskb", "title": "January 12, 2021\u2014KB4598288 (Monthly Rollup)", "bulletinFamily": "microsoft", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.0, "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-17049", "CVE-2021-1701"], "modified": "2021-01-12T08:00:00", "id": "KB4598288", "href": "https://support.microsoft.com/en-us/help/4598288", "cvss": {"score": 9.0, "vector": "AV:N/AC:L/Au:S/C:C/I:C/A:C"}}, {"lastseen": "2023-03-15T10:40:24", "description": "None\n**NEW 8/5/21 \nEXPIRATION NOTICE****IMPORTANT **As of 8/5/2021, this KB is no longer available from Windows Update, the Microsoft Update Catalog, or other release channels. We recommend that you update your devices to the latest security quality update. \n\n**NEW 11/10/20 \nIMPORTANT** Because of minimal operations during the holidays and the upcoming Western new year, there won\u2019t be a preview release (known as a \u201cC\u201d release) for the month of December 2020. There will be a monthly security release (known as a \u201cB\u201d release) for December 2020. Normal monthly servicing for both B and C releases will resume in January 2021.\n\n**Note **This release also contains updates for Microsoft HoloLens (OS Build 17763.1577) released November 10, 2020. Microsoft will release an update directly to the Windows Update Client to improve Windows Update reliability on Microsoft HoloLens that have not updated to this most recent OS Build.\n\n**UPDATED 11/10/20** \nFor more information about the various types of Windows updates, such as critical, security, driver, service packs, and so on, please see the following [article](<https://support.microsoft.com/en-us/help/824684/description-of-the-standard-terminology-that-is-used-to-describe-micro>). To view other notes and messages, see the Windows 10, version 1809 update history home page.\n\n## Highlights\n\n * Updates to improve security when using Microsoft Office products.\n * Updates to improve security when using input devices such as a mouse, keyboard, or pen.\n * Updates to improve security when Windows performs basic operations.\n * Updates the 2020 DST start date for the Fiji Islands to December 20, 2020.\n\n## Improvements and fixes\n\nThis security update includes quality improvements. Key changes include:\n\n * Updates the 2020 DST start date for the Fiji Islands to December 20, 2020.\n * Addresses a security vulnerability by preventing applications that run as a SYSTEM account from printing to local ports that point to a file. Failing print jobs log error 50, \u201cThe request is not supported.\u201d in event ID 372 in the PrintService\\Admin event log. To address this issue in the future, make sure your applications or services run as a specific user or service account.\n * Security updates to the Microsoft Scripting Engine, Microsoft Graphics Component, Windows Input and Composition, the Windows Wallet Service, Windows Fundamentals, and the Windows Kernel.\nIf you installed earlier updates, only the new fixes contained in this package will be downloaded and installed on your device.For more information about the resolved security vulnerabilities, please refer to the new [Security Update Guide](<https://msrc.microsoft.com/update-guide>) website.\n\n**Windows Update Improvements**Microsoft has released an update directly to the Windows Update client to improve reliability. Any device running Windows 10 configured to receive updates automatically from Windows Update, including Enterprise and Pro editions, will be offered the latest Windows 10 feature update based on device compatibility and Windows Update for Business deferral policy. This doesn't apply to long-term servicing editions.\n\n## Known issues in this update\n\n**Symptom**| **Workaround** \n---|--- \nAfter installing KB4493509, devices with some Asian language packs installed may receive the error, \"0x800f0982 - PSFX_E_MATCHING_COMPONENT_NOT_FOUND.\"| \n\n 1. Uninstall and reinstall any recently added language packs. For instructions, see Manage the input and display language settings in Windows 10.\n 2. Select **Check for Updates** and install the April 2019 Cumulative Update. For instructions, see Update Windows 10.\n**Note** If reinstalling the language pack does not mitigate the issue, reset your PC as follows:\n\n 1. Go to the **Settings **app &gt; **Recovery**.\n 2. Select **Get Started** under the **Reset this PC** recovery option.\n 3. Select **Keep my Files**.\nMicrosoft is working on a resolution and will provide an update in an upcoming release. \nAfter installing this update on domain controllers (DCs) and read-only domain controllers (RODCs) in your environment, you might encounter Kerberos authentication and ticket renewal issues. This is caused by an issue in how [CVE-2020-17049](<https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2020-17049>) was addressed in these updates.For specific symptoms and behaviors related to this issue, please see the [Windows release health](<https://docs.microsoft.com/windows/release-information/status-windows-10-1809-and-windows-server-2019#1522msgdesc>) page. **Note **This issue only affects Windows Servers, Windows 10 devices and applications in enterprise environments.| This issue is resolved in KB4594442. \n \n## How to get this update\n\n**Before installing this update**Microsoft strongly recommends you install the latest servicing stack update (SSU) for your operating system before installing the latest cumulative update (LCU). SSUs improve the reliability of the update process to mitigate potential issues while installing the LCU and applying Microsoft security fixes. For general information about SSUs, see [Servicing stack updates](<https://docs.microsoft.com/en-us/windows/deployment/update/servicing-stack-updates>) and Servicing Stack Updates (SSU): Frequently Asked Questions.If you are using Windows Update, the latest SSU (KB4587735) will be offered to you automatically. To get the standalone package for the latest SSU, search for it in the [Microsoft Update Catalog](<http://www.catalog.update.microsoft.com/home.aspx>).**Install this update****Release Channel**| **Available**| **Next Step** \n---|---|--- \nWindows Update and Microsoft Update| Yes| None. This update will be downloaded and installed automatically from Windows Update. \nMicrosoft Update Catalog| Yes| To get the standalone package for this update, go to the [Microsoft Update Catalog](<https://www.catalog.update.microsoft.com/Search.aspx?q=KB4586793>) website. \nWindows Server Update Services (WSUS)| Yes| This update will automatically sync with WSUS if you configure **Products and Classifications** as follows:**Product**: Windows 10**Classification**: Security Updates \n**File information**For a list of the files that are provided in this update, download the [file information for cumulative update 4586793](<https://download.microsoft.com/download/a/e/e/aeef4e7a-b08d-4da9-b19f-62054aca9811/4586793.csv>).**Note** Some files erroneously have \u201cNot applicable\u201d in the \u201cFile version\u201d column of the CSV file. This might lead to false positives or false negatives when using some third-party scan detection tools to validate the build.\n", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2020-11-10T08:00:00", "type": "mskb", "title": "November 10, 2020\u2014KB4586793 (OS Build 17763.1577) - EXPIRED", "bulletinFamily": "microsoft", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.0, "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-17049", "CVE-2020-17087"], "modified": "2020-11-10T08:00:00", "id": "KB4586793", "href": "https://support.microsoft.com/en-us/help/4586793", "cvss": {"score": 9.0, "vector": "AV:N/AC:L/Au:S/C:C/I:C/A:C"}}, {"lastseen": "2023-03-15T10:48:32", "description": "None\n## Improvements and fixes\n\nThis security update includes quality improvements. Key changes include:\n\n * Addresses an issue in which a principal in a trusted MIT realm fails to obtain a Kerberos service ticket from Active Directory domain controllers (DC). This occurs on devices that installed Windows Updates that contain CVE-2020-17049 protections and configured PerfromTicketSignature to 1 or higher. These updates were released between November 10, 2020 and December 8, 2020. Ticket acquisition also fails with the error, \u201cKRB_GENERIC_ERROR\u201d, if callers submit a PAC-less Ticket Granting Ticket (TGT) as an evidence ticket without providing the USER_NO_AUTH_DATA_REQUIRED flag.\n * Security updates to the Microsoft Scripting Engine, Windows App Platform and Frameworks, Windows Input and Composition, Windows Management, the Windows Cloud Infrastructure, Windows Fundamentals, Windows Authentication, the Windows Kernel, Windows Remote Desktop, and Windows Storage and Filesystems.\nIf you installed earlier updates, only the new fixes contained in this package will be downloaded and installed on your device.\n\n## How to get this update \n\n### Before installing this update \n\nMicrosoft now combines the latest servicing stack update (SSU) for your operating system with the hotpatch update. For general information about SSUs, see [Servicing stack updates](<https://docs.microsoft.com/en-us/windows/deployment/update/servicing-stack-updates>) and Servicing Stack Updates (SSU): Frequently Asked Questions.If you are using Windows Update or Windows Server Update Services (WSUS), the latest SSU will be installed with this update.\n\n### Install this update\n\nRelease Channel| Available| Next Step \n---|---|--- \nWindows Update| Yes| None. This update will be downloaded and installed automatically from Windows Update. \nMicrosoft Update Catalog| No| To get the standalone package for this update, go to the Microsoft Update Catalog website. \nWindows Server Update Services (WSUS)| Yes| This update will automatically sync with WSUS if you configure Products and Classifications as follows:Product: Windows Server 2022 Datacenter: Azure Edition HotpatchClassification: Security Updates \n \n## File information\n\nFor a list of the files that are provided in this update, download the [file information for cumulative update 5014677](<https://download.microsoft.com/download/b/1/a/b1ac4197-b142-41d2-b4c3-a545322bf8c6/5014678.csv>).For a list of the files that are provided in the servicing stack update, download the [file information for the SSU - version 20348.770](<https://download.microsoft.com/download/3/f/c/3fca8074-15f9-418b-9561-0f5f1e6798cb/SSU_version_20348_733.csv>).\n", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-06-14T07:00:00", "type": "mskb", "title": "June 14, 2022\u2014 KB5014677 (OS Build 20348.770)", "bulletinFamily": "microsoft", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.0, "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-17049", "CVE-2022-30166"], "modified": "2022-06-14T07:00:00", "id": "KB5014677", "href": "https://support.microsoft.com/en-us/help/5014677", "cvss": {"score": 9.0, "vector": "AV:N/AC:L/Au:S/C:C/I:C/A:C"}}, {"lastseen": "2023-03-15T10:40:56", "description": "None\n**NEW 8/5/21 \nEXPIRATION NOTICE****IMPORTANT **As of 8/5/2021, this KB is no longer available from Windows Update, the Microsoft Update Catalog, or other release channels. We recommend that you update your devices to the latest security quality update. \n\n**UPDATED 1/12/21 \nREMINDER **Adobe Flash Player went out of support on December 31, 2020. For more information, see [Adobe Flash end of support on December 31, 2020](<https://docs.microsoft.com/en-us/lifecycle/announcements/adobe-flash-end-of-support#:~:text=Adobe%20will%20end%20support%20of,site%2Dby%2Dsite%20basis.>). Flash content will be blocked from running in Flash Player beginning January 12, 2021. For more information, see [Adobe Flash Player EOL General Information Page](<https://www.adobe.com/products/flashplayer/end-of-life.html>).\n\n**11/19/20** \nFor information about Windows update terminology, see the article about the [types of Windows updates](<https://docs.microsoft.com/en-us/troubleshoot/windows-client/deployment/standard-terminology-software-updates>) and the [monthly quality update types](<https://techcommunity.microsoft.com/t5/windows-it-pro-blog/windows-10-update-servicing-cadence/ba-p/222376>). To view other notes and messages, see the Windows 10, version 1607 update history home page.\n\n## Highlights\n\n * Updates to improve security when using Microsoft Office products.\n * Updates to improve security when using external devices, such as game controllers, printers, and web cameras.\n\n## Improvements and fixes\n\nThis security update includes quality improvements. Key changes include:\n\n * Adds the ability to set a Group Policy to show only the domain and username when a user signs in.\n * Addresses an issue that delays authentication traffic because of Netlogon scalability issues.\n * Addresses an issue in which a principal in a trusted MIT realm fails to obtain a Kerberos service ticket from Active Directory domain controllers (DC). This occurs on devices that installed Windows Updates that contain CVE-2020-17049 protections and configured PerfromTicketSignature to 1 or higher. These updates were released between November 10, 2020 and December 8, 2020. Ticket acquisition also fails with the error, \u201cKRB_GENERIC_ERROR\u201d, if callers submit a PAC-less Ticket Granting Ticket (TGT) as an evidence ticket without providing the USER_NO_AUTH_DATA_REQUIRED flag.\n * Addresses a security bypass vulnerability that exists in the way the Printer Remote Procedure Call (RPC) binding handles authentication for the remote Winspool interface. For more information, see KB4599464.\n * Addresses a security vulnerability issue with HTTPS-based intranet servers. After installing this update, HTTPS-based intranet servers cannot, by default, use a user proxy to detect updates. Scans using these servers will fail if you have not configured a system proxy on the clients. If you must use a user proxy, you must configure the behavior using the policy \u201cAllow user proxy to be used as a fallback if detection using system proxy fails.\u201d To ensure the highest levels of security, also use Windows Server Update Services (WSUS) Transport Layer Security (TLS) certificate pinning on all devices. This change does not affect customers who are using HTTP WSUS servers. For more information, see [Changes to scans, improved security for Windows devices](<https://aka.ms/WSUS-scans-part2>).\n * Addresses an issue in the Remote Desktop Protocol (RDP) redirector (**rdpdr.sys**) that causes a stop error.\n * Security updates to the Windows App Platform and Frameworks, Microsoft Graphics Component, Windows Media, Windows Fundamentals, Windows Cryptography, Windows Virtualization, Windows Peripherals, and Windows Hybrid Storage Services.\nIf you installed earlier updates, only the new fixes contained in this package will be downloaded and installed on your device.For more information about the resolved security vulnerabilities, please refer to the new [Security Update Guide](<https://msrc.microsoft.com/update-guide>) website.\n\n**Windows Update Improvements**Microsoft has released an update directly to the Windows Update client to improve reliability. Any device running Windows 10 configured to receive updates automatically from Windows Update, including Enterprise and Pro editions, will be offered the latest Windows 10 feature update based on device compatibility and Windows Update for Business deferral policy. This doesn't apply to long-term servicing editions.\n\n## Known issues in this update\n\n**Symptom**| **Workaround** \n---|--- \nAfter installing KB4467684, the cluster service may fail to start with the error \u201c2245 (NERR_PasswordTooShort)\u201d if the group policy \u201cMinimum Password Length\u201d is configured with greater than 14 characters.| This issue is resolved in KB4601318. \n \n## How to get this update\n\n**Before installing this update**Microsoft strongly recommends you install the latest servicing stack update (SSU) for your operating system before installing the latest cumulative update (LCU). SSUs improve the reliability of the update process to mitigate potential issues while installing the LCU and applying Microsoft security fixes. For general information about SSUs, see [Servicing stack updates](<https://docs.microsoft.com/en-us/windows/deployment/update/servicing-stack-updates>) and Servicing Stack Updates (SSU): Frequently Asked Questions.If you are using Windows Update, the latest SSU (KB4576750) will be offered to you automatically. To get the standalone package for the latest SSU, search for it in the [Microsoft Update Catalog](<http://www.catalog.update.microsoft.com/home.aspx>). **Install this update****Release Channel**| **Available**| **Next Step** \n---|---|--- \nWindows Update and Microsoft Update| Yes| None. This update will be downloaded and installed automatically from Windows Update. \nMicrosoft Update Catalog| Yes| To get the standalone package for this update, go to the [Microsoft Update Catalog](<https://www.catalog.update.microsoft.com/Search.aspx?q=KB4598243>) website. \nWindows Server Update Services (WSUS)| Yes| This update will automatically sync with WSUS if you configure **Products and Classifications** as follows:**Product**: Windows 10**Classification**: Security Updates \n**File information**For a list of the files that are provided in this update, download the [file information for cumulative update 4598243](<https://download.microsoft.com/download/a/9/c/a9cc5807-bbe4-4aad-bb18-14455a62ae38/4598243.csv>).\n", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-01-12T08:00:00", "type": "mskb", "title": "January 12, 2021\u2014KB4598243 (OS Build 14393.4169) - EXPIRED", "bulletinFamily": "microsoft", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.0, "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-17049", "CVE-2021-1655"], "modified": "2021-01-12T08:00:00", "id": "KB4598243", "href": "https://support.microsoft.com/en-us/help/4598243", "cvss": {"score": 9.0, "vector": "AV:N/AC:L/Au:S/C:C/I:C/A:C"}}, {"lastseen": "2023-03-15T10:41:13", "description": "None\n**2/24/21** \n**IMPORTANT **As part of the end of support for Adobe Flash, KB4577586 is now available as an optional update from Windows Update (WU) and Windows Server Update Services (WSUS). Installing KB4577586 will remove Adobe Flash Player permanently from your Windows device. Once installed, you cannot uninstall KB4577586. For more details about Microsoft\u2019s plans, see [Update on Adobe Flash Player End of Support](<https://blogs.windows.com/msedgedev/2020/09/04/update-adobe-flash-end-support>).\n\n**11/17/20**For information about Windows update terminology, see the article about the [types of Windows updates](<https://docs.microsoft.com/en-us/troubleshoot/windows-client/deployment/standard-terminology-software-updates>) and the [monthly quality update types](<https://techcommunity.microsoft.com/t5/windows-it-pro-blog/windows-10-update-servicing-cadence/ba-p/222376>). To view other notes and messages, see the Windows 10, version 2004 update history [home page](<https://support.microsoft.com/en-us/help/4555932>).**Note **Follow [@WindowsUpdate](<https://twitter.com/windowsupdate>) to find out when new content is published to the release information dashboard.\n\n## Highlights\n\n * Updates to improve security when Windows performs basic operations.\n * Updates to improve security when using Microsoft Office products.\n * Updates security for the Windows user interface.\n\n## Improvements and fixes\n\n**Note **To view the list of addressed issues, click or tap the OS name to expand the collapsible section.\n\n### \n\n__\n\nWindows 10 servicing stack update - 19041.860 and 19042.860 \n\n * This update makes quality improvements to the servicing stack, which is the component that installs Windows updates. Servicing stack updates (SSU) ensure that you have a robust and reliable servicing stack so that your devices can receive and install Microsoft updates.\n\n### \n\n__\n\nWindows 10, version 20H2\n\nThis security update includes quality improvements. Key changes include:\n\n * This build includes all the improvements from Windows 10, version 2004.\n * No additional issues were documented for this release.\n\n### \n\n__\n\nWindows 10, version 2004\n\n**Note: **This release also contains updates for Microsoft HoloLens (OS Build 19041.1140) released March 9, 2021. Microsoft will release an update directly to the Windows Update Client to improve Windows Update reliability on Microsoft HoloLens that have not updated to this most recent OS Build.\n\nThis security update includes quality improvements. Key changes include:\n\n * Addresses an elevation of privilege security vulnerability documented in [CVE-2021-1640](<https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-1640>) related to print jobs submitted to \u201cFILE:\u201d ports. After installing Windows updates from March 9, 2021 and later, print jobs that are in a pending state before restarting the print spooler service or restarting the OS will remain in an error state. Manually delete the affected print jobs and resubmit them to the print queue when the print spooler service is online.\n * Security updates to the Windows Shell, Windows Fundamentals, Windows Management, Windows Apps, Windows User Account Control (UAC), Windows Virtualization, the Windows Kernel, the Microsoft Graphics Component, Internet Explorer, Microsoft Edge Legacy, and Windows Media.\nIf you installed earlier updates, only the new fixes contained in this package will be downloaded and installed on your device.For more information about the resolved security vulnerabilities, please refer to the new [Security Update Guide](<https://msrc.microsoft.com/update-guide>) website.\n\n**Windows Update Improvements**Microsoft has released an update directly to the Windows Update client to improve reliability. Any device running Windows 10 configured to receive updates automatically from Windows Update, including Enterprise and Pro editions, will be offered the latest Windows 10 feature update based on device compatibility and Windows Update for Business deferral policy. This doesn't apply to long-term servicing editions.\n\n## Known issues in this update\n\n**Symptom**| **Workaround** \n---|--- \nWhen using the Microsoft Japanese Input Method Editor (IME) to enter Kanji characters in an app that automatically allows the input of Furigana characters, you might not get the correct Furigana characters. You might need to enter the Furigana characters manually.**Note **The affected apps are using the **ImmGetCompositionString()** function.| This issue is resolved in KB5005101. \nAfter installing this update, you might receive an APC_INDEX_MISMATCH error with a blue screen when attempting to print to certain printers in some apps.| This issue is resolved in KB5001567. \nWhen opening a document in Microsoft Word, Microsoft Excel, or any Microsoft Office applications, you might receive the error, \"Microsoft Excel cannot open or save any more documents because there is not enough available memory or disk space\". This issue only affects devices that have installed Microsoft Office apps from the Microsoft Store and are attempting to open a document that has triggered the use of the [Protected View](<https://support.microsoft.com/en-us/topic/what-is-protected-view-d6f09ac7-e6b9-4495-8e43-2bbcdbcb6653>) feature.| This issue is resolved using [Known Issue Rollback (KIR)](<https://techcommunity.microsoft.com/t5/windows-it-pro-blog/known-issue-rollback-helping-you-keep-windows-devices-protected/ba-p/2176831>). Please note that it might take up to 24 hours for the resolution to propagate automatically to non-managed devices. Restarting your device might help the resolution apply to your device faster. For enterprise-managed devices that have installed an affected update and encountered this issue, it can be resolved by installing and configuring a special [Group Policy](<https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fdownload.microsoft.com%2Fdownload%2Fb%2F8%2F9%2Fb89221d0-d5db-40a7-bf25-cecbee25f713%2FWindows%252010%2520\\(2004%2520%26%252020H2\\)%2520Known%2520Issue%2520Rollback%2520031321%252001.msi&data=04%7C01%7Cv-shros%40microsoft.com%7Cb49064532f8d45d7665e08d8e806c6a4%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637514463287760865%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=K8MGbGmWKrnTVBgY2Oyu6J0PGayW%2FVYVj1uYJne%2FyGI%3D&reserved=0>).**Note **Devices need to be restarted after configuring the special Group Policy. To find out more about using Group Policies, see [Group Policy Overview](<https://docs.microsoft.com/en-us/previous-versions/windows/it-pro/windows-server-2012-r2-and-2012/hh831791\\(v=ws.11\\)>). \nAfter installing updates released March 9, 2021 or March 15, 2021, you might get unexpected results when printing from some apps. Issues might include:\n\n * Elements of the document might print as solid black/color boxes or might be missing, including barcodes, QR codes, and graphics elements, such as logos.\n * Table lines might be missing. Other alignment or formatting issues might also be present.\n * Printing from some apps or to some printers might result in a blank page or label.\n| This issue is resolved in KB5001649. \n \n## How to get this update\n\n**Before installing this update**Prerequisite:Microsoft now combines the latest servicing stack update (SSU) for your operating system with the latest cumulative update (LCU). If you encounter the error, 0x800f0823 \u2013 CBS_E_NEW_SERVICING_STACK_REQUIRED, close the error message and install the last standalone SSU (KB4598481) **before** installing this LCU. You will not need to install this SSU (KB4598481) again for future updates. For general information about SSUs, see [Servicing stack updates](<https://docs.microsoft.com/en-us/windows/deployment/update/servicing-stack-updates>) and Servicing Stack Updates (SSU): Frequently Asked Questions.**Install this update****Release Channel**| **Available**| **Next Step** \n---|---|--- \nWindows Update and Microsoft Update| Yes| None. This update will be downloaded and installed automatically from Windows Update. \nMicrosoft Update Catalog| Yes| To get the standalone package for this update, go to the [Microsoft Update Catalog](<https://www.catalog.update.microsoft.com/Search.aspx?q=KB5000802>) website. \nWindows Server Update Services (WSUS)| Yes| This update will automatically sync with WSUS if you configure **Products and Classifications** as follows:**Product**: Windows 10, version 1903 and later**Classification**: Security Updates \n \n**If you want to remove the LCU**To remove the LCU after installing the combined SSU and LCU package, use the [DISM/Remove-Package](<https://docs.microsoft.com/en-us/windows-hardware/manufacture/desktop/dism-operating-system-package-servicing-command-line-options>) command line option with the LCU package name as the argument. You can find the package name by using this command: **DISM /online /get-packages**.Running [Windows Update Standalone Installer](<https://support.microsoft.com/en-us/topic/description-of-the-windows-update-standalone-installer-in-windows-799ba3df-ec7e-b05e-ee13-1cdae8f23b19>) (**wusa.exe**) with the **/uninstall **switch on the combined package will not work because the combined package contains the SSU. You cannot remove the SSU from the system after installation.\n\n**File information**For a list of the files that are provided in this update, download the [file information for cumulative update 5000802](<https://download.microsoft.com/download/6/1/d/61df0952-0004-446c-9f34-a47dff0803b0/5000802.csv>). For a list of the files that are provided in the servicing stack update, download the [file information for the SSU - version 19041.860 and 19042.860](<https://download.microsoft.com/download/9/9/2/992dfc5e-28a2-49ca-8397-f0917198c7b8/SSU_Version_19041.860.csv>). \n", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-03-09T08:00:00", "type": "mskb", "title": "March 9, 2021\u2014KB5000802 (OS Builds 19041.867 and 19042.867)", "bulletinFamily": "microsoft", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-1640", "CVE-2021-27070"], "modified": "2021-03-09T08:00:00", "id": "KB5000802", "href": "https://support.microsoft.com/en-us/help/5000802", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-08-24T11:31:29", "description": "None\n**2/16/21** \n**IMPORTANT **As part of the end of support for Adobe Flash, KB4577586 is now available as an optional update from Windows Update (WU) and Windows Server Update Services (WSUS). Installing KB4577586 will remove Adobe Flash Player permanently from your Windows device. Once installed, you cannot uninstall KB4577586. For more details about Microsoft\u2019s plans, see [Update on Adobe Flash Player End of Support](<https://blogs.windows.com/msedgedev/2020/09/04/update-adobe-flash-end-support>).\n\n**12/8/20 \nREMINDER **Windows 10, version 1903 reached end of servicing on December 8, 2020. To continue receiving security and quality updates, Microsoft recommends that you update to the latest version of Windows 10. If you want to update to Windows 10, version 1909, you must use the Enablement Package KB4517245 (EKB). Using the EKB makes updating faster and easier and requires a single restart. For more information, see [Windows 10, version 1909 delivery options](<https://techcommunity.microsoft.com/t5/windows-it-pro-blog/windows-10-version-1909-delivery-options/ba-p/1002660>).\n\n**11/19/20** \nFor information about Windows update terminology, see the article about the [types of Windows updates](<https://docs.microsoft.com/en-us/troubleshoot/windows-client/deployment/standard-terminology-software-updates>) and the [monthly quality update types](<https://techcommunity.microsoft.com/t5/windows-it-pro-blog/windows-10-update-servicing-cadence/ba-p/222376>). To view other notes and messages, see the Windows 10, version 1909 update history home page.**Note **Follow [@WindowsUpdate](<https://twitter.com/windowsupdate>) to find out when new content is published to the release information dashboard.\n\n**Note **This release also contains updates for Microsoft HoloLens (OS Build 18363.1102) released March 9, 2021. Microsoft will release an update directly to the Windows Update Client to improve Windows Update reliability on Microsoft HoloLens that have not updated to this most recent OS Build.\n\n## Highlights\n\n * Updates security for the Windows user interface.\n * Updates to improve security when Windows performs basic operations.\n * Updates to improve security when using Microsoft Office products.\n\n## Improvements and fixes\n\nThis security update includes quality improvements. Key changes include:\n\n * Addresses an elevation of privilege security vulnerability documented in [CVE-2021-1640](<https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-1640>) related to print jobs submitted to \u201cFILE:\u201d ports. After installing Windows updates from March 9, 2021 and later, print jobs that are in a pending state before restarting the print spooler service or restarting the OS will remain in an error state. Manually delete the affected print jobs and resubmit them to the print queue when the print spooler service is online.\n * Security updates to the Windows Shell, Windows Fundamentals, Windows Management, Windows Apps, Windows User Account Control (UAC), Windows Core Networking, Windows Hybrid Cloud Networking, Windows Virtualization, the Windows Kernel, the Microsoft Graphics Component, Internet Explorer, Microsoft Edge Legacy, and Windows Media.\nIf you installed earlier updates, only the new fixes contained in this package will be downloaded and installed on your device.For more information about the resolved security vulnerabilities, please refer to the new [Security Update Guide](<https://msrc.microsoft.com/update-guide>) website.\n\n**Windows Update Improvements**Microsoft has released an update directly to the Windows Update client to improve reliability. Any device running Windows 10 configured to receive updates automatically from Windows Update, including Enterprise and Pro editions, will be offered the latest Windows 10 feature update based on device compatibility and Windows Update for Business deferral policy. This doesn't apply to long-term servicing editions.\n\n## Known issues in this update\n\n**Symptom**| **Workaround** \n---|--- \nAfter installing this update, you might receive an APC_INDEX_MISMATCH error with a blue screen when attempting to print to certain printers in some apps.| This issue is resolved in KB5001566. \nAfter installing updates released March 9, 2021 or March 15, 2021, you might get unexpected results when printing from some apps. Issues might include:\n\n * Elements of the document might print as solid black/color boxes or might be missing, including barcodes, QR codes, and graphics elements, such as logos.\n * Table lines might be missing. Other alignment or formatting issues might also be present.\n * Printing from some apps or to some printers might result in a blank page or label.\n| This issue is resolved in KB5001648. \n \n## How to get this update\n\n**Before installing this update**Microsoft strongly recommends you install the latest servicing stack update (SSU) for your operating system before installing the latest cumulative update (LCU). SSUs improve the reliability of the update process to mitigate potential issues while installing the LCU and applying Microsoft security fixes. For general information about SSUs, see [Servicing stack updates](<https://docs.microsoft.com/en-us/windows/deployment/update/servicing-stack-updates>) and Servicing Stack Updates (SSU): Frequently Asked Questions.If you are using Windows Update, the latest SSU (KB5000908) will be offered to you automatically. To get the standalone package for the latest SSU, search for it in the [Microsoft Update Catalog](<http://www.catalog.update.microsoft.com/home.aspx>).**Install this update****Release Channel**| **Available**| **Next Step** \n---|---|--- \nWindows Update and Microsoft Update| Yes| None. This update will be downloaded and installed automatically from Windows Update. \nMicrosoft Update Catalog| Yes| To get the standalone package for this update, go to the [Microsoft Update Catalog](<https://www.catalog.update.microsoft.com/Search.aspx?q=KB5000808>) website. \nWindows Server Update Services (WSUS)| Yes| This update will automatically sync with WSUS if you configure **Products and Classifications** as follows:**Product**: Windows 10, version 1903 and later**Classification**: Security Updates \n**File information**For a list of the files that are provided in this update, download the [file information for cumulative update 5000808](<https://download.microsoft.com/download/9/9/8/998a9361-44aa-4392-9a1e-fd820f27759c/5000808.csv>). \n", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-03-09T08:00:00", "type": "mskb", "title": "March 9, 2021\u2014KB5000808 (OS Build 18363.1440)", "bulletinFamily": "microsoft", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-1640", "CVE-2021-24090"], "modified": "2021-03-09T08:00:00", "id": "KB5000808", "href": "https://support.microsoft.com/en-us/help/5000808", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-08-24T11:31:29", "description": "None\n**12/8/20** \nFor information about Windows update terminology, see the article about the [types of Windows updates](<https://docs.microsoft.com/en-us/troubleshoot/windows-client/deployment/standard-terminology-software-updates>) and the [monthly quality update types](<https://techcommunity.microsoft.com/t5/windows-it-pro-blog/windows-10-update-servicing-cadence/ba-p/222376>). To view other notes and messages, see the Windows 10, version 1803 update history home page.\n\n## Highlights\n\n * Updates security for the Windows user interface.\n * Updates to improve security when Windows performs basic operations.\n * Updates to improve security when using Microsoft Office products.\n\n## Improvements and fixes\n\nThis security update includes quality improvements. Key changes include:\n\n * Addresses an elevation of privilege security vulnerability documented in [CVE-2021-1640](<https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-1640>) related to print jobs submitted to \u201cFILE:\u201d ports. After installing Windows updates from March 9, 2021 and later, print jobs that are in a pending state before restarting the print spooler service or restarting the OS will remain in an error state. Manually delete the affected print jobs and resubmit them to the print queue when the print spooler service is online.\n * Security updates to the Windows Shell, Windows User Account Control (UAC), Windows Fundamentals, Windows Core Networking, the Windows Kernel, the Microsoft Graphics Component, Windows Graphics, Internet Explorer, Microsoft Edge Legacy, and Windows Media.\nIf you installed earlier updates, only the new fixes contained in this package will be downloaded and installed on your device.For more information about the resolved security vulnerabilities, please refer to the new [Security Update Guide](<https://msrc.microsoft.com/update-guide>) website.\n\n## Known issues in this update\n\n**Symptom**| **Workaround** \n---|--- \nAfter installing this update, you might receive an APC_INDEX_MISMATCH error with a blue screen when attempting to print to certain printers in some apps.| This issue is resolved in KB5001565. \nAfter installing updates released March 9, 2021 or March 15, 2021, you might get unexpected results when printing from some apps. Issues might include:\n\n * Elements of the document might print as solid black/color boxes or might be missing, including barcodes, QR codes, and graphics elements, such as logos.\n * Table lines might be missing. Other alignment or formatting issues might also be present.\n * Printing from some apps or to some printers might result in a blank page or label.\n| This issue is resolved in KB5001634. \n \n## How to get this update\n\n**Before installing this update**Microsoft strongly recommends you install the latest servicing stack update (SSU) for your operating system before installing the latest cumulative update (LCU). SSUs improve the reliability of the update process to mitigate potential issues while installing the LCU and applying Microsoft security fixes. For general information about SSUs, see [Servicing stack updates](<https://docs.microsoft.com/en-us/windows/deployment/update/servicing-stack-updates>) and Servicing Stack Updates (SSU): Frequently Asked Questions.If you are using Windows Update, the latest SSU (KB4580398) will be offered to you automatically. To get the standalone package for the latest SSU, search for it in the [Microsoft Update Catalog](<http://www.catalog.update.microsoft.com/home.aspx>). **Install this update****Release Channel**| **Available**| **Next Step** \n---|---|--- \nWindows Update and Microsoft Update| Yes| None. This update will be downloaded and installed automatically from Windows Update. \nMicrosoft Update Catalog| Yes| To get the standalone package for this update, go to the [Microsoft Update Catalog](<https://www.catalog.update.microsoft.com/Search.aspx?q=KB5000809>) website. \nWindows Server Update Services (WSUS)| Yes| This update will automatically sync with WSUS if you configure **Products and Classifications** as follows:**Product**: Windows 10**Classification**: Security Updates \n**File information**For a list of the files that are provided in this update, download the [file information for cumulative update 5000809](<https://download.microsoft.com/download/9/0/d/90d4abf0-4129-404c-be46-5a1798eab386/5000809.csv>). \n", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-03-09T08:00:00", "type": "mskb", "title": "March 9, 2021\u2014KB5000809 (OS Build 17134.2087)", "bulletinFamily": "microsoft", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 4.9, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "HIGH", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 5.1, "vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-1640", "CVE-2021-26411"], "modified": "2021-03-09T08:00:00", "id": "KB5000809", "href": "https://support.microsoft.com/en-us/help/5000809", "cvss": {"score": 5.1, "vector": "AV:N/AC:H/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-03-15T10:41:13", "description": "None\n**2/16/21** \n**IMPORTANT **As part of the end of support for Adobe Flash, KB4577586 is now available as an optional update from Windows Update (WU) and Windows Server Update Services (WSUS). Installing KB4577586 will remove Adobe Flash Player permanently from your Windows device. Once installed, you cannot uninstall KB4577586. For more details about Microsoft\u2019s plans, see [Update on Adobe Flash Player End of Support](<https://blogs.windows.com/msedgedev/2020/09/04/update-adobe-flash-end-support>).\n\n**11/17/20** \nFor information about Windows update terminology, see the article about the [types of Windows updates](<https://docs.microsoft.com/en-us/troubleshoot/windows-client/deployment/standard-terminology-software-updates>) and the [monthly quality update types](<https://techcommunity.microsoft.com/t5/windows-it-pro-blog/windows-10-update-servicing-cadence/ba-p/222376>). To view other notes and messages, see the Windows 10, version 1809 update history home page.\n\n**Note **This release also contains updates for Microsoft HoloLens (OS Build 17763.1817) released March 9, 2021. Microsoft will release an update directly to the Windows Update Client to improve Windows Update reliability on Microsoft HoloLens that have not updated to this most recent OS Build.\n\n## Highlights\n\n * Updates security for the Windows user interface.\n * Updates to improve security when Windows performs basic operations.\n * Updates to improve security when using Microsoft Office products.\n\n## Improvements and fixes\n\n * Addresses an elevation of privilege security vulnerability documented in [CVE-2021-1640](<https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-1640>) related to print jobs submitted to \u201cFILE:\u201d ports. After installing Windows updates from March 9, 2021 and later, print jobs that are in a pending state before restarting the print spooler service or restarting the OS will remain in an error state. Manually delete the affected print jobs and resubmit them to the print queue when the print spooler service is online.\n * Security updates to the Windows Shell, Windows Fundamentals, Windows Management, Windows Apps, Windows User Account Control (UAC), Windows Core Networking, Windows Hybrid Cloud Networking, the Windows Kernel, Windows Virtualization, the Microsoft Graphics Component, Internet Explorer, Microsoft Edge Legacy, and Windows Media.\nIf you installed earlier updates, only the new fixes contained in this package will be downloaded and installed on your device.For more information about the resolved security vulnerabilities, please refer to the new [Security Update Guide](<https://msrc.microsoft.com/update-guide>) website.\n\n**Windows Update Improvements**Microsoft has released an update directly to the Windows Update client to improve reliability. Any device running Windows 10 configured to receive updates automatically from Windows Update, including Enterprise and Pro editions, will be offered the latest Windows 10 feature update based on device compatibility and Windows Update for Business deferral policy. This doesn't apply to long-term servicing editions.\n\n## Known issues in this update\n\n**Symptom**| **Workaround** \n---|--- \nAfter installing KB4493509, devices with some Asian language packs installed may receive the error, \"0x800f0982 - PSFX_E_MATCHING_COMPONENT_NOT_FOUND.\"| \n\n 1. Uninstall and reinstall any recently added language packs. For instructions, see Manage the input and display language settings in Windows 10.\n 2. Select **Check for Updates** and install the April 2019 Cumulative Update. For instructions, see Update Windows 10.\n**Note** If reinstalling the language pack does not mitigate the issue, reset your PC as follows:\n\n 1. Go to the **Settings **app &gt; **Recovery**.\n 2. Select **Get Started** under the **Reset this PC** recovery option.\n 3. Select **Keep my Files**.\nMicrosoft is working on a resolution and will provide an update in an upcoming release. \nAfter installing this update, you might receive an APC_INDEX_MISMATCH error with a blue screen when attempting to print to certain printers in some apps.| This issue is resolved in KB5001568. \nAfter installing updates released March 9, 2021 or March 15, 2021, you might get unexpected results when printing from some apps. Issues might include:\n\n * Elements of the document might print as solid black/color boxes or might be missing, including barcodes, QR codes, and graphics elements, such as logos.\n * Table lines might be missing. Other alignment or formatting issues might also be present.\n * Printing from some apps or to some printers might result in a blank page or label.\n| This issue is resolved in KB5001638. \n \n## How to get this update\n\n**Before installing this update**Microsoft strongly recommends you install the latest servicing stack update (SSU) for your operating system before installing the latest cumulative update (LCU). SSUs improve the reliability of the update process to mitigate potential issues while installing the LCU and applying Microsoft security fixes. For general information about SSUs, see [Servicing stack updates](<https://docs.microsoft.com/en-us/windows/deployment/update/servicing-stack-updates>) and Servicing Stack Updates (SSU): Frequently Asked Questions.If you are using Windows Update, the latest SSU (KB5000859) will be offered to you automatically. To get the standalone package for the latest SSU, search for it in the [Microsoft Update Catalog](<http://www.catalog.update.microsoft.com/home.aspx>).**Install this update****Release Channel**| **Available**| **Next Step** \n---|---|--- \nWindows Update and Microsoft Update| Yes| None. This update will be downloaded and installed automatically from Windows Update. \nMicrosoft Update Catalog| Yes| To get the standalone package for this update, go to the [Microsoft Update Catalog](<https://www.catalog.update.microsoft.com/Search.aspx?q=KB5000822>) website. \nWindows Server Update Services (WSUS)| Yes| This update will automatically sync with WSUS if you configure **Products and Classifications** as follows:**Product**: Windows 10**Classification**: Security Updates \n**File information**For a list of the files that are provided in this update, download the [file information for cumulative update 5000822](<https://download.microsoft.com/download/f/2/f/f2fc2870-838b-4900-aaa6-4e1168d79b43/5000822.csv>).\n", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-03-09T08:00:00", "type": "mskb", "title": "March 9, 2021\u2014KB5000822 (OS Build 17763.1817)", "bulletinFamily": "microsoft", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 4.9, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "HIGH", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 5.1, "vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-1640", "CVE-2021-26411"], "modified": "2021-03-09T08:00:00", "id": "KB5000822", "href": "https://support.microsoft.com/en-us/help/5000822", "cvss": {"score": 5.1, "vector": "AV:N/AC:H/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-03-15T10:41:24", "description": "None\n**3/9/21** \n**IMPORTANT **As part of the end of support for Adobe Flash, KB4577586 is now available as an optional update from Windows Update (WU) and Windows Server Update Services (WSUS). Installing KB4577586 will remove Adobe Flash Player permanently from your Windows device. Once installed, you cannot uninstall KB4577586. For more details about Microsoft\u2019s plans, see [Update on Adobe Flash Player End of Support](<https://blogs.windows.com/msedgedev/2020/09/04/update-adobe-flash-end-support>).\n\n**11/19/20** \nFor information about Windows update terminology, see the article about the [types of Windows updates](<https://docs.microsoft.com/en-us/troubleshoot/windows-client/deployment/standard-terminology-software-updates>) and the [monthly quality update types](<https://techcommunity.microsoft.com/t5/windows-it-pro-blog/windows-10-update-servicing-cadence/ba-p/222376>). To view other notes and messages, see the Windows 10, version 1607 update history home page. \n\n## Highlights\n\n * Updates to improve security when Windows performs basic operations.\n * Updates to improve security when using input devices such as a mouse, keyboard, or pen.\n\n## Improvements and fixes\n\nThis security update includes quality improvements. Key changes include:\n\n * Updates the default values for the following Internet Explorer registry keys:\n * svcKBFWLink = \u201c \u201d (string with one empty space)\n * svcKBNumber = \u201c \u201d (string with one empty space)\n * svcUpdateVersion = 11.0.1000.\nIn addition, these values will no longer be updated automatically. \n * Address an issue that causes a system to stop working occasionally when users sign out or disconnect from remote sessions.\n * Addresses an issue with a heap leak that might cause **explorer.exe** to consume high amounts of memory.\n * Updates the Volgograd, Russia time zone from UTC+4 to UTC+3.\n * Adds a new time zone, UTC+2:00 Juba, for the Republic of South Sudan.\n * Addresses a race condition that causes PowerShell to stop working periodically and generates an Access Violation error. This issue occurs when you enable transcription on the system and run multiple PowerShell scripts simultaneously.\n * Addresses an issue that causes the sleep time defined in HKLM\\Software\\Microsoft\\AppV\\MAV\\Configuration\\MaxAttachWaitTimeInMilliseconds to be shorter than intended.\n * Addresses an issue in which a principal in a trusted MIT realm fails to obtain a Kerberos service ticket from Active Directory domain controllers (DC). This occurs on devices that installed Windows Updates that contain CVE-2020-17049 protections and configured PerfromTicketSignature to 1 or higher. These updates were released between November 10, 2020 and December 8, 2020. Ticket acquisition also fails with the error, \u201cKRB_GENERIC_ERROR\u201d, if callers submit a PAC-less Ticket Granting Ticket (TGT) as an evidence ticket without providing the USER_NO_AUTH_DATA_REQUIRED flag.\n * Addresses an issue with high memory usage when performing XSLT transforms using MSXLM6.\n * Addresses an issue in **spaceport.sys** that might cause stop error 0x7E.\n * Addresses an issue with evaluating the compatibility status of the Windows ecosystem to help ensure application and device compatibility for all updates to Windows.\n * Addresses an issue with security vulnerabilities identified by a security researcher. Because of these security vulnerabilities, this and all future Windows updates will no longer contain the [RemoteFX vGPU](<https://docs.microsoft.com/en-us/windows-server/virtualization/hyper-v/deploy/deploy-graphics-devices-using-remotefx-vgpu>) feature. For more information about the vulnerability and its removal, see [CVE-2020-1036](<https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2020-1036>) and [KB4570006](<https://support.microsoft.com/en-us/topic/update-to-disable-and-remove-the-remotefx-vgpu-component-in-windows-bbdf1531-7188-2bf4-0de6-641de79f09d2>). Secure vGPU alternatives are available using [Discrete Device Assignment (DDA)](<https://docs.microsoft.com/en-us/windows-server/virtualization/hyper-v/deploy/deploying-graphics-devices-using-dda>) in Windows Server LTSC releases (Windows Server 2016 and Windows Server 2019) and Windows Server SAC releases (Windows Server, version 1803 and later versions).\n * Addresses an issue that prevents you from specifying up to 255 columns when you use the Jet Text installable indexed sequential access method (IISAM) format.\n * Addresses an issue that causes Windows Back up using File History to stop working for a few users. This issue occurs after installing the February 9, 2021 update. The error message is, \u201cFailed to start the backup of user links (error 8007005)\u201d.\n * Security updates to Windows Apps, Windows Input and Composition, Windows Office Media, Windows Fundamentals, Windows AI Platform, Windows Hybrid Cloud Networking, the Windows Kernel, and Windows Media.\nIf you installed earlier updates, only the new fixes contained in this package will be downloaded and installed on your device.For more information about the resolved security vulnerabilities, please refer to the new [Security Update Guide](<https://msrc.microsoft.com/update-guide>) website.\n\n**Windows Update Improvements**Microsoft has released an update directly to the Windows Update client to improve reliability. Any device running Windows 10 configured to receive updates automatically from Windows Update, including Enterprise and Pro editions, will be offered the latest Windows 10 feature update based on device compatibility and Windows Update for Business deferral policy. This doesn't apply to long-term servicing editions.\n\n## Known issues in this update\n\nMicrosoft is not currently aware of any issues with this update.\n\n## How to get this update\n\n**Before installing this update**Microsoft strongly recommends you install the latest servicing stack update (SSU) for your operating system before installing the latest cumulative update (LCU). SSUs improve the reliability of the update process to mitigate potential issues while installing the LCU and applying Microsoft security fixes. For general information about SSUs, see [Servicing stack updates](<https://docs.microsoft.com/en-us/windows/deployment/update/servicing-stack-updates>) and Servicing Stack Updates (SSU): Frequently Asked Questions.If you are using Windows Update, the latest SSU (KB5001402) will be offered to you automatically. To get the standalone package for the latest SSU, search for it in the [Microsoft Update Catalog](<http://www.catalog.update.microsoft.com/home.aspx>). **Install this update****Release Channel**| **Available**| **Next Step** \n---|---|--- \nWindows Update and Microsoft Update| Yes| None. This update will be downloaded and installed automatically from Windows Update. \nMicrosoft Update Catalog| Yes| To get the standalone package for this update, go to the [Microsoft Update Catalog](<https://www.catalog.update.microsoft.com/Search.aspx?q=KB5001347>) website. \nWindows Server Update Services (WSUS)| Yes| This update will automatically sync with WSUS if you configure **Products and Classifications** as follows:**Product**: Windows 10**Classification**: Security Updates \n**File information**For a list of the files that are provided in this update, download the [file information for cumulative update 5001347](<https://download.microsoft.com/download/7/9/c/79cff94b-821b-4d24-ad68-5d2fb469aeb4/5001347.csv>). \n", "cvss3": {"exploitabilityScore": 2.3, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 9.0, "vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 6.0}, "published": "2021-04-13T07:00:00", "type": "mskb", "title": "April 13, 2021\u2014KB5001347 (OS Build 14393.4350)", "bulletinFamily": "microsoft", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.0, "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-1036", "CVE-2020-17049", "CVE-2021-28318"], "modified": "2021-04-13T07:00:00", "id": "KB5001347", "href": "https://support.microsoft.com/en-us/help/5001347", "cvss": {"score": 9.0, "vector": "AV:N/AC:L/Au:S/C:C/I:C/A:C"}}, {"lastseen": "2022-08-24T11:34:33", "description": "None\n**Important: **This release includes the Flash Removal Package. Taking this update will remove Adobe Flash from the device. For more information, see the [Update on Adobe Flash Player End of Support](<https://blogs.windows.com/msedgedev/2020/09/04/update-adobe-flash-end-support/>).\n\n**Important: **Windows 8.1 and Windows Server 2012 R2 have reached the end of mainstream support and are now in extended support. Starting in July 2020, there will no longer be optional, non-security releases (known as \"C\" releases) for this operating system. Operating systems in extended support have only cumulative monthly security updates (known as the \"B\" or Update Tuesday release). \n \nFor information about the various types of Windows updates, such as critical, security, driver, service packs, and so on, please see the following [article](<https://support.microsoft.com/help/824684>). To view other notes and messages, see the Windows 8.1 and Windows Server 2012 R2 update history [home page](<https://support.microsoft.com/help/4009470>).\n\n## **Improvements and fixes**\n\nThis security update includes quality improvements. Key changes include the following: \n\n * Adds Advanced Encryption Standard (AES) encryption protections for [CVE-2021-33757](<https://portal.msrc.microsoft.com/security-guidance/advisory/CVE-2021-33757>). For more information, see [KB5004605](<https://support.microsoft.com/help/5004605>).\n * Removes support for the **PerformTicketSignature** setting and permanently enables **Enforcement mode**. [For more information and additional steps to enable protection on domain controller servers, see Managing deployment of Kerberos S4U changes for CVE-2020-17049.](<https://support.microsoft.com/help/4598347>)\n * Security updates to Windows Apps, Windows Fundamentals, Windows Authentication, Windows Operating System Security, and Windows Graphics.\nFor more information about the resolved security vulnerabilities, please refer to the [Security Update Guide](<https://portal.msrc.microsoft.com/security-guidance>).\n\n## **Known issues in this update**\n\n**Symptom**| **Workaround** \n---|--- \nAfter installing updates released July 13, 2021 on domain controllers (DCs) in your environment, printers, scanners, and multifunction devices which are not compliant with section 3.2.1 of [RFC 4556 spec](<https://www.ietf.org/rfc/rfc4556.txt>), might fail to print when using smart-card (PIV) authentication.| For more information on this issue, please see [KB5005408 - Smart-card authentication might cause print and scan failures](<https://support.microsoft.com/help/5005408>). \nCertain operations, such as **rename**, that you perform on files or folders that are on a Cluster Shared Volume (CSV) may fail with the error, \u201cSTATUS_BAD_IMPERSONATION_LEVEL (0xC00000A5)\u201d. This occurs when you perform the operation on a CSV owner node from a process that doesn\u2019t have administrator privilege.| Do one of the following:\n\n * Perform the operation from a process that has administrator privilege.\n * Perform the operation from a node that doesn\u2019t have CSV ownership.\nMicrosoft is working on a resolution and will provide an update in an upcoming release. \n \n## **How to get this update**\n\n**Before installing this update**We strongly recommend that you install the latest servicing stack update (SSU) for your operating system before installing the latest Rollup. SSUs improve the reliability of the update process to mitigate potential issues while installing the Rollup and applying Microsoft security fixes. For general information about SSUs, see [Servicing stack updates](<https://docs.microsoft.com/en-us/windows/deployment/update/servicing-stack-updates>) and [Servicing Stack Updates (SSU): Frequently Asked Questions](<https://support.microsoft.com/help/4535697>).If you use Windows Update, the latest SSU ([KB5001403](<https://support.microsoft.com/help/5001403>)) will be offered to you automatically. To get the standalone package for the latest SSU, search for it in the [Microsoft Update Catalog](<http://www.catalog.update.microsoft.com/home.aspx>). **REMINDER** If you are using Security-only updates, you will also need to install all previous Security-only updates and the latest cumulative update for Internet Explorer ([KB5004233](<https://support.microsoft.com/help/5004233>)).**Install this update****Release Channel**| **Available**| **Next Step** \n---|---|--- \nWindows Update and Microsoft Update| No| See the other options below. \nMicrosoft Update Catalog| Yes| To get the standalone package for this update, go to the [Microsoft Update Catalog](<https://www.catalog.update.microsoft.com/Search.aspx?q=KB5004285>) website. \nWindows Server Update Services (WSUS)| Yes| This update will automatically sync with WSUS if you configure **Products and Classifications** as follows:**Product**: Windows 8.1, Windows Server 2012 R2, Windows Embedded 8.1 Industry Enterprise, Windows Embedded 8.1 Industry Pro**Classification**: Security Update \n \n## **File information**\n\nFor a list of the files that are provided in this update, download the [file information for update 5004285](<https://download.microsoft.com/download/4/8/e/48e7fb1b-c9ea-4fb6-9fa8-7bec0eba1512/5004285.csv>).\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-07-13T07:00:00", "type": "mskb", "title": "July 13, 2021\u2014KB5004285 (Security-only update)", "bulletinFamily": "microsoft", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.0, "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-17049", "CVE-2021-33757", "CVE-2021-34459"], "modified": "2021-07-13T07:00:00", "id": "KB5004285", "href": "https://support.microsoft.com/en-us/help/5004285", "cvss": {"score": 9.0, "vector": "AV:N/AC:L/Au:S/C:C/I:C/A:C"}}, {"lastseen": "2023-03-15T10:46:34", "description": "None\n**Important: **Windows 7 and Windows Server 2008 R2 have reached the end of mainstream support and are now in extended support. Starting in July 2020, there will no longer be optional, non-security releases (known as \"C\" releases) for this operating system. Operating systems in extended support have only cumulative monthly security updates (known as the \"B\" or Update Tuesday release). \n \nVerify that** **you have installed the required updates listed in the **How to get this update** section before installing this update. \n \nFor information about the various types of Windows updates, such as critical, security, driver, service packs, and so on, please see the following [article](<https://support.microsoft.com/help/824684>). To view other notes and messages, see the Windows 7 and Windows Server 2008 R2 update history [home page](<https://support.microsoft.com/help/4009469>).\n\n## **Improvements and fixes**\n\nThis security update includes improvements and fixes that were a part of update [KB5004953](<https://support.microsoft.com/help/5004953>) (released July 6, 2021) and addresses the following issues:\n\n * Addresses an issue in which 16-bit applications fail with an error message that indicates a general fault in VBRUN300.DLL.\n * Addresses an issue in which some EMFs built by using third-party applications that use **ExtCreatePen** and **ExtCreateFontIndirect** render incorrectly.\n * Adds Advanced Encryption Standard (AES) encryption protections for [CVE-2021-33757](<https://portal.msrc.microsoft.com/security-guidance/advisory/CVE-2021-33757>). For more information, see [KB5004605](<https://support.microsoft.com/help/5004605>).\n * Removes support for the **PerformTicketSignature** setting and permanently enables **Enforcement mode**. [For more information and additional steps to enable protection on domain controller servers, see Managing deployment of Kerberos S4U changes for CVE-2020-17049.](<https://support.microsoft.com/help/4598347>)\n * Security updates to Windows Apps, Windows Fundamentals, Windows Authentication, Windows Graphics, Microsoft Scripting Engine, Windows HTML Platforms, and Windows MSHTML Platform.\nFor more information about the resolved security vulnerabilities, please refer to the new [Security Update Guide](<https://msrc.microsoft.com/update-guide>) website.\n\n## **Known issues in this update**\n\n**Symptom **| **Workaround ** \n---|--- \nAfter installing updates released July 13, 2021 on domain controllers (DCs) in your environment, printers, scanners, and multifunction devices which are not compliant with section 3.2.1 of [RFC 4556 spec](<https://www.ietf.org/rfc/rfc4556.txt>), might fail to print when using smart-card (PIV) authentication.| For more information on this issue, please see [KB5005408 - Smart-card authentication might cause print and scan failures](<https://support.microsoft.com/help/5005408>). \nAfter installing this update and restarting your device, you might receive the error, \u201cFailure to configure Windows updates. Reverting Changes. Do not turn off your computer,\u201d and the update might show as **Failed** in **Update History**.| This is expected in the following circumstances:\n\n * If you are installing this update on a device that is running an edition that is not supported for ESU. For a complete list of which editions are supported, see [KB4497181](<https://support.microsoft.com/help/4497181>).\n * If you do not have an ESU MAK add-on key installed and activated.\nIf you have purchased an ESU key and have encountered this issue, please verify you have applied all prerequisites and that your key is activated. For information on activation, please see this [blog](<https://aka.ms/Windows7ESU>) post. For information on the prerequisites, see the \"How to get this update\" section of this article. \nCertain operations, such as **rename**, that you perform on files or folders that are on a Cluster Shared Volume (CSV) may fail with the error, \u201cSTATUS_BAD_IMPERSONATION_LEVEL (0xC00000A5)\u201d. This occurs when you perform the operation on a CSV owner node from a process that doesn\u2019t have administrator privilege.| Do one of the following: \n\n * Perform the operation from a process that has administrator privilege.\n * Perform the operation from a node that doesn\u2019t have CSV ownership.\nMicrosoft is working on a resolution and will provide an update in an upcoming release. \n \n## **How to get this update**\n\n**Before installing this update****IMPORTANT** Customers who have purchased the Extended Security Update (ESU) for on-premises versions of these operating systems must follow the procedures in [KB4522133](<https://support.microsoft.com/help/4522133>) to continue receiving security updates after extended support ends. Extended support ends as follows:\n\n * For Windows 7 Service Pack 1 and Windows Server 2008 R2 Service Pack 1, extended support ends on January 14, 2020.\n * For Windows Embedded Standard 7, extended support ends on October 13, 2020.\nFor more information about ESU and which editions are supported, see [KB4497181](<https://support.microsoft.com/help/4497181>).**Note** For Windows Embedded Standard 7, Windows Management Instrumentation (WMI) must be enabled to get updates from Windows Update or Windows Server Update Services.**Prerequisite:**You must install the updates listed below and **restart your device** before installing the latest Rollup. Installing these updates improves the reliability of the update process and mitigates potential issues while installing the Rollup and applying Microsoft security fixes.\n\n 1. The March 12, 2019 servicing stack update (SSU) ([KB4490628](<https://support.microsoft.com/help/4490628>)). To get the standalone package for this SSU, search for it in the [Microsoft Update Catalog](<http://www.catalog.update.microsoft.com/home.aspx>). This update is required to install updates that are only SHA-2 signed.\n 2. The latest SHA-2 update ([KB4474419](<https://support.microsoft.com/help/4474419>)) released September 10, 2019. If you are using Windows Update, the latest SHA-2 update will be offered to you automatically. This update is required to install updates that are only SHA-2 signed. For more information on SHA-2 updates, see [2019 SHA-2 Code Signing Support requirement for Windows and WSUS](<https://support.microsoft.com/help/4472027>).\n 3. For Windows Thin PC, you must have the August 11, 2020 SSU ([KB4570673](<https://support.microsoft.com/help/4570673>)) or a later SSU installed to make sure you continue to get the extended security updates starting with the October 13, 2020 updates.\n 4. To get this security update, you must reinstall the \"Extended Security Updates (ESU) Licensing Preparation Package\" ([KB4538483](<https://support.microsoft.com/help/4538483>)) or the \"Update for the Extended Security Updates (ESU) Licensing Preparation Package\" ([KB4575903](<https://support.microsoft.com/help/4575903>)) even if you previously installed the ESU key. The ESU licensing preparation package will be offered to you from WSUS. To get the standalone package for ESU licensing preparation package, search for it in the [Microsoft Update Catalog](<http://www.catalog.update.microsoft.com/home.aspx>).\nAfter you install the items above, we strongly recommend that you install the latest SSU ([KB5004378](<https://support.microsoft.com/help/5004378>)). If you are using Windows Update, the latest SSU will be offered to you automatically if you are an ESU customer. To get the standalone package for the latest SSU, search for it in the [Microsoft Update Catalog](<http://www.catalog.update.microsoft.com/home.aspx>). For general information about SSUs, see [Servicing stack updates](<https://docs.microsoft.com/en-us/windows/deployment/update/servicing-stack-updates>) and [Servicing Stack Updates (SSU): Frequently Asked Questions](<https://support.microsoft.com/help/4535697>).**Install this update****Release Channel**| **Available**| **Next Step** \n---|---|--- \nWindows Update and Microsoft Update| Yes| None. This update will be downloaded and installed automatically from Windows Update if you are an ESU customer. \nMicrosoft Update Catalog| Yes| To get the standalone package for this update, go to the [Microsoft Update Catalog](<https://www.catalog.update.microsoft.com/Search.aspx?q=KB5004289>) website. \nWindows Server Update Services (WSUS)| Yes| This update will automatically sync with WSUS if you configure **Products and Classifications** as follows:**Product**: Windows 7 Service Pack 1, Windows Server 2008 R2 Service Pack 1, Windows Embedded Standard 7 Service Pack 1, Windows Embedded POSReady 7, Windows Thin PC**Classification**: Security Updates \n \n## **File information**\n\nFor a list of the files that are provided in this update, download the [file information for update 5004289](<https://download.microsoft.com/download/b/2/9/b29d47d0-9fa7-4d8e-ad43-797c522305ac/5004289.csv>).\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-07-13T07:00:00", "type": "mskb", "title": "July 13, 2021\u2014KB5004289 (Monthly Rollup)", "bulletinFamily": "microsoft", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.0, "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-17049", "CVE-2021-33757", "CVE-2021-34496"], "modified": "2021-07-13T07:00:00", "id": "KB5004289", "href": "https://support.microsoft.com/en-us/help/5004289", "cvss": {"score": 9.0, "vector": "AV:N/AC:L/Au:S/C:C/I:C/A:C"}}, {"lastseen": "2022-08-24T11:34:35", "description": "None\n**Important: **Windows Server 2008 Service Pack 2 (SP2) has reached the end of mainstream support and are now in extended support. Starting in July 2020, there will no longer be optional, non-security releases (known as \"C\" releases) for this operating system. Operating systems in extended support have only cumulative monthly security updates (known as the \"B\" or Update Tuesday release). \n \nVerify that** **you have installed the required updates listed in the **How to get this update** section before installing this update. \n \nWSUS scan cab files will continue to be available for Windows Server 2008 SP2. If you have a subset of devices running this operating system without ESU, they might show as non-compliant in your patch management and compliance toolsets.\n\n## **Improvements and fixes**\n\nThis security update includes quality improvements. Key changes include the following: \n\n * Adds Advanced Encryption Standard (AES) encryption protections for [CVE-2021-33757](<https://portal.msrc.microsoft.com/security-guidance/advisory/CVE-2021-33757>). For more information, see [KB5004605](<https://support.microsoft.com/help/5004605>).\n * Removes support for the **PerformTicketSignature** setting and permanently enables **Enforcement mode**. [For more information and additional steps to enable protection on domain controller servers, see Managing deployment of Kerberos S4U changes for CVE-2020-17049.](<https://support.microsoft.com/help/4598347>)\n * Security updates to Windows Apps, Windows Fundamentals, Windows Authentication, and Windows Graphics.\nFor more information about the resolved security vulnerabilities, please refer to the new [Security Update Guide](<https://msrc.microsoft.com/update-guide>) website.\n\n## **Known issues in this update**\n\n**Symptom**| **Workaround** \n---|--- \nAfter installing updates released July 13, 2021 on domain controllers (DCs) in your environment, printers, scanners, and multifunction devices which are not compliant with section 3.2.1 of [RFC 4556 spec](<https://www.ietf.org/rfc/rfc4556.txt>), might fail to print when using smart-card (PIV) authentication.| For more information on this issue, please see [KB5005408 - Smart-card authentication might cause print and scan failures](<https://support.microsoft.com/help/5005408>). \nAfter installing this update and restarting your device, you might receive the error, \u201cFailure to configure Windows updates. Reverting Changes. Do not turn off your computer\u201d, and the update might show as **Failed** in **Update History**.| This is expected in the following circumstances:\n\n * If you are installing this update on a device that is running an edition that is not supported for ESU. For a complete list of which editions are supported, see [KB4497181](<https://support.microsoft.com/help/4497181>).\n * If you do not have an ESU MAK add-on key installed and activated.\nIf you have purchased an ESU key and have encountered this issue, please verify you have applied all prerequisites and that your key is activated. For information on activation, please see this [blog](<https://aka.ms/Windows7ESU>) post. For information on the prerequisites, see the \"How to get this update\" section of this article. \nCertain operations, such as **rename**, that you perform on files or folders that are on a Cluster Shared Volume (CSV) may fail with the error, \u201cSTATUS_BAD_IMPERSONATION_LEVEL (0xC00000A5)\u201d. This occurs when you perform the operation on a CSV owner node from a process that doesn\u2019t have administrator privilege.| Do one of the following:\n\n * Perform the operation from a process that has administrator privilege.\n * Perform the operation from a node that doesn\u2019t have CSV ownership.\nMicrosoft is working on a resolution and will provide an update in an upcoming release. \n \n## **How to get this update**\n\n**Before installing this update****IMPORTANT** Customers who have purchased the [Extended Security Update (ESU)](<https://www.microsoft.com/en-us/cloud-platform/extended-security-updates>) for on-premises versions of this OS must follow the procedures in [KB4522133](<https://support.microsoft.com/help/4522133>) to continue receiving security updates after extended support ends on January 14, 2020.For more information on ESU and which editions are supported, see [KB4497181](<https://support.microsoft.com/help/4497181>).**Prerequisite:**You must install the updates listed below and **restart your device** before installing the latest Rollup. Installing these updates improves the reliability of the update process and mitigates potential issues while installing the Rollup and applying Microsoft security fixes.\n\n 1. The April 9, 2019 servicing stack update (SSU) ([KB4493730](<https://support.microsoft.com/help/4493730>)). To get the standalone package for this SSU, search for it in the [Microsoft Update Catalog](<http://www.catalog.update.microsoft.com/home.aspx>). This update is required to install updates that are only SHA-2 signed.\n 2. The latest SHA-2 update ([KB4474419](<https://support.microsoft.com/help/4474419>)) released October 8, 2019. If you are using Windows Update, the latest SHA-2 update will be offered to you automatically. This update is required to install updates that are only SHA-2 signed. For more information on SHA-2 updates, see [2019 SHA-2 Code Signing Support requirement for Windows and WSUS](<https://support.microsoft.com/help/4472027>).\n 3. The Extended Security Updates (ESU) Licensing Preparation Package ([KB4538484](<https://support.microsoft.com/help/4538484>)) or the Update for the Extended Security Updates (ESU) Licensing Preparation Package ([KB4575904](<https://support.microsoft.com/help/4575904>)). The ESU licensing preparation package will be offered to you from WSUS. To get the standalone package for ESU licensing preparation package, search for it in the [Microsoft Update Catalog](<http://www.catalog.update.microsoft.com/home.aspx>).\nAfter installing the items above, we strongly recommend that you install the latest SSU ([KB4580971](<https://support.microsoft.com/help/4580971>)). If you are using Windows Update, the latest SSU will be offered to you automatically if you are an ESU customer. To get the standalone package for the latest SSU, search for it in the [Microsoft Update Catalog](<http://www.catalog.update.microsoft.com/home.aspx>). For general information about SSUs, see [Servicing stack updates](<https://docs.microsoft.com/en-us/windows/deployment/update/servicing-stack-updates>) and [Servicing Stack Updates (SSU): Frequently Asked Questions](<https://support.microsoft.com/help/4535697>).**REMINDER** If you are using Security-only updates, you will also need to install all previous Security-only updates and the latest cumulative update for Internet Explorer ([KB5004233](<https://support.microsoft.com/help/5004233>)).**Install this update****Release Channel**| **Available**| **Next Step** \n---|---|--- \nWindows Update and Microsoft Update| No| See the other options below. \nMicrosoft Update Catalog| Yes| To get the standalone package for this update, go to the [Microsoft Update Catalog](<https://www.catalog.update.microsoft.com/Search.aspx?q=KB5004299>) website. \nWindows Server Update Services (WSUS)| Yes| This update will automatically sync with WSUS if you configure **Products and Classifications** as follows:**Product**: Windows Server 2008 Service Pack 2**Classification**: Security Updates \n \n## **File information**\n\nFor a list of the files that are provided in this update, download the [file information for update 5004299](<https://download.microsoft.com/download/3/f/c/3fccfcfa-da17-4e5d-8016-e3fae8dde731/5004299.csv>).\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-07-13T07:00:00", "type": "mskb", "title": "July 13, 2021\u2014KB5004299 (Security-only update)", "bulletinFamily": "microsoft", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.0, "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-17049", "CVE-2021-33757", "CVE-2021-34444"], "modified": "2021-07-13T07:00:00", "id": "KB5004299", "href": "https://support.microsoft.com/en-us/help/5004299", "cvss": {"score": 9.0, "vector": "AV:N/AC:L/Au:S/C:C/I:C/A:C"}}, {"lastseen": "2022-08-24T11:34:35", "description": "None\n**Important: **This release includes the Flash Removal Package. Taking this update will remove Adobe Flash from the device. For more information, see the [Update on Adobe Flash Player End of Support](<https://blogs.windows.com/msedgedev/2020/09/04/update-adobe-flash-end-support/>).\n\n**Important: **Windows Server 2012 has reached the end of mainstream support and is now in extended support. Starting in July 2020, there will no longer be optional releases (known as \"C\" or \"D\" releases) for this operating system. Operating systems in extended support have only cumulative monthly security updates (known as the \"B\" or Update Tuesday release). \n \nVerify that** **you have installed the required updates listed in the **How to get this update** section before installing this update. \n \nFor information about the various types of Windows updates, such as critical, security, driver, service packs, and so on, please see the following [article](<https://support.microsoft.com/help/824684>). To view other notes and messages, see the Windows Server 2012 update history [home page](<https://support.microsoft.com/help/4009471>).\n\n## **Improvements and fixes**\n\nThis security update includes quality improvements. Key changes include the following: \n\n * Adds Advanced Encryption Standard (AES) encryption protections for [CVE-2021-33757](<https://portal.msrc.microsoft.com/security-guidance/advisory/CVE-2021-33757>). For more information, see [KB5004605](<https://support.microsoft.com/help/5004605>).\n * Removes support for the **PerformTicketSignature** setting and permanently enables **Enforcement mode**. [For more information and additional steps to enable protection on domain controller servers, see Managing deployment of Kerberos S4U changes for CVE-2020-17049.](<https://support.microsoft.com/help/4598347>)\n * Security updates to Windows Apps, Windows Fundamentals, Windows Authentication, Windows Operating System Security, and Windows Graphics.\nFor more information about the resolved security vulnerabilities, please refer to the [Security Update Guide](<https://portal.msrc.microsoft.com/security-guidance>).\n\n## **Known issues in this update**\n\n**Symptom**| **Workaround** \n---|--- \nAfter installing updates released July 13, 2021 on domain controllers (DCs) in your environment, printers, scanners, and multifunction devices which are not compliant with section 3.2.1 of [RFC 4556 spec](<https://www.ietf.org/rfc/rfc4556.txt>), might fail to print when using smart-card (PIV) authentication.| For more information on this issue, please see [KB5005408 - Smart-card authentication might cause print and scan failures](<https://support.microsoft.com/help/5005408>). \nCertain operations, such as **rename**, that you perform on files or folders that are on a Cluster Shared Volume (CSV) may fail with the error, \u201cSTATUS_BAD_IMPERSONATION_LEVEL (0xC00000A5)\u201d. This occurs when you perform the operation on a CSV owner node from a process that doesn\u2019t have administrator privilege.| Do one of the following:\n\n * Perform the operation from a process that has administrator privilege.\n * Perform the operation from a node that doesn\u2019t have CSV ownership.\nMicrosoft is working on a resolution and will provide an update in an upcoming release. \n \n## **How to get this update**\n\n**Before installing this update**We strongly recommend that you install the latest servicing stack update (SSU) for your operating system before installing the latest Rollup. SSUs improve the reliability of the update process to mitigate potential issues while installing the Rollup and applying Microsoft security fixes. For general information about SSUs, see [Servicing stack updates](<https://docs.microsoft.com/en-us/windows/deployment/update/servicing-stack-updates>) and [Servicing Stack Updates (SSU): Frequently Asked Questions](<https://support.microsoft.com/help/4535697>).If you use Windows Update, the latest SSU ([KB5001401](<https://support.microsoft.com/help/5001401>)) will be offered to you automatically. To get the standalone package for the latest SSU, search for it in the [Microsoft Update Catalog](<http://www.catalog.update.microsoft.com/home.aspx>). **REMINDER** If you are using Security-only updates, you will also need to install all previous Security-only updates and the latest cumulative update for Internet Explorer ([KB5004233](<https://support.microsoft.com/help/5004233>)).**Install this update****Release Channel**| **Available**| **Next Step** \n---|---|--- \nWindows Update and Microsoft Update| No| See the other options below. \nMicrosoft Update Catalog| Yes| To get the standalone package for this update, go to the [Microsoft Update Catalog](<https://www.catalog.update.microsoft.com/Search.aspx?q=KB5004302>) website. \nWindows Server Update Services (WSUS)| Yes| This update will automatically sync with WSUS if you configure **Products and Classifications** as follows:**Product**: Windows Server 2012, Windows Embedded 8 Standard**Classification**: Security Update \n \n## **File information**\n\nFor a list of the files that are provided in this update, download the [file information for update 5004302](<https://download.microsoft.com/download/d/2/1/d21b72bd-7f99-4ec8-b5d1-413e18c923ae/5004302.csv>).\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-07-13T07:00:00", "type": "mskb", "title": "July 13, 2021\u2014KB5004302 (Security-only update)", "bulletinFamily": "microsoft", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.0, "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-17049", "CVE-2021-33757", "CVE-2021-34459"], "modified": "2021-07-13T07:00:00", "id": "KB5004302", "href": "https://support.microsoft.com/en-us/help/5004302", "cvss": {"score": 9.0, "vector": "AV:N/AC:L/Au:S/C:C/I:C/A:C"}}, {"lastseen": "2023-03-15T10:46:36", "description": "None\n**Important: **Windows Server 2008 Service Pack 2 (SP2) has reached the end of mainstream support and is now in extended support. Starting in July 2020, there will no longer be optional, non-security releases (known as \"C\" releases) for this operating system. Operating systems in extended support have only cumulative monthly security updates (known as the \"B\" or Update Tuesday release). \n \nVerify that** **you have installed the required updates listed in the **How to get this update** section before installing this update. \n \nFor information about the various types of Windows updates, such as critical, security, driver, service packs, and so on, please see the following [article](<https://support.microsoft.com/help/824684>). To view other notes and messages, see the Windows Server 2008 Service Pack 2 update history [home page](<https://support.microsoft.com/help/4343218>).\n\n## **Improvements and fixes**\n\nThis security update includes improvements and fixes that were a part of update [KB5004955](<https://support.microsoft.com/help/5004955>) (released July 6, 2021) and addresses the following issues: \n\n * Addresses an issue in which some EMFs built by using third-party applications that use **ExtCreatePen** and **ExtCreateFontIndirect** render incorrectly.\n * Adds Advanced Encryption Standard (AES) encryption protections for [CVE-2021-33757](<https://portal.msrc.microsoft.com/security-guidance/advisory/CVE-2021-33757>). For more information, see [KB5004605](<https://support.microsoft.com/help/5004605>).\n * Removes support for the **PerformTicketSignature** setting and permanently enables **Enforcement mode**. [For more information and additional steps to enable protection on domain controller servers, see Managing deployment of Kerberos S4U changes for CVE-2020-17049.](<https://support.microsoft.com/help/4598347>)\n * Security updates to Windows Apps, Windows Fundamentals, Windows Authentication, Windows Graphics, Windows HTML Platforms, and Windows MSHTML Platform.\nFor more information about the resolved security vulnerabilities, please refer to the new [Security Update Guide](<https://msrc.microsoft.com/update-guide>) website.\n\n## **Known issues in this update**\n\n**Symptom**| **Workaround** \n---|--- \nAfter installing updates released July 13, 2021 on domain controllers (DCs) in your environment, printers, scanners, and multifunction devices which are not compliant with section 3.2.1 of [RFC 4556 spec](<https://www.ietf.org/rfc/rfc4556.txt>), might fail to print when using smart-card (PIV) authentication.| For more information on this issue, please see [KB5005408 - Smart-card authentication might cause print and scan failures](<https://support.microsoft.com/help/5005408>). \nAfter installing this update and restarting your device, you might receive the error, \u201cFailure to configure Windows updates. Reverting Changes. Do not turn off your computer\u201d, and the update might show as **Failed** in **Update History**.| This is expected in the following circumstances:\n\n * If you are installing this update on a device that is running an edition that is not supported for ESU. For a complete list of which editions are supported, see [KB4497181](<https://support.microsoft.com/help/4497181>).\n * If you do not have an ESU MAK add-on key installed and activated.\nIf you have purchased an ESU key and have encountered this issue, please verify you have applied all prerequisites and that your key is activated. For information on activation, please see this [blog](<https://aka.ms/Windows7ESU>) post. For information on the prerequisites, see the \"How to get this update\" section of this article. \nCertain operations, such as **rename**, that you perform on files or folders that are on a Cluster Shared Volume (CSV) may fail with the error, \u201cSTATUS_BAD_IMPERSONATION_LEVEL (0xC00000A5)\u201d. This occurs when you perform the operation on a CSV owner node from a process that doesn\u2019t have administrator privilege.| Do one of the following:\n\n * Perform the operation from a process that has administrator privilege.\n * Perform the operation from a node that doesn\u2019t have CSV ownership.\nMicrosoft is working on a resolution and will provide an update in an upcoming release. \n \n## **How to get this update**\n\n**Before installing this update****IMPORTANT** Customers who have purchased the Extended Security Update (ESU) for on-premises versions of these operating systems must follow the procedures in [KB4522133](<https://support.microsoft.com/help/4522133>) to continue receiving security updates after extended support ends on January 14, 2020.For more information about ESU and which editions are supported, see [KB4497181](<https://support.microsoft.com/help/4497181>).**Prerequisite:**You must install the updates listed below and **restart your device** before installing the latest Rollup. Installing these updates improves the reliability of the update process and mitigates potential issues while installing the Rollup and applying Microsoft security fixes.\n\n 1. The April 9, 2019 servicing stack update (SSU) ([KB4493730](<https://support.microsoft.com/help/4493730>)). To get the standalone package for this SSU, search for it in the [Microsoft Update Catalog](<http://www.catalog.update.microsoft.com/home.aspx>). This update is required to install updates that are only SHA-2 signed.\n 2. The latest SHA-2 update ([KB4474419](<https://support.microsoft.com/help/4474419>)) released October 8, 2019. If you are using Windows Update, the latest SHA-2 update will be offered to you automatically. This update is required to install updates that are only SHA-2 signed. For more information on SHA-2 updates, see [2019 SHA-2 Code Signing Support requirement for Windows and WSUS](<https://support.microsoft.com/help/4472027>).\n 3. The Extended Security Updates (ESU) Licensing Preparation Package ([KB4538484](<https://support.microsoft.com/help/4538484>)) or the Update for the Extended Security Updates (ESU) Licensing Preparation Package ([KB4575904](<https://support.microsoft.com/help/4575904>)). The ESU licensing preparation package will be offered to you from WSUS. To get the standalone package for ESU licensing preparation package, search for it in the [Microsoft Update Catalog](<http://www.catalog.update.microsoft.com/home.aspx>).\nAfter installing the items above, Microsoft strongly recommends that you install the latest SSU ([KB4580971](<https://support.microsoft.com/help/4580971>)). If you are using Windows Update, the latest SSU will be offered to you automatically if you are an ESU customer. To get the standalone package for the latest SSU, search for it in the [Microsoft Update Catalog](<http://www.catalog.update.microsoft.com/home.aspx>). For general information about SSUs, see [Servicing stack updates](<https://docs.microsoft.com/en-us/windows/deployment/update/servicing-stack-updates>) and [Servicing Stack Updates (SSU): Frequently Asked Questions](<https://support.microsoft.com/help/4535697>).**Install this update****Release Channel**| **Available**| **Next Step** \n---|---|--- \nWindows Update and Microsoft Update| Yes| None. This update will be downloaded and installed automatically from Windows Update if you are an ESU customer. \nMicrosoft Update Catalog| Yes| To get the standalone package for this update, go to the [Microsoft Update Catalog](<https://www.catalog.update.microsoft.com/Search.aspx?q=KB5004305>) website. \nWindows Server Update Services (WSUS)| Yes| This update will automatically sync with WSUS if you configure **Products and Classifications** as follows:**Product**: Windows Server 2008 Service Pack 2**Classification**: Security Updates \n \n## **File information**\n\nFor a list of the files that are provided in this update, download the [file information for update 5004305](<https://download.microsoft.com/download/f/9/7/f978ea6e-6cd9-4e04-bbd4-c9b1d1372586/5004305.csv>).\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-07-13T07:00:00", "type": "mskb", "title": "July 13, 2021\u2014KB5004305 (Monthly Rollup)", "bulletinFamily": "microsoft", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.0, "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-17049", "CVE-2021-33757", "CVE-2021-34444"], "modified": "2021-07-13T07:00:00", "id": "KB5004305", "href": "https://support.microsoft.com/en-us/help/5004305", "cvss": {"score": 9.0, "vector": "AV:N/AC:L/Au:S/C:C/I:C/A:C"}}, {"lastseen": "2022-08-24T11:34:36", "description": "None\n**Important: **Windows 7 and Windows Server 2008 R2 have reached the end of mainstream support and are now in extended support. Starting in July 2020, there will no longer be optional, non-security releases (known as \"C\" releases) for this operating system. Operating systems in extended support have only cumulative monthly security updates (known as the \"B\" or Update Tuesday release). \n \nVerify that** **you have installed the required updates listed in the **How to get this update** section before installing this update. \n \nFor information about the various types of Windows updates, such as critical, security, driver, service packs, and so on, please see the following [article](<https://support.microsoft.com/help/824684>). To view other notes and messages, see the Windows 7 and Windows Server 2008 R2 update history [home page](<https://support.microsoft.com/help/4009469>).\n\n## **Improvements and fixes**\n\nThis security update includes quality improvements. Key changes include the following:\n\n * Adds Advanced Encryption Standard (AES) encryption protections for [CVE-2021-33757](<https://portal.msrc.microsoft.com/security-guidance/advisory/CVE-2021-33757>). For more information, see [KB5004605](<https://support.microsoft.com/help/5004605>).\n * Removes support for the **PerformTicketSignature** setting and permanently enables **Enforcement mode**. [For more information and additional steps to enable protection on domain controller servers, see Managing deployment of Kerberos S4U changes for CVE-2020-17049.](<https://support.microsoft.com/help/4598347>)\n * Security updates to Windows Apps, Windows Fundamentals, Windows Authentication, and Windows Graphics.\nFor more information about the resolved security vulnerabilities, please refer to the new [Security Update Guide](<https://msrc.microsoft.com/update-guide>) website.\n\n## **Known issues in this update**\n\n**Symptom**| **Workaround** \n---|--- \nAfter installing updates released July 13, 2021 on domain controllers (DCs) in your environment, printers, scanners, and multifunction devices which are not compliant with section 3.2.1 of [RFC 4556 spec](<https://www.ietf.org/rfc/rfc4556.txt>), might fail to print when using smart-card (PIV) authentication.| For more information on this issue, please see [KB5005408 - Smart-card authentication might cause print and scan failures](<https://support.microsoft.com/help/5005408>). \nAfter installing this update and restarting your device, you might receive the error, \u201cFailure to configure Windows updates. Reverting Changes. Do not turn off your computer,\u201d and the update might show as **Failed** in **Update History**.| This is expected in the following circumstances:\n\n * If you are installing this update on a device that is running an edition that is not supported for ESU. For a complete list of which editions are supported, see [KB4497181](<https://support.microsoft.com/help/4497181>).\n * If you do not have an ESU MAK add-on key installed and activated.\nIf you have purchased an ESU key and have encountered this issue, please verify you have applied all prerequisites and that your key is activated. For information on activation, please see this [blog](<https://aka.ms/Windows7ESU>) post. For information on the prerequisites, see the \"How to get this update\" section of this article. \nCertain operations, such as **rename**, that you perform on files or folders that are on a Cluster Shared Volume (CSV) may fail with the error, \u201cSTATUS_BAD_IMPERSONATION_LEVEL (0xC00000A5)\u201d. This occurs when you perform the operation on a CSV owner node from a process that doesn\u2019t have administrator privilege.| Do one of the following:\n\n * Perform the operation from a process that has administrator privilege.\n * Perform the operation from a node that doesn\u2019t have CSV ownership.\nMicrosoft is working on a resolution and will provide an update in an upcoming release. \n \n## **How to get this update**\n\n**Before installing this update****IMPORTANT** Customers who have purchased the Extended Security Update (ESU) for on-premises versions of these operating systems must follow the procedures in [KB4522133](<https://support.microsoft.com/help/4522133>) to continue receiving security updates after extended support ends. Extended support ends as follows:\n\n * For Windows 7 Service Pack 1 and Windows Server 2008 R2 Service Pack 1, extended support ends on January 14, 2020.\n * For Windows Embedded Standard 7, extended support ends on October 13, 2020.\nFor more information about ESU and which editions are supported, see [KB4497181](<https://support.microsoft.com/help/4497181>).**Note** For Windows Embedded Standard 7, Windows Management Instrumentation (WMI) must be enabled to get updates from Windows Update or Windows Server Update Services.**Prerequisite:**You must install the updates listed below and **restart your device** before installing the latest Rollup. Installing these updates improves the reliability of the update process and mitigates potential issues while installing the Rollup and applying Microsoft security fixes.\n\n 1. The March 12, 2019 servicing stack update (SSU) ([KB4490628](<https://support.microsoft.com/help/4490628>)). To get the standalone package for this SSU, search for it in the [Microsoft Update Catalog](<http://www.catalog.update.microsoft.com/home.aspx>). This update is required to install updates that are only SHA-2 signed.\n 2. The latest SHA-2 update ([KB4474419](<https://support.microsoft.com/help/4474419>)) released September 10, 2019. If you are using Windows Update, the latest SHA-2 update will be offered to you automatically. This update is required to install updates that are only SHA-2 signed. For more information on SHA-2 updates, see [2019 SHA-2 Code Signing Support requirement for Windows and WSUS](<https://support.microsoft.com/help/4472027>).\n 3. For Windows Thin PC, you must have the August 11, 2020 SSU ([KB4570673](<https://support.microsoft.com/help/4570673>)) or a later SSU installed to make sure you continue to get the extended security updates starting with the October 13, 2020 updates.\n 4. To get this security update, you must reinstall the \"Extended Security Updates (ESU) Licensing Preparation Package\" ([KB4538483](<https://support.microsoft.com/help/4538483>)) or the \"Update for the Extended Security Updates (ESU) Licensing Preparation Package\" ([KB4575903](<https://support.microsoft.com/help/4575903>)) even if you previously installed the ESU key. The ESU licensing preparation package will be offered to you from WSUS. To get the standalone package for ESU licensing preparation package, search for it in the [Microsoft Update Catalog](<http://www.catalog.update.microsoft.com/home.aspx>).\nAfter installing the items above, Microsoft strongly recommends that you install the latest SSU ([KB5004378](<https://support.microsoft.com/help/5004378>)). If you are using Windows Update, the latest SSU will be offered to you automatically if you are an ESU customer. To get the standalone package for the latest SSU, search for it in the [Microsoft Update Catalog](<http://www.catalog.update.microsoft.com/home.aspx>). For general information about SSUs, see [Servicing stack updates](<https://docs.microsoft.com/en-us/windows/deployment/update/servicing-stack-updates>) and [Servicing Stack Updates (SSU): Frequently Asked Questions](<https://support.microsoft.com/help/4535697>).**REMINDER** If you are using Security-only updates, you will also need to install all previous Security-only updates and the latest cumulative update for Internet Explorer ([KB5004233](<https://support.microsoft.com/help/5004233>)).**Install this update****Release Channel**| **Available**| **Next Step** \n---|---|--- \nWindows Update and Microsoft Update| No| See the other options below. \nMicrosoft Update Catalog| Yes| To get the standalone package for this update, go to the [Microsoft Update Catalog](<https://www.catalog.update.microsoft.com/Search.aspx?q=KB5004307>) website. \nWindows Server Update Services (WSUS)| Yes| This update will automatically sync with WSUS if you configure **Products and Classifications** as follows:**Product**: Windows 7 Service Pack 1, Windows Server 2008 R2 Service Pack 1, Windows Embedded Standard 7 Service Pack 1, Windows Embedded POSReady 7, Windows Thin PC**Classification**: Security Updates \n \n## **File information**\n\nFor a list of the files that are provided in this update, download the [file information for update 5004307](<https://download.microsoft.com/download/4/2/0/4203a9dd-0925-47f8-a58e-27ede44ff81a/5004307.csv>).\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-07-13T07:00:00", "type": "mskb", "title": "July 13, 2021\u2014KB5004307 (Security-only update)", "bulletinFamily": "microsoft", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.0, "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-17049", "CVE-2021-33757", "CVE-2021-34496"], "modified": "2021-07-13T07:00:00", "id": "KB5004307", "href": "https://support.microsoft.com/en-us/help/5004307", "cvss": {"score": 9.0, "vector": "AV:N/AC:L/Au:S/C:C/I:C/A:C"}}, {"lastseen": "2023-03-15T10:46:34", "description": "None\n**Important: **This release includes the Flash Removal Package. Taking this update will remove Adobe Flash from the device. For more information, see the [Update on Adobe Flash Player End of Support](<https://blogs.windows.com/msedgedev/2020/09/04/update-adobe-flash-end-support/>).\n\n**Important: **Windows Server 2012 has reached the end of mainstream support and is now in extended support. Starting in July 2020, there will no longer be optional releases (known as \"C\" or \"D\" releases) for this operating system. Operating systems in extended support have only cumulative monthly security updates (known as the \"B\" or Update Tuesday release). \n \nVerify that** **you have installed the required updates listed in the **How to get this update** section before installing this update. \n \nFor information about the various types of Windows updates, such as critical, security, driver, service packs, and so on, please see the following [article](<https://support.microsoft.com/help/824684>). To view other notes and messages, see the Windows Server 2012 update history [home page](<https://support.microsoft.com/help/4009471>).\n\n## **Improvements and fixes**\n\nThis security update includes improvements and fixes that were a part of update [KB5004956](<https://support.microsoft.com/help/5004956>) (released July 6, 2021) and addresses the following issues: \n\n * Addresses an issue in which 16-bit applications fail with an error message that states a general fault in VBRUN300.DLL.\n * Addresses an issue in which some EMFs built by using third-party applications that use **ExtCreatePen** and **ExtCreateFontIndirect** render incorrectly.\n * Adds Advanced Encryption Standard (AES) encryption protections for [CVE-2021-33757](<https://portal.msrc.microsoft.com/security-guidance/advisory/CVE-2021-33757>). For more information, see [KB5004605](<https://support.microsoft.com/help/5004605>).\n * Removes support for the **PerformTicketSignature** setting and permanently enables **Enforcement mode**. [For more information and additional steps to enable protection on domain controller servers, see Managing deployment of Kerberos S4U changes for CVE-2020-17049.](<https://support.microsoft.com/help/4598347>)\n * Security updates to Windows Apps, Windows Fundamentals, Windows Authentication, Windows Operating System Security, Windows Graphics, Microsoft Scripting Engine, Windows HTML Platforms, and Windows MSHTML Platform.\nFor more information about the resolved security vulnerabilities, please refer to the new [Security Update Guide](<https://msrc.microsoft.com/update-guide>) website.\n\n## **Known issues in this update**\n\n**Symptom**| **Workaround** \n---|--- \nAfter installing updates released July 13, 2021 on domain controllers (DCs) in your environment, printers, scanners, and multifunction devices which are not compliant with section 3.2.1 of [RFC 4556 spec](<https://www.ietf.org/rfc/rfc4556.txt>), might fail to print when using smart-card (PIV) authentication.| For more information on this issue, please see [KB5005408 - Smart-card authentication might cause print and scan failures](<https://support.microsoft.com/help/5005408>). \nCertain operations, such as **rename**, that you perform on files or folders that are on a Cluster Shared Volume (CSV) may fail with the error, \u201cSTATUS_BAD_IMPERSONATION_LEVEL (0xC00000A5)\u201d. This occurs when you perform the operation on a CSV owner node from a process that doesn\u2019t have administrator privilege.| Do one of the following:\n\n * Perform the operation from a process that has administrator privilege.\n * Perform the operation from a node that doesn\u2019t have CSV ownership.\nMicrosoft is working on a resolution and will provide an update in an upcoming release. \n \n## **How to get this update**\n\n**Before installing this update**We strongly recommend that you install the latest servicing stack update (SSU) for your operating system before installing the latest Rollup. SSUs improve the reliability of the update process to mitigate potential issues while installing the Rollup and applying Microsoft security fixes. For general information about SSUs, see [Servicing stack updates](<https://docs.microsoft.com/en-us/windows/deployment/update/servicing-stack-updates>) and [Servicing Stack Updates (SSU): Frequently Asked Questions](<https://support.microsoft.com/help/4535697>).If you use Windows Update, the latest SSU ([KB5001401](<https://support.microsoft.com/help/5001401>)) will be offered to you automatically. To get the standalone package for the latest SSU, search for it in the [Microsoft Update Catalog](<http://www.catalog.update.microsoft.com/home.aspx>). **Install this update****Release Channel**| **Available**| **Next Step** \n---|---|--- \nWindows Update and Microsoft Update| Yes| None. This update will be downloaded and installed automatically from Windows Update. \nMicrosoft Update Catalog| Yes| To get the standalone package for this update, go to the [Microsoft Update Catalog](<https://www.catalog.update.microsoft.com/Search.aspx?q=KB5004294>) website. \nWindows Server Update Services (WSUS)| Yes| This update will automatically sync with WSUS if you configure **Products and Classifications** as follows:**Product**: Windows Server 2012, Windows Embedded 8 Standard**Classification**: Security Updates \n \n## **File information**\n\nFor a list of the files that are provided in this update, download the [file information for update 5004294](<https://download.microsoft.com/download/d/d/8/dd8d3ce0-52b3-4c5c-a23c-4db4f85de1a8/5004294.csv>). \n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-07-13T07:00:00", "type": "mskb", "title": "July 13, 2021\u2014KB5004294 (Monthly Rollup)", "bulletinFamily": "microsoft", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.0, "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-17049", "CVE-2021-33757", "CVE-2021-34459"], "modified": "2021-07-13T07:00:00", "id": "KB5004294", "href": "https://support.microsoft.com/en-us/help/5004294", "cvss": {"score": 9.0, "vector": "AV:N/AC:L/Au:S/C:C/I:C/A:C"}}, {"lastseen": "2023-03-15T10:46:34", "description": "None\n**Important: **This release includes the Flash Removal Package. Taking this update will remove Adobe Flash from the device. For more information, see the [Update on Adobe Flash Player End of Support](<https://blogs.windows.com/msedgedev/2020/09/04/update-adobe-flash-end-support/>).\n\n**Important: **Windows 8.1 and Windows Server 2012 R2 have reached the end of mainstream support and are now in extended support. Starting in July 2020, there will no longer be optional, non-security releases (known as \"C\" releases) for this operating system. Operating systems in extended support have only cumulative monthly security updates (known as the \"B\" or Update Tuesday release). \n \nFor information about the various types of Windows updates, such as critical, security, driver, service packs, and so on, please see the following [article](<https://support.microsoft.com/help/824684>). To view other notes and messages, see the Windows 8.1 and Windows Server 2012 R2 update history [home page](<https://support.microsoft.com/help/4009470>).\n\n## **Improvements and fixes**\n\nThis security update includes improvements and fixes that were a part of update [KB5004954](<https://support.microsoft.com/help/5004954>) (released July 6, 2021) and addresses the following issues:\n\n * Addresses an issue in which 16-bit applications fail with an error message that states a general fault in VBRUN300.DLL.\n * Addresses an issue in which some EMFs built by using third-party applications that use **ExtCreatePen** and **ExtCreateFontIndirect** render incorrectly.\n * Adds Advanced Encryption Standard (AES) encryption protections for [CVE-2021-33757](<https://portal.msrc.microsoft.com/security-guidance/advisory/CVE-2021-33757>). For more information, see [KB5004605](<https://support.microsoft.com/help/5004605>).\n * Removes support for the **PerformTicketSignature** setting and permanently enables **Enforcement mode**. [For more information and additional steps to enable protection on domain controller servers, see Managing deployment of Kerberos S4U changes for CVE-2020-17049. ](<https://support.microsoft.com/help/4598347>)\n * Security updates to Windows Apps, Windows Fundamentals, Windows Authentication, Windows Operating System Security, Windows Graphics, Microsoft Scripting Engine, Windows HTML Platforms, and Windows MSHTML Platform.\nFor more information about the resolved security vulnerabilities, please refer to the new [Security Update Guide](<https://msrc.microsoft.com/update-guide>) website.\n\n## **Known issues in this update**\n\n**Symptom**| **Workaround** \n---|--- \nAfter installing updates released July 13, 2021 on domain controllers (DCs) in your environment, printers, scanners, and multifunction devices which are not compliant with section 3.2.1 of [RFC 4556 spec](<https://www.ietf.org/rfc/rfc4556.txt>), might fail to print when using smart-card (PIV) authentication.| For more information on this issue, please see [KB5005408 - Smart-card authentication might cause print and scan failures](<https://support.microsoft.com/help/5005408>). \nCertain operations, such as **rename**, that you perform on files or folders that are on a Cluster Shared Volume (CSV) may fail with the error, \u201cSTATUS_BAD_IMPERSONATION_LEVEL (0xC00000A5)\u201d. This occurs when you perform the operation on a CSV owner node from a process that doesn\u2019t have administrator privilege.| Do one of the following:\n\n * Perform the operation from a process that has administrator privilege.\n * Perform the operation from a node that doesn\u2019t have CSV ownership.\nMicrosoft is working on a resolution and will provide an update in an upcoming release. \n \n## **How to get this update**\n\n**Before installing this update**We strongly recommend that you install the latest servicing stack update (SSU) for your operating system before you install the latest Rollup. SSUs improve the reliability of the update process to mitigate potential issues while installing the Rollup and applying Microsoft security fixes. For general information about SSUs, see [Servicing stack updates](<https://docs.microsoft.com/en-us/windows/deployment/update/servicing-stack-updates>) and [Servicing Stack Updates (SSU): Frequently Asked Questions](<https://support.microsoft.com/help/4535697>).If you use Windows Update, the latest SSU ([KB5001403](<https://support.microsoft.com/help/5001403>)) will be offered to you automatically. To get the standalone package for the latest SSU, search for it in the [Microsoft Update Catalog](<http://www.catalog.update.microsoft.com/home.aspx>). **Install this update****Release Channel**| **Available**| **Next Step** \n---|---|--- \nWindows Update and Microsoft Update| Yes| None. This update will be downloaded and installed automatically from Windows Update. \nMicrosoft Update Catalog| Yes| To get the standalone package for this update, go to the [Microsoft Update Catalog](<https://www.catalog.update.microsoft.com/Search.aspx?q=KB5004298>) website. \nWindows Server Update Services (WSUS)| Yes| This update will automatically sync with WSUS if you configure **Products and Classifications** as follows:**Product**: Windows 8.1, Windows Server 2012 R2, Windows Embedded 8.1 Industry Enterprise, Windows Embedded 8.1 Industry Pro**Classification**: Security Updates \n \n## **File information**\n\nFor a list of the files that are provided in this update, download the [file information for update 5004298](<https://download.microsoft.com/download/3/2/6/32647c6d-2296-439e-8918-21be0f8cd42a/5004298.csv>). \n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-07-13T07:00:00", "type": "mskb", "title": "July 13, 2021\u2014KB5004298 (Monthly Rollup)", "bulletinFamily": "microsoft", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.0, "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-17049", "CVE-2021-33757", "CVE-2021-34459"], "modified": "2021-07-13T07:00:00", "id": "KB5004298", "href": "https://support.microsoft.com/en-us/help/5004298", "cvss": {"score": 9.0, "vector": "AV:N/AC:L/Au:S/C:C/I:C/A:C"}}, {"lastseen": "2023-03-15T10:41:24", "description": "None\n**NEW 4/13/21 \nIMPORTANT **Windows 10, version 1809 will reach end of service on May 11, 2021 for devices running the Enterprise, Education, and IoT Enterprise editions. After May 11, 2021, these devices will no longer receive monthly security and quality updates that contain protection from the latest security threats. To continue receiving security and quality updates, Microsoft recommends updating to the latest version of Windows 10.We will continue to service the following editions: Enterprise G, HoloLens, and the LTSC editions for Client, Server, and IoT.\n\n**2/16/21** \n**IMPORTANT **As part of the end of support for Adobe Flash, KB4577586 is now available as an optional update from Windows Update (WU) and Windows Server Update Services (WSUS). Installing KB4577586 will remove Adobe Flash Player permanently from your Windows device. Once installed, you cannot uninstall KB4577586. For more details about Microsoft\u2019s plans, see [Update on Adobe Flash Player End of Support](<https://blogs.windows.com/msedgedev/2020/09/04/update-adobe-flash-end-support>).\n\n**11/17/20** \nFor information about Windows update terminology, see the article about the [types of Windows updates](<https://docs.microsoft.com/en-us/troubleshoot/windows-client/deployment/standard-terminology-software-updates>) and the [monthly quality update types](<https://techcommunity.microsoft.com/t5/windows-it-pro-blog/windows-10-update-servicing-cadence/ba-p/222376>). To view other notes and messages, see the Windows 10, version 1809 update history home page.\n\n**Note **This release also contains updates for Microsoft HoloLens (OS Build 17763.1879) released April 13, 2021. Microsoft will release an update directly to the Windows Update Client to improve Windows Update reliability on Microsoft HoloLens that have not updated to this most recent OS Build.\n\n## Highlights\n\n * Updates to improve security when Windows performs basic operations.\n * Updates to improve security when using input devices such as a mouse, keyboard, or pen.\n\n## Improvements and fixes\n\n * Addresses an issue in which a principal in a trusted MIT realm fails to obtain a Kerberos service ticket from Active Directory domain controllers (DC). This occurs on devices that installed Windows Updates that contain CVE-2020-17049 protections and configured PerfromTicketSignature to 1 or higher. These updates were released between November 10, 2020 and December 8, 2020. Ticket acquisition also fails with the error, \u201cKRB_GENERIC_ERROR\u201d, if callers submit a PAC-less Ticket Granting Ticket (TGT) as an evidence ticket without providing the USER_NO_AUTH_DATA_REQUIRED flag.\n * Addresses an issue with security vulnerabilities identified by a security researcher. Because of these security vulnerabilities, this and all future Windows updates will no longer contain the [RemoteFX vGPU](<https://docs.microsoft.com/en-us/windows-server/virtualization/hyper-v/deploy/deploy-graphics-devices-using-remotefx-vgpu>) feature. For more information about the vulnerability and its removal, see [CVE-2020-1036](<https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2020-1036>) and [KB4570006](<https://support.microsoft.com/en-us/topic/update-to-disable-and-remove-the-remotefx-vgpu-component-in-windows-bbdf1531-7188-2bf4-0de6-641de79f09d2>). Secure vGPU alternatives are available using [Discrete Device Assignment (DDA)](<https://docs.microsoft.com/en-us/windows-server/virtualization/hyper-v/deploy/deploying-graphics-devices-using-dda>) in Windows Server LTSC releases (Windows Server 2016 and Windows Server 2019) and Windows Server SAC releases (Windows Server, version 1803 and later versions).\n * Addresses a potential elevation of privilege vulnerability in the way Azure Active Directory web sign-in allows arbitrary browsing from the third-party endpoints used for federated authentication. For more information, see [CVE-2021-27092](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-27092>) and [Policy CSP - Authentication](<https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-authentication#authentication-enablewebsignin>).\n * Addresses an issue that causes Windows Back up using File History to stop working for a few users. This issue occurs after installing the February 9, 2021 update. The error message is, \u201cFailed to start the backup of user links (error 8007005)\u201d.\n * Security updates to Windows App Platform and Frameworks, Windows Apps, Windows Input and Composition, Windows Office Media, Windows Fundamentals, Windows Cryptography, the Windows AI Platform, Windows Hybrid Cloud Networking, the Windows Kernel, Windows Virtualization, and Windows Media.\nIf you installed earlier updates, only the new fixes contained in this package will be downloaded and installed on your device.For more information about the resolved security vulnerabilities, please refer to the new [Security Update Guide](<https://msrc.microsoft.com/update-guide>) website.\n\n**Windows Update Improvements**Microsoft has released an update directly to the Windows Update client to improve reliability. Any device running Windows 10 configured to receive updates automatically from Windows Update, including Enterprise and Pro editions, will be offered the latest Windows 10 feature update based on device compatibility and Windows Update for Business deferral policy. This doesn't apply to long-term servicing editions.\n\n## Known issues in this update\n\n**Symptom**| **Workaround** \n---|--- \nAfter installing KB4493509, devices with some Asian language packs installed may receive the error, \"0x800f0982 - PSFX_E_MATCHING_COMPONENT_NOT_FOUND.\"| \n\n 1. Uninstall and reinstall any recently added language packs. For instructions, see Manage the input and display language settings in Windows 10.\n 2. Select **Check for Updates** and install the April 2019 Cumulative Update. For instructions, see Update Windows 10.\n**Note** If reinstalling the language pack does not mitigate the issue, reset your PC as follows:\n\n 1. Go to the **Settings **app &gt; **Recovery**.\n 2. Select **Get Started** under the **Reset this PC** recovery option.\n 3. Select **Keep my Files**.\nMicrosoft is working on a resolution and will provide an update in an upcoming release. \nAfter installing this update, the Cluster Service might fail to start because a Cluster Network Driver is not found.| This issue occurs because of an update to the PnP class drivers used by this service. After about 20 minutes, you should be able to restart your device and not encounter this issue. \nFor more information about the specific errors, cause, and workaround for this issue, please see KB5003571. \n \n## How to get this update\n\n**Before installing this update**Microsoft strongly recommends you install the latest servicing stack update (SSU) for your operating system before installing the latest cumulative update (LCU). SSUs improve the reliability of the update process to mitigate potential issues while installing the LCU and applying Microsoft security fixes. For general information about SSUs, see [Servicing stack updates](<https://docs.microsoft.com/en-us/windows/deployment/update/servicing-stack-updates>) and Servicing Stack Updates (SSU): Frequently Asked Questions.If you are using Windows Update, the latest SSU (KB5001404) will be offered to you automatically. To get the standalone package for the latest SSU, search for it in the [Microsoft Update Catalog](<http://www.catalog.update.microsoft.com/home.aspx>).**Install this update****Release Channel**| **Available**| **Next Step** \n---|---|--- \nWindows Update and Microsoft Update| Yes| None. This update will be downloaded and installed automatically from Windows Update. \nMicrosoft Update Catalog| Yes| To get the standalone package for this update, go to the [Microsoft Update Catalog](<https://www.catalog.update.microsoft.com/Search.aspx?q=KB5001342>) website. \nWindows Server Update Services (WSUS)| Yes| This update will automatically sync with WSUS if you configure **Products and Classifications** as follows:**Product**: Windows 10**Classification**: Security Updates \n**File information**For a list of the files that are provided in this update, download the [file information for cumulative update 5001342](<https://download.microsoft.com/download/4/c/2/4c2f5eb9-b102-4c92-a81a-90c58b1eb485/5001342.csv>).\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-04-13T07:00:00", "type": "mskb", "title": "April 13, 2021\u2014KB5001342 (OS Build 17763.1879)", "bulletinFamily": "microsoft", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.0, "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-1036", "CVE-2020-17049", "CVE-2021-27092", "CVE-2021-28318"], "modified": "2021-04-13T07:00:00", "id": "KB5001342", "href": "https://support.microsoft.com/en-us/help/5001342", "cvss": {"score": 9.0, "vector": "AV:N/AC:L/Au:S/C:C/I:C/A:C"}}, {"lastseen": "2023-03-15T10:46:32", "description": "None\n**6/15/21 \nIMPORTANT **This release includes the Flash Removal Package. Taking this update will remove Adobe Flash from the machine. For more information, see the [Update on Adobe Flash Player End of Support](<https://blogs.windows.com/msedgedev/2020/09/04/update-adobe-flash-end-support/>).\n\n**11/17/20**For information about Windows update terminology, see the article about the [types of Windows updates](<https://docs.microsoft.com/en-us/troubleshoot/windows-client/deployment/standard-terminology-software-updates>) and the [monthly quality update types](<https://techcommunity.microsoft.com/t5/windows-it-pro-blog/windows-quality-updates-primer/ba-p/2569385>). To view other notes and messages, see the Windows 10, version 2004 update history [home page](<https://support.microsoft.com/en-us/help/4555932>).**Note **Follow [@WindowsUpdate](<https://twitter.com/windowsupdate>) to find out when new content is published to the release information dashboard.\n\n## Highlights\n\n * Updates for verifying usernames and passwords.\n * Updates to improve security when Windows performs basic operations.\n * Updates an issue that might make printing to certain printers difficult. This issue affects various brands and models, but primarily receipt or label printers that connect using a USB port. After installing this update, you do not need to use a Known Issue Rollback (KIR) or a special Group Policy to resolve this issue[. ](<>)\n\n## Improvements and fixes\n\n**Note **To view the list of addressed issues, click or tap the OS name to expand the collapsible section.\n\n### \n\n__\n\nWindows 10 servicing stack update - 19041.1081, 19042.1081, and 19043.1081\n\n * This update makes quality improvements to the servicing stack, which is the component that installs Windows updates. Servicing stack updates (SSU) ensure that you have a robust and reliable servicing stack so that your devices can receive and install Microsoft updates.\n\n### \n\n__\n\nWindows 10, version 21H1\n\nThis security update includes quality improvements. Key changes include:\n\n * This build includes all the improvements from Windows 10, version 2004.\n * No additional issues were documented for this release.\n\n### \n\n__\n\nWindows 10, version 20H2\n\nThis security update includes quality improvements. Key changes include:\n\n * This build includes all the improvements from Windows 10, version 2004.\n * No additional issues were documented for this release.\n\n### \n\n__\n\nWindows 10, version 2004\n\n**Note: **This release also contains updates for Microsoft HoloLens (OS Build 19041.1157) released July 13, 2021. Microsoft will release an update directly to the Windows Update Client to improve Windows Update reliability on Microsoft HoloLens that have not updated to this most recent OS Build.\n\nThis security update includes quality improvements. Key changes include:\n\n * Addresses an issue that might make printing to certain printers difficult. This issue affects various brands and models, but primarily receipt or label printers that connect using a USB port. After installing this update, you do not need to use a Known Issue Rollback (KIR) or a special Group Policy to resolve this issue.\n * Removes support for the PerformTicketSignature setting and permanently enables Enforcement mode for CVE-2020-17049. For more information and steps to enable full protection on domain controller servers, see [Managing deployment of Kerberos S4U changes for CVE-2020-17049](<https://support.microsoft.com/en-us/topic/kb4598347-managing-deployment-of-kerberos-s4u-changes-for-cve-2020-17049-569d60b7-3267-e2b0-7d9b-e46d770332ab>).\n * Adds Advanced Encryption Standard (AES) encryption protections for [CVE-2021-33757](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-33757>). For more information, see KB5004605.\n * Addresses a vulnerability in which Primary Refresh Tokens are not strongly encrypted. This issue might allow the tokens to be reused until the token expires or is renewed. For more information about this issue, see [CVE-2021-33779](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-33779>).\n * Security updates to Windows Apps, Windows Management, Windows Fundamentals, Windows Authentication, Windows User Account Control (UAC), Operating System Security, Windows Virtualization, Windows Linux, the Windows Kernel, the Microsoft Scripting Engine, the Windows HTML Platforms, the Windows MSHTML Platform, and Windows Graphics.\nIf you installed earlier updates, only the new fixes contained in this package will be downloaded and installed on your device.For more information about the resolved security vulnerabilities, please refer to the new [Security Update Guide](<https://msrc.microsoft.com/update-guide>) website.\n\n**Windows Update Improvements**Microsoft has released an update directly to the Windows Update client to improve reliability. Any device running Windows 10 configured to receive updates automatically from Windows Update, including Enterprise and Pro editions, will be offered the latest Windows 10 feature update based on device compatibility and Windows Update for Business deferral policy. This doesn't apply to long-term servicing editions.\n\n## Known issues in this update\n\n### \n\n__\n\nClick or tap to view the known issues\n\n**Symptom**| **Workaround** \n---|--- \nWhen using the Microsoft Japanese Input Method Editor (IME) to enter Kanji characters in an app that automatically allows the input of Furigana characters, you might not get the correct Furigana characters. You might need to enter the Furigana characters manually.**Note **The affected apps are using the **ImmGetCompositionString()** function.| This issue is resolved in KB5005101. \nDevices with Windows installations created from custom offline media or custom ISO image might have [Microsoft Edge Legacy](<https://support.microsoft.com/en-us/microsoft-edge/what-is-microsoft-edge-legacy-3e779e55-4c55-08e6-ecc8-2333768c0fb0>) removed by this update, but not automatically replaced by the new Microsoft Edge. This issue is only encountered when custom offline media or ISO images are created by slipstreaming this update into the image without having first installed the standalone servicing stack update (SSU) released March 29, 2021 or later.**Note **Devices that connect directly to Windows Update to receive updates are not affected. This includes devices using Windows Update for Business. Any device connecting to Windows Update should always receive the latest versions of the SSU and latest cumulative update (LCU) without any extra steps. | To avoid this issue, be sure to first slipstream the SSU released March 29, 2021 or later into the custom offline media or ISO image before slipstreaming the LCU. To do this with the combined SSU and LCU packages now used for Windows 10, version 20H2 and Windows 10, version 2004, you will need to extract the SSU from the combined package. Use the following steps to extract the SSU:\n\n 1. Extract the cab from the msu via this command line (using the package for KB5000842 as an example): **expand Windows10.0-KB5000842-x64.msu /f:Windows10.0-KB5000842-x64.cab &lt;destination path&gt;**\n 2. Extract the SSU from the previously extracted cab via this command line: **expand Windows10.0-KB5000842-x64.cab /f:* &lt;destination path&gt;**\n 3. You will then have the SSU cab, in this example named **SSU-19041.903-x64.cab**. Slipstream this file into your offline image first, then the LCU.\nIf you have already encountered this issue by installing the OS using affected custom media, you can mitigate it by directly installing the [new Microsoft Edge](<https://www.microsoft.com/edge>). If you need to broadly deploy the new Microsoft Edge for business, see [Download and deploy Microsoft Edge for business](<https://www.microsoft.com/edge/business/download>). \nAfter installing the May 25, 2021 (KB5003214) and June 21, 2021 (KB5003690) updates, some devices cannot install new updates, such as the July 6, 2021 (KB5004945) or later updates. You will receive the error message, \"PSFX_E_MATCHING_BINARY_MISSING\".| For more information and a workaround, see KB5005322. \nAfter installing updates released July 13, 2021 on domain controllers (DCs) in your environment, printers, scanners, and multifunction devices that are not compliant with section 3.2.1 of [RFC 4556 spec](<https://www.ietf.org/rfc/rfc4556.txt>) might fail to print when using smart card (PIV) authentication.| For more information, see KB5005408. \nUniversal Windows Platform (UWP) apps might not open on devices that have undergone a Windows device reset. This includes operations that were initiated using Mobile Device Management (MDM), such as Reset this PC, Push-button reset, and Autopilot Reset. UWP apps you downloaded from the Microsoft Store are not affected. Only a limited set of apps are affected, including:\n\n * App packages with framework dependencies\n * Apps that are provisioned for the device, not per user account.\nThe affected apps will fail to open without error messages or other observable symptoms. They must be re-installed to restore functionality.| This issue is addressed in KB5015878 for all releases starting June 21, 2021 and later. \n \n## How to get this update\n\n**Before installing this update**Microsoft now combines the latest servicing stack update (SSU) for your operating system with the latest cumulative update (LCU). For general information about SSUs, see [Servicing stack updates](<https://docs.microsoft.com/en-us/windows/deployment/update/servicing-stack-updates>) and Servicing Stack Updates (SSU): Frequently Asked Questions.Prerequisite:For Windows Server Update Services (WSUS) deployment:\n\n * Install the May 11, 2021 update (KB5003173) before you install the latest cumulative update.\nFor offline Deployment Image Servicing and Management (**DISM.exe**) deployment:\n\n * If an image does not have the February 24, 2021 (KB4601382) or later cumulative update, install the January 12, 2021 SSU (KB4598481) and the May 11, 2021 update (KB5003173).\n**Install this update****Release Channel**| **Available**| **Next Step** \n---|---|--- \nWindows Update and Microsoft Update| Yes| None. This update will be downloaded and installed automatically from Windows Update. \nWindows Update for Business| Yes| None. This update will be downloaded and installed automatically from Windows Update in accordance with configured policies. \nMicrosoft Update Catalog| Yes| To get the standalone package for this update, go to the [Microsoft Update Catalog](<https://www.catalog.update.microsoft.com/Search.aspx?q=KB5004237>) website. \nWindows Server Update Services (WSUS)| Yes| This update will automatically sync with WSUS if you configure **Products and Classifications** as follows:**Product**: Windows 10, version 1903 and later**Classification**: Security Updates \n \n**If you want to remove the LCU**To remove the LCU after installing the combined SSU and LCU package, use the [DISM/Remove-Package](<https://docs.microsoft.com/en-us/windows-hardware/manufacture/desktop/dism-operating-system-package-servicing-command-line-options>) command line option with the LCU package name as the argument. You can find the package name by using this command: **DISM /online /get-packages**.Running [Windows Update Standalone Installer](<https://support.microsoft.com/en-us/topic/description-of-the-windows-update-standalone-installer-in-windows-799ba3df-ec7e-b05e-ee13-1cdae8f23b19>) (**wusa.exe**) with the **/uninstall **switch on the combined package will not work because the combined package contains the SSU. You cannot remove the SSU from the system after installation.\n\n**File information**For a list of the files that are provided in this update, download the [file information for cumulative update 5004237](<https://download.microsoft.com/download/6/5/2/65245c79-00e2-4474-885c-6cb7dcc68fe7/5004237.csv>). For a list of the files that are provided in the servicing stack update, download the [file information for the SSU - version 19041.1081, 19042.1081, and 19043.1081](<https://download.microsoft.com/download/c/0/f/c0febc6b-065c-420f-bb68-737a971753ec/SSU_version_19041_1110.csv>). \n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-07-13T07:00:00", "type": "mskb", "title": "July 13, 2021\u2014KB5004237 (OS Builds 19041.1110, 19042.1110, and 19043.1110)", "bulletinFamily": "microsoft", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.0, "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-17049", "CVE-2021-33757", "CVE-2021-33779", "CVE-2021-34476"], "modified": "2021-07-13T07:00:00", "id": "KB5004237", "href": "https://support.microsoft.com/en-us/help/5004237", "cvss": {"score": 9.0, "vector": "AV:N/AC:L/Au:S/C:C/I:C/A:C"}}, {"lastseen": "2023-03-15T10:46:32", "description": "None\n**6/15/21 \nIMPORTANT **This release includes the Flash Removal Package. Taking this update will remove Adobe Flash from the machine. For more information, see the [Update on Adobe Flash Player End of Support](<https://blogs.windows.com/msedgedev/2020/09/04/update-adobe-flash-end-support/>).\n\n**5/11/21 \nREMINDER **Windows 10, version 1809 reached end of service on May 11, 2021 for devices running the Enterprise, Education, and IoT Enterprise editions. After May 11, 2021, these devices will no longer receive monthly security and quality updates that contain protection from the latest security threats. To continue receiving security and quality updates, Microsoft recommends updating to the latest version of Windows 10.We will continue to service the following editions: Enterprise G, HoloLens, and the LTSC editions for Client, Server, and IoT.\n\n**5/11/21 \nREMINDER **Microsoft removed the Microsoft Edge Legacy desktop application that is out of support in April 2021. In the May 11, 2021 release, we installed the new Microsoft Edge. For more information, see [New Microsoft Edge to replace Microsoft Edge Legacy with April\u2019s Windows 10 Update Tuesday release](<https://aka.ms/EdgeLegacyEOS>).\n\n**11/17/20** \nFor information about Windows update terminology, see the article about the [types of Windows updates](<https://docs.microsoft.com/en-us/troubleshoot/windows-client/deployment/standard-terminology-software-updates>) and the [monthly quality update types](<https://techcommunity.microsoft.com/t5/windows-it-pro-blog/windows-quality-updates-primer/ba-p/2569385>). To view other notes and messages, see the Windows 10, version 1809 update history home page.\n\n**Note **This release also contains updates for Microsoft HoloLens (OS Build 17763.2061) released July 13, 2021. Microsoft will release an update directly to the Windows Update Client to improve Windows Update reliability on Microsoft HoloLens that have not updated to this most recent OS Build.\n\n## Highlights\n\n * Updates to improve security when Windows performs basic operations.\n * Updates for verifying usernames and passwords.\n\n## Improvements and fixes\n\nThis security update includes quality improvements. Key changes include:\n\n * Removes support for the PerformTicketSignature setting and permanently enables Enforcement mode for CVE-2020-17049. For more information and steps to enable full protection on domain controller servers, see [Managing deployment of Kerberos S4U changes for CVE-2020-17049](<https://support.microsoft.com/en-us/topic/kb4598347-managing-deployment-of-kerberos-s4u-changes-for-cve-2020-17049-569d60b7-3267-e2b0-7d9b-e46d770332ab>). \n * Adds Advanced Encryption Standard (AES) encryption protections for [CVE-2021-33757](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-33757>). For more information, see KB5004605.\n * Addresses a vulnerability in which Primary Refresh Tokens are not strongly encrypted. This issue might allow the tokens to be reused until the token expires or is renewed. For more information about this issue, see [CVE-2021-33779](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-33779>).\n * Security updates to Windows Apps, Windows Management, Windows Fundamentals, Windows Authentication, Windows User Account Control (UAC), Operating System Security, Windows Fundamentals, Windows Virtualization, Windows Linux, the Windows Kernel, the Microsoft Scripting Engine, the Windows HTML Platforms, the Windows MSHTML Platform, and Windows Graphics.\nIf you installed earlier updates, only the new fixes contained in this package will be downloaded and installed on your device.For more information about the resolved security vulnerabilities, please refer to the new [Security Update Guide](<https://msrc.microsoft.com/update-guide>) website.\n\n**Windows Update Improvements**Microsoft has released an update directly to the Windows Update client to improve reliability. Any device running Windows 10 configured to receive updates automatically from Windows Update, including Enterprise and Pro editions, will be offered the latest Windows 10 feature update based on device compatibility and Windows Update for Business deferral policy. This doesn't apply to long-term servicing editions.\n\n## Known issues in this update\n\n### \n\n__\n\nClick or tap to view the known issues\n\n**Symptom**| **Workaround** \n---|--- \nAfter installing KB4493509, devices with some Asian language packs installed may receive the error, \"0x800f0982 - PSFX_E_MATCHING_COMPONENT_NOT_FOUND.\"| \n\n 1. Uninstall and reinstall any recently added language packs. For instructions, see Manage the input and display language settings in Windows 10.\n 2. Select **Check for Updates** and install the April 2019 Cumulative Update. For instructions, see Update Windows 10.\n**Note** If reinstalling the language pack does not mitigate the issue, reset your PC as follows:\n\n 1. Go to the **Settings **app &gt; **Recovery**.\n 2. Select **Get Started** under the **Reset this PC** recovery option.\n 3. Select **Keep my Files**.\nMicrosoft is working on a resolution and will provide an update in an upcoming release. \nAfter installing KB5001342 or later, the Cluster Service might fail to start because a Cluster Network Driver is not found.| This issue occurs because of an update to the PnP class drivers used by this service. After about 20 minutes, you should be able to restart your device and not encounter this issue. \nFor more information about the specific errors, cause, and workaround for this issue, please see KB5003571. \nAfter installing updates released July 13, 2021 on domain controllers (DCs) in your environment, printers, scanners, and multifunction devices that are not compliant with section 3.2.1 of [RFC 4556 spec](<https://www.ietf.org/rfc/rfc4556.txt>) might fail to print when using smart card (PIV) authentication.| This issue is resolved in KB5005394. \nAfter installing updates released April 22, 2021 or later, an issue occurs that affects versions of Windows Server that are in use as a Key Management Services (KMS) host. Client devices running Windows 10 Enterprise LTSC 2019 and Windows 10 Enterprise LTSC 2016 might fail to activate. This issue only occurs when using a new Customer Support Volume License Key (CSVLK). **Note** This does not affect activation of any other version or edition of Windows. Client devices that are attempting to activate and are affected by this issue might receive the error, \"Error: 0xC004F074. The Software Licensing Service reported that the computer could not be activated. No Key Management Service (KMS) could be contacted. Please see the Application Event Log for additional information.\"Event Log entries related to activation are another way to tell that you might be affected by this issue. Open **Event Viewer **on the client device that failed activation and go to **Windows Logs **&gt; **Application**. If you see only event ID 12288 without a corresponding event ID 12289, this means one of the following:\n\n * The KMS client could not reach the KMS host.\n * The KMS host did not respond.\n * The client did not receive the response.\nFor more information on these event IDs, see [Useful KMS client events - Event ID 12288 and Event ID 12289](<https://docs.microsoft.com/windows-server/get-started/activation-troubleshoot-kms-general#event-id-12288-and-event-id-12289>).| This issue is resolved in KB5009616. \n \n## How to get this update\n\n**Before installing this update**Prerequisite:You **must **install the May 11, 2021 servicing stack update (SSU) (KB5003243) or the latest SSU (KB5003711) before installing the latest cumulative update (LCU). SSUs improve the reliability of the update process to mitigate potential issues while installing the LCU and applying Microsoft security fixes. For general information about SSUs, see [Servicing stack updates](<https://docs.microsoft.com/en-us/windows/deployment/update/servicing-stack-updates>) and Servicing Stack Updates (SSU): Frequently Asked Questions.If you are using Windows Update, the latest SSU will be offered to you automatically. To get the standalone package for the latest SSU, search for it in the [Microsoft Update Catalog](<http://www.catalog.update.microsoft.com/home.aspx>).**Install this update****Release Channel**| **Available**| **Next Step** \n---|---|--- \nWindows Update and Microsoft Update| Yes| None. This update will be downloaded and installed automatically from Windows Update. \nWindows Update for Business| Yes| None. This update will be downloaded and installed automatically from Windows Update in accordance with configured policies. \nMicrosoft Update Catalog| Yes| To get the standalone package for this update, go to the [Microsoft Update Catalog](<https://www.catalog.update.microsoft.com/Search.aspx?q=KB5004244>) website. \nWindows Server Update Services (WSUS)| Yes| This update will automatically sync with WSUS if you configure **Products and Classifications** as follows:**Product**: Windows 10**Classification**: Security Updates \n**File information**For a list of the files that are provided in this update, download the [file information for cumulative update 5004244](<https://download.microsoft.com/download/6/a/9/6a91388b-a0d7-427c-914f-3f9139aac7e4/5004244.csv>).\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-07-13T07:00:00", "type": "mskb", "title": "July 13, 2021\u2014KB5004244 (OS Build 17763.2061)", "bulletinFamily": "microsoft", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.0, "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-17049", "CVE-2021-33757", "CVE-2021-33779", "CVE-2021-34504"], "modified": "2021-07-13T07:00:00", "id": "KB5004244", "href": "https://support.microsoft.com/en-us/help/5004244", "cvss": {"score": 9.0, "vector": "AV:N/AC:L/Au:S/C:C/I:C/A:C"}}, {"lastseen": "2023-03-15T10:46:32", "description": "None\n**NEW 7/13/21 \nIMPORTANT **This release includes the Flash Removal Package. Taking this update will remove Adobe Flash from the machine. For more information, see the [Update on Adobe Flash Player End of Support](<https://blogs.windows.com/msedgedev/2020/09/04/update-adobe-flash-end-support/>). \n\n**11/19/20** \nFor information about Windows update terminology, see the article about the [types of Windows updates](<https://docs.microsoft.com/en-us/troubleshoot/windows-client/deployment/standard-terminology-software-updates>) and the [monthly quality update types](<https://techcommunity.microsoft.com/t5/windows-it-pro-blog/windows-quality-updates-primer/ba-p/2569385>). To view other notes and messages, see the Windows 10, version 1607 update history home page. \n\n## Highlights\n\n * Updates to remove Adobe Flash from your device. \n * Updates for verifying usernames and passwords.\n * Updates to improve security when Windows performs basic operations.\n\n## Improvements and fixes\n\nThis security update includes quality improvements. Key changes include:\n\n * Removes support for the PerformTicketSignature setting and permanently enables Enforcement mode for CVE-2020-17049. For more information and steps to enable full protection on domain controller servers, see [Managing deployment of Kerberos S4U changes for CVE-2020-17049](<https://support.microsoft.com/en-us/topic/kb4598347-managing-deployment-of-kerberos-s4u-changes-for-cve-2020-17049-569d60b7-3267-e2b0-7d9b-e46d770332ab>).\n * Addresses an issue that incorrectly renders some Enhanced Metafile Format (EMF) files. This issue occurs if you build the EMF files using third-party applications with **ExtCreatePen()** and **ExtCreateFontIndirect()**.\n * Addresses a redirector stop error that is caused by a race condition that occurs when the system deletes binding objects when connections close.\n * Removes the Adobe Flash component from your device.\n * Adds Advanced Encryption Standard (AES) encryption protections for [CVE-2021-33757](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-33757>). For more information, see KB5004605.\n * Addresses a vulnerability in which Primary Refresh Tokens are not strongly encrypted. This issue might allow the tokens to be reused until the token expires or is renewed. For more information about this issue, see [CVE-2021-33779](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-33779>).\n * Security updates to Windows Apps, Windows Fundamentals, Windows Authentication, Windows User Account Control (UAC), Operating System Security, the Windows Kernel, Windows Graphics, the Microsoft Scripting Engine, the Windows HTML Platforms, the Windows MSHTML Platform, and Windows Active Directory.\nIf you installed earlier updates, only the new fixes contained in this package will be downloaded and installed on your device.For more information about the resolved security vulnerabilities, please refer to the new [Security Update Guide](<https://msrc.microsoft.com/update-guide>) website.\n\n**Windows Update Improvements**Microsoft has released an update directly to the Windows Update client to improve reliability. Any device running Windows 10 configured to receive updates automatically from Windows Update, including Enterprise and Pro editions, will be offered the latest Windows 10 feature update based on device compatibility and Windows Update for Business deferral policy. This doesn't apply to long-term servicing editions.\n\n## Known issues in this update\n\n### \n\n__\n\nClick or tap to view the known issues\n\n**Symptom**| **Workaround** \n---|--- \nAfter installing updates released July 13, 2021 on domain controllers (DCs) in your environment, printers, scanners, and multifunction devices that are not compliant with section 3.2.1 of [RFC 4556 spec](<https://www.ietf.org/rfc/rfc4556.txt>) might fail to print when using smart card (PIV) authentication.| This issue is resolved in KB5005393. \nAfter installing updates released April 22, 2021 or later, an issue occurs that affects versions of Windows Server that are in use as a Key Management Services (KMS) host. Client devices running Windows 10 Enterprise LTSC 2019 and Windows 10 Enterprise LTSC 2016 might fail to activate. This issue only occurs when using a new Customer Support Volume License Key (CSVLK). **Note** This does not affect activation of any other version or edition of Windows. Client devices that are attempting to activate and are affected by this issue might receive the error, \"Error: 0xC004F074. The Software Licensing Service reported that the computer could not be activated. No Key Management Service (KMS) could be contacted. Please see the Application Event Log for additional information.\"Event Log entries related to activation are another way to tell that you might be affected by this issue. Open **Event Viewer **on the client device that failed activation and go to **Windows Logs **&gt; **Application**. If you see only event ID 12288 without a corresponding event ID 12289, this means one of the following:\n\n * The KMS client could not reach the KMS host.\n * The KMS host did not respond.\n * The client did not receive the response.\nFor more information on these event IDs, see [Useful KMS client events - Event ID 12288 and Event ID 12289](<https://docs.microsoft.com/windows-server/get-started/activation-troubleshoot-kms-general#event-id-12288-and-event-id-12289>).| This issue is resolved in KB5010359. \n \n## How to get this update\n\n**Before installing this update**Microsoft strongly recommends you install the latest servicing stack update (SSU) for your operating system before installing the latest cumulative update (LCU). SSUs improve the reliability of the update process to mitigate potential issues while installing the LCU and applying Microsoft security fixes. For general information about SSUs, see [Servicing stack updates](<https://docs.microsoft.com/en-us/windows/deployment/update/servicing-stack-updates>) and Servicing Stack Updates (SSU): Frequently Asked Questions.If you are using Windows Update, the latest SSU (KB5001402) will be offered to you automatically. To get the standalone package for the latest SSU, search for it in the [Microsoft Update Catalog](<http://www.catalog.update.microsoft.com/home.aspx>). **Install this update****Release Channel**| **Available**| **Next Step** \n---|---|--- \nWindows Update and Microsoft Update| Yes| None. This update will be downloaded and installed automatically from Windows Update. \nWindows Update for Business| Yes| None. This update will be downloaded and installed automatically from Windows Update in accordance with configured policies. \nMicrosoft Update Catalog| Yes| To get the standalone package for this update, go to the [Microsoft Update Catalog](<https://www.catalog.update.microsoft.com/Search.aspx?q=KB5004238>) website. \nWindows Server Update Services (WSUS)| Yes| This update will automatically sync with WSUS if you configure **Products and Classifications** as follows:**Product**: Windows 10**Classification**: Security Updates \n**File information**For a list of the files that are provided in this update, download the [file information for cumulative update 5004238](<https://download.microsoft.com/download/8/d/3/8d3920d3-40d4-43c8-a4f7-c8aacffabdca/5004238.csv>).\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-07-13T07:00:00", "type": "mskb", "title": "July 13, 2021\u2014KB5004238 (OS Build 14393.4530)", "bulletinFamily": "microsoft", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.0, "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-17049", "CVE-2021-33757", "CVE-2021-33779", "CVE-2021-34459"], "modified": "2021-07-13T07:00:00", "id": "KB5004238", "href": "https://support.microsoft.com/en-us/help/5004238", "cvss": {"score": 9.0, "vector": "AV:N/AC:L/Au:S/C:C/I:C/A:C"}}, {"lastseen": "2023-03-15T10:41:23", "description": "None\n**NEW 4/13/21 \nREMINDER **Microsoft removed the Microsoft Edge Legacy desktop application that is out of support in March 2021. In this April 13, 2021 release, we will install the new Microsoft Edge. For more information, see [New Microsoft Edge to replace Microsoft Edge Legacy with April\u2019s Windows 10 Update Tuesday release](<https://aka.ms/EdgeLegacyEOS>).\n\n**2/24/21** \n**IMPORTANT **As part of the end of support for Adobe Flash, KB4577586 is now available as an optional update from Windows Update (WU) and Windows Server Update Services (WSUS). Installing KB4577586 will remove Adobe Flash Player permanently from your Windows device. Once installed, you cannot uninstall KB4577586. For more details about Microsoft\u2019s plans, see [Update on Adobe Flash Player End of Support](<https://blogs.windows.com/msedgedev/2020/09/04/update-adobe-flash-end-support>).\n\n**11/17/20**For information about Windows update terminology, see the article about the [types of Windows updates](<https://docs.microsoft.com/en-us/troubleshoot/windows-client/deployment/standard-terminology-software-updates>) and the [monthly quality update types](<https://techcommunity.microsoft.com/t5/windows-it-pro-blog/windows-10-update-servicing-cadence/ba-p/222376>). To view other notes and messages, see the Windows 10, version 2004 update history [home page](<https://support.microsoft.com/en-us/help/4555932>).**Note **Follow [@WindowsUpdate](<https://twitter.com/windowsupdate>) to find out when new content is published to the release information dashboard.\n\n## Highlights\n\n * Updates to improve security when Windows performs basic operations.\n * Updates to improve security when using input devices such as a mouse, keyboard, or pen.\n\n## Improvements and fixes\n\n**Note **To view the list of addressed issues, click or tap the OS name to expand the collapsible section.\n\n### \n\n__\n\nWindows 10 servicing stack update - 19041.925 and 19042.925 \n\n * This update makes quality improvements to the servicing stack, which is the component that installs Windows updates. Servicing stack updates (SSU) ensure that you have a robust and reliable servicing stack so that your devices can receive and install Microsoft updates.\n\n### \n\n__\n\nWindows 10, version 20H2\n\nThis security update includes quality improvements. Key changes include:\n\n * This build includes all the improvements from Windows 10, version 2004.\n * No additional issues were documented for this release.\n\n### \n\n__\n\nWindows 10, version 2004\n\n**Note: **This release also contains updates for Microsoft HoloLens (OS Build 19041.1144) released April 13, 2021. Microsoft will release an update directly to the Windows Update Client to improve Windows Update reliability on Microsoft HoloLens that have not updated to this most recent OS Build.\n\nThis security update includes quality improvements. Key changes include:\n\n * Addresses an issue in which a principal in a trusted MIT realm fails to obtain a Kerberos service ticket from Active Directory domain controllers (DC). This occurs on devices that installed Windows Updates that contain CVE-2020-17049 protections and configured PerfromTicketSignature to 1 or higher. These updates were released between November 10, 2020 and December 8, 2020. Ticket acquisition also fails with the error, \u201cKRB_GENERIC_ERROR\u201d, if callers submit a PAC-less Ticket Granting Ticket (TGT) as an evidence ticket without providing the USER_NO_AUTH_DATA_REQUIRED flag.\n * Addresses an issue with security vulnerabilities identified by a security researcher. Because of these security vulnerabilities, this and all future Windows updates will no longer contain the [RemoteFX vGPU](<https://docs.microsoft.com/en-us/windows-server/virtualization/hyper-v/deploy/deploy-graphics-devices-using-remotefx-vgpu>) feature. For more information about the vulnerability and its removal, see [CVE-2020-1036](<https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2020-1036>) and [KB4570006](<https://support.microsoft.com/en-us/topic/update-to-disable-and-remove-the-remotefx-vgpu-component-in-windows-bbdf1531-7188-2bf4-0de6-641de79f09d2>). Secure vGPU alternatives are available using [Discrete Device Assignment (DDA)](<https://docs.microsoft.com/en-us/windows-server/virtualization/hyper-v/deploy/deploying-graphics-devices-using-dda>) in Windows Server LTSC releases (Windows Server 2016 and Windows Server 2019) and Windows Server SAC releases (Windows Server, version 1803 and later versions).\n * Addresses a potential elevation of privilege vulnerability in the way Azure Active Directory web sign-in allows arbitrary browsing from the third-party endpoints used for federated authentication. For more information, see [CVE-2021-27092](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-27092>) and [Policy CSP - Authentication](<https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-authentication#authentication-enablewebsignin>).\n * Addresses an issue that causes Windows Back up using File History to stop working for a few users. This issue occurs after installing the February 9, 2021 update. The error message is, \u201cFailed to start the backup of user links (error 8007005)\u201d.\n * Security updates to Windows App Platform and Frameworks, Windows Apps, Windows Input and Composition, Windows Office Media, Windows Fundamentals, Windows Cryptography, the Windows AI Platform, Windows Kernel, Windows Virtualization, and Windows Media.\nIf you installed earlier updates, only the new fixes contained in this package will be downloaded and installed on your device.For more information about the resolved security vulnerabilities, please refer to the new [Security Update Guide](<https://msrc.microsoft.com/update-guide>) website.\n\n**Windows Update Improvements**Microsoft has released an update directly to the Windows Update client to improve reliability. Any device running Windows 10 configured to receive updates automatically from Windows Update, including Enterprise and Pro editions, will be offered the latest Windows 10 feature update based on device compatibility and Windows Update for Business deferral policy. This doesn't apply to long-term servicing editions.\n\n## Known issues in this update\n\n**Symptom**| **Workaround** \n---|--- \nWhen using the Microsoft Japanese Input Method Editor (IME) to enter Kanji characters in an app that automatically allows the input of Furigana characters, you might not get the correct Furigana characters. You might need to enter the Furigana characters manually.**Note **The affected apps are using the **ImmGetCompositionString()** function.| This issue is resolved in KB5005101. \nDevices with Windows installations created from custom offline media or custom ISO image might have [Microsoft Edge Legacy](<https://support.microsoft.com/en-us/microsoft-edge/what-is-microsoft-edge-legacy-3e779e55-4c55-08e6-ecc8-2333768c0fb0>) removed by this update, but not automatically replaced by the new Microsoft Edge. This issue is only encountered when custom offline media or ISO images are created by slipstreaming this update into the image without having first installed the standalone servicing stack update (SSU) released March 29, 2021 or later.**Note **Devices that connect directly to Windows Update to receive updates are not affected. This includes devices using Windows Update for Business. Any device connecting to Windows Update should always receive the latest versions of the SSU and latest cumulative update (LCU) without any extra steps.| To avoid this issue, be sure to first slipstream the SSU released March 29, 2021 or later into the custom offline media or ISO image before slipstreaming the LCU. To do this with the combined SSU and LCU packages now used for Windows 10, version 20H2 and Windows 10, version 2004, you will need to extract the SSU from the combined package. Use the following steps to extract the SSU:\n\n 1. Extract the cab from the msu via this command line (using the package for KB5000842 as an example): **expand Windows10.0-KB5000842-x64.msu /f:Windows10.0-KB5000842-x64.cab &lt;destination path&gt;**\n 2. Extract the SSU from the previously extracted cab via this command line: **expand Windows10.0-KB5000842-x64.cab /f:* &lt;destination path&gt;**\n 3. You will then have the SSU cab, in this example named **SSU-19041.903-x64.cab**. Slipstream this file into your offline image first, then the LCU.\nIf you have already encountered this issue by installing the OS using affected custom media, you can mitigate it by directly installing the [new Microsoft Edge](<https://www.microsoft.com/edge>). If you need to broadly deploy the new Microsoft Edge for business, see [Download and deploy Microsoft Edge for business](<https://www.microsoft.com/edge/business/download>). \nA small subset of users have reported lower than expected performance in games after installing this update. Most users affected by this issue are running games full screen or borderless windowed modes and using two or more monitors.| This issue is resolved in KB5003690. \nAfter installing this update, 5.1 Dolby Digital audio may play containing a high-pitched noise or squeak in certain apps when using certain audio devices and Windows settings.**Note **This issue does not occur when stereo is used.| This issue is resolved in KB5003690. \n \n## How to get this update\n\n**Before installing this update**Prerequisite:Microsoft now combines the latest servicing stack update (SSU) for your operating system with the latest cumulative update (LCU). If you encounter the error, 0x800f0823 \u2013 CBS_E_NEW_SERVICING_STACK_REQUIRED, close the error message and install the last standalone SSU (KB4598481) **before** installing this LCU. You will not need to install this SSU (KB4598481) again for future updates. For general information about SSUs, see [Servicing stack updates](<https://docs.microsoft.com/en-us/windows/deployment/update/servicing-stack-updates>) and Servicing Stack Updates (SSU): Frequently Asked Questions.**Install this update****Release Channel**| **Available**| **Next Step** \n---|---|--- \nWindows Update and Microsoft Update| Yes| None. This update will be downloaded and installed automatically from Windows Update. \nMicrosoft Update Catalog| Yes| To get the standalone package for this update, go to the [Microsoft Update Catalog](<https://www.catalog.update.microsoft.com/Search.aspx?q=KB5001330>) website. \nWindows Server Update Services (WSUS)| Yes| This update will automatically sync with WSUS if you configure **Products and Classifications** as follows:**Product**: Windows 10, version 1903 and later**Classification**: Security Updates \n \n**If you want to remove the LCU**To remove the LCU after installing the combined SSU and LCU package, use the [DISM/Remove-Package](<https://docs.microsoft.com/en-us/windows-hardware/manufacture/desktop/dism-operating-system-package-servicing-command-line-options>) command line option with the LCU package name as the argument. You can find the package name by using this command: **DISM /online /get-packages**.Running [Windows Update Standalone Installer](<https://support.microsoft.com/en-us/topic/description-of-the-windows-update-standalone-installer-in-windows-799ba3df-ec7e-b05e-ee13-1cdae8f23b19>) (**wusa.exe**) with the **/uninstall **switch on the combined package will not work because the combined package contains the SSU. You cannot remove the SSU from the system after installation.\n\n**File information**For a list of the files that are provided in this update, download the [file information for cumulative update 5001330](<https://download.microsoft.com/download/e/3/b/e3b48b01-ec2d-4e51-9ea8-b4b0b8e1a207/5001330.csv>). For a list of the files that are provided in the servicing stack update, download the [file information for the SSU - version 19041.925 and 19042.925](<https://download.microsoft.com/download/5/a/5/5a5efb3d-9d22-4add-bac0-34959549170f/SSU_version_19041.925.csv>). \n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-04-13T07:00:00", "type": "mskb", "title": "April 13, 2021\u2014KB5001330 (OS Builds 19041.928 and 19042.928)", "bulletinFamily": "microsoft", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.0, "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-1036", "CVE-2020-17049", "CVE-2021-27092", "CVE-2021-28319"], "modified": "2021-04-13T07:00:00", "id": "KB5001330", "href": "https://support.microsoft.com/en-us/help/5001330", "cvss": {"score": 9.0, "vector": "AV:N/AC:L/Au:S/C:C/I:C/A:C"}}, {"lastseen": "2022-08-24T11:31:39", "description": "None\n**NEW 4/13/21** \n**IMPORTANT **Windows 10, version 1909 will reach end of service on May 11, 2021 for devices running the Home, Pro, Pro for Workstation, Nano Container, and Server SAC editions. After May 11, 2021, these devices will no longer receive monthly security and quality updates that contain protection from the latest security threats. To continue receiving security and quality updates, Microsoft recommends updating to the latest version of Windows 10.We will continue to service the following editions: Enterprise, Education, and IoT Enterprise.\n\n**NEW 4/13/21 \nREMINDER **Microsoft removed the Microsoft Edge Legacy desktop application that is out of support in March 2021. In this April 13, 2021 release, we will install the new Microsoft Edge. For more information, see [New Microsoft Edge to replace Microsoft Edge Legacy with April\u2019s Windows 10 Update Tuesday release](<https://aka.ms/EdgeLegacyEOS>).\n\n**2/16/21** \n**IMPORTANT **As part of the end of support for Adobe Flash, KB4577586 is now available as an optional update from Windows Update (WU) and Windows Server Update Services (WSUS). Installing KB4577586 will remove Adobe Flash Player permanently from your Windows device. Once installed, you cannot uninstall KB4577586. For more details about Microsoft\u2019s plans, see [Update on Adobe Flash Player End of Support](<https://blogs.windows.com/msedgedev/2020/09/04/update-adobe-flash-end-support>).\n\n**12/8/20 \nREMINDER **Windows 10, version 1903 reached end of servicing on December 8, 2020. To continue receiving security and quality updates, Microsoft recommends that you update to the latest version of Windows 10. If you want to update to Windows 10, version 1909, you must use the Enablement Package KB4517245 (EKB). Using the EKB makes updating faster and easier and requires a single restart. For more information, see [Windows 10, version 1909 delivery options](<https://techcommunity.microsoft.com/t5/windows-it-pro-blog/windows-10-version-1909-delivery-options/ba-p/1002660>).\n\n**11/19/20** \nFor information about Windows update terminology, see the article about the [types of Windows updates](<https://docs.microsoft.com/en-us/troubleshoot/windows-client/deployment/standard-terminology-software-updates>) and the [monthly quality update types](<https://techcommunity.microsoft.com/t5/windows-it-pro-blog/windows-10-update-servicing-cadence/ba-p/222376>). To view other notes and messages, see the Windows 10, version 1909 update history home page.**Note **Follow [@WindowsUpdate](<https://twitter.com/windowsupdate>) to find out when new content is published to the release information dashboard.\n\n**Note **This release also contains updates for Microsoft HoloLens (OS Build 18363.1108) released April 13, 2021. Microsoft will release an update directly to the Windows Update Client to improve Windows Update reliability on Microsoft HoloLens that have not updated to this most recent OS Build.\n\n## Highlights\n\n * Updates to improve security when Windows performs basic operations.\n * Updates to improve security when using input devices such as a mouse, keyboard, or pen.\n\n## Improvements and fixes\n\nThis security update includes quality improvements. Key changes include:\n\n * Addresses an issue in which a principal in a trusted MIT realm fails to obtain a Kerberos service ticket from Active Directory domain controllers (DC). This occurs on devices that installed Windows Updates that contain CVE-2020-17049 protections and configured PerfromTicketSignature to 1 or higher. These updates were released between November 10, 2020 and December 8, 2020. Ticket acquisition also fails with the error, \u201cKRB_GENERIC_ERROR\u201d, if callers submit a PAC-less Ticket Granting Ticket (TGT) as an evidence ticket without providing the USER_NO_AUTH_DATA_REQUIRED flag.\n * Addresses an issue with security vulnerabilities identified by a security researcher. Because of these security vulnerabilities, this and all future Windows updates will no longer contain the [RemoteFX vGPU](<https://docs.microsoft.com/en-us/windows-server/virtualization/hyper-v/deploy/deploy-graphics-devices-using-remotefx-vgpu>) feature. For more information about the vulnerability and its removal, see [CVE-2020-1036](<https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2020-1036>) and [KB4570006](<https://support.microsoft.com/en-us/topic/update-to-disable-and-remove-the-remotefx-vgpu-component-in-windows-bbdf1531-7188-2bf4-0de6-641de79f09d2>). Secure vGPU alternatives are available using [Discrete Device Assignment (DDA)](<https://docs.microsoft.com/en-us/windows-server/virtualization/hyper-v/deploy/deploying-graphics-devices-using-dda>) in Windows Server LTSC releases (Windows Server 2016 and Windows Server 2019) and Windows Server SAC releases (Windows Server, version 1803 and later versions).\n * Addresses a potential elevation of privilege vulnerability in the way Azure Active Directory web sign-in allows arbitrary browsing from the third-party endpoints used for federated authentication. For more information, see [CVE-2021-27092](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-27092>) and [Policy CSP - Authentication](<https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-authentication#authentication-enablewebsignin>).\n * Addresses an issue that causes Windows Back up using File History to stop working for a few users. This issue occurs after installing the February 9, 2021 update. The error message is, \u201cFailed to start the backup of user links (error 8007005)\u201d.\n * Security updates to Windows App Platform and Frameworks, Windows Apps, Windows Input and Composition, Windows Office Media, Windows Fundamentals, Windows Cryptography, the Windows AI Platform, Windows Hybrid Cloud Networking, the Windows Kernel, Windows Virtualization, and Windows Media.\nIf you installed earlier updates, only the new fixes contained in this package will be downloaded and installed on your device.For more information about the resolved security vulnerabilities, please refer to the new [Security Update Guide](<https://msrc.microsoft.com/update-guide>) website.\n\n**Windows Update Improvements**Microsoft has released an update directly to the Windows Update client to improve reliability. Any device running Windows 10 configured to receive updates automatically from Windows Update, including Enterprise and Pro editions, will be offered the latest Windows 10 feature update based on device compatibility and Windows Update for Business deferral policy. This doesn't apply to long-term servicing editions.\n\n## Known issues in this update\n\n**Symptom**| **Workaround** \n---|--- \nScroll bar controls might appear blank on the screen and not function after installing this update. This issue affects 32-bit applications running on 64-bit Windows 10 (WOW64) that create scroll bars using a [superclass](<https://docs.microsoft.com/en-us/windows/win32/winmsg/about-window-procedures#window-procedure-superclassing>) of the **USER32.DLL SCROLLBAR** window class. This issue also affects **HScrollBar** and **VScrollBar** controls that are used in Visual Basic 6 applications and the classes derived from **[System.Windows.Forms.ScrollBar](<https://docs.microsoft.com/en-us/dotnet/api/system.windows.forms.scrollbar?view=net-5.0>)** that are used in .NET Windows Forms applications. A memory usage increase of up to 4 GB might occur in 64-bit applications when you create a scroll bar control.Scroll bars you create using the **SCROLLBAR** window class or using the WS_HSCROLL and WS_VSCROLL window styles function normally. Applications that use the scroll bar control that is implemented in **COMCTL32.DLL** version 6 are not affected. This includes .NET Windows Forms applications that call **Application.EnableVisualStyles()**.| This issue is resolved in KB5003169. \n \n## How to get this update\n\n**Before installing this update**Prerequisite:You **must **install the April 13, 2021 servicing stack update (SSU) (KB5001406) or later before installing the latest cumulative update (LCU). SSUs improve the reliability of the update process to mitigate potential issues while installing the LCU and applying Microsoft security fixes. For general information about SSUs, see [Servicing stack updates](<https://docs.microsoft.com/en-us/windows/deployment/update/servicing-stack-updates>) and Servicing Stack Updates (SSU): Frequently Asked Questions.**Install this update****Release Channel**| **Available**| **Next Step** \n---|---|--- \nWindows Update and Microsoft Update| Yes| None. This update will be downloaded and installed automatically from Windows Update. \nMicrosoft Update Catalog| Yes| To get the standalone package for this update, go to the [Microsoft Update Catalog](<https://www.catalog.update.microsoft.com/Search.aspx?q=KB5001337>) website. \nWindows Server Update Services (WSUS)| Yes| This update will automatically sync with WSUS if you configure **Products and Classifications** as follows:**Product**: Windows 10, version 1903 and later**Classification**: Security Updates \n**File information**For a list of the files that are provided in this update, download the [file information for cumulative update 5001337](<https://download.microsoft.com/download/e/1/0/e10a6884-2e7a-4d80-ac2f-884c39a2a1b2/5001337.csv>). \n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-04-13T07:00:00", "type": "mskb", "title": "April 13, 2021\u2014KB5001337 (OS Build 18363.1500)", "bulletinFamily": "microsoft", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.0, "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-1036", "CVE-2020-17049", "CVE-2021-27092", "CVE-2021-28434"], "modified": "2021-04-13T07:00:00", "id": "KB5001337", "href": "https://support.microsoft.com/en-us/help/5001337", "cvss": {"score": 9.0, "vector": "AV:N/AC:L/Au:S/C:C/I:C/A:C"}}], "mscve": [{"lastseen": "2023-03-17T02:35:06", "description": "A security feature bypass vulnerability exists in the way Key Distribution Center (KDC) determines if a service ticket can be used for delegation via Kerberos Constrained Delegation (KCD).\n\nTo exploit the vulnerability, a compromised service that is configured to use KCD could tamper with a service ticket that is not valid for delegation to force the KDC to accept it.\n\nThe update addresses this vulnerability by changing how the KDC validates service tickets used with KCD.\n", "cvss3": {"exploitabilityScore": 1.2, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "baseScore": 7.2, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2020-11-10T08:00:00", "type": "mscve", "title": "Kerberos KDC Security Feature Bypass Vulnerability", "bulletinFamily": "microsoft", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.0, "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-17049"], "modified": "2021-07-13T07:00:00", "id": "MS:CVE-2020-17049", "href": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2020-17049", "cvss": {"score": 9.0, "vector": "AV:N/AC:L/Au:S/C:C/I:C/A:C"}}, {"lastseen": "2023-03-17T02:34:40", "description": "Windows Print Spooler Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2021-26878.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-03-09T08:00:00", "type": "mscve", "title": "Windows Print Spooler Elevation of Privilege Vulnerability", "bulletinFamily": "microsoft", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 4.6, "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-1640", "CVE-2021-26878"], "modified": "2021-03-09T08:00:00", "id": "MS:CVE-2021-1640", "href": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-1640", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-03-17T02:34:36", "description": "Windows Print Spooler Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2021-1640.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-03-09T08:00:00", "type": "mscve", "title": "Windows Print Spooler Elevation of Privilege Vulnerability", "bulletinFamily": "microsoft", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 4.6, "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-1640", "CVE-2021-26878"], "modified": "2021-03-09T08:00:00", "id": "MS:CVE-2021-26878", "href": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-26878", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}}], "redhatcve": [{"lastseen": "2023-03-08T05:24:10", "description": "It was found that the Kerberos Key Distribution Center (KDC) delegation feature, Service for User (S4U), did not sufficiently protect the tickets it's providing from tempering. A malicious, authenticated service principal allowed to delegate could use this flaw to impersonate a non-forwardable user.\n#### Mitigation\n\nIn Red Hat Identity Management (IdM), the list of existing rules for service principals delegation can be obtained with the following commands : \n$ ipa servicedelegationrule-find \n$ ipa servicedelegationtarget-find \nThe services allowed to delegate must all be trusted. \nBy default, only HTTP/&lt;IPA host&gt;@&lt;REALM&gt;, corresponding to IdM&#x27;s Web UI, is allowed to delegate. \n\n", "cvss3": {"exploitabilityScore": 1.2, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "baseScore": 7.2, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-11-22T20:20:39", "type": "redhatcve", "title": "CVE-2020-17049", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.0, "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-17049"], "modified": "2023-03-08T03:42:02", "id": "RH:CVE-2020-17049", "href": "https://access.redhat.com/security/cve/cve-2020-17049", "cvss": {"score": 9.0, "vector": "AV:N/AC:L/Au:S/C:C/I:C/A:C"}}], "attackerkb": [{"lastseen": "2021-11-10T17:17:06", "description": "Kerberos Security Feature Bypass Vulnerability\n\n \n**Recent assessments:** \n \n**jakekarnes42** at December 09, 2020 12:26am UTC reported:\n\nTechnical analysis and exploit of the vulnerability are now publicly available: \n<https://blog.netspi.com/cve-2020-17049-kerberos-bronze-bit-overview/> \n<https://blog.netspi.com/cve-2020-17049-kerberos-bronze-bit-theory/> \n<https://blog.netspi.com/cve-2020-17049-kerberos-bronze-bit-attack/>\n\n**SusanBradley** at November 23, 2020 3:37am UTC reported:\n\nTechnical analysis and exploit of the vulnerability are now publicly available: \n<https://blog.netspi.com/cve-2020-17049-kerberos-bronze-bit-overview/> \n<https://blog.netspi.com/cve-2020-17049-kerberos-bronze-bit-theory/> \n<https://blog.netspi.com/cve-2020-17049-kerberos-bronze-bit-attack/>\n\nAssessed Attacker Value: 0 \nAssessed Attacker Value: 0Assessed Attacker Value: 0\n", "cvss3": {"exploitabilityScore": 1.2, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 7.2, "privilegesRequired": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 5.9}, "published": "2020-11-11T00:00:00", "type": "attackerkb", "title": "CVE-2020-17049", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.0, "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "acInsufInfo": false, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-17049"], "modified": "2020-11-24T00:00:00", "id": "AKB:D354FE9E-B72A-4328-93DD-28578E160D9B", "href": "https://attackerkb.com/topics/dx20vE1m2v/cve-2020-17049", "cvss": {"score": 9.0, "vector": "AV:N/AC:L/Au:S/C:C/I:C/A:C"}}], "cve": [{"lastseen": "2023-02-09T15:08:58", "description": "Kerberos Security Feature Bypass Vulnerability", "cvss3": {"exploitabilityScore": 1.2, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "baseScore": 7.2, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2020-11-11T07:15:00", "type": "cve", "title": "CVE-2020-17049", "cwe": ["CWE-863"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.0, "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-17049"], "modified": "2022-08-29T20:11:00", "cpe": ["cpe:/o:microsoft:windows_server_2012:r2", "cpe:/o:microsoft:windows_server_2012:*", "cpe:/o:microsoft:windows_server_2016:1909", "cpe:/o:microsoft:windows_server_2016:2004", "cpe:/o:microsoft:windows_server_2016:1903", "cpe:/o:microsoft:windows_server_2016:-", "cpe:/o:microsoft:windows_server_2019:-", "cpe:/o:microsoft:windows_server_2016:20h2"], "id": "CVE-2020-17049", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-17049", "cvss": {"score": 9.0, "vector": "AV:N/AC:L/Au:S/C:C/I:C/A:C"}, "cpe23": ["cpe:2.3:o:microsoft:windows_server_2016:1903:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:2004:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2012:*:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:20h2:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2019:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:1909:*:*:*:*:*:*:*"]}, {"lastseen": "2023-02-09T14:02:52", "description": "Windows Print Spooler Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2021-26878.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-03-11T16:15:00", "type": "cve", "title": "CVE-2021-1640", "cwe": ["CWE-269"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 4.6, "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-1640", "CVE-2021-26878"], "modified": "2021-05-04T14:03:00", "cpe": ["cpe:/o:microsoft:windows_server_2012:-", "cpe:/o:microsoft:windows_10:1809", "cpe:/o:microsoft:windows_server_2016:1909", "cpe:/o:microsoft:windows_server_2008:-", "cpe:/o:microsoft:windows_8.1:-", "cpe:/o:microsoft:windows_10:1909", "cpe:/o:microsoft:windows_server_2016:2004", "cpe:/o:microsoft:windows_10:20h2", "cpe:/o:microsoft:windows_server_2016:20h2", "cpe:/o:microsoft:windows_10:1803", "cpe:/o:microsoft:windows_server_2008:r2", "cpe:/o:microsoft:windows_10:2004", "cpe:/o:microsoft:windows_7:-", "cpe:/o:microsoft:windows_10:-", "cpe:/o:microsoft:windows_server_2019:-", "cpe:/o:microsoft:windows_10:1607", "cpe:/o:microsoft:windows_server_2012:r2", "cpe:/o:microsoft:windows_rt_8.1:-", "cpe:/o:microsoft:windows_server_2016:-"], "id": "CVE-2021-1640", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-1640", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:o:microsoft:windows_server_2016:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:2004:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1809:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1803:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:2004:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1909:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_7:-:sp1:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_rt_8.1:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:20h2:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2019:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1607:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:20h2:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_8.1:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:1909:*:*:*:*:*:*:*"]}, {"lastseen": "2023-02-09T14:14:34", "description": "Windows Print Spooler Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2021-1640.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-03-11T16:15:00", "type": "cve", "title": "CVE-2021-26878", "cwe": ["NVD-CWE-noinfo"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 4.6, "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-1640", "CVE-2021-26878"], "modified": "2022-05-03T16:04:00", "cpe": ["cpe:/o:microsoft:windows_server_2012:-", "cpe:/o:microsoft:windows_10:1809", "cpe:/o:microsoft:windows_server_2016:1909", "cpe:/o:microsoft:windows_server_2008:-", "cpe:/o:microsoft:windows_8.1:-", "cpe:/o:microsoft:windows_10:1909", "cpe:/o:microsoft:windows_server_2016:2004", "cpe:/o:microsoft:windows_10:20h2", "cpe:/o:microsoft:windows_server_2016:20h2", "cpe:/o:microsoft:windows_10:1803", "cpe:/o:microsoft:windows_server_2008:r2", "cpe:/o:microsoft:windows_10:2004", "cpe:/o:microsoft:windows_7:-", "cpe:/o:microsoft:windows_10:-", "cpe:/o:microsoft:windows_server_2019:-", "cpe:/o:microsoft:windows_10:1607", "cpe:/o:microsoft:windows_server_2012:r2", "cpe:/o:microsoft:windows_rt_8.1:-", "cpe:/o:microsoft:windows_server_2016:-"], "id": "CVE-2021-26878", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-26878", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:o:microsoft:windows_server_2016:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:2004:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1809:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1803:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:2004:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1909:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_7:-:sp1:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_rt_8.1:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:20h2:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2019:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1607:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:20h2:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_8.1:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:1909:*:*:*:*:*:*:*"]}], "msrc": [{"lastseen": "2023-03-14T17:06:18", "description": "\u30de\u30a4\u30af\u30ed\u30bd\u30d5\u30c8\u306f\u30012020 \u5e74 11 \u6708 10 \u65e5 (\u7c73\u56fd\u6642\u9593) \u306b\u3001Kerberos KDC (Key Distribution Center) \u306b\u5bfe\u3059\u308b\u8106\u5f31\u6027\u60c5\u5831 CVE-2020-17049 \u3092\u516c", "cvss3": {"exploitabilityScore": 1.2, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "baseScore": 7.2, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2020-11-19T08:00:00", "type": "msrc", "title": "Kerberos KDC \u306e\u8106\u5f31\u6027 (CVE-2020-17049) \u306b\u5bfe\u5fdc\u3059\u308b\u305f\u3081\u306e\u30ac\u30a4\u30c0\u30f3\u30b9", "bulletinFamily": "blog", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.0, "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-17049"], "modified": "2020-11-19T08:00:00", "id": "MSRC:452B42E4ACDA83C55869411B3D90A2B6", "href": "/blog/2020/11/20201120_cve-2020-17049/", "cvss": {"score": 9.0, "vector": "AV:N/AC:L/Au:S/C:C/I:C/A:C"}}], "zdi": [{"lastseen": "2022-01-31T22:23:51", "description": "This vulnerability allows local attackers to create a denial-of-service condition on affected installations of Microsoft Windows. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the Print Spooler service. By creating a directory junction, an attacker can abuse the Print Spooler service to delete a file. An attacker can leverage this vulnerability to create a denial-of-service condition on the system.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 7.8, "privilegesRequired": "LOW", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 5.9}, "published": "2021-04-29T00:00:00", "type": "zdi", "title": "Microsoft Windows Print Spooler Time-Of-Check Time-Of-Use Denial-of-Service Vulnerability", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 4.6, "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-1640"], "modified": "2021-04-29T00:00:00", "id": "ZDI-21-493", "href": "https://www.zerodayinitiative.com/advisories/ZDI-21-493/", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}}], "nessus": [{"lastseen": "2023-01-10T19:41:40", "description": "The version of samba installed on the remote host is prior to 4.16.5-0. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2022-2022-213 advisory.\n\n - Kerberos Security Feature Bypass Vulnerability (CVE-2020-17049)\n\n - A flaw was found in Samba. Some SMB1 write requests were not correctly range-checked to ensure the client had sent enough data to fulfill the write, allowing server memory contents to be written into the file (or printer) instead of client-supplied data. The client cannot control the area of the server memory written to the file (or printer). (CVE-2022-32742)\n\n - A flaw was found in Samba. The KDC accepts kpasswd requests encrypted with any key known to it. By encrypting forged kpasswd requests with its own key, a user can change other users' passwords, enabling full domain takeover. (CVE-2022-32744)\n\n - A flaw was found in Samba. Samba AD users can cause the server to access uninitialized data with an LDAP add or modify the request, usually resulting in a segmentation fault. (CVE-2022-32745)\n\n - A flaw was found in the Samba AD LDAP server. The AD DC database audit logging module can access LDAP message values freed by a preceding database module, resulting in a use-after-free issue. This issue is only possible when modifying certain privileged attributes, such as userAccountControl. (CVE-2022-32746)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-12-09T00:00:00", "type": "nessus", "title": "Amazon Linux 2022 : samba (ALAS2022-2022-213)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.0, "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-17049", "CVE-2022-32742", "CVE-2022-32744", "CVE-2022-32745", "CVE-2022-32746"], "modified": "2022-12-29T00:00:00", "cpe": ["p-cpe:/a:amazon:linux:ctdb", "p-cpe:/a:amazon:linux:ctdb-debuginfo", "p-cpe:/a:amazon:linux:libsmbclient", "p-cpe:/a:amazon:linux:libsmbclient-debuginfo", "p-cpe:/a:amazon:linux:libsmbclient-devel", "p-cpe:/a:amazon:linux:libwbclient", "p-cpe:/a:amazon:linux:libwbclient-debuginfo", "p-cpe:/a:amazon:linux:libwbclient-devel", "p-cpe:/a:amazon:linux:python3-samba", "p-cpe:/a:amazon:linux:python3-samba-dc", "p-cpe:/a:amazon:linux:python3-samba-dc-debuginfo", "p-cpe:/a:amazon:linux:python3-samba-debuginfo", "p-cpe:/a:amazon:linux:python3-samba-devel", "p-cpe:/a:amazon:linux:python3-samba-test", "p-cpe:/a:amazon:linux:samba", "p-cpe:/a:amazon:linux:samba-client", "p-cpe:/a:amazon:linux:samba-client-debuginfo", "p-cpe:/a:amazon:linux:samba-client-libs", "p-cpe:/a:amazon:linux:samba-client-libs-debuginfo", "p-cpe:/a:amazon:linux:samba-common", "p-cpe:/a:amazon:linux:samba-common-libs", "p-cpe:/a:amazon:linux:samba-common-libs-debuginfo", "p-cpe:/a:amazon:linux:samba-common-tools", "p-cpe:/a:amazon:linux:samba-common-tools-debuginfo", "p-cpe:/a:amazon:linux:samba-dc", "p-cpe:/a:amazon:linux:samba-dc-bind-dlz", "p-cpe:/a:amazon:linux:samba-dc-bind-dlz-debuginfo", "p-cpe:/a:amazon:linux:samba-dc-debuginfo", "p-cpe:/a:amazon:linux:samba-dc-libs", "p-cpe:/a:amazon:linux:samba-dc-libs-debuginfo", "p-cpe:/a:amazon:linux:samba-dc-provision", "p-cpe:/a:amazon:linux:samba-debuginfo", "p-cpe:/a:amazon:linux:samba-debugsource", "p-cpe:/a:amazon:linux:samba-devel", "p-cpe:/a:amazon:linux:samba-krb5-printing", "p-cpe:/a:amazon:linux:samba-krb5-printing-debuginfo", "p-cpe:/a:amazon:linux:samba-libs", "p-cpe:/a:amazon:linux:samba-libs-debuginfo", "p-cpe:/a:amazon:linux:samba-pidl", "p-cpe:/a:amazon:linux:samba-test", "p-cpe:/a:amazon:linux:samba-test-debuginfo", "p-cpe:/a:amazon:linux:samba-test-libs", "p-cpe:/a:amazon:linux:samba-test-libs-debuginfo", "p-cpe:/a:amazon:linux:samba-vfs-iouring", "p-cpe:/a:amazon:linux:samba-vfs-iouring-debuginfo", "p-cpe:/a:amazon:linux:samba-winbind", "p-cpe:/a:amazon:linux:samba-winbind-clients", "p-cpe:/a:amazon:linux:samba-winbind-clients-debuginfo", "p-cpe:/a:amazon:linux:samba-winbind-debuginfo", "p-cpe:/a:amazon:linux:samba-winbind-krb5-locator", "p-cpe:/a:amazon:linux:samba-winbind-krb5-locator-debuginfo", "p-cpe:/a:amazon:linux:samba-winbind-modules", "p-cpe:/a:amazon:linux:samba-winbind-modules-debuginfo", "cpe:/o:amazon:linux:2022"], "id": "AL2022_ALAS2022-2022-213.NASL", "href": "https://www.tenable.com/plugins/nessus/168577", "sourceData": "#%NASL_MIN_LEVEL 80900\n##\n# (C) Tenable, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Amazon Linux 2022 Security Advisory ALAS2022-2022-213.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(168577);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/12/29\");\n\n script_cve_id(\n \"CVE-2020-17049\",\n \"CVE-2022-32742\",\n \"CVE-2022-32744\",\n \"CVE-2022-32745\",\n \"CVE-2022-32746\"\n );\n script_xref(name:\"IAVA\", value:\"2022-A-0299-S\");\n\n script_name(english:\"Amazon Linux 2022 : samba (ALAS2022-2022-213)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Amazon Linux 2022 host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of samba installed on the remote host is prior to 4.16.5-0. It is, therefore, affected by multiple\nvulnerabilities as referenced in the ALAS2022-2022-213 advisory.\n\n - Kerberos Security Feature Bypass Vulnerability (CVE-2020-17049)\n\n - A flaw was found in Samba. Some SMB1 write requests were not correctly range-checked to ensure the client\n had sent enough data to fulfill the write, allowing server memory contents to be written into the file (or\n printer) instead of client-supplied data. The client cannot control the area of the server memory written\n to the file (or printer). (CVE-2022-32742)\n\n - A flaw was found in Samba. The KDC accepts kpasswd requests encrypted with any key known to it. By\n encrypting forged kpasswd requests with its own key, a user can change other users' passwords, enabling\n full domain takeover. (CVE-2022-32744)\n\n - A flaw was found in Samba. Samba AD users can cause the server to access uninitialized data with an LDAP\n add or modify the request, usually resulting in a segmentation fault. (CVE-2022-32745)\n\n - A flaw was found in the Samba AD LDAP server. The AD DC database audit logging module can access LDAP\n message values freed by a preceding database module, resulting in a use-after-free issue. This issue is\n only possible when modifying certain privileged attributes, such as userAccountControl. (CVE-2022-32746)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/AL2022/ALAS-2022-213.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/cve/html/CVE-2020-17049.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/cve/html/CVE-2022-32742.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/cve/html/CVE-2022-32744.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/cve/html/CVE-2022-32745.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/cve/html/CVE-2022-32746.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Run 'yum update samba' to update your system.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:S/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-17049\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2022-32744\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/11/10\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/12/06\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/12/09\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:ctdb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:ctdb-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:libsmbclient\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:libsmbclient-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:libsmbclient-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:libwbclient\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:libwbclient-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:libwbclient-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:python3-samba\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:python3-samba-dc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:python3-samba-dc-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:python3-samba-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:python3-samba-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:python3-samba-test\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:samba\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:samba-client\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:samba-client-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:samba-client-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:samba-client-libs-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:samba-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:samba-common-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:samba-common-libs-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:samba-common-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:samba-common-tools-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:samba-dc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:samba-dc-bind-dlz\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:samba-dc-bind-dlz-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:samba-dc-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:samba-dc-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:samba-dc-libs-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:samba-dc-provision\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:samba-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:samba-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:samba-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:samba-krb5-printing\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:samba-krb5-printing-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:samba-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:samba-libs-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:samba-pidl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:samba-test\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:samba-test-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:samba-test-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:samba-test-libs-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:samba-vfs-iouring\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:samba-vfs-iouring-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:samba-winbind\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:samba-winbind-clients\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:samba-winbind-clients-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:samba-winbind-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:samba-winbind-krb5-locator\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:samba-winbind-krb5-locator-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:samba-winbind-modules\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:samba-winbind-modules-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:amazon:linux:2022\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Amazon Linux Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/AmazonLinux/release\", \"Host/AmazonLinux/rpm-list\");\n\n exit(0);\n}\n\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nvar alas_release = get_kb_item(\"Host/AmazonLinux/release\");\nif (isnull(alas_release) || !strlen(alas_release)) audit(AUDIT_OS_NOT, \"Amazon Linux\");\nvar os_ver = pregmatch(pattern: \"^AL(A|\\d+|-\\d+)\", string:alas_release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Amazon Linux\");\nos_ver = os_ver[1];\nif (os_ver != \"-2022\")\n{\n if (os_ver == 'A') os_ver = 'AMI';\n audit(AUDIT_OS_NOT, \"Amazon Linux 2022\", \"Amazon Linux \" + os_ver);\n}\n\nif (!get_kb_item(\"Host/AmazonLinux/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar pkgs = [\n {'reference':'ctdb-4.16.5-0.amzn2022.0.1', 'cpu':'aarch64', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'ctdb-4.16.5-0.amzn2022.0.1', 'cpu':'i686', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'ctdb-4.16.5-0.amzn2022.0.1', 'cpu':'x86_64', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'ctdb-debuginfo-4.16.5-0.amzn2022.0.1', 'cpu':'aarch64', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'ctdb-debuginfo-4.16.5-0.amzn2022.0.1', 'cpu':'i686', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'ctdb-debuginfo-4.16.5-0.amzn2022.0.1', 'cpu':'x86_64', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libsmbclient-4.16.5-0.amzn2022.0.1', 'cpu':'aarch64', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libsmbclient-4.16.5-0.amzn2022.0.1', 'cpu':'i686', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libsmbclient-4.16.5-0.amzn2022.0.1', 'cpu':'x86_64', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libsmbclient-debuginfo-4.16.5-0.amzn2022.0.1', 'cpu':'aarch64', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libsmbclient-debuginfo-4.16.5-0.amzn2022.0.1', 'cpu':'i686', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libsmbclient-debuginfo-4.16.5-0.amzn2022.0.1', 'cpu':'x86_64', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libsmbclient-devel-4.16.5-0.amzn2022.0.1', 'cpu':'aarch64', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libsmbclient-devel-4.16.5-0.amzn2022.0.1', 'cpu':'i686', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libsmbclient-devel-4.16.5-0.amzn2022.0.1', 'cpu':'x86_64', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libwbclient-4.16.5-0.amzn2022.0.1', 'cpu':'aarch64', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libwbclient-4.16.5-0.amzn2022.0.1', 'cpu':'i686', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libwbclient-4.16.5-0.amzn2022.0.1', 'cpu':'x86_64', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libwbclient-debuginfo-4.16.5-0.amzn2022.0.1', 'cpu':'aarch64', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libwbclient-debuginfo-4.16.5-0.amzn2022.0.1', 'cpu':'i686', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libwbclient-debuginfo-4.16.5-0.amzn2022.0.1', 'cpu':'x86_64', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libwbclient-devel-4.16.5-0.amzn2022.0.1', 'cpu':'aarch64', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libwbclient-devel-4.16.5-0.amzn2022.0.1', 'cpu':'i686', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libwbclient-devel-4.16.5-0.amzn2022.0.1', 'cpu':'x86_64', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'python3-samba-4.16.5-0.amzn2022.0.1', 'cpu':'aarch64', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'python3-samba-4.16.5-0.amzn2022.0.1', 'cpu':'i686', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'python3-samba-4.16.5-0.amzn2022.0.1', 'cpu':'x86_64', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'python3-samba-dc-4.16.5-0.amzn2022.0.1', 'cpu':'aarch64', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'python3-samba-dc-4.16.5-0.amzn2022.0.1', 'cpu':'i686', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'python3-samba-dc-4.16.5-0.amzn2022.0.1', 'cpu':'x86_64', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'python3-samba-dc-debuginfo-4.16.5-0.amzn2022.0.1', 'cpu':'aarch64', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'python3-samba-dc-debuginfo-4.16.5-0.amzn2022.0.1', 'cpu':'i686', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'python3-samba-dc-debuginfo-4.16.5-0.amzn2022.0.1', 'cpu':'x86_64', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'python3-samba-debuginfo-4.16.5-0.amzn2022.0.1', 'cpu':'aarch64', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'python3-samba-debuginfo-4.16.5-0.amzn2022.0.1', 'cpu':'i686', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'python3-samba-debuginfo-4.16.5-0.amzn2022.0.1', 'cpu':'x86_64', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'python3-samba-devel-4.16.5-0.amzn2022.0.1', 'cpu':'aarch64', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'python3-samba-devel-4.16.5-0.amzn2022.0.1', 'cpu':'i686', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'python3-samba-devel-4.16.5-0.amzn2022.0.1', 'cpu':'x86_64', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'python3-samba-test-4.16.5-0.amzn2022.0.1', 'cpu':'aarch64', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'python3-samba-test-4.16.5-0.amzn2022.0.1', 'cpu':'i686', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'python3-samba-test-4.16.5-0.amzn2022.0.1', 'cpu':'x86_64', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-4.16.5-0.amzn2022.0.1', 'cpu':'aarch64', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-4.16.5-0.amzn2022.0.1', 'cpu':'i686', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-4.16.5-0.amzn2022.0.1', 'cpu':'x86_64', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-client-4.16.5-0.amzn2022.0.1', 'cpu':'aarch64', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-client-4.16.5-0.amzn2022.0.1', 'cpu':'i686', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-client-4.16.5-0.amzn2022.0.1', 'cpu':'x86_64', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-client-debuginfo-4.16.5-0.amzn2022.0.1', 'cpu':'aarch64', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-client-debuginfo-4.16.5-0.amzn2022.0.1', 'cpu':'i686', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-client-debuginfo-4.16.5-0.amzn2022.0.1', 'cpu':'x86_64', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-client-libs-4.16.5-0.amzn2022.0.1', 'cpu':'aarch64', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-client-libs-4.16.5-0.amzn2022.0.1', 'cpu':'i686', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-client-libs-4.16.5-0.amzn2022.0.1', 'cpu':'x86_64', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-client-libs-debuginfo-4.16.5-0.amzn2022.0.1', 'cpu':'aarch64', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-client-libs-debuginfo-4.16.5-0.amzn2022.0.1', 'cpu':'i686', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-client-libs-debuginfo-4.16.5-0.amzn2022.0.1', 'cpu':'x86_64', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-common-4.16.5-0.amzn2022.0.1', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-common-libs-4.16.5-0.amzn2022.0.1', 'cpu':'aarch64', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-common-libs-4.16.5-0.amzn2022.0.1', 'cpu':'i686', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-common-libs-4.16.5-0.amzn2022.0.1', 'cpu':'x86_64', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-common-libs-debuginfo-4.16.5-0.amzn2022.0.1', 'cpu':'aarch64', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-common-libs-debuginfo-4.16.5-0.amzn2022.0.1', 'cpu':'i686', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-common-libs-debuginfo-4.16.5-0.amzn2022.0.1', 'cpu':'x86_64', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-common-tools-4.16.5-0.amzn2022.0.1', 'cpu':'aarch64', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-common-tools-4.16.5-0.amzn2022.0.1', 'cpu':'i686', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-common-tools-4.16.5-0.amzn2022.0.1', 'cpu':'x86_64', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-common-tools-debuginfo-4.16.5-0.amzn2022.0.1', 'cpu':'aarch64', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-common-tools-debuginfo-4.16.5-0.amzn2022.0.1', 'cpu':'i686', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-common-tools-debuginfo-4.16.5-0.amzn2022.0.1', 'cpu':'x86_64', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-dc-4.16.5-0.amzn2022.0.1', 'cpu':'aarch64', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-dc-4.16.5-0.amzn2022.0.1', 'cpu':'i686', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-dc-4.16.5-0.amzn2022.0.1', 'cpu':'x86_64', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-dc-bind-dlz-4.16.5-0.amzn2022.0.1', 'cpu':'aarch64', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-dc-bind-dlz-4.16.5-0.amzn2022.0.1', 'cpu':'i686', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-dc-bind-dlz-4.16.5-0.amzn2022.0.1', 'cpu':'x86_64', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-dc-bind-dlz-debuginfo-4.16.5-0.amzn2022.0.1', 'cpu':'aarch64', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-dc-bind-dlz-debuginfo-4.16.5-0.amzn2022.0.1', 'cpu':'i686', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-dc-bind-dlz-debuginfo-4.16.5-0.amzn2022.0.1', 'cpu':'x86_64', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-dc-debuginfo-4.16.5-0.amzn2022.0.1', 'cpu':'aarch64', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-dc-debuginfo-4.16.5-0.amzn2022.0.1', 'cpu':'i686', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-dc-debuginfo-4.16.5-0.amzn2022.0.1', 'cpu':'x86_64', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-dc-libs-4.16.5-0.amzn2022.0.1', 'cpu':'aarch64', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-dc-libs-4.16.5-0.amzn2022.0.1', 'cpu':'i686', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-dc-libs-4.16.5-0.amzn2022.0.1', 'cpu':'x86_64', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-dc-libs-debuginfo-4.16.5-0.amzn2022.0.1', 'cpu':'aarch64', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-dc-libs-debuginfo-4.16.5-0.amzn2022.0.1', 'cpu':'i686', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-dc-libs-debuginfo-4.16.5-0.amzn2022.0.1', 'cpu':'x86_64', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-dc-provision-4.16.5-0.amzn2022.0.1', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-debuginfo-4.16.5-0.amzn2022.0.1', 'cpu':'aarch64', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-debuginfo-4.16.5-0.amzn2022.0.1', 'cpu':'i686', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-debuginfo-4.16.5-0.amzn2022.0.1', 'cpu':'x86_64', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-debugsource-4.16.5-0.amzn2022.0.1', 'cpu':'aarch64', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-debugsource-4.16.5-0.amzn2022.0.1', 'cpu':'i686', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-debugsource-4.16.5-0.amzn2022.0.1', 'cpu':'x86_64', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-devel-4.16.5-0.amzn2022.0.1', 'cpu':'aarch64', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-devel-4.16.5-0.amzn2022.0.1', 'cpu':'i686', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-devel-4.16.5-0.amzn2022.0.1', 'cpu':'x86_64', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-krb5-printing-4.16.5-0.amzn2022.0.1', 'cpu':'aarch64', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-krb5-printing-4.16.5-0.amzn2022.0.1', 'cpu':'i686', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-krb5-printing-4.16.5-0.amzn2022.0.1', 'cpu':'x86_64', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-krb5-printing-debuginfo-4.16.5-0.amzn2022.0.1', 'cpu':'aarch64', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-krb5-printing-debuginfo-4.16.5-0.amzn2022.0.1', 'cpu':'i686', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-krb5-printing-debuginfo-4.16.5-0.amzn2022.0.1', 'cpu':'x86_64', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-libs-4.16.5-0.amzn2022.0.1', 'cpu':'aarch64', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-libs-4.16.5-0.amzn2022.0.1', 'cpu':'i686', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-libs-4.16.5-0.amzn2022.0.1', 'cpu':'x86_64', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-libs-debuginfo-4.16.5-0.amzn2022.0.1', 'cpu':'aarch64', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-libs-debuginfo-4.16.5-0.amzn2022.0.1', 'cpu':'i686', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-libs-debuginfo-4.16.5-0.amzn2022.0.1', 'cpu':'x86_64', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-pidl-4.16.5-0.amzn2022.0.1', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-test-4.16.5-0.amzn2022.0.1', 'cpu':'aarch64', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-test-4.16.5-0.amzn2022.0.1', 'cpu':'i686', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-test-4.16.5-0.amzn2022.0.1', 'cpu':'x86_64', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-test-debuginfo-4.16.5-0.amzn2022.0.1', 'cpu':'aarch64', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-test-debuginfo-4.16.5-0.amzn2022.0.1', 'cpu':'i686', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-test-debuginfo-4.16.5-0.amzn2022.0.1', 'cpu':'x86_64', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-test-libs-4.16.5-0.amzn2022.0.1', 'cpu':'aarch64', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-test-libs-4.16.5-0.amzn2022.0.1', 'cpu':'i686', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-test-libs-4.16.5-0.amzn2022.0.1', 'cpu':'x86_64', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-test-libs-debuginfo-4.16.5-0.amzn2022.0.1', 'cpu':'aarch64', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-test-libs-debuginfo-4.16.5-0.amzn2022.0.1', 'cpu':'i686', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-test-libs-debuginfo-4.16.5-0.amzn2022.0.1', 'cpu':'x86_64', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-vfs-iouring-4.16.5-0.amzn2022.0.1', 'cpu':'aarch64', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-vfs-iouring-4.16.5-0.amzn2022.0.1', 'cpu':'x86_64', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-vfs-iouring-debuginfo-4.16.5-0.amzn2022.0.1', 'cpu':'aarch64', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-vfs-iouring-debuginfo-4.16.5-0.amzn2022.0.1', 'cpu':'x86_64', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-winbind-4.16.5-0.amzn2022.0.1', 'cpu':'aarch64', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-winbind-4.16.5-0.amzn2022.0.1', 'cpu':'i686', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-winbind-4.16.5-0.amzn2022.0.1', 'cpu':'x86_64', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-winbind-clients-4.16.5-0.amzn2022.0.1', 'cpu':'aarch64', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-winbind-clients-4.16.5-0.amzn2022.0.1', 'cpu':'i686', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-winbind-clients-4.16.5-0.amzn2022.0.1', 'cpu':'x86_64', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-winbind-clients-debuginfo-4.16.5-0.amzn2022.0.1', 'cpu':'aarch64', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-winbind-clients-debuginfo-4.16.5-0.amzn2022.0.1', 'cpu':'i686', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-winbind-clients-debuginfo-4.16.5-0.amzn2022.0.1', 'cpu':'x86_64', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-winbind-debuginfo-4.16.5-0.amzn2022.0.1', 'cpu':'aarch64', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-winbind-debuginfo-4.16.5-0.amzn2022.0.1', 'cpu':'i686', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-winbind-debuginfo-4.16.5-0.amzn2022.0.1', 'cpu':'x86_64', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-winbind-krb5-locator-4.16.5-0.amzn2022.0.1', 'cpu':'aarch64', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-winbind-krb5-locator-4.16.5-0.amzn2022.0.1', 'cpu':'i686', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-winbind-krb5-locator-4.16.5-0.amzn2022.0.1', 'cpu':'x86_64', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-winbind-krb5-locator-debuginfo-4.16.5-0.amzn2022.0.1', 'cpu':'aarch64', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-winbind-krb5-locator-debuginfo-4.16.5-0.amzn2022.0.1', 'cpu':'i686', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-winbind-krb5-locator-debuginfo-4.16.5-0.amzn2022.0.1', 'cpu':'x86_64', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-winbind-modules-4.16.5-0.amzn2022.0.1', 'cpu':'aarch64', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-winbind-modules-4.16.5-0.amzn2022.0.1', 'cpu':'i686', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-winbind-modules-4.16.5-0.amzn2022.0.1', 'cpu':'x86_64', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-winbind-modules-debuginfo-4.16.5-0.amzn2022.0.1', 'cpu':'aarch64', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-winbind-modules-debuginfo-4.16.5-0.amzn2022.0.1', 'cpu':'i686', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-winbind-modules-debuginfo-4.16.5-0.amzn2022.0.1', 'cpu':'x86_64', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE}\n];\n\nvar flag = 0;\nforeach var package_array ( pkgs ) {\n var reference = NULL;\n var _release = NULL;\n var sp = NULL;\n var _cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) _release = package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) _cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (reference && _release && (!exists_check || rpm_exists(release:_release, rpm:exists_check))) {\n if (rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"ctdb / ctdb-debuginfo / libsmbclient / etc\");\n}", "cvss": {"score": 9.0, "vector": "AV:N/AC:L/Au:S/C:C/I:C/A:C"}}, {"lastseen": "2023-01-10T19:38:35", "description": "The version of samba installed on the remote host is prior to 4.10.16-20.62. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS-2022-1642 advisory.\n\n - Kerberos Security Feature Bypass Vulnerability (CVE-2020-17049)\n\n - A flaw was found in Samba. Some SMB1 write requests were not correctly range-checked to ensure the client had sent enough data to fulfill the write, allowing server memory contents to be written into the file (or printer) instead of client-supplied data. The client cannot control the area of the server memory written to the file (or printer). (CVE-2022-32742)\n\n - A flaw was found in Samba. The KDC accepts kpasswd requests encrypted with any key known to it. By encrypting forged kpasswd requests with its own key, a user can change other users' passwords, enabling full domain takeover. (CVE-2022-32744)\n\n - A flaw was found in Samba. Samba AD users can cause the server to access uninitialized data with an LDAP add or modify the request, usually resulting in a segmentation fault. (CVE-2022-32745)\n\n - A flaw was found in the Samba AD LDAP server. The AD DC database audit logging module can access LDAP message values freed by a preceding database module, resulting in a use-after-free issue. This issue is only possible when modifying certain privileged attributes, such as userAccountControl. (CVE-2022-32746)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-12-10T00:00:00", "type": "nessus", "title": "Amazon Linux AMI : samba (ALAS-2022-1642)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.0, "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-17049", "CVE-2022-32742", "CVE-2022-32744", "CVE-2022-32745", "CVE-2022-32746"], "modified": "2022-12-29T00:00:00", "cpe": ["p-cpe:/a:amazon:linux:ctdb", "p-cpe:/a:amazon:linux:ctdb-tests", "p-cpe:/a:amazon:linux:libsmbclient", "p-cpe:/a:amazon:linux:libsmbclient-devel", "p-cpe:/a:amazon:linux:libwbclient", "p-cpe:/a:amazon:linux:libwbclient-devel", "p-cpe:/a:amazon:linux:samba", "p-cpe:/a:amazon:linux:samba-client", "p-cpe:/a:amazon:linux:samba-client-libs", "p-cpe:/a:amazon:linux:samba-common", "p-cpe:/a:amazon:linux:samba-common-libs", "p-cpe:/a:amazon:linux:samba-common-tools", "p-cpe:/a:amazon:linux:samba-debuginfo", "p-cpe:/a:amazon:linux:samba-devel", "p-cpe:/a:amazon:linux:samba-krb5-printing", "p-cpe:/a:amazon:linux:samba-libs", "p-cpe:/a:amazon:linux:samba-pidl", "p-cpe:/a:amazon:linux:samba-python", "p-cpe:/a:amazon:linux:samba-python-test", "p-cpe:/a:amazon:linux:samba-test", "p-cpe:/a:amazon:linux:samba-test-libs", "p-cpe:/a:amazon:linux:samba-winbind", "p-cpe:/a:amazon:linux:samba-winbind-clients", "p-cpe:/a:amazon:linux:samba-winbind-krb5-locator", "p-cpe:/a:amazon:linux:samba-winbind-modules", "cpe:/o:amazon:linux"], "id": "ALA_ALAS-2022-1642.NASL", "href": "https://www.tenable.com/plugins/nessus/168596", "sourceData": "#%NASL_MIN_LEVEL 80900\n##\n# (C) Tenable, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Amazon Linux AMI Security Advisory ALAS-2022-1642.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(168596);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/12/29\");\n\n script_cve_id(\n \"CVE-2020-17049\",\n \"CVE-2022-32742\",\n \"CVE-2022-32744\",\n \"CVE-2022-32745\",\n \"CVE-2022-32746\"\n );\n script_xref(name:\"IAVA\", value:\"2022-A-0299-S\");\n\n script_name(english:\"Amazon Linux AMI : samba (ALAS-2022-1642)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Amazon Linux AMI host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of samba installed on the remote host is prior to 4.10.16-20.62. It is, therefore, affected by multiple\nvulnerabilities as referenced in the ALAS-2022-1642 advisory.\n\n - Kerberos Security Feature Bypass Vulnerability (CVE-2020-17049)\n\n - A flaw was found in Samba. Some SMB1 write requests were not correctly range-checked to ensure the client\n had sent enough data to fulfill the write, allowing server memory contents to be written into the file (or\n printer) instead of client-supplied data. The client cannot control the area of the server memory written\n to the file (or printer). (CVE-2022-32742)\n\n - A flaw was found in Samba. The KDC accepts kpasswd requests encrypted with any key known to it. By\n encrypting forged kpasswd requests with its own key, a user can change other users' passwords, enabling\n full domain takeover. (CVE-2022-32744)\n\n - A flaw was found in Samba. Samba AD users can cause the server to access uninitialized data with an LDAP\n add or modify the request, usually resulting in a segmentation fault. (CVE-2022-32745)\n\n - A flaw was found in the Samba AD LDAP server. The AD DC database audit logging module can access LDAP\n message values freed by a preceding database module, resulting in a use-after-free issue. This issue is\n only possible when modifying certain privileged attributes, such as userAccountControl. (CVE-2022-32746)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/ALAS-2022-1642.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/cve/html/CVE-2020-17049.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/cve/html/CVE-2022-32742.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/cve/html/CVE-2022-32744.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/cve/html/CVE-2022-32745.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/cve/html/CVE-2022-32746.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Run 'yum update samba' to update your system.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:S/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-17049\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2022-32744\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/11/10\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/12/01\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/12/10\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:ctdb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:ctdb-tests\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:libsmbclient\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:libsmbclient-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:libwbclient\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:libwbclient-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:samba\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:samba-client\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:samba-client-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:samba-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:samba-common-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:samba-common-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:samba-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:samba-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:samba-krb5-printing\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:samba-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:samba-pidl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:samba-python\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:samba-python-test\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:samba-test\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:samba-test-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:samba-winbind\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:samba-winbind-clients\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:samba-winbind-krb5-locator\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:samba-winbind-modules\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:amazon:linux\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Amazon Linux Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/AmazonLinux/release\", \"Host/AmazonLinux/rpm-list\");\n\n exit(0);\n}\n\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nvar alas_release = get_kb_item(\"Host/AmazonLinux/release\");\nif (isnull(alas_release) || !strlen(alas_release)) audit(AUDIT_OS_NOT, \"Amazon Linux\");\nvar os_ver = pregmatch(pattern: \"^AL(A|\\d+|-\\d+)\", string:alas_release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Amazon Linux\");\nos_ver = os_ver[1];\nif (os_ver != \"A\")\n{\n if (os_ver == 'A') os_ver = 'AMI';\n audit(AUDIT_OS_NOT, \"Amazon Linux AMI\", \"Amazon Linux \" + os_ver);\n}\n\nif (!get_kb_item(\"Host/AmazonLinux/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar pkgs = [\n {'reference':'ctdb-4.10.16-20.62.amzn1', 'cpu':'i686', 'release':'ALA', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'ctdb-4.10.16-20.62.amzn1', 'cpu':'x86_64', 'release':'ALA', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'ctdb-tests-4.10.16-20.62.amzn1', 'cpu':'i686', 'release':'ALA', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'ctdb-tests-4.10.16-20.62.amzn1', 'cpu':'x86_64', 'release':'ALA', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libsmbclient-4.10.16-20.62.amzn1', 'cpu':'i686', 'release':'ALA', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libsmbclient-4.10.16-20.62.amzn1', 'cpu':'x86_64', 'release':'ALA', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libsmbclient-devel-4.10.16-20.62.amzn1', 'cpu':'i686', 'release':'ALA', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libsmbclient-devel-4.10.16-20.62.amzn1', 'cpu':'x86_64', 'release':'ALA', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libwbclient-4.10.16-20.62.amzn1', 'cpu':'i686', 'release':'ALA', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libwbclient-4.10.16-20.62.amzn1', 'cpu':'x86_64', 'release':'ALA', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libwbclient-devel-4.10.16-20.62.amzn1', 'cpu':'i686', 'release':'ALA', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libwbclient-devel-4.10.16-20.62.amzn1', 'cpu':'x86_64', 'release':'ALA', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-4.10.16-20.62.amzn1', 'cpu':'i686', 'release':'ALA', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-4.10.16-20.62.amzn1', 'cpu':'x86_64', 'release':'ALA', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-client-4.10.16-20.62.amzn1', 'cpu':'i686', 'release':'ALA', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-client-4.10.16-20.62.amzn1', 'cpu':'x86_64', 'release':'ALA', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-client-libs-4.10.16-20.62.amzn1', 'cpu':'i686', 'release':'ALA', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-client-libs-4.10.16-20.62.amzn1', 'cpu':'x86_64', 'release':'ALA', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-common-4.10.16-20.62.amzn1', 'release':'ALA', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-common-libs-4.10.16-20.62.amzn1', 'cpu':'i686', 'release':'ALA', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-common-libs-4.10.16-20.62.amzn1', 'cpu':'x86_64', 'release':'ALA', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-common-tools-4.10.16-20.62.amzn1', 'cpu':'i686', 'release':'ALA', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-common-tools-4.10.16-20.62.amzn1', 'cpu':'x86_64', 'release':'ALA', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-debuginfo-4.10.16-20.62.amzn1', 'cpu':'i686', 'release':'ALA', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-debuginfo-4.10.16-20.62.amzn1', 'cpu':'x86_64', 'release':'ALA', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-devel-4.10.16-20.62.amzn1', 'cpu':'i686', 'release':'ALA', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-devel-4.10.16-20.62.amzn1', 'cpu':'x86_64', 'release':'ALA', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-krb5-printing-4.10.16-20.62.amzn1', 'cpu':'i686', 'release':'ALA', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-krb5-printing-4.10.16-20.62.amzn1', 'cpu':'x86_64', 'release':'ALA', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-libs-4.10.16-20.62.amzn1', 'cpu':'i686', 'release':'ALA', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-libs-4.10.16-20.62.amzn1', 'cpu':'x86_64', 'release':'ALA', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-pidl-4.10.16-20.62.amzn1', 'release':'ALA', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-python-4.10.16-20.62.amzn1', 'cpu':'i686', 'release':'ALA', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-python-4.10.16-20.62.amzn1', 'cpu':'x86_64', 'release':'ALA', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-python-test-4.10.16-20.62.amzn1', 'cpu':'i686', 'release':'ALA', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-python-test-4.10.16-20.62.amzn1', 'cpu':'x86_64', 'release':'ALA', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-test-4.10.16-20.62.amzn1', 'cpu':'i686', 'release':'ALA', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-test-4.10.16-20.62.amzn1', 'cpu':'x86_64', 'release':'ALA', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-test-libs-4.10.16-20.62.amzn1', 'cpu':'i686', 'release':'ALA', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-test-libs-4.10.16-20.62.amzn1', 'cpu':'x86_64', 'release':'ALA', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-winbind-4.10.16-20.62.amzn1', 'cpu':'i686', 'release':'ALA', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-winbind-4.10.16-20.62.amzn1', 'cpu':'x86_64', 'release':'ALA', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-winbind-clients-4.10.16-20.62.amzn1', 'cpu':'i686', 'release':'ALA', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-winbind-clients-4.10.16-20.62.amzn1', 'cpu':'x86_64', 'release':'ALA', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-winbind-krb5-locator-4.10.16-20.62.amzn1', 'cpu':'i686', 'release':'ALA', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-winbind-krb5-locator-4.10.16-20.62.amzn1', 'cpu':'x86_64', 'release':'ALA', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-winbind-modules-4.10.16-20.62.amzn1', 'cpu':'i686', 'release':'ALA', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-winbind-modules-4.10.16-20.62.amzn1', 'cpu':'x86_64', 'release':'ALA', 'rpm_spec_vers_cmp':TRUE}\n];\n\nvar flag = 0;\nforeach var package_array ( pkgs ) {\n var reference = NULL;\n var _release = NULL;\n var sp = NULL;\n var _cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) _release = package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) _cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (reference && _release && (!exists_check || rpm_exists(release:_release, rpm:exists_check))) {\n if (rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"ctdb / ctdb-tests / libsmbclient / etc\");\n}", "cvss": {"score": 9.0, "vector": "AV:N/AC:L/Au:S/C:C/I:C/A:C"}}, {"lastseen": "2023-01-11T14:45:52", "description": "The remote Windows host is missing security update 5000856 or cumulative update 5000844. It is, therefore, affected by multiple vulnerabilities :\n\n - A remote code execution vulnerability. An attacker can exploit this to bypass authentication and execute unauthorized arbitrary commands. (CVE-2021-26861, CVE-2021-26877, CVE-2021-26893, CVE-2021-26894, CVE-2021-26895, CVE-2021-26897)\n\n - An elevation of privilege vulnerability. An attacker can exploit this to gain elevated privileges.\n (CVE-2021-1640, CVE-2021-26862, CVE-2021-26872, CVE-2021-26873, CVE-2021-26875, CVE-2021-26878, CVE-2021-26882, CVE-2021-26898, CVE-2021-26899, CVE-2021-26901, CVE-2021-27077)\n\n - An memory corruption vulnerability exists. An attacker can exploit this to corrupt the memory and cause unexpected behaviors within the system/application.\n (CVE-2021-26411)\n\n - An information disclosure vulnerability. An attacker can exploit this to disclose potentially sensitive information. (CVE-2021-24107)\n\n - A denial of service (DoS) vulnerability. An attacker can exploit this issue to cause the affected component to deny system or application services. (CVE-2021-26896, CVE-2021-27063)", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-03-09T00:00:00", "type": "nessus", "title": "KB5000856: Windows Server 2008 March 2021 Security Update", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-1640", "CVE-2021-24107", "CVE-2021-26411", "CVE-2021-26861", "CVE-2021-26862", "CVE-2021-26872", "CVE-2021-26873", "CVE-2021-26875", "CVE-2021-26877", "CVE-2021-26878", "CVE-2021-26882", "CVE-2021-26893", "CVE-2021-26894", "CVE-2021-26895", "CVE-2021-26896", "CVE-2021-26897", "CVE-2021-26898", "CVE-2021-26899", "CVE-2021-26901", "CVE-2021-27063", "CVE-2021-27077"], "modified": "2022-12-05T00:00:00", "cpe": ["cpe:/o:microsoft:windows"], "id": "SMB_NT_MS21_MAR_5000844.NASL", "href": "https://www.tenable.com/plugins/nessus/147217", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the Microsoft Security Updates API. The text\n# itself is copyright (C) Microsoft Corporation.\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(147217);\n script_version(\"1.12\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/12/05\");\n\n script_cve_id(\n \"CVE-2021-1640\",\n \"CVE-2021-24107\",\n \"CVE-2021-26411\",\n \"CVE-2021-26861\",\n \"CVE-2021-26862\",\n \"CVE-2021-26872\",\n \"CVE-2021-26873\",\n \"CVE-2021-26875\",\n \"CVE-2021-26877\",\n \"CVE-2021-26878\",\n \"CVE-2021-26882\",\n \"CVE-2021-26893\",\n \"CVE-2021-26894\",\n \"CVE-2021-26895\",\n \"CVE-2021-26896\",\n \"CVE-2021-26897\",\n \"CVE-2021-26898\",\n \"CVE-2021-26899\",\n \"CVE-2021-26901\",\n \"CVE-2021-27063\",\n \"CVE-2021-27077\"\n );\n script_xref(name:\"MSKB\", value:\"5000844\");\n script_xref(name:\"MSKB\", value:\"5000856\");\n script_xref(name:\"MSFT\", value:\"MS21-5000844\");\n script_xref(name:\"MSFT\", value:\"MS21-5000856\");\n script_xref(name:\"IAVA\", value:\"2021-A-0130-S\");\n script_xref(name:\"IAVA\", value:\"2021-A-0134-S\");\n script_xref(name:\"IAVA\", value:\"2021-A-0131-S\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2021/11/17\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2021-0015\");\n\n script_name(english:\"KB5000856: Windows Server 2008 March 2021 Security Update\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Windows host is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Windows host is missing security update 5000856\nor cumulative update 5000844. It is, therefore, affected by\nmultiple vulnerabilities :\n\n - A remote code execution vulnerability. An attacker can\n exploit this to bypass authentication and execute\n unauthorized arbitrary commands. (CVE-2021-26861,\n CVE-2021-26877, CVE-2021-26893, CVE-2021-26894,\n CVE-2021-26895, CVE-2021-26897)\n\n - An elevation of privilege vulnerability. An attacker can\n exploit this to gain elevated privileges.\n (CVE-2021-1640, CVE-2021-26862, CVE-2021-26872,\n CVE-2021-26873, CVE-2021-26875, CVE-2021-26878,\n CVE-2021-26882, CVE-2021-26898, CVE-2021-26899,\n CVE-2021-26901, CVE-2021-27077)\n\n - An memory corruption vulnerability exists. An attacker\n can exploit this to corrupt the memory and cause\n unexpected behaviors within the system/application.\n (CVE-2021-26411)\n\n - An information disclosure vulnerability. An attacker can\n exploit this to disclose potentially sensitive\n information. (CVE-2021-24107)\n\n - A denial of service (DoS) vulnerability. An attacker can\n exploit this issue to cause the affected component to\n deny system or application services. (CVE-2021-26896,\n CVE-2021-27063)\");\n # https://support.microsoft.com/en-us/topic/march-9-2021-kb5000844-monthly-rollup-d90d0eb1-6319-4a7e-97f6-68fbd306fd5a\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?177a5bc6\");\n # https://support.microsoft.com/en-us/topic/march-9-2021-kb5000856-security-only-update-7a0eb0b9-7f1c-44e5-ba3f-4f6e5e92b33e\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?22792d68\");\n script_set_attribute(attribute:\"solution\", value:\n\"Apply Security Only update KB5000856 or Cumulative Update KB5000844.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-26897\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:\"CANVAS\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/03/08\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/03/08\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/03/09\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:microsoft:windows\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows : Microsoft Bulletins\");\n\n script_copyright(english:\"This script is Copyright (C) 2021-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"smb_check_rollup.nasl\", \"smb_hotfixes.nasl\", \"ms_bulletin_checks_possible.nasl\");\n script_require_keys(\"SMB/MS_Bulletin_Checks/Possible\");\n script_require_ports(139, 445, \"Host/patch_management_checks\");\n\n exit(0);\n}\n\ninclude('smb_func.inc');\ninclude('smb_hotfixes.inc');\ninclude('smb_hotfixes_fcheck.inc');\ninclude('smb_reg_query.inc');\n\nget_kb_item_or_exit('SMB/MS_Bulletin_Checks/Possible');\n\nbulletin = 'MS21-03';\nkbs = make_list(\n '5000844',\n '5000856'\n);\n\nif (get_kb_item('Host/patch_management_checks')) hotfix_check_3rd_party(bulletin:bulletin, kbs:kbs, severity:SECURITY_HOLE);\n\nget_kb_item_or_exit('SMB/Registry/Enumerated');\nget_kb_item_or_exit('SMB/WindowsVersion', exit_code:1);\n\nif (hotfix_check_sp_range(vista:'2') <= 0) audit(AUDIT_OS_SP_NOT_VULN);\n\nshare = hotfix_get_systemdrive(as_share:TRUE, exit_on_fail:TRUE);\nif (!is_accessible_share(share:share)) audit(AUDIT_SHARE_FAIL, share);\n\nif (\n smb_check_rollup(os:'6.0', \n sp:2,\n rollup_date:'03_2021',\n bulletin:bulletin,\n rollup_kb_list:[5000844, 5000856])\n)\n{\n replace_kb_item(name:'SMB/Missing/'+bulletin, value:TRUE);\n hotfix_security_hole();\n hotfix_check_fversion_end();\n exit(0);\n}\nelse\n{\n hotfix_check_fversion_end();\n audit(AUDIT_HOST_NOT, hotfix_get_audit_report());\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-02-10T14:53:47", "description": "The Windows installation on the remote host is missing security update 4586781. It is, therefore, affected by multiple vulnerabilities. Please review the vendor advisory for more details.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2020-11-10T00:00:00", "type": "nessus", "title": "KB4586808: Windows Server 2012 November 2020 Security Update", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-1599", "CVE-2020-16997", "CVE-2020-17000", "CVE-2020-17001", "CVE-2020-17004", "CVE-2020-17011", "CVE-2020-17014", "CVE-2020-17024", "CVE-2020-17029", "CVE-2020-17036", "CVE-2020-17038", "CVE-2020-17041", "CVE-2020-17042", "CVE-2020-17043", "CVE-2020-17044", "CVE-2020-17045", "CVE-2020-17047", "CVE-2020-17049", "CVE-2020-17051", "CVE-2020-17052", "CVE-2020-17056", "CVE-2020-17068", "CVE-2020-17069", "CVE-2020-17088"], "modified": "2022-12-05T00:00:00", "cpe": ["cpe:/o:microsoft:windows"], "id": "SMB_NT_MS20_NOV_4586834.NASL", "href": "https://www.tenable.com/plugins/nessus/142687", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the Microsoft Security Updates API. The text\n# itself is copyright (C) Microsoft Corporation.\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(142687);\n script_version(\"1.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/12/05\");\n\n script_cve_id(\n \"CVE-2020-1599\",\n \"CVE-2020-16997\",\n \"CVE-2020-17000\",\n \"CVE-2020-17001\",\n \"CVE-2020-17004\",\n \"CVE-2020-17011\",\n \"CVE-2020-17014\",\n \"CVE-2020-17024\",\n \"CVE-2020-17029\",\n \"CVE-2020-17036\",\n \"CVE-2020-17038\",\n \"CVE-2020-17041\",\n \"CVE-2020-17042\",\n \"CVE-2020-17043\",\n \"CVE-2020-17044\",\n \"CVE-2020-17045\",\n \"CVE-2020-17047\",\n \"CVE-2020-17049\",\n \"CVE-2020-17051\",\n \"CVE-2020-17052\",\n \"CVE-2020-17056\",\n \"CVE-2020-17068\",\n \"CVE-2020-17069\",\n \"CVE-2020-17088\"\n );\n script_xref(name:\"MSKB\", value:\"4586808\");\n script_xref(name:\"MSKB\", value:\"4586834\");\n script_xref(name:\"MSFT\", value:\"MS20-4586808\");\n script_xref(name:\"MSFT\", value:\"MS20-4586834\");\n script_xref(name:\"IAVA\", value:\"2020-A-0513-S\");\n script_xref(name:\"IAVA\", value:\"2020-A-0518-S\");\n script_xref(name:\"IAVA\", value:\"2020-A-0521-S\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2020-0135\");\n\n script_name(english:\"KB4586808: Windows Server 2012 November 2020 Security Update\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Windows host is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The Windows installation on the remote host is missing security update 4586781. It is, therefore,\n affected by multiple vulnerabilities. Please review the vendor advisory for more details.\");\n # https://support.microsoft.com/en-us/help/4586808/windows-server-2012-update\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?d0d6d9b2\");\n # https://support.microsoft.com/en-us/help/4586834/windows-server-2012-update\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?82b0555c\");\n script_set_attribute(attribute:\"solution\", value:\n\"Apply Security Only update KB4586808 or Cumulative Update KB4586834.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-17051\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/11/10\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/11/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/11/10\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:microsoft:windows\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows : Microsoft Bulletins\");\n\n script_copyright(english:\"This script is Copyright (C) 2020-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"smb_check_rollup.nasl\", \"smb_hotfixes.nasl\", \"ms_bulletin_checks_possible.nasl\");\n script_require_keys(\"SMB/MS_Bulletin_Checks/Possible\");\n script_require_ports(139, 445, \"Host/patch_management_checks\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"smb_hotfixes_fcheck.inc\");\ninclude(\"smb_hotfixes.inc\");\ninclude(\"smb_func.inc\");\ninclude(\"misc_func.inc\");\n\nget_kb_item_or_exit(\"SMB/MS_Bulletin_Checks/Possible\");\n\nbulletin = \"MS20-11\";\nkbs = make_list('4586808', '4586834');\n\nif (get_kb_item(\"Host/patch_management_checks\")) hotfix_check_3rd_party(bulletin:bulletin, kbs:kbs, severity:SECURITY_HOLE);\n\nget_kb_item_or_exit(\"SMB/Registry/Enumerated\");\nget_kb_item_or_exit(\"SMB/WindowsVersion\", exit_code:1);\n\nif (hotfix_check_sp_range(win8:'0') <= 0) audit(AUDIT_OS_SP_NOT_VULN);\n\n# Windows 8 EOL\nproductname = get_kb_item_or_exit(\"SMB/ProductName\", exit_code:1);\nif (\"Windows 8\" >< productname) audit(AUDIT_OS_SP_NOT_VULN);\n\nshare = hotfix_get_systemdrive(as_share:TRUE, exit_on_fail:TRUE);\nif (!is_accessible_share(share:share)) audit(AUDIT_SHARE_FAIL, share);\n\nif (\n smb_check_rollup(os:\"6.2\",\n sp:0,\n rollup_date:\"11_2020\",\n bulletin:bulletin,\n rollup_kb_list:[4586808, 4586834])\n)\n{\n replace_kb_item(name:'SMB/Missing/'+bulletin, value:TRUE);\n hotfix_security_hole();\n hotfix_check_fversion_end();\n exit(0);\n}\nelse\n{\n hotfix_check_fversion_end();\n audit(AUDIT_HOST_NOT, hotfix_get_audit_report());\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-02-04T14:40:35", "description": "The remote Windows host is missing security update 5000807.\nIt is, therefore, affected by multiple vulnerabilities :\n\n - An elevation of privilege vulnerability. An attacker can exploit this to gain elevated privileges.\n (CVE-2021-1640, CVE-2021-26862, CVE-2021-26866, CVE-2021-26868, CVE-2021-26871, CVE-2021-26872, CVE-2021-26873, CVE-2021-26875, CVE-2021-26878, CVE-2021-26882, CVE-2021-26885, CVE-2021-26898, CVE-2021-26899, CVE-2021-26901, CVE-2021-27077)\n\n - An information disclosure vulnerability. An attacker can exploit this to disclose potentially sensitive information. (CVE-2021-24107, CVE-2021-26869, CVE-2021-26884)\n\n - A denial of service (DoS) vulnerability. An attacker can exploit this issue to cause the affected component to deny system or application services. (CVE-2021-26879, CVE-2021-26886)\n\n - An memory corruption vulnerability exists. An attacker can exploit this to corrupt the memory and cause unexpected behaviors within the system/application.\n (CVE-2021-26411)\n\n - A remote code execution vulnerability. An attacker can exploit this to bypass authentication and execute unauthorized arbitrary commands. (CVE-2021-26861, CVE-2021-26881)", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-03-09T00:00:00", "type": "nessus", "title": "KB5000807: Windows 10 March 2021 Security Update", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-1640", "CVE-2021-24107", "CVE-2021-26411", "CVE-2021-26861", "CVE-2021-26862", "CVE-2021-26866", "CVE-2021-26868", "CVE-2021-26869", "CVE-2021-26871", "CVE-2021-26872", "CVE-2021-26873", "CVE-2021-26875", "CVE-2021-26878", "CVE-2021-26879", "CVE-2021-26881", "CVE-2021-26882", "CVE-2021-26884", "CVE-2021-26885", "CVE-2021-26886", "CVE-2021-26898", "CVE-2021-26899", "CVE-2021-26901", "CVE-2021-27077"], "modified": "2023-02-03T00:00:00", "cpe": ["cpe:/o:microsoft:windows"], "id": "SMB_NT_MS21_MAR_5000807.NASL", "href": "https://www.tenable.com/plugins/nessus/147230", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the Microsoft Security Updates API. The text\n# itself is copyright (C) Microsoft Corporation.\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(147230);\n script_version(\"1.16\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/02/03\");\n\n script_cve_id(\n \"CVE-2021-1640\",\n \"CVE-2021-24107\",\n \"CVE-2021-26411\",\n \"CVE-2021-26861\",\n \"CVE-2021-26862\",\n \"CVE-2021-26866\",\n \"CVE-2021-26868\",\n \"CVE-2021-26869\",\n \"CVE-2021-26871\",\n \"CVE-2021-26872\",\n \"CVE-2021-26873\",\n \"CVE-2021-26875\",\n \"CVE-2021-26878\",\n \"CVE-2021-26879\",\n \"CVE-2021-26881\",\n \"CVE-2021-26882\",\n \"CVE-2021-26884\",\n \"CVE-2021-26885\",\n \"CVE-2021-26886\",\n \"CVE-2021-26898\",\n \"CVE-2021-26899\",\n \"CVE-2021-26901\",\n \"CVE-2021-27077\"\n );\n script_xref(name:\"MSKB\", value:\"5000807\");\n script_xref(name:\"MSFT\", value:\"MS21-5000807\");\n script_xref(name:\"IAVA\", value:\"2021-A-0129-S\");\n script_xref(name:\"IAVA\", value:\"2021-A-0130-S\");\n script_xref(name:\"IAVA\", value:\"2021-A-0134-S\");\n script_xref(name:\"IAVA\", value:\"2021-A-0131-S\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2021/11/17\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2021-0015\");\n\n script_name(english:\"KB5000807: Windows 10 March 2021 Security Update\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Windows host is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Windows host is missing security update 5000807.\nIt is, therefore, affected by multiple vulnerabilities :\n\n - An elevation of privilege vulnerability. An attacker can\n exploit this to gain elevated privileges.\n (CVE-2021-1640, CVE-2021-26862, CVE-2021-26866,\n CVE-2021-26868, CVE-2021-26871, CVE-2021-26872,\n CVE-2021-26873, CVE-2021-26875, CVE-2021-26878,\n CVE-2021-26882, CVE-2021-26885, CVE-2021-26898,\n CVE-2021-26899, CVE-2021-26901, CVE-2021-27077)\n\n - An information disclosure vulnerability. An attacker can\n exploit this to disclose potentially sensitive\n information. (CVE-2021-24107, CVE-2021-26869,\n CVE-2021-26884)\n\n - A denial of service (DoS) vulnerability. An attacker can\n exploit this issue to cause the affected component to\n deny system or application services. (CVE-2021-26879,\n CVE-2021-26886)\n\n - An memory corruption vulnerability exists. An attacker\n can exploit this to corrupt the memory and cause\n unexpected behaviors within the system/application.\n (CVE-2021-26411)\n\n - A remote code execution vulnerability. An attacker can\n exploit this to bypass authentication and execute\n unauthorized arbitrary commands. (CVE-2021-26861,\n CVE-2021-26881)\");\n # https://support.microsoft.com/en-us/topic/march-9-2021-kb5000807-os-build-10240-18874-09c57376-4108-4d34-bc89-3d4baec37ade\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?dcda9069\");\n script_set_attribute(attribute:\"solution\", value:\n\"Apply Cumulative Update KB5000807.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-26901\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2021-26881\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:\"CANVAS\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/03/08\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/03/08\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/03/09\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:microsoft:windows\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows : Microsoft Bulletins\");\n\n script_copyright(english:\"This script is Copyright (C) 2021-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"smb_check_rollup.nasl\", \"smb_hotfixes.nasl\", \"ms_bulletin_checks_possible.nasl\");\n script_require_keys(\"SMB/MS_Bulletin_Checks/Possible\");\n script_require_ports(139, 445, \"Host/patch_management_checks\");\n\n exit(0);\n}\n\ninclude('smb_func.inc');\ninclude('smb_hotfixes.inc');\ninclude('smb_hotfixes_fcheck.inc');\ninclude('smb_reg_query.inc');\n\nget_kb_item_or_exit('SMB/MS_Bulletin_Checks/Possible');\n\nbulletin = 'MS21-03';\nkbs = make_list(\n '5000807'\n);\n\nif (get_kb_item('Host/patch_management_checks')) hotfix_check_3rd_party(bulletin:bulletin, kbs:kbs, severity:SECURITY_HOLE);\n\nget_kb_item_or_exit('SMB/Registry/Enumerated');\nget_kb_item_or_exit('SMB/WindowsVersion', exit_code:1);\n\nif (hotfix_check_sp_range(win10:'0') <= 0) audit(AUDIT_OS_SP_NOT_VULN);\n\nshare = hotfix_get_systemdrive(as_share:TRUE, exit_on_fail:TRUE);\nif (!is_accessible_share(share:share)) audit(AUDIT_SHARE_FAIL, share);\n\nif (\n smb_check_rollup(os:'10',\n sp:0,\n os_build:'10240',\n rollup_date:'03_2021',\n bulletin:bulletin,\n rollup_kb_list:[5000807])\n)\n{\n replace_kb_item(name:'SMB/Missing/'+bulletin, value:TRUE);\n hotfix_security_hole();\n hotfix_check_fversion_end();\n exit(0);\n}\nelse\n{\n hotfix_check_fversion_end();\n audit(AUDIT_HOST_NOT, hotfix_get_audit_report());\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-01-11T14:44:31", "description": "The remote Windows host is missing security update 5000851 or cumulative update 5000841. It is, therefore, affected by multiple vulnerabilities :\n\n - A remote code execution vulnerability. An attacker can exploit this to bypass authentication and execute unauthorized arbitrary commands. (CVE-2021-26861, CVE-2021-26877, CVE-2021-26881, CVE-2021-26893, CVE-2021-26894, CVE-2021-26895, CVE-2021-26897)\n\n - An information disclosure vulnerability. An attacker can exploit this to disclose potentially sensitive information. (CVE-2021-24107, CVE-2021-26869)\n\n - An elevation of privilege vulnerability. An attacker can exploit this to gain elevated privileges.\n (CVE-2021-1640, CVE-2021-26862, CVE-2021-26872, CVE-2021-26873, CVE-2021-26875, CVE-2021-26878, CVE-2021-26882, CVE-2021-26898, CVE-2021-26899, CVE-2021-26901, CVE-2021-27077)\n\n - An memory corruption vulnerability exists. An attacker can exploit this to corrupt the memory and cause unexpected behaviors within the system/application.\n (CVE-2021-26411)\n\n - A denial of service (DoS) vulnerability. An attacker can exploit this issue to cause the affected component to deny system or application services. (CVE-2021-26896, CVE-2021-27063)", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-03-09T00:00:00", "type": "nessus", "title": "KB5000851: Windows 7 and Windows Server 2008 R2 March 2021 Security Update", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-1640", "CVE-2021-24107", "CVE-2021-26411", "CVE-2021-26861", "CVE-2021-26862", "CVE-2021-26869", "CVE-2021-26872", "CVE-2021-26873", "CVE-2021-26875", "CVE-2021-26877", "CVE-2021-26878", "CVE-2021-26881", "CVE-2021-26882", "CVE-2021-26893", "CVE-2021-26894", "CVE-2021-26895", "CVE-2021-26896", "CVE-2021-26897", "CVE-2021-26898", "CVE-2021-26899", "CVE-2021-26901", "CVE-2021-27063", "CVE-2021-27077"], "modified": "2022-12-05T00:00:00", "cpe": ["cpe:/o:microsoft:windows"], "id": "SMB_NT_MS21_MAR_5000841.NASL", "href": "https://www.tenable.com/plugins/nessus/147231", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the Microsoft Security Updates API. The text\n# itself is copyright (C) Microsoft Corporation.\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(147231);\n script_version(\"1.10\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/12/05\");\n\n script_cve_id(\n \"CVE-2021-1640\",\n \"CVE-2021-24107\",\n \"CVE-2021-26411\",\n \"CVE-2021-26861\",\n \"CVE-2021-26862\",\n \"CVE-2021-26869\",\n \"CVE-2021-26872\",\n \"CVE-2021-26873\",\n \"CVE-2021-26875\",\n \"CVE-2021-26877\",\n \"CVE-2021-26878\",\n \"CVE-2021-26881\",\n \"CVE-2021-26882\",\n \"CVE-2021-26893\",\n \"CVE-2021-26894\",\n \"CVE-2021-26895\",\n \"CVE-2021-26896\",\n \"CVE-2021-26897\",\n \"CVE-2021-26898\",\n \"CVE-2021-26899\",\n \"CVE-2021-26901\",\n \"CVE-2021-27063\",\n \"CVE-2021-27077\"\n );\n script_xref(name:\"MSKB\", value:\"5000841\");\n script_xref(name:\"MSKB\", value:\"5000851\");\n script_xref(name:\"MSFT\", value:\"MS21-5000841\");\n script_xref(name:\"MSFT\", value:\"MS21-5000851\");\n script_xref(name:\"IAVA\", value:\"2021-A-0130-S\");\n script_xref(name:\"IAVA\", value:\"2021-A-0134-S\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2021/11/17\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2021-0015\");\n\n script_name(english:\"KB5000851: Windows 7 and Windows Server 2008 R2 March 2021 Security Update\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Windows host is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Windows host is missing security update 5000851\nor cumulative update 5000841. It is, therefore, affected by\nmultiple vulnerabilities :\n\n - A remote code execution vulnerability. An attacker can\n exploit this to bypass authentication and execute\n unauthorized arbitrary commands. (CVE-2021-26861,\n CVE-2021-26877, CVE-2021-26881, CVE-2021-26893,\n CVE-2021-26894, CVE-2021-26895, CVE-2021-26897)\n\n - An information disclosure vulnerability. An attacker can\n exploit this to disclose potentially sensitive\n information. (CVE-2021-24107, CVE-2021-26869)\n\n - An elevation of privilege vulnerability. An attacker can\n exploit this to gain elevated privileges.\n (CVE-2021-1640, CVE-2021-26862, CVE-2021-26872,\n CVE-2021-26873, CVE-2021-26875, CVE-2021-26878,\n CVE-2021-26882, CVE-2021-26898, CVE-2021-26899,\n CVE-2021-26901, CVE-2021-27077)\n\n - An memory corruption vulnerability exists. An attacker\n can exploit this to corrupt the memory and cause\n unexpected behaviors within the system/application.\n (CVE-2021-26411)\n\n - A denial of service (DoS) vulnerability. An attacker can\n exploit this issue to cause the affected component to\n deny system or application services. (CVE-2021-26896,\n CVE-2021-27063)\");\n # https://support.microsoft.com/en-us/topic/march-9-2021-kb5000851-security-only-update-9e198918-a6d6-46d3-8cfb-bd2b1e2ecb99\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?7cce9359\");\n # https://support.microsoft.com/en-us/topic/march-9-2021-kb5000841-monthly-rollup-3a2cced1-f436-40c3-a8a1-645f86759088\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?8c5851d4\");\n script_set_attribute(attribute:\"solution\", value:\n\"Apply Security Only update KB5000851 or Cumulative Update KB5000841.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-26897\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:\"CANVAS\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/03/08\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/03/08\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/03/09\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:microsoft:windows\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows : Microsoft Bulletins\");\n\n script_copyright(english:\"This script is Copyright (C) 2021-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"smb_check_rollup.nasl\", \"smb_hotfixes.nasl\", \"ms_bulletin_checks_possible.nasl\");\n script_require_keys(\"SMB/MS_Bulletin_Checks/Possible\");\n script_require_ports(139, 445, \"Host/patch_management_checks\");\n\n exit(0);\n}\n\ninclude('smb_func.inc');\ninclude('smb_hotfixes.inc');\ninclude('smb_hotfixes_fcheck.inc');\ninclude('smb_reg_query.inc');\n\nget_kb_item_or_exit('SMB/MS_Bulletin_Checks/Possible');\n\nbulletin = 'MS21-03';\nkbs = make_list(\n '5000841',\n '5000851'\n);\n\nif (get_kb_item('Host/patch_management_checks')) hotfix_check_3rd_party(bulletin:bulletin, kbs:kbs, severity:SECURITY_HOLE);\n\nget_kb_item_or_exit('SMB/Registry/Enumerated');\nget_kb_item_or_exit('SMB/WindowsVersion', exit_code:1);\n\nif (hotfix_check_sp_range(win7:'1') <= 0) audit(AUDIT_OS_SP_NOT_VULN);\n\nshare = hotfix_get_systemdrive(as_share:TRUE, exit_on_fail:TRUE);\nif (!is_accessible_share(share:share)) audit(AUDIT_SHARE_FAIL, share);\n\nif (\n smb_check_rollup(os:'6.1', \n sp:1,\n rollup_date:'03_2021',\n bulletin:bulletin,\n rollup_kb_list:[5000841, 5000851])\n)\n{\n replace_kb_item(name:'SMB/Missing/'+bulletin, value:TRUE);\n hotfix_security_hole();\n hotfix_check_fversion_end();\n exit(0);\n}\nelse\n{\n hotfix_check_fversion_end();\n audit(AUDIT_HOST_NOT, hotfix_get_audit_report());\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-02-04T14:40:14", "description": "The remote Windows host is missing security update 5000840 or cumulative update 5000847. It is, therefore, affected by multiple vulnerabilities :\n\n - A remote code execution vulnerability. An attacker can exploit this to bypass authentication and execute unauthorized arbitrary commands. (CVE-2021-26861, CVE-2021-26877, CVE-2021-26881, CVE-2021-26893, CVE-2021-26894, CVE-2021-26895, CVE-2021-26897)\n\n - An information disclosure vulnerability. An attacker can exploit this to disclose potentially sensitive information. (CVE-2021-24107, CVE-2021-26869, CVE-2021-26884)\n\n - A denial of service (DoS) vulnerability. An attacker can exploit this issue to cause the affected component to deny system or application services. (CVE-2021-26886, CVE-2021-26896, CVE-2021-27063)\n\n - An memory corruption vulnerability exists. An attacker can exploit this to corrupt the memory and cause unexpected behaviors within the system/application.\n (CVE-2021-26411)\n\n - An elevation of privilege vulnerability. An attacker can exploit this to gain elevated privileges.\n (CVE-2021-1640, CVE-2021-26862, CVE-2021-26868, CVE-2021-26872, CVE-2021-26873, CVE-2021-26875, CVE-2021-26878, CVE-2021-26882, CVE-2021-26898, CVE-2021-26899, CVE-2021-26901)", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-03-09T00:00:00", "type": "nessus", "title": "KB5000840: Windows Server 2012 March 2021 Security Update", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-1640", "CVE-2021-24107", "CVE-2021-26411", "CVE-2021-26861", "CVE-2021-26862", "CVE-2021-26868", "CVE-2021-26869", "CVE-2021-26872", "CVE-2021-26873", "CVE-2021-26875", "CVE-2021-26877", "CVE-2021-26878", "CVE-2021-26881", "CVE-2021-26882", "CVE-2021-26884", "CVE-2021-26886", "CVE-2021-26893", "CVE-2021-26894", "CVE-2021-26895", "CVE-2021-26896", "CVE-2021-26897", "CVE-2021-26898", "CVE-2021-26899", "CVE-2021-26901", "CVE-2021-27063"], "modified": "2023-02-03T00:00:00", "cpe": ["cpe:/o:microsoft:windows"], "id": "SMB_NT_MS21_MAR_5000847.NASL", "href": "https://www.tenable.com/plugins/nessus/147221", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the Microsoft Security Updates API. The text\n# itself is copyright (C) Microsoft Corporation.\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(147221);\n script_version(\"1.11\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/02/03\");\n\n script_cve_id(\n \"CVE-2021-1640\",\n \"CVE-2021-24107\",\n \"CVE-2021-26411\",\n \"CVE-2021-26861\",\n \"CVE-2021-26862\",\n \"CVE-2021-26868\",\n \"CVE-2021-26869\",\n \"CVE-2021-26872\",\n \"CVE-2021-26873\",\n \"CVE-2021-26875\",\n \"CVE-2021-26877\",\n \"CVE-2021-26878\",\n \"CVE-2021-26881\",\n \"CVE-2021-26882\",\n \"CVE-2021-26884\",\n \"CVE-2021-26886\",\n \"CVE-2021-26893\",\n \"CVE-2021-26894\",\n \"CVE-2021-26895\",\n \"CVE-2021-26896\",\n \"CVE-2021-26897\",\n \"CVE-2021-26898\",\n \"CVE-2021-26899\",\n \"CVE-2021-26901\",\n \"CVE-2021-27063\"\n );\n script_xref(name:\"MSKB\", value:\"5000847\");\n script_xref(name:\"MSKB\", value:\"5000840\");\n script_xref(name:\"MSFT\", value:\"MS21-5000847\");\n script_xref(name:\"MSFT\", value:\"MS21-5000840\");\n script_xref(name:\"IAVA\", value:\"2021-A-0130-S\");\n script_xref(name:\"IAVA\", value:\"2021-A-0134-S\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2021/11/17\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2021-0015\");\n\n script_name(english:\"KB5000840: Windows Server 2012 March 2021 Security Update\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Windows host is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Windows host is missing security update 5000840\nor cumulative update 5000847. It is, therefore, affected by\nmultiple vulnerabilities :\n\n - A remote code execution vulnerability. An attacker can\n exploit this to bypass authentication and execute\n unauthorized arbitrary commands. (CVE-2021-26861,\n CVE-2021-26877, CVE-2021-26881, CVE-2021-26893,\n CVE-2021-26894, CVE-2021-26895, CVE-2021-26897)\n\n - An information disclosure vulnerability. An attacker can\n exploit this to disclose potentially sensitive\n information. (CVE-2021-24107, CVE-2021-26869,\n CVE-2021-26884)\n\n - A denial of service (DoS) vulnerability. An attacker can\n exploit this issue to cause the affected component to\n deny system or application services. (CVE-2021-26886,\n CVE-2021-26896, CVE-2021-27063)\n\n - An memory corruption vulnerability exists. An attacker\n can exploit this to corrupt the memory and cause\n unexpected behaviors within the system/application.\n (CVE-2021-26411)\n\n - An elevation of privilege vulnerability. An attacker can\n exploit this to gain elevated privileges.\n (CVE-2021-1640, CVE-2021-26862, CVE-2021-26868,\n CVE-2021-26872, CVE-2021-26873, CVE-2021-26875,\n CVE-2021-26878, CVE-2021-26882, CVE-2021-26898,\n CVE-2021-26899, CVE-2021-26901)\");\n # https://support.microsoft.com/en-us/topic/march-9-2021-kb5000847-monthly-rollup-8afa2933-e9da-4481-a0bc-18deb314974e\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?df958afd\");\n # https://support.microsoft.com/en-us/topic/march-9-2021-kb5000840-security-only-update-a5261347-8a42-4727-a544-bd66fb3d4d70\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?2561ac2c\");\n script_set_attribute(attribute:\"solution\", value:\n\"Apply Security Only update KB5000840 or Cumulative Update KB5000847.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-26897\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:\"CANVAS\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/03/08\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/03/08\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/03/09\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:microsoft:windows\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows : Microsoft Bulletins\");\n\n script_copyright(english:\"This script is Copyright (C) 2021-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"smb_check_rollup.nasl\", \"smb_hotfixes.nasl\", \"ms_bulletin_checks_possible.nasl\");\n script_require_keys(\"SMB/MS_Bulletin_Checks/Possible\");\n script_require_ports(139, 445, \"Host/patch_management_checks\");\n\n exit(0);\n}\n\ninclude('smb_func.inc');\ninclude('smb_hotfixes.inc');\ninclude('smb_hotfixes_fcheck.inc');\ninclude('smb_reg_query.inc');\n\nget_kb_item_or_exit('SMB/MS_Bulletin_Checks/Possible');\n\nbulletin = 'MS21-03';\nkbs = make_list(\n '5000847',\n '5000840'\n);\n\nif (get_kb_item('Host/patch_management_checks')) hotfix_check_3rd_party(bulletin:bulletin, kbs:kbs, severity:SECURITY_HOLE);\n\nget_kb_item_or_exit('SMB/Registry/Enumerated');\nget_kb_item_or_exit('SMB/WindowsVersion', exit_code:1);\n\nif (hotfix_check_sp_range(win8:'0') <= 0) audit(AUDIT_OS_SP_NOT_VULN);\n\n# Windows 8 EOL\nproductname = get_kb_item_or_exit(\"SMB/ProductName\", exit_code:1);\nif (\"Windows 8\" >< productname) audit(AUDIT_OS_SP_NOT_VULN);\n\nshare = hotfix_get_systemdrive(as_share:TRUE, exit_on_fail:TRUE);\nif (!is_accessible_share(share:share)) audit(AUDIT_SHARE_FAIL, share);\n\nif (\n smb_check_rollup(os:'6.2', \n sp:0,\n rollup_date:'03_2021',\n bulletin:bulletin,\n rollup_kb_list:[5000847, 5000840])\n)\n{\n replace_kb_item(name:'SMB/Missing/'+bulletin, value:TRUE);\n hotfix_security_hole();\n hotfix_check_fversion_end();\n exit(0);\n}\nelse\n{\n hotfix_check_fversion_end();\n audit(AUDIT_HOST_NOT, hotfix_get_audit_report());\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-02-04T14:39:31", "description": "The remote Windows host is missing security update 5000853 or cumulative update 5000848. It is, therefore, affected by multiple vulnerabilities :\n\n - A remote code execution vulnerability. An attacker can exploit this to bypass authentication and execute unauthorized arbitrary commands. (CVE-2021-26861, CVE-2021-26877, CVE-2021-26881, CVE-2021-26893, CVE-2021-26894, CVE-2021-26895, CVE-2021-26897)\n\n - An elevation of privilege vulnerability. An attacker can exploit this to gain elevated privileges.\n (CVE-2021-1640, CVE-2021-26862, CVE-2021-26868, CVE-2021-26872, CVE-2021-26873, CVE-2021-26875, CVE-2021-26878, CVE-2021-26882, CVE-2021-26898, CVE-2021-26899, CVE-2021-26901, CVE-2021-27077)\n\n - A denial of service (DoS) vulnerability. An attacker can exploit this issue to cause the affected component to deny system or application services. (CVE-2021-26879, CVE-2021-26886, CVE-2021-26896, CVE-2021-27063)\n\n - An information disclosure vulnerability. An attacker can exploit this to disclose potentially sensitive information. (CVE-2021-24107, CVE-2021-26869, CVE-2021-26884)\n\n - An memory corruption vulnerability exists. An attacker can exploit this to corrupt the memory and cause unexpected behaviors within the system/application.\n (CVE-2021-26411)", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-03-09T00:00:00", "type": "nessus", "title": "KB5000853: Windows 8.1 and Windows Server 2012 R2 March 2021 Security Update", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-1640", "CVE-2021-24107", "CVE-2021-26411", "CVE-2021-26861", "CVE-2021-26862", "CVE-2021-26868", "CVE-2021-26869", "CVE-2021-26872", "CVE-2021-26873", "CVE-2021-26875", "CVE-2021-26877", "CVE-2021-26878", "CVE-2021-26879", "CVE-2021-26881", "CVE-2021-26882", "CVE-2021-26884", "CVE-2021-26886", "CVE-2021-26893", "CVE-2021-26894", "CVE-2021-26895", "CVE-2021-26896", "CVE-2021-26897", "CVE-2021-26898", "CVE-2021-26899", "CVE-2021-26901", "CVE-2021-27063", "CVE-2021-27077"], "modified": "2023-02-03T00:00:00", "cpe": ["cpe:/o:microsoft:windows"], "id": "SMB_NT_MS21_MAR_5000848.NASL", "href": "https://www.tenable.com/plugins/nessus/147229", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the Microsoft Security Updates API. The text\n# itself is copyright (C) Microsoft Corporation.\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(147229);\n script_version(\"1.11\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/02/03\");\n\n script_cve_id(\n \"CVE-2021-1640\",\n \"CVE-2021-24107\",\n \"CVE-2021-26411\",\n \"CVE-2021-26861\",\n \"CVE-2021-26862\",\n \"CVE-2021-26868\",\n \"CVE-2021-26869\",\n \"CVE-2021-26872\",\n \"CVE-2021-26873\",\n \"CVE-2021-26875\",\n \"CVE-2021-26877\",\n \"CVE-2021-26878\",\n \"CVE-2021-26879\",\n \"CVE-2021-26881\",\n \"CVE-2021-26882\",\n \"CVE-2021-26884\",\n \"CVE-2021-26886\",\n \"CVE-2021-26893\",\n \"CVE-2021-26894\",\n \"CVE-2021-26895\",\n \"CVE-2021-26896\",\n \"CVE-2021-26897\",\n \"CVE-2021-26898\",\n \"CVE-2021-26899\",\n \"CVE-2021-26901\",\n \"CVE-2021-27063\",\n \"CVE-2021-27077\"\n );\n script_xref(name:\"MSKB\", value:\"5000848\");\n script_xref(name:\"MSKB\", value:\"5000853\");\n script_xref(name:\"MSFT\", value:\"MS21-5000848\");\n script_xref(name:\"MSFT\", value:\"MS21-5000853\");\n script_xref(name:\"IAVA\", value:\"2021-A-0130-S\");\n script_xref(name:\"IAVA\", value:\"2021-A-0134-S\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2021/11/17\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2021-0015\");\n\n script_name(english:\"KB5000853: Windows 8.1 and Windows Server 2012 R2 March 2021 Security Update\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Windows host is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Windows host is missing security update 5000853\nor cumulative update 5000848. It is, therefore, affected by\nmultiple vulnerabilities :\n\n - A remote code execution vulnerability. An attacker can\n exploit this to bypass authentication and execute\n unauthorized arbitrary commands. (CVE-2021-26861,\n CVE-2021-26877, CVE-2021-26881, CVE-2021-26893,\n CVE-2021-26894, CVE-2021-26895, CVE-2021-26897)\n\n - An elevation of privilege vulnerability. An attacker can\n exploit this to gain elevated privileges.\n (CVE-2021-1640, CVE-2021-26862, CVE-2021-26868,\n CVE-2021-26872, CVE-2021-26873, CVE-2021-26875,\n CVE-2021-26878, CVE-2021-26882, CVE-2021-26898,\n CVE-2021-26899, CVE-2021-26901, CVE-2021-27077)\n\n - A denial of service (DoS) vulnerability. An attacker can\n exploit this issue to cause the affected component to\n deny system or application services. (CVE-2021-26879,\n CVE-2021-26886, CVE-2021-26896, CVE-2021-27063)\n\n - An information disclosure vulnerability. An attacker can\n exploit this to disclose potentially sensitive\n information. (CVE-2021-24107, CVE-2021-26869,\n CVE-2021-26884)\n\n - An memory corruption vulnerability exists. An attacker\n can exploit this to corrupt the memory and cause\n unexpected behaviors within the system/application.\n (CVE-2021-26411)\");\n # https://support.microsoft.com/en-us/topic/march-9-2021-kb5000853-security-only-update-8dac9fb9-dbc9-4484-8e56-df5492d20808\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?be16b68e\");\n # https://support.microsoft.com/en-us/topic/march-9-2021-kb5000848-monthly-rollup-52f23db9-e1b0-4829-81b9-198fc82891a3\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?5ff1e9b3\");\n script_set_attribute(attribute:\"solution\", value:\n\"Apply Security Only update KB5000853 or Cumulative Update KB5000848.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-26897\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:\"CANVAS\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/03/08\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/03/08\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/03/09\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:microsoft:windows\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows : Microsoft Bulletins\");\n\n script_copyright(english:\"This script is Copyright (C) 2021-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"smb_check_rollup.nasl\", \"smb_hotfixes.nasl\", \"ms_bulletin_checks_possible.nasl\");\n script_require_keys(\"SMB/MS_Bulletin_Checks/Possible\");\n script_require_ports(139, 445, \"Host/patch_management_checks\");\n\n exit(0);\n}\n\ninclude('smb_func.inc');\ninclude('smb_hotfixes.inc');\ninclude('smb_hotfixes_fcheck.inc');\ninclude('smb_reg_query.inc');\n\nget_kb_item_or_exit('SMB/MS_Bulletin_Checks/Possible');\n\nbulletin = 'MS21-03';\nkbs = make_list(\n '5000848',\n '5000853'\n);\n\nif (get_kb_item('Host/patch_management_checks')) hotfix_check_3rd_party(bulletin:bulletin, kbs:kbs, severity:SECURITY_HOLE);\n\nget_kb_item_or_exit('SMB/Registry/Enumerated');\nget_kb_item_or_exit('SMB/WindowsVersion', exit_code:1);\n\nif (hotfix_check_sp_range(win81:'0') <= 0) audit(AUDIT_OS_SP_NOT_VULN);\n\n# Windows 8 EOL\nproductname = get_kb_item_or_exit(\"SMB/ProductName\", exit_code:1);\nif (\"Windows 8\" >< productname && \"8.1\" >!< productname)\n audit(AUDIT_OS_SP_NOT_VULN);\n\nshare = hotfix_get_systemdrive(as_share:TRUE, exit_on_fail:TRUE);\nif (!is_accessible_share(share:share)) audit(AUDIT_SHARE_FAIL, share);\n\nif (\n smb_check_rollup(os:'6.3', \n sp:0,\n rollup_date:'03_2021',\n bulletin:bulletin,\n rollup_kb_list:[5000848, 5000853])\n)\n{\n replace_kb_item(name:'SMB/Missing/'+bulletin, value:TRUE);\n hotfix_security_hole();\n hotfix_check_fversion_end();\n exit(0);\n}\nelse\n{\n hotfix_check_fversion_end();\n audit(AUDIT_HOST_NOT, hotfix_get_audit_report());\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-02-10T14:52:43", "description": "The Windows installation on the remote host is missing security update 4586781. It is, therefore, affected by multiple vulnerabilities. Please review the vendor advisory for more details.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2020-11-10T00:00:00", "type": "nessus", "title": "KB4586823: Windows 8.1 and Windows Server 2012 R2 November 2020 Security Update", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-1599", "CVE-2020-16997", "CVE-2020-17000", "CVE-2020-17001", "CVE-2020-17004", "CVE-2020-17011", "CVE-2020-17014", "CVE-2020-17024", "CVE-2020-17025", "CVE-2020-17026", "CVE-2020-17027", "CVE-2020-17028", "CVE-2020-17029", "CVE-2020-17031", "CVE-2020-17032", "CVE-2020-17033", "CVE-2020-17034", "CVE-2020-17036", "CVE-2020-17038", "CVE-2020-17040", "CVE-2020-17041", "CVE-2020-17042", "CVE-2020-17043", "CVE-2020-17044", "CVE-2020-17045", "CVE-2020-17047", "CVE-2020-17049", "CVE-2020-17051", "CVE-2020-17052", "CVE-2020-17055", "CVE-2020-17056", "CVE-2020-17068", "CVE-2020-17069", "CVE-2020-17087", "CVE-2020-17088"], "modified": "2022-12-05T00:00:00", "cpe": ["cpe:/o:microsoft:windows"], "id": "SMB_NT_MS20_NOV_4586845.NASL", "href": "https://www.tenable.com/plugins/nessus/142686", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the Microsoft Security Updates API. The text\n# itself is copyright (C) Microsoft Corporation.\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(142686);\n script_version(\"1.9\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/12/05\");\n\n script_cve_id(\n \"CVE-2020-1599\",\n \"CVE-2020-16997\",\n \"CVE-2020-17000\",\n \"CVE-2020-17001\",\n \"CVE-2020-17004\",\n \"CVE-2020-17011\",\n \"CVE-2020-17014\",\n \"CVE-2020-17024\",\n \"CVE-2020-17025\",\n \"CVE-2020-17026\",\n \"CVE-2020-17027\",\n \"CVE-2020-17028\",\n \"CVE-2020-17029\",\n \"CVE-2020-17031\",\n \"CVE-2020-17032\",\n \"CVE-2020-17033\",\n \"CVE-2020-17034\",\n \"CVE-2020-17036\",\n \"CVE-2020-17038\",\n \"CVE-2020-17040\",\n \"CVE-2020-17041\",\n \"CVE-2020-17042\",\n \"CVE-2020-17043\",\n \"CVE-2020-17044\",\n \"CVE-2020-17045\",\n \"CVE-2020-17047\",\n \"CVE-2020-17049\",\n \"CVE-2020-17051\",\n \"CVE-2020-17052\",\n \"CVE-2020-17055\",\n \"CVE-2020-17056\",\n \"CVE-2020-17068\",\n \"CVE-2020-17069\",\n \"CVE-2020-17087\",\n \"CVE-2020-17088\"\n );\n script_xref(name:\"MSKB\", value:\"4586823\");\n script_xref(name:\"MSKB\", value:\"4586845\");\n script_xref(name:\"MSFT\", value:\"MS20-4586823\");\n script_xref(name:\"MSFT\", value:\"MS20-4586845\");\n script_xref(name:\"IAVA\", value:\"2020-A-0513-S\");\n script_xref(name:\"IAVA\", value:\"2020-A-0518-S\");\n script_xref(name:\"IAVA\", value:\"2020-A-0521-S\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2022/05/03\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2020-0135\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2020-0124\");\n\n script_name(english:\"KB4586823: Windows 8.1 and Windows Server 2012 R2 November 2020 Security Update\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Windows host is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The Windows installation on the remote host is missing security update 4586781. It is, therefore,\n affected by multiple vulnerabilities. Please review the vendor advisory for more details.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://support.microsoft.com/en-us/help/4586823/windows-8-1-update\");\n script_set_attribute(attribute:\"see_also\", value:\"https://support.microsoft.com/en-us/help/4586845/windows-8-1-update\");\n script_set_attribute(attribute:\"solution\", value:\n\"Apply Security Only update KB4586823 or Cumulative Update KB4586845.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-17051\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/11/10\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/11/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/11/10\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:microsoft:windows\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows : Microsoft Bulletins\");\n\n script_copyright(english:\"This script is Copyright (C) 2020-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"smb_check_rollup.nasl\", \"smb_hotfixes.nasl\", \"ms_bulletin_checks_possible.nasl\");\n script_require_keys(\"SMB/MS_Bulletin_Checks/Possible\");\n script_require_ports(139, 445, \"Host/patch_management_checks\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"smb_hotfixes_fcheck.inc\");\ninclude(\"smb_hotfixes.inc\");\ninclude(\"smb_func.inc\");\ninclude(\"misc_func.inc\");\n\nget_kb_item_or_exit(\"SMB/MS_Bulletin_Checks/Possible\");\n\nbulletin = \"MS20-11\";\nkbs = make_list('4586823', '4586845');\n\nif (get_kb_item(\"Host/patch_management_checks\")) hotfix_check_3rd_party(bulletin:bulletin, kbs:kbs, severity:SECURITY_HOLE);\n\nget_kb_item_or_exit(\"SMB/Registry/Enumerated\");\nget_kb_item_or_exit(\"SMB/WindowsVersion\", exit_code:1);\n\nif (hotfix_check_sp_range(win81:'0') <= 0) audit(AUDIT_OS_SP_NOT_VULN);\n\n# Windows 8 EOL\nproductname = get_kb_item_or_exit(\"SMB/ProductName\", exit_code:1);\nif (\"Windows 8\" >< productname && \"8.1\" >!< productname)\n audit(AUDIT_OS_SP_NOT_VULN);\n\nshare = hotfix_get_systemdrive(as_share:TRUE, exit_on_fail:TRUE);\nif (!is_accessible_share(share:share)) audit(AUDIT_SHARE_FAIL, share);\n\nif (\n smb_check_rollup(os:\"6.3\",\n sp:0,\n rollup_date:\"11_2020\",\n bulletin:bulletin,\n rollup_kb_list:[4586823, 4586845])\n)\n{\n replace_kb_item(name:'SMB/Missing/'+bulletin, value:TRUE);\n hotfix_security_hole();\n hotfix_check_fversion_end();\n exit(0);\n}\nelse\n{\n hotfix_check_fversion_end();\n audit(AUDIT_HOST_NOT, hotfix_get_audit_report());\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-02-04T14:40:17", "description": "The remote Windows host is missing security update 5000803.\nIt is, therefore, affected by multiple vulnerabilities :\n\n - An information disclosure vulnerability. An attacker can exploit this to disclose potentially sensitive information. (CVE-2021-24107, CVE-2021-26869, CVE-2021-26884)\n\n - An memory corruption vulnerability exists. An attacker can exploit this to corrupt the memory and cause unexpected behaviors within the system/application.\n (CVE-2021-26411)\n\n - An elevation of privilege vulnerability. An attacker can exploit this to gain elevated privileges.\n (CVE-2021-1640, CVE-2021-26862, CVE-2021-26864, CVE-2021-26865, CVE-2021-26866, CVE-2021-26868, CVE-2021-26872, CVE-2021-26873, CVE-2021-26875, CVE-2021-26878, CVE-2021-26880, CVE-2021-26882, CVE-2021-26891, CVE-2021-26898, CVE-2021-26899, CVE-2021-26901, CVE-2021-27077)\n\n - A remote code execution vulnerability. An attacker can exploit this to bypass authentication and execute unauthorized arbitrary commands. (CVE-2021-26861, CVE-2021-26877, CVE-2021-26881, CVE-2021-26893, CVE-2021-26894, CVE-2021-26895, CVE-2021-26897)\n\n - A denial of service (DoS) vulnerability. An attacker can exploit this issue to cause the affected component to deny system or application services. (CVE-2021-26879, CVE-2021-26886, CVE-2021-26896, CVE-2021-27063)\n\n - A security feature bypass vulnerability exists. An attacker can exploit this and bypass the security feature and perform unauthorized actions compromising the integrity of the system/application.\n (CVE-2021-26892)", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-03-09T00:00:00", "type": "nessus", "title": "KB5000803: Windows Security Update (March 2021)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-1640", "CVE-2021-24107", "CVE-2021-26411", "CVE-2021-26861", "CVE-2021-26862", "CVE-2021-26864", "CVE-2021-26865", "CVE-2021-26866", "CVE-2021-26868", "CVE-2021-26869", "CVE-2021-26872", "CVE-2021-26873", "CVE-2021-26875", "CVE-2021-26877", "CVE-2021-26878", "CVE-2021-26879", "CVE-2021-26880", "CVE-2021-26881", "CVE-2021-26882", "CVE-2021-26884", "CVE-2021-26886", "CVE-2021-26891", "CVE-2021-26892", "CVE-2021-26893", "CVE-2021-26894", "CVE-2021-26895", "CVE-2021-26896", "CVE-2021-26897", "CVE-2021-26898", "CVE-2021-26899", "CVE-2021-26901", "CVE-2021-27063", "CVE-2021-27077"], "modified": "2023-02-03T00:00:00", "cpe": ["cpe:/o:microsoft:windows"], "id": "SMB_NT_MS21_MAR_5000803.NASL", "href": "https://www.tenable.com/plugins/nessus/147222", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the Microsoft Security Updates API. The text\n# itself is copyright (C) Microsoft Corporation.\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(147222);\n script_version(\"1.14\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/02/03\");\n\n script_cve_id(\n \"CVE-2021-1640\",\n \"CVE-2021-24107\",\n \"CVE-2021-26411\",\n \"CVE-2021-26861\",\n \"CVE-2021-26862\",\n \"CVE-2021-26864\",\n \"CVE-2021-26865\",\n \"CVE-2021-26866\",\n \"CVE-2021-26868\",\n \"CVE-2021-26869\",\n \"CVE-2021-26872\",\n \"CVE-2021-26873\",\n \"CVE-2021-26875\",\n \"CVE-2021-26877\",\n \"CVE-2021-26878\",\n \"CVE-2021-26879\",\n \"CVE-2021-26880\",\n \"CVE-2021-26881\",\n \"CVE-2021-26882\",\n \"CVE-2021-26884\",\n \"CVE-2021-26886\",\n \"CVE-2021-26891\",\n \"CVE-2021-26892\",\n \"CVE-2021-26893\",\n \"CVE-2021-26894\",\n \"CVE-2021-26895\",\n \"CVE-2021-26896\",\n \"CVE-2021-26897\",\n \"CVE-2021-26898\",\n \"CVE-2021-26899\",\n \"CVE-2021-26901\",\n \"CVE-2021-27063\",\n \"CVE-2021-27077\"\n );\n script_xref(name:\"MSKB\", value:\"5000803\");\n script_xref(name:\"MSFT\", value:\"MS21-5000803\");\n script_xref(name:\"IAVA\", value:\"2021-A-0129-S\");\n script_xref(name:\"IAVA\", value:\"2021-A-0130-S\");\n script_xref(name:\"IAVA\", value:\"2021-A-0134-S\");\n script_xref(name:\"IAVA\", value:\"2021-A-0131-S\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2021/11/17\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2021-0015\");\n\n script_name(english:\"KB5000803: Windows Security Update (March 2021)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Windows host is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Windows host is missing security update 5000803.\nIt is, therefore, affected by multiple vulnerabilities :\n\n - An information disclosure vulnerability. An attacker can\n exploit this to disclose potentially sensitive\n information. (CVE-2021-24107, CVE-2021-26869,\n CVE-2021-26884)\n\n - An memory corruption vulnerability exists. An attacker\n can exploit this to corrupt the memory and cause\n unexpected behaviors within the system/application.\n (CVE-2021-26411)\n\n - An elevation of privilege vulnerability. An attacker can\n exploit this to gain elevated privileges.\n (CVE-2021-1640, CVE-2021-26862, CVE-2021-26864,\n CVE-2021-26865, CVE-2021-26866, CVE-2021-26868,\n CVE-2021-26872, CVE-2021-26873, CVE-2021-26875,\n CVE-2021-26878, CVE-2021-26880, CVE-2021-26882,\n CVE-2021-26891, CVE-2021-26898, CVE-2021-26899,\n CVE-2021-26901, CVE-2021-27077)\n\n - A remote code execution vulnerability. An attacker can\n exploit this to bypass authentication and execute\n unauthorized arbitrary commands. (CVE-2021-26861,\n CVE-2021-26877, CVE-2021-26881, CVE-2021-26893,\n CVE-2021-26894, CVE-2021-26895, CVE-2021-26897)\n\n - A denial of service (DoS) vulnerability. An attacker can\n exploit this issue to cause the affected component to\n deny system or application services. (CVE-2021-26879,\n CVE-2021-26886, CVE-2021-26896, CVE-2021-27063)\n\n - A security feature bypass vulnerability exists. An\n attacker can exploit this and bypass the security\n feature and perform unauthorized actions compromising\n the integrity of the system/application.\n (CVE-2021-26892)\");\n # https://support.microsoft.com/en-us/topic/march-9-2021-kb5000803-os-build-14393-4283-711d10dd-adcb-490b-a640-aaa25009cfed\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?41f8ea83\");\n script_set_attribute(attribute:\"solution\", value:\n\"Apply Cumulative Update KB5000803.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-26897\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:\"CANVAS\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/03/08\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/03/08\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/03/09\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:microsoft:windows\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows : Microsoft Bulletins\");\n\n script_copyright(english:\"This script is Copyright (C) 2021-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"smb_check_rollup.nasl\", \"smb_hotfixes.nasl\", \"ms_bulletin_checks_possible.nasl\");\n script_require_keys(\"SMB/MS_Bulletin_Checks/Possible\");\n script_require_ports(139, 445, \"Host/patch_management_checks\");\n\n exit(0);\n}\n\ninclude('smb_func.inc');\ninclude('smb_hotfixes.inc');\ninclude('smb_hotfixes_fcheck.inc');\ninclude('smb_reg_query.inc');\n\nget_kb_item_or_exit('SMB/MS_Bulletin_Checks/Possible');\n\nbulletin = 'MS21-03';\nkbs = make_list(\n '5000803'\n);\n\nif (get_kb_item('Host/patch_management_checks')) hotfix_check_3rd_party(bulletin:bulletin, kbs:kbs, severity:SECURITY_HOLE);\n\nget_kb_item_or_exit('SMB/Registry/Enumerated');\nget_kb_item_or_exit('SMB/WindowsVersion', exit_code:1);\n\nif (hotfix_check_sp_range(win10:'0') <= 0) audit(AUDIT_OS_SP_NOT_VULN);\n\nshare = hotfix_get_systemdrive(as_share:TRUE, exit_on_fail:TRUE);\nif (!is_accessible_share(share:share)) audit(AUDIT_SHARE_FAIL, share);\n\nif (\n smb_check_rollup(os:'10',\n sp:0,\n os_build:'14393',\n rollup_date:'03_2021',\n bulletin:bulletin,\n rollup_kb_list:[5000803])\n)\n{\n replace_kb_item(name:'SMB/Missing/'+bulletin, value:TRUE);\n hotfix_security_hole();\n hotfix_check_fversion_end();\n exit(0);\n}\nelse\n{\n hotfix_check_fversion_end();\n audit(AUDIT_HOST_NOT, hotfix_get_audit_report());\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-02-04T14:40:14", "description": "The remote Windows host is missing security update 5000809.\nIt is, therefore, affected by multiple vulnerabilities :\n\n - An information disclosure vulnerability. An attacker can exploit this to disclose potentially sensitive information. (CVE-2021-24107, CVE-2021-26869, CVE-2021-26884)\n\n - An memory corruption vulnerability exists. An attacker can exploit this to corrupt the memory and cause unexpected behaviors within the system/application.\n (CVE-2021-26411)\n\n - A denial of service (DoS) vulnerability. An attacker can exploit this issue to cause the affected component to deny system or application services. (CVE-2021-26879, CVE-2021-26886)\n\n - An elevation of privilege vulnerability. An attacker can exploit this to gain elevated privileges.\n (CVE-2021-1640, CVE-2021-1729, CVE-2021-24095, CVE-2021-26862, CVE-2021-26863, CVE-2021-26866, CVE-2021-26868, CVE-2021-26870, CVE-2021-26871, CVE-2021-26872, CVE-2021-26873, CVE-2021-26875, CVE-2021-26878, CVE-2021-26880, CVE-2021-26882, CVE-2021-26885, CVE-2021-26889, CVE-2021-26898, CVE-2021-26899, CVE-2021-26901, CVE-2021-27077)\n\n - A remote code execution vulnerability. An attacker can exploit this to bypass authentication and execute unauthorized arbitrary commands. (CVE-2021-26861, CVE-2021-26876, CVE-2021-26881, CVE-2021-27085)\n\n - A security feature bypass vulnerability exists. An attacker can exploit this and bypass the security feature and perform unauthorized actions compromising the integrity of the system/application.\n (CVE-2021-26892)", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2021-03-09T00:00:00", "type": "nessus", "title": "KB5000809: Windows 10 Version 1803 March 2021 Security Update", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 4.9, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "HIGH", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.6, "vectorString": "AV:N/AC:H/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-1640", "CVE-2021-1729", "CVE-2021-24095", "CVE-2021-24107", "CVE-2021-26411", "CVE-2021-26861", "CVE-2021-26862", "CVE-2021-26863", "CVE-2021-26866", "CVE-2021-26868", "CVE-2021-26869", "CVE-2021-26870", "CVE-2021-26871", "CVE-2021-26872", "CVE-2021-26873", "CVE-2021-26875", "CVE-2021-26876", "CVE-2021-26878", "CVE-2021-26879", "CVE-2021-26880", "CVE-2021-26881", "CVE-2021-26882", "CVE-2021-26884", "CVE-2021-26885", "CVE-2021-26886", "CVE-2021-26889", "CVE-2021-26892", "CVE-2021-26898", "CVE-2021-26899", "CVE-2021-26901", "CVE-2021-27077", "CVE-2021-27085"], "modified": "2023-02-03T00:00:00", "cpe": ["cpe:/o:microsoft:windows"], "id": "SMB_NT_MS21_MAR_5000809.NASL", "href": "https://www.tenable.com/plugins/nessus/147224", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the Microsoft Security Updates API. The text\n# itself is copyright (C) Microsoft Corporation.\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(147224);\n script_version(\"1.17\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/02/03\");\n\n script_cve_id(\n \"CVE-2021-1640\",\n \"CVE-2021-1729\",\n \"CVE-2021-24095\",\n \"CVE-2021-24107\",\n \"CVE-2021-26411\",\n \"CVE-2021-26861\",\n \"CVE-2021-26862\",\n \"CVE-2021-26863\",\n \"CVE-2021-26866\",\n \"CVE-2021-26868\",\n \"CVE-2021-26869\",\n \"CVE-2021-26870\",\n \"CVE-2021-26871\",\n \"CVE-2021-26872\",\n \"CVE-2021-26873\",\n \"CVE-2021-26875\",\n \"CVE-2021-26876\",\n \"CVE-2021-26878\",\n \"CVE-2021-26879\",\n \"CVE-2021-26880\",\n \"CVE-2021-26881\",\n \"CVE-2021-26882\",\n \"CVE-2021-26884\",\n \"CVE-2021-26885\",\n \"CVE-2021-26886\",\n \"CVE-2021-26889\",\n \"CVE-2021-26892\",\n \"CVE-2021-26898\",\n \"CVE-2021-26899\",\n \"CVE-2021-26901\",\n \"CVE-2021-27077\",\n \"CVE-2021-27085\"\n );\n script_xref(name:\"MSKB\", value:\"5000809\");\n script_xref(name:\"MSFT\", value:\"MS21-5000809\");\n script_xref(name:\"IAVA\", value:\"2021-A-0129-S\");\n script_xref(name:\"IAVA\", value:\"2021-A-0130-S\");\n script_xref(name:\"IAVA\", value:\"2021-A-0134-S\");\n script_xref(name:\"IAVA\", value:\"2021-A-0131-S\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2021/11/17\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2021-0015\");\n\n script_name(english:\"KB5000809: Windows 10 Version 1803 March 2021 Security Update\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Windows host is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Windows host is missing security update 5000809.\nIt is, therefore, affected by multiple vulnerabilities :\n\n - An information disclosure vulnerability. An attacker can\n exploit this to disclose potentially sensitive\n information. (CVE-2021-24107, CVE-2021-26869,\n CVE-2021-26884)\n\n - An memory corruption vulnerability exists. An attacker\n can exploit this to corrupt the memory and cause\n unexpected behaviors within the system/application.\n (CVE-2021-26411)\n\n - A denial of service (DoS) vulnerability. An attacker can\n exploit this issue to cause the affected component to\n deny system or application services. (CVE-2021-26879,\n CVE-2021-26886)\n\n - An elevation of privilege vulnerability. An attacker can\n exploit this to gain elevated privileges.\n (CVE-2021-1640, CVE-2021-1729, CVE-2021-24095,\n CVE-2021-26862, CVE-2021-26863, CVE-2021-26866,\n CVE-2021-26868, CVE-2021-26870, CVE-2021-26871,\n CVE-2021-26872, CVE-2021-26873, CVE-2021-26875,\n CVE-2021-26878, CVE-2021-26880, CVE-2021-26882,\n CVE-2021-26885, CVE-2021-26889, CVE-2021-26898,\n CVE-2021-26899, CVE-2021-26901, CVE-2021-27077)\n\n - A remote code execution vulnerability. An attacker can\n exploit this to bypass authentication and execute\n unauthorized arbitrary commands. (CVE-2021-26861,\n CVE-2021-26876, CVE-2021-26881, CVE-2021-27085)\n\n - A security feature bypass vulnerability exists. An\n attacker can exploit this and bypass the security\n feature and perform unauthorized actions compromising\n the integrity of the system/application.\n (CVE-2021-26892)\");\n # https://support.microsoft.com/en-us/topic/march-9-2021-kb5000809-os-build-17134-2087-2601a686-8e12-449d-913c-a63a9b73e2eb\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?4ef7d4b2\");\n script_set_attribute(attribute:\"solution\", value:\n\"Apply Cumulative Update KB5000809.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:H/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-27085\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2021-26881\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:\"CANVAS\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/03/08\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/03/08\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/03/09\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:microsoft:windows\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows : Microsoft Bulletins\");\n\n script_copyright(english:\"This script is Copyright (C) 2021-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"smb_check_rollup.nasl\", \"smb_hotfixes.nasl\", \"ms_bulletin_checks_possible.nasl\");\n script_require_keys(\"SMB/MS_Bulletin_Checks/Possible\");\n script_require_ports(139, 445, \"Host/patch_management_checks\");\n\n exit(0);\n}\n\ninclude('smb_func.inc');\ninclude('smb_hotfixes.inc');\ninclude('smb_hotfixes_fcheck.inc');\ninclude('smb_reg_query.inc');\n\nget_kb_item_or_exit('SMB/MS_Bulletin_Checks/Possible');\n\nbulletin = 'MS21-03';\nkbs = make_list(\n '5000809'\n);\n\nif (get_kb_item('Host/patch_management_checks')) hotfix_check_3rd_party(bulletin:bulletin, kbs:kbs, severity:SECURITY_HOLE);\n\nget_kb_item_or_exit('SMB/Registry/Enumerated');\nget_kb_item_or_exit('SMB/WindowsVersion', exit_code:1);\n\nif (hotfix_check_sp_range(win10:'0') <= 0) audit(AUDIT_OS_SP_NOT_VULN);\n\nshare = hotfix_get_systemdrive(as_share:TRUE, exit_on_fail:TRUE);\nif (!is_accessible_share(share:share)) audit(AUDIT_SHARE_FAIL, share);\n\nif (\n smb_check_rollup(os:'10',\n sp:0,\n os_build:'17134',\n rollup_date:'03_2021',\n bulletin:bulletin,\n rollup_kb_list:[5000809])\n)\n{\n replace_kb_item(name:'SMB/Missing/'+bulletin, value:TRUE);\n hotfix_security_hole();\n hotfix_check_fversion_end();\n exit(0);\n}\nelse\n{\n hotfix_check_fversion_end();\n audit(AUDIT_HOST_NOT, hotfix_get_audit_report());\n}\n", "cvss": {"score": 7.6, "vector": "AV:N/AC:H/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-02-04T14:39:51", "description": "The remote Windows host is missing security update 5000802.\nIt is, therefore, affected by multiple vulnerabilities :\n\n - An elevation of privilege vulnerability. An attacker can exploit this to gain elevated privileges.\n (CVE-2021-1640, CVE-2021-1729, CVE-2021-24090, CVE-2021-24095, CVE-2021-26860, CVE-2021-26862, CVE-2021-26863, CVE-2021-26864, CVE-2021-26865, CVE-2021-26866, CVE-2021-26868, CVE-2021-26870, CVE-2021-26871, CVE-2021-26872, CVE-2021-26873, CVE-2021-26874, CVE-2021-26875, CVE-2021-26878, CVE-2021-26880, CVE-2021-26882, CVE-2021-26885, CVE-2021-26889, CVE-2021-26891, CVE-2021-26898, CVE-2021-26899, CVE-2021-26900, CVE-2021-26901, CVE-2021-27070, CVE-2021-27077)\n\n - An information disclosure vulnerability. An attacker can exploit this to disclose potentially sensitive information. (CVE-2021-24107, CVE-2021-26869, CVE-2021-26884)\n\n - A remote code execution vulnerability. An attacker can exploit this to bypass authentication and execute unauthorized arbitrary commands. (CVE-2021-26861, CVE-2021-26867, CVE-2021-26876, CVE-2021-26881, CVE-2021-26890, CVE-2021-27085)\n\n - A denial of service (DoS) vulnerability. An attacker can exploit this issue to cause the affected component to deny system or application services. (CVE-2021-26879, CVE-2021-26886)\n\n - An memory corruption vulnerability exists. An attacker can exploit this to corrupt the memory and cause unexpected behaviors within the system/application.\n (CVE-2021-26411)\n\n - A security feature bypass vulnerability exists. An attacker can exploit this and bypass the security feature and perform unauthorized actions compromising the integrity of the system/application.\n (CVE-2021-26892)", "cvss3": {"exploitabilityScore": 2.0, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 6.0}, "published": "2021-03-09T00:00:00", "type": "nessus", "title": "KB5000802: Windows Security Update (March 2021)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-1640", "CVE-2021-1729", "CVE-2021-24090", "CVE-2021-24095", "CVE-2021-24107", "CVE-2021-26411", "CVE-2021-26860", "CVE-2021-26861", "CVE-2021-26862", "CVE-2021-26863", "CVE-2021-26864", "CVE-2021-26865", "CVE-2021-26866", "CVE-2021-26867", "CVE-2021-26868", "CVE-2021-26869", "CVE-2021-26870", "CVE-2021-26871", "CVE-2021-26872", "CVE-2021-26873", "CVE-2021-26874", "CVE-2021-26875", "CVE-2021-26876", "CVE-2021-26878", "CVE-2021-26879", "CVE-2021-26880", "CVE-2021-26881", "CVE-2021-26882", "CVE-2021-26884", "CVE-2021-26885", "CVE-2021-26886", "CVE-2021-26889", "CVE-2021-26890", "CVE-2021-26891", "CVE-2021-26892", "CVE-2021-26898", "CVE-2021-26899", "CVE-2021-26900", "CVE-2021-26901", "CVE-2021-27070", "CVE-2021-27077", "CVE-2021-27085"], "modified": "2023-02-03T00:00:00", "cpe": ["cpe:/o:microsoft:windows"], "id": "SMB_NT_MS21_MAR_5000802.NASL", "href": "https://www.tenable.com/plugins/nessus/147226", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the Microsoft Security Updates API. The text\n# itself is copyright (C) Microsoft Corporation.\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(147226);\n script_version(\"1.18\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/02/03\");\n\n script_cve_id(\n \"CVE-2021-1640\",\n \"CVE-2021-1729\",\n \"CVE-2021-24090\",\n \"CVE-2021-24095\",\n \"CVE-2021-24107\",\n \"CVE-2021-26411\",\n \"CVE-2021-26860\",\n \"CVE-2021-26861\",\n \"CVE-2021-26862\",\n \"CVE-2021-26863\",\n \"CVE-2021-26864\",\n \"CVE-2021-26865\",\n \"CVE-2021-26866\",\n \"CVE-2021-26867\",\n \"CVE-2021-26868\",\n \"CVE-2021-26869\",\n \"CVE-2021-26870\",\n \"CVE-2021-26871\",\n \"CVE-2021-26872\",\n \"CVE-2021-26873\",\n \"CVE-2021-26874\",\n \"CVE-2021-26875\",\n \"CVE-2021-26876\",\n \"CVE-2021-26878\",\n \"CVE-2021-26879\",\n \"CVE-2021-26880\",\n \"CVE-2021-26881\",\n \"CVE-2021-26882\",\n \"CVE-2021-26884\",\n \"CVE-2021-26885\",\n \"CVE-2021-26886\",\n \"CVE-2021-26889\",\n \"CVE-2021-26890\",\n \"CVE-2021-26891\",\n \"CVE-2021-26892\",\n \"CVE-2021-26898\",\n \"CVE-2021-26899\",\n \"CVE-2021-26900\",\n \"CVE-2021-26901\",\n \"CVE-2021-27070\",\n \"CVE-2021-27077\",\n \"CVE-2021-27085\"\n );\n script_xref(name:\"MSKB\", value:\"5000802\");\n script_xref(name:\"MSFT\", value:\"MS21-5000802\");\n script_xref(name:\"IAVA\", value:\"2021-A-0129-S\");\n script_xref(name:\"IAVA\", value:\"2021-A-0130-S\");\n script_xref(name:\"IAVA\", value:\"2021-A-0134-S\");\n script_xref(name:\"IAVA\", value:\"2021-A-0131-S\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2021/11/17\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2021-0015\");\n\n script_name(english:\"KB5000802: Windows Security Update (March 2021)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Windows host is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Windows host is missing security update 5000802.\nIt is, therefore, affected by multiple vulnerabilities :\n\n - An elevation of privilege vulnerability. An attacker can\n exploit this to gain elevated privileges.\n (CVE-2021-1640, CVE-2021-1729, CVE-2021-24090,\n CVE-2021-24095, CVE-2021-26860, CVE-2021-26862,\n CVE-2021-26863, CVE-2021-26864, CVE-2021-26865,\n CVE-2021-26866, CVE-2021-26868, CVE-2021-26870,\n CVE-2021-26871, CVE-2021-26872, CVE-2021-26873,\n CVE-2021-26874, CVE-2021-26875, CVE-2021-26878,\n CVE-2021-26880, CVE-2021-26882, CVE-2021-26885,\n CVE-2021-26889, CVE-2021-26891, CVE-2021-26898,\n CVE-2021-26899, CVE-2021-26900, CVE-2021-26901,\n CVE-2021-27070, CVE-2021-27077)\n\n - An information disclosure vulnerability. An attacker can\n exploit this to disclose potentially sensitive\n information. (CVE-2021-24107, CVE-2021-26869,\n CVE-2021-26884)\n\n - A remote code execution vulnerability. An attacker can\n exploit this to bypass authentication and execute\n unauthorized arbitrary commands. (CVE-2021-26861,\n CVE-2021-26867, CVE-2021-26876, CVE-2021-26881,\n CVE-2021-26890, CVE-2021-27085)\n\n - A denial of service (DoS) vulnerability. An attacker can\n exploit this issue to cause the affected component to\n deny system or application services. (CVE-2021-26879,\n CVE-2021-26886)\n\n - An memory corruption vulnerability exists. An attacker\n can exploit this to corrupt the memory and cause\n unexpected behaviors within the system/application.\n (CVE-2021-26411)\n\n - A security feature bypass vulnerability exists. An\n attacker can exploit this and bypass the security\n feature and perform unauthorized actions compromising\n the integrity of the system/application.\n (CVE-2021-26892)\");\n # https://support.microsoft.com/en-us/topic/march-9-2021-kb5000802-os-builds-19041-867-and-19042-867-63552d64-fe44-4132-8813-ef56d3626e14\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?8437e591\");\n script_set_attribute(attribute:\"solution\", value:\n\"Apply Cumulative Update KB5000802.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-27070\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2021-26881\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:\"CANVAS\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/03/08\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/03/08\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/03/09\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:microsoft:windows\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows : Microsoft Bulletins\");\n\n script_copyright(english:\"This script is Copyright (C) 2021-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"smb_check_rollup.nasl\", \"smb_hotfixes.nasl\", \"ms_bulletin_checks_possible.nasl\");\n script_require_keys(\"SMB/MS_Bulletin_Checks/Possible\");\n script_require_ports(139, 445, \"Host/patch_management_checks\");\n\n exit(0);\n}\n\ninclude('smb_func.inc');\ninclude('smb_hotfixes.inc');\ninclude('smb_hotfixes_fcheck.inc');\ninclude('smb_reg_query.inc');\n\nget_kb_item_or_exit('SMB/MS_Bulletin_Checks/Possible');\n\nbulletin = 'MS21-03';\nkbs = make_list(\n '5000802'\n);\n\nif (get_kb_item('Host/patch_management_checks')) hotfix_check_3rd_party(bulletin:bulletin, kbs:kbs, severity:SECURITY_HOLE);\n\nget_kb_item_or_exit('SMB/Registry/Enumerated');\nget_kb_item_or_exit('SMB/WindowsVersion', exit_code:1);\n\nif (hotfix_check_sp_range(win10:'0') <= 0) audit(AUDIT_OS_SP_NOT_VULN);\n\nshare = hotfix_get_systemdrive(as_share:TRUE, exit_on_fail:TRUE);\nif (!is_accessible_share(share:share)) audit(AUDIT_SHARE_FAIL, share);\n\nif (\n smb_check_rollup(os:'10',\n sp:0,\n os_build:'19041',\n rollup_date:'03_2021',\n bulletin:bulletin,\n rollup_kb_list:[5000802])\n|| \n smb_check_rollup(os:'10',\n sp:0,\n os_build:'19042',\n rollup_date:'03_2021',\n bulletin:bulletin,\n rollup_kb_list:[5000802])\n\n)\n{\n replace_kb_item(name:'SMB/Missing/'+bulletin, value:TRUE);\n hotfix_security_hole();\n hotfix_check_fversion_end();\n exit(0);\n}\nelse\n{\n hotfix_check_fversion_end();\n audit(AUDIT_HOST_NOT, hotfix_get_audit_report());\n}\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-02-04T14:39:51", "description": "The remote Windows host is missing security update 5000808.\nIt is, therefore, affected by multiple vulnerabilities :\n\n - An elevation of privilege vulnerability. An attacker can exploit this to gain elevated privileges.\n (CVE-2021-1640, CVE-2021-1729, CVE-2021-24090, CVE-2021-24095, CVE-2021-26860, CVE-2021-26862, CVE-2021-26863, CVE-2021-26864, CVE-2021-26865, CVE-2021-26866, CVE-2021-26868, CVE-2021-26870, CVE-2021-26871, CVE-2021-26872, CVE-2021-26873, CVE-2021-26874, CVE-2021-26875, CVE-2021-26878, CVE-2021-26880, CVE-2021-26882, CVE-2021-26885, CVE-2021-26889, CVE-2021-26891, CVE-2021-26898, CVE-2021-26899, CVE-2021-26900, CVE-2021-26901, CVE-2021-27077)\n\n - An information disclosure vulnerability. An attacker can exploit this to disclose potentially sensitive information. (CVE-2021-24107, CVE-2021-26869, CVE-2021-26884)\n\n - A remote code execution vulnerability. An attacker can exploit this to bypass authentication and execute unauthorized arbitrary commands. (CVE-2021-26861, CVE-2021-26867, CVE-2021-26876, CVE-2021-26881, CVE-2021-26890, CVE-2021-27085)\n\n - A denial of service (DoS) vulnerability. An attacker can exploit this issue to cause the affected component to deny system or application services. (CVE-2021-26879, CVE-2021-26886)\n\n - An memory corruption vulnerability exists. An attacker can exploit this to corrupt the memory and cause unexpected behaviors within the system/application.\n (CVE-2021-26411)\n\n - A security feature bypass vulnerability exists. An attacker can exploit this and bypass the security feature and perform unauthorized actions compromising the integrity of the system/application.\n (CVE-2021-26892)", "cvss3": {"exploitabilityScore": 2.0, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 6.0}, "published": "2021-03-09T00:00:00", "type": "nessus", "title": "KB5000808: Windows 10 Version 1909 March 2021 Security Update", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-1640", "CVE-2021-1729", "CVE-2021-24090", "CVE-2021-24095", "CVE-2021-24107", "CVE-2021-26411", "CVE-2021-26860", "CVE-2021-26861", "CVE-2021-26862", "CVE-2021-26863", "CVE-2021-26864", "CVE-2021-26865", "CVE-2021-26866", "CVE-2021-26867", "CVE-2021-26868", "CVE-2021-26869", "CVE-2021-26870", "CVE-2021-26871", "CVE-2021-26872", "CVE-2021-26873", "CVE-2021-26874", "CVE-2021-26875", "CVE-2021-26876", "CVE-2021-26878", "CVE-2021-26879", "CVE-2021-26880", "CVE-2021-26881", "CVE-2021-26882", "CVE-2021-26884", "CVE-2021-26885", "CVE-2021-26886", "CVE-2021-26889", "CVE-2021-26890", "CVE-2021-26891", "CVE-2021-26892", "CVE-2021-26898", "CVE-2021-26899", "CVE-2021-26900", "CVE-2021-26901", "CVE-2021-27077", "CVE-2021-27085"], "modified": "2023-02-03T00:00:00", "cpe": ["cpe:/o:microsoft:windows"], "id": "SMB_NT_MS21_MAR_5000808.NASL", "href": "https://www.tenable.com/plugins/nessus/147220", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the Microsoft Security Updates API. The text\n# itself is copyright (C) Microsoft Corporation.\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(147220);\n script_version(\"1.18\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/02/03\");\n\n script_cve_id(\n \"CVE-2021-1640\",\n \"CVE-2021-1729\",\n \"CVE-2021-24090\",\n \"CVE-2021-24095\",\n \"CVE-2021-24107\",\n \"CVE-2021-26411\",\n \"CVE-2021-26860\",\n \"CVE-2021-26861\",\n \"CVE-2021-26862\",\n \"CVE-2021-26863\",\n \"CVE-2021-26864\",\n \"CVE-2021-26865\",\n \"CVE-2021-26866\",\n \"CVE-2021-26867\",\n \"CVE-2021-26868\",\n \"CVE-2021-26869\",\n \"CVE-2021-26870\",\n \"CVE-2021-26871\",\n \"CVE-2021-26872\",\n \"CVE-2021-26873\",\n \"CVE-2021-26874\",\n \"CVE-2021-26875\",\n \"CVE-2021-26876\",\n \"CVE-2021-26878\",\n \"CVE-2021-26879\",\n \"CVE-2021-26880\",\n \"CVE-2021-26881\",\n \"CVE-2021-26882\",\n \"CVE-2021-26884\",\n \"CVE-2021-26885\",\n \"CVE-2021-26886\",\n \"CVE-2021-26889\",\n \"CVE-2021-26890\",\n \"CVE-2021-26891\",\n \"CVE-2021-26892\",\n \"CVE-2021-26898\",\n \"CVE-2021-26899\",\n \"CVE-2021-26900\",\n \"CVE-2021-26901\",\n \"CVE-2021-27077\",\n \"CVE-2021-27085\"\n );\n script_xref(name:\"MSKB\", value:\"5000808\");\n script_xref(name:\"MSFT\", value:\"MS21-5000808\");\n script_xref(name:\"IAVA\", value:\"2021-A-0129-S\");\n script_xref(name:\"IAVA\", value:\"2021-A-0130-S\");\n script_xref(name:\"IAVA\", value:\"2021-A-0134-S\");\n script_xref(name:\"IAVA\", value:\"2021-A-0131-S\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2021/11/17\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2021-0015\");\n\n script_name(english:\"KB5000808: Windows 10 Version 1909 March 2021 Security Update\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Windows host is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Windows host is missing security update 5000808.\nIt is, therefore, affected by multiple vulnerabilities :\n\n - An elevation of privilege vulnerability. An attacker can\n exploit this to gain elevated privileges.\n (CVE-2021-1640, CVE-2021-1729, CVE-2021-24090,\n CVE-2021-24095, CVE-2021-26860, CVE-2021-26862,\n CVE-2021-26863, CVE-2021-26864, CVE-2021-26865,\n CVE-2021-26866, CVE-2021-26868, CVE-2021-26870,\n CVE-2021-26871, CVE-2021-26872, CVE-2021-26873,\n CVE-2021-26874, CVE-2021-26875, CVE-2021-26878,\n CVE-2021-26880, CVE-2021-26882, CVE-2021-26885,\n CVE-2021-26889, CVE-2021-26891, CVE-2021-26898,\n CVE-2021-26899, CVE-2021-26900, CVE-2021-26901,\n CVE-2021-27077)\n\n - An information disclosure vulnerability. An attacker can\n exploit this to disclose potentially sensitive\n information. (CVE-2021-24107, CVE-2021-26869,\n CVE-2021-26884)\n\n - A remote code execution vulnerability. An attacker can\n exploit this to bypass authentication and execute\n unauthorized arbitrary commands. (CVE-2021-26861,\n CVE-2021-26867, CVE-2021-26876, CVE-2021-26881,\n CVE-2021-26890, CVE-2021-27085)\n\n - A denial of service (DoS) vulnerability. An attacker can\n exploit this issue to cause the affected component to\n deny system or application services. (CVE-2021-26879,\n CVE-2021-26886)\n\n - An memory corruption vulnerability exists. An attacker\n can exploit this to corrupt the memory and cause\n unexpected behaviors within the system/application.\n (CVE-2021-26411)\n\n - A security feature bypass vulnerability exists. An\n attacker can exploit this and bypass the security\n feature and perform unauthorized actions compromising\n the integrity of the system/application.\n (CVE-2021-26892)\");\n # https://support.microsoft.com/en-us/topic/march-9-2021-kb5000808-os-build-18363-1440-6989940a-252d-48f3-a2a7-a42bf19fa2c8\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?c8c6d108\");\n script_set_attribute(attribute:\"solution\", value:\n\"Apply Cumulative Update KB5000808.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-24090\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2021-26881\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:\"CANVAS\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/03/08\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/03/08\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/03/09\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:microsoft:windows\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows : Microsoft Bulletins\");\n\n script_copyright(english:\"This script is Copyright (C) 2021-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"smb_check_rollup.nasl\", \"smb_hotfixes.nasl\", \"ms_bulletin_checks_possible.nasl\");\n script_require_keys(\"SMB/MS_Bulletin_Checks/Possible\");\n script_require_ports(139, 445, \"Host/patch_management_checks\");\n\n exit(0);\n}\n\ninclude('smb_func.inc');\ninclude('smb_hotfixes.inc');\ninclude('smb_hotfixes_fcheck.inc');\ninclude('smb_reg_query.inc');\n\nget_kb_item_or_exit('SMB/MS_Bulletin_Checks/Possible');\n\nbulletin = 'MS21-03';\nkbs = make_list(\n '5000808'\n);\n\nif (get_kb_item('Host/patch_management_checks')) hotfix_check_3rd_party(bulletin:bulletin, kbs:kbs, severity:SECURITY_HOLE);\n\nget_kb_item_or_exit('SMB/Registry/Enumerated');\nget_kb_item_or_exit('SMB/WindowsVersion', exit_code:1);\n\nif (hotfix_check_sp_range(win10:'0') <= 0) audit(AUDIT_OS_SP_NOT_VULN);\n\nshare = hotfix_get_systemdrive(as_share:TRUE, exit_on_fail:TRUE);\nif (!is_accessible_share(share:share)) audit(AUDIT_SHARE_FAIL, share);\n\nif (\n smb_check_rollup(os:'10',\n sp:0,\n os_build:'18363',\n rollup_date:'03_2021',\n bulletin:bulletin,\n rollup_kb_list:[5000808])\n)\n{\n replace_kb_item(name:'SMB/Missing/'+bulletin, value:TRUE);\n hotfix_security_hole();\n hotfix_check_fversion_end();\n exit(0);\n}\nelse\n{\n hotfix_check_fversion_end();\n audit(AUDIT_HOST_NOT, hotfix_get_audit_report());\n}\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-02-10T14:53:10", "description": "The Windows installation on the remote host is missing security update 4586781. It is, therefore, affected by multiple vulnerabilities. Please review the vendor advisory for more details.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2020-11-10T00:00:00", "type": "nessus", "title": "KB4586793: Windows 10 Version 1809 and Windows Server 2019 November 2020 Security Update", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-1599", "CVE-2020-16997", "CVE-2020-16998", "CVE-2020-17000", "CVE-2020-17001", "CVE-2020-17004", "CVE-2020-17007", "CVE-2020-17011", "CVE-2020-17013", "CVE-2020-17014", "CVE-2020-17024", "CVE-2020-17025", "CVE-2020-17026", "CVE-2020-17027", "CVE-2020-17028", "CVE-2020-17029", "CVE-2020-17030", "CVE-2020-17031", "CVE-2020-17032", "CVE-2020-17033", "CVE-2020-17034", "CVE-2020-17035", "CVE-2020-17036", "CVE-2020-17038", "CVE-2020-17040", "CVE-2020-17041", "CVE-2020-17042", "CVE-2020-17043", "CVE-2020-17044", "CVE-2020-17045", "CVE-2020-17046", "CVE-2020-17047", "CVE-2020-17049", "CVE-2020-17051", "CVE-2020-17052", "CVE-2020-17053", "CVE-2020-17055", "CVE-2020-17056", "CVE-2020-17057", "CVE-2020-17058", "CVE-2020-17068", "CVE-2020-17069", "CVE-2020-17070", "CVE-2020-17071", "CVE-2020-17075", "CVE-2020-17077", "CVE-2020-17087", "CVE-2020-17088", "CVE-2020-17090"], "modified": "2022-12-05T00:00:00", "cpe": ["cpe:/o:microsoft:windows"], "id": "SMB_NT_MS20_NOV_4586793.NASL", "href": "https://www.tenable.com/plugins/nessus/142693", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the Microsoft Security Updates API. The text\n# itself is copyright (C) Microsoft Corporation.\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(142693);\n script_version(\"1.9\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/12/05\");\n\n script_cve_id(\n \"CVE-2020-1599\",\n \"CVE-2020-16997\",\n \"CVE-2020-16998\",\n \"CVE-2020-17000\",\n \"CVE-2020-17001\",\n \"CVE-2020-17004\",\n \"CVE-2020-17007\",\n \"CVE-2020-17011\",\n \"CVE-2020-17013\",\n \"CVE-2020-17014\",\n \"CVE-2020-17024\",\n \"CVE-2020-17025\",\n \"CVE-2020-17026\",\n \"CVE-2020-17027\",\n \"CVE-2020-17028\",\n \"CVE-2020-17029\",\n \"CVE-2020-17030\",\n \"CVE-2020-17031\",\n \"CVE-2020-17032\",\n \"CVE-2020-17033\",\n \"CVE-2020-17034\",\n \"CVE-2020-17035\",\n \"CVE-2020-17036\",\n \"CVE-2020-17038\",\n \"CVE-2020-17040\",\n \"CVE-2020-17041\",\n \"CVE-2020-17042\",\n \"CVE-2020-17043\",\n \"CVE-2020-17044\",\n \"CVE-2020-17045\",\n \"CVE-2020-17046\",\n \"CVE-2020-17047\",\n \"CVE-2020-17049\",\n \"CVE-2020-17051\",\n \"CVE-2020-17052\",\n \"CVE-2020-17053\",\n \"CVE-2020-17055\",\n \"CVE-2020-17056\",\n \"CVE-2020-17057\",\n \"CVE-2020-17058\",\n \"CVE-2020-17068\",\n \"CVE-2020-17069\",\n \"CVE-2020-17070\",\n \"CVE-2020-17071\",\n \"CVE-2020-17075\",\n \"CVE-2020-17077\",\n \"CVE-2020-17087\",\n \"CVE-2020-17088\",\n \"CVE-2020-17090\"\n );\n script_xref(name:\"MSKB\", value:\"4586793\");\n script_xref(name:\"MSFT\", value:\"MS20-4586793\");\n script_xref(name:\"IAVA\", value:\"2020-A-0512-S\");\n script_xref(name:\"IAVA\", value:\"2020-A-0513-S\");\n script_xref(name:\"IAVA\", value:\"2020-A-0518-S\");\n script_xref(name:\"IAVA\", value:\"2020-A-0521-S\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2022/05/03\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2020-0135\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2020-0124\");\n\n script_name(english:\"KB4586793: Windows 10 Version 1809 and Windows Server 2019 November 2020 Security Update\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Windows host is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The Windows installation on the remote host is missing security update 4586781. It is, therefore,\n affected by multiple vulnerabilities. Please review the vendor advisory for more details.\");\n # https://support.microsoft.com/en-us/help/4586793/windows-10-update-kb4586793\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?92d059c3\");\n script_set_attribute(attribute:\"solution\", value:\n\"Apply Cumulative Update KB4586793.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-17051\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/11/10\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/11/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/11/10\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:microsoft:windows\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows : Microsoft Bulletins\");\n\n script_copyright(english:\"This script is Copyright (C) 2020-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"smb_check_rollup.nasl\", \"smb_hotfixes.nasl\", \"ms_bulletin_checks_possible.nasl\");\n script_require_keys(\"SMB/MS_Bulletin_Checks/Possible\");\n script_require_ports(139, 445, \"Host/patch_management_checks\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"smb_hotfixes_fcheck.inc\");\ninclude(\"smb_hotfixes.inc\");\ninclude(\"smb_func.inc\");\ninclude(\"misc_func.inc\");\n\nget_kb_item_or_exit(\"SMB/MS_Bulletin_Checks/Possible\");\n\nbulletin = \"MS20-11\";\nkbs = make_list('4586793');\n\nif (get_kb_item(\"Host/patch_management_checks\")) hotfix_check_3rd_party(bulletin:bulletin, kbs:kbs, severity:SECURITY_HOLE);\n\nget_kb_item_or_exit(\"SMB/Registry/Enumerated\");\nget_kb_item_or_exit(\"SMB/WindowsVersion\", exit_code:1);\n\nif (hotfix_check_sp_range(win10:'0') <= 0) audit(AUDIT_OS_SP_NOT_VULN);\n\nshare = hotfix_get_systemdrive(as_share:TRUE, exit_on_fail:TRUE);\nif (!is_accessible_share(share:share)) audit(AUDIT_SHARE_FAIL, share);\n\nif (\n smb_check_rollup(os:\"10\",\n sp:0,\n os_build:\"17763\",\n rollup_date:\"11_2020\",\n bulletin:bulletin,\n rollup_kb_list:[4586793])\n)\n{\n replace_kb_item(name:'SMB/Missing/'+bulletin, value:TRUE);\n hotfix_security_hole();\n hotfix_check_fversion_end();\n exit(0);\n}\nelse\n{\n hotfix_check_fversion_end();\n audit(AUDIT_HOST_NOT, hotfix_get_audit_report());\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-02-10T14:53:07", "description": "The Microsoft 4586830 Product is missing security updates.\n\n - Remote Desktop Protocol Server Information Disclosure Vulnerability (CVE-2020-16997)\n\n - DirectX Elevation of Privilege Vulnerability (CVE-2020-16998)\n\n - Windows WalletService Information Disclosure Vulnerability (CVE-2020-16999)\n\n - Remote Desktop Protocol Client Information Disclosure Vulnerability (CVE-2020-17000)\n\n - Windows Print Spooler Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2020-17014.\n (CVE-2020-17001)\n\n - Windows Graphics Component Information Disclosure Vulnerability (CVE-2020-17004)\n\n - Windows Remote Access Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2020-17025, CVE-2020-17026, CVE-2020-17027, CVE-2020-17028, CVE-2020-17031, CVE-2020-17032, CVE-2020-17033, CVE-2020-17034, CVE-2020-17043, CVE-2020-17044. (CVE-2020-17055)\n\n - Windows Network File System Information Disclosure Vulnerability (CVE-2020-17056)\n\n - Windows Win32k Elevation of Privilege Vulnerability (CVE-2020-17057)\n\n - Windows GDI+ Remote Code Execution Vulnerability (CVE-2020-17068)\n\n - Windows NDIS Information Disclosure Vulnerability (CVE-2020-17069)\n\n - Windows Delivery Optimization Information Disclosure Vulnerability (CVE-2020-17071)\n\n - Windows USO Core Worker Elevation of Privilege Vulnerability (CVE-2020-17075)\n\n - Windows Kernel Local Elevation of Privilege Vulnerability (CVE-2020-17087)\n\n - Windows Common Log File System Driver Elevation of Privilege Vulnerability (CVE-2020-17088)\n\n - Windows Camera Codec Information Disclosure Vulnerability (CVE-2020-17113)\n\n - Windows Spoofing Vulnerability (CVE-2020-1599)\n\n - Windows Error Reporting Elevation of Privilege Vulnerability (CVE-2020-17007)\n\n - Windows Port Class Library Elevation of Privilege Vulnerability (CVE-2020-17011)\n\n - Windows Print Spooler Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2020-17001.\n (CVE-2020-17014)\n\n - Windows Client Side Rendering Print Provider Elevation of Privilege Vulnerability (CVE-2020-17024)\n\n - Windows Remote Access Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2020-17026, CVE-2020-17027, CVE-2020-17028, CVE-2020-17031, CVE-2020-17032, CVE-2020-17033, CVE-2020-17034, CVE-2020-17043, CVE-2020-17044, CVE-2020-17055. (CVE-2020-17025)\n\n - Windows Remote Access Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2020-17025, CVE-2020-17027, CVE-2020-17028, CVE-2020-17031, CVE-2020-17032, CVE-2020-17033, CVE-2020-17034, CVE-2020-17043, CVE-2020-17044, CVE-2020-17055. (CVE-2020-17026)\n\n - Windows Remote Access Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2020-17025, CVE-2020-17026, CVE-2020-17028, CVE-2020-17031, CVE-2020-17032, CVE-2020-17033, CVE-2020-17034, CVE-2020-17043, CVE-2020-17044, CVE-2020-17055. (CVE-2020-17027)\n\n - Windows Remote Access Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2020-17025, CVE-2020-17026, CVE-2020-17027, CVE-2020-17031, CVE-2020-17032, CVE-2020-17033, CVE-2020-17034, CVE-2020-17043, CVE-2020-17044, CVE-2020-17055. (CVE-2020-17028)\n\n - Windows Canonical Display Driver Information Disclosure Vulnerability (CVE-2020-17029)\n\n - Windows Remote Access Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2020-17025, CVE-2020-17026, CVE-2020-17027, CVE-2020-17028, CVE-2020-17032, CVE-2020-17033, CVE-2020-17034, CVE-2020-17043, CVE-2020-17044, CVE-2020-17055. (CVE-2020-17031)\n\n - Windows Remote Access Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2020-17025, CVE-2020-17026, CVE-2020-17027, CVE-2020-17028, CVE-2020-17031, CVE-2020-17033, CVE-2020-17034, CVE-2020-17043, CVE-2020-17044, CVE-2020-17055. (CVE-2020-17032)\n\n - Windows Remote Access Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2020-17025, CVE-2020-17026, CVE-2020-17027, CVE-2020-17028, CVE-2020-17031, CVE-2020-17032, CVE-2020-17034, CVE-2020-17043, CVE-2020-17044, CVE-2020-17055. (CVE-2020-17033)\n\n - Windows Remote Access Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2020-17025, CVE-2020-17026, CVE-2020-17027, CVE-2020-17028, CVE-2020-17031, CVE-2020-17032, CVE-2020-17033, CVE-2020-17043, CVE-2020-17044, CVE-2020-17055. (CVE-2020-17034)\n\n - Windows Kernel Elevation of Privilege Vulnerability (CVE-2020-17035)\n\n - Windows Function Discovery SSDP Provider Information Disclosure Vulnerability (CVE-2020-17036)\n\n - Windows WalletService Elevation of Privilege Vulnerability (CVE-2020-17037)\n\n - Win32k Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2020-17010. (CVE-2020-17038)\n\n - Windows Hyper-V Security Feature Bypass Vulnerability (CVE-2020-17040)\n\n - Windows Print Configuration Elevation of Privilege Vulnerability (CVE-2020-17041)\n\n - Windows Print Spooler Remote Code Execution Vulnerability (CVE-2020-17042)\n\n - Windows Remote Access Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2020-17025, CVE-2020-17026, CVE-2020-17027, CVE-2020-17028, CVE-2020-17031, CVE-2020-17032, CVE-2020-17033, CVE-2020-17034, CVE-2020-17044, CVE-2020-17055. (CVE-2020-17043)\n\n - Windows Remote Access Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2020-17025, CVE-2020-17026, CVE-2020-17027, CVE-2020-17028, CVE-2020-17031, CVE-2020-17032, CVE-2020-17033, CVE-2020-17034, CVE-2020-17043, CVE-2020-17055. (CVE-2020-17044)\n\n - Windows KernelStream Information Disclosure Vulnerability (CVE-2020-17045)\n\n - Windows Error Reporting Denial of Service Vulnerability (CVE-2020-17046)\n\n - Windows Network File System Denial of Service Vulnerability (CVE-2020-17047)\n\n - Chakra Scripting Engine Memory Corruption Vulnerability This CVE ID is unique from CVE-2020-17054.\n (CVE-2020-17048)\n\n - Kerberos Security Feature Bypass Vulnerability (CVE-2020-17049)\n\n - Windows Network File System Remote Code Execution Vulnerability (CVE-2020-17051)\n\n - Scripting Engine Memory Corruption Vulnerability (CVE-2020-17052)\n\n - Chakra Scripting Engine Memory Corruption Vulnerability This CVE ID is unique from CVE-2020-17048.\n (CVE-2020-17054)\n\n - Microsoft Browser Memory Corruption Vulnerability (CVE-2020-17058)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2020-11-10T00:00:00", "type": "nessus", "title": "KB4586830: Windows 10 Version 1607 and Windows Server 2016 November 2020 Security Update", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-1599", "CVE-2020-16997", "CVE-2020-16998", "CVE-2020-16999", "CVE-2020-17000", "CVE-2020-17001", "CVE-2020-17004", "CVE-2020-17007", "CVE-2020-17010", "CVE-2020-17011", "CVE-2020-17014", "CVE-2020-17024", "CVE-2020-17025", "CVE-2020-17026", "CVE-2020-17027", "CVE-2020-17028", "CVE-2020-17029", "CVE-2020-17031", "CVE-2020-17032", "CVE-2020-17033", "CVE-2020-17034", "CVE-2020-17035", "CVE-2020-17036", "CVE-2020-17037", "CVE-2020-17038", "CVE-2020-17040", "CVE-2020-17041", "CVE-2020-17042", "CVE-2020-17043", "CVE-2020-17044", "CVE-2020-17045", "CVE-2020-17046", "CVE-2020-17047", "CVE-2020-17048", "CVE-2020-17049", "CVE-2020-17051", "CVE-2020-17052", "CVE-2020-17054", "CVE-2020-17055", "CVE-2020-17056", "CVE-2020-17057", "CVE-2020-17058", "CVE-2020-17068", "CVE-2020-17069", "CVE-2020-17071", "CVE-2020-17075", "CVE-2020-17087", "CVE-2020-17088", "CVE-2020-17113"], "modified": "2022-12-05T00:00:00", "cpe": ["cpe:/o:microsoft:windows"], "id": "SMB_NT_MS20_NOV_4586830.NASL", "href": "https://www.tenable.com/plugins/nessus/142690", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the Microsoft Security Updates API. The text\n# itself is copyright (C) Microsoft Corporation.\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(142690);\n script_version(\"1.10\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/12/05\");\n\n script_cve_id(\n \"CVE-2020-1599\",\n \"CVE-2020-16997\",\n \"CVE-2020-16998\",\n \"CVE-2020-16999\",\n \"CVE-2020-17000\",\n \"CVE-2020-17001\",\n \"CVE-2020-17004\",\n \"CVE-2020-17007\",\n \"CVE-2020-17011\",\n \"CVE-2020-17014\",\n \"CVE-2020-17024\",\n \"CVE-2020-17025\",\n \"CVE-2020-17026\",\n \"CVE-2020-17027\",\n \"CVE-2020-17028\",\n \"CVE-2020-17029\",\n \"CVE-2020-17031\",\n \"CVE-2020-17032\",\n \"CVE-2020-17033\",\n \"CVE-2020-17034\",\n \"CVE-2020-17035\",\n \"CVE-2020-17036\",\n \"CVE-2020-17037\",\n \"CVE-2020-17038\",\n \"CVE-2020-17040\",\n \"CVE-2020-17041\",\n \"CVE-2020-17042\",\n \"CVE-2020-17043\",\n \"CVE-2020-17044\",\n \"CVE-2020-17045\",\n \"CVE-2020-17046\",\n \"CVE-2020-17047\",\n \"CVE-2020-17048\",\n \"CVE-2020-17049\",\n \"CVE-2020-17051\",\n \"CVE-2020-17052\",\n \"CVE-2020-17054\",\n \"CVE-2020-17055\",\n \"CVE-2020-17056\",\n \"CVE-2020-17057\",\n \"CVE-2020-17058\",\n \"CVE-2020-17068\",\n \"CVE-2020-17069\",\n \"CVE-2020-17071\",\n \"CVE-2020-17075\",\n \"CVE-2020-17087\",\n \"CVE-2020-17088\",\n \"CVE-2020-17113\"\n );\n script_xref(name:\"MSKB\", value:\"4586830\");\n script_xref(name:\"MSFT\", value:\"MS20-4586830\");\n script_xref(name:\"IAVA\", value:\"2020-A-0512-S\");\n script_xref(name:\"IAVA\", value:\"2020-A-0513-S\");\n script_xref(name:\"IAVA\", value:\"2020-A-0518-S\");\n script_xref(name:\"IAVA\", value:\"2020-A-0521-S\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2022/05/03\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2020-0135\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2020-0124\");\n\n script_name(english:\"KB4586830: Windows 10 Version 1607 and Windows Server 2016 November 2020 Security Update\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Windows host is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The Microsoft 4586830 Product is missing security updates.\n\n - Remote Desktop Protocol Server Information Disclosure Vulnerability (CVE-2020-16997)\n\n - DirectX Elevation of Privilege Vulnerability (CVE-2020-16998)\n\n - Windows WalletService Information Disclosure Vulnerability (CVE-2020-16999)\n\n - Remote Desktop Protocol Client Information Disclosure Vulnerability (CVE-2020-17000)\n\n - Windows Print Spooler Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2020-17014.\n (CVE-2020-17001)\n\n - Windows Graphics Component Information Disclosure Vulnerability (CVE-2020-17004)\n\n - Windows Remote Access Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2020-17025,\n CVE-2020-17026, CVE-2020-17027, CVE-2020-17028, CVE-2020-17031, CVE-2020-17032, CVE-2020-17033,\n CVE-2020-17034, CVE-2020-17043, CVE-2020-17044. (CVE-2020-17055)\n\n - Windows Network File System Information Disclosure Vulnerability (CVE-2020-17056)\n\n - Windows Win32k Elevation of Privilege Vulnerability (CVE-2020-17057)\n\n - Windows GDI+ Remote Code Execution Vulnerability (CVE-2020-17068)\n\n - Windows NDIS Information Disclosure Vulnerability (CVE-2020-17069)\n\n - Windows Delivery Optimization Information Disclosure Vulnerability (CVE-2020-17071)\n\n - Windows USO Core Worker Elevation of Privilege Vulnerability (CVE-2020-17075)\n\n - Windows Kernel Local Elevation of Privilege Vulnerability (CVE-2020-17087)\n\n - Windows Common Log File System Driver Elevation of Privilege Vulnerability (CVE-2020-17088)\n\n - Windows Camera Codec Information Disclosure Vulnerability (CVE-2020-17113)\n\n - Windows Spoofing Vulnerability (CVE-2020-1599)\n\n - Windows Error Reporting Elevation of Privilege Vulnerability (CVE-2020-17007)\n\n - Windows Port Class Library Elevation of Privilege Vulnerability (CVE-2020-17011)\n\n - Windows Print Spooler Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2020-17001.\n (CVE-2020-17014)\n\n - Windows Client Side Rendering Print Provider Elevation of Privilege Vulnerability (CVE-2020-17024)\n\n - Windows Remote Access Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2020-17026,\n CVE-2020-17027, CVE-2020-17028, CVE-2020-17031, CVE-2020-17032, CVE-2020-17033, CVE-2020-17034,\n CVE-2020-17043, CVE-2020-17044, CVE-2020-17055. (CVE-2020-17025)\n\n - Windows Remote Access Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2020-17025,\n CVE-2020-17027, CVE-2020-17028, CVE-2020-17031, CVE-2020-17032, CVE-2020-17033, CVE-2020-17034,\n CVE-2020-17043, CVE-2020-17044, CVE-2020-17055. (CVE-2020-17026)\n\n - Windows Remote Access Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2020-17025,\n CVE-2020-17026, CVE-2020-17028, CVE-2020-17031, CVE-2020-17032, CVE-2020-17033, CVE-2020-17034,\n CVE-2020-17043, CVE-2020-17044, CVE-2020-17055. (CVE-2020-17027)\n\n - Windows Remote Access Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2020-17025,\n CVE-2020-17026, CVE-2020-17027, CVE-2020-17031, CVE-2020-17032, CVE-2020-17033, CVE-2020-17034,\n CVE-2020-17043, CVE-2020-17044, CVE-2020-17055. (CVE-2020-17028)\n\n - Windows Canonical Display Driver Information Disclosure Vulnerability (CVE-2020-17029)\n\n - Windows Remote Access Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2020-17025,\n CVE-2020-17026, CVE-2020-17027, CVE-2020-17028, CVE-2020-17032, CVE-2020-17033, CVE-2020-17034,\n CVE-2020-17043, CVE-2020-17044, CVE-2020-17055. (CVE-2020-17031)\n\n - Windows Remote Access Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2020-17025,\n CVE-2020-17026, CVE-2020-17027, CVE-2020-17028, CVE-2020-17031, CVE-2020-17033, CVE-2020-17034,\n CVE-2020-17043, CVE-2020-17044, CVE-2020-17055. (CVE-2020-17032)\n\n - Windows Remote Access Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2020-17025,\n CVE-2020-17026, CVE-2020-17027, CVE-2020-17028, CVE-2020-17031, CVE-2020-17032, CVE-2020-17034,\n CVE-2020-17043, CVE-2020-17044, CVE-2020-17055. (CVE-2020-17033)\n\n - Windows Remote Access Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2020-17025,\n CVE-2020-17026, CVE-2020-17027, CVE-2020-17028, CVE-2020-17031, CVE-2020-17032, CVE-2020-17033,\n CVE-2020-17043, CVE-2020-17044, CVE-2020-17055. (CVE-2020-17034)\n\n - Windows Kernel Elevation of Privilege Vulnerability (CVE-2020-17035)\n\n - Windows Function Discovery SSDP Provider Information Disclosure Vulnerability (CVE-2020-17036)\n\n - Windows WalletService Elevation of Privilege Vulnerability (CVE-2020-17037)\n\n - Win32k Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2020-17010. (CVE-2020-17038)\n\n - Windows Hyper-V Security Feature Bypass Vulnerability (CVE-2020-17040)\n\n - Windows Print Configuration Elevation of Privilege Vulnerability (CVE-2020-17041)\n\n - Windows Print Spooler Remote Code Execution Vulnerability (CVE-2020-17042)\n\n - Windows Remote Access Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2020-17025,\n CVE-2020-17026, CVE-2020-17027, CVE-2020-17028, CVE-2020-17031, CVE-2020-17032, CVE-2020-17033,\n CVE-2020-17034, CVE-2020-17044, CVE-2020-17055. (CVE-2020-17043)\n\n - Windows Remote Access Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2020-17025,\n CVE-2020-17026, CVE-2020-17027, CVE-2020-17028, CVE-2020-17031, CVE-2020-17032, CVE-2020-17033,\n CVE-2020-17034, CVE-2020-17043, CVE-2020-17055. (CVE-2020-17044)\n\n - Windows KernelStream Information Disclosure Vulnerability (CVE-2020-17045)\n\n - Windows Error Reporting Denial of Service Vulnerability (CVE-2020-17046)\n\n - Windows Network File System Denial of Service Vulnerability (CVE-2020-17047)\n\n - Chakra Scripting Engine Memory Corruption Vulnerability This CVE ID is unique from CVE-2020-17054.\n (CVE-2020-17048)\n\n - Kerberos Security Feature Bypass Vulnerability (CVE-2020-17049)\n\n - Windows Network File System Remote Code Execution Vulnerability (CVE-2020-17051)\n\n - Scripting Engine Memory Corruption Vulnerability (CVE-2020-17052)\n\n - Chakra Scripting Engine Memory Corruption Vulnerability This CVE ID is unique from CVE-2020-17048.\n (CVE-2020-17054)\n\n - Microsoft Browser Memory Corruption Vulnerability (CVE-2020-17058)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n # https://support.microsoft.com/en-us/help/4586830/windows-10-update-kb4586830\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?f8c32243\");\n script_set_attribute(attribute:\"solution\", value:\n\"Apply Cumulative Update KB4586830.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-17051\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/11/10\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/11/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/11/10\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:microsoft:windows\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows : Microsoft Bulletins\");\n\n script_copyright(english:\"This script is Copyright (C) 2020-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"smb_check_rollup.nasl\", \"smb_hotfixes.nasl\", \"ms_bulletin_checks_possible.nasl\");\n script_require_keys(\"SMB/MS_Bulletin_Checks/Possible\");\n script_require_ports(139, 445, \"Host/patch_management_checks\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"smb_hotfixes_fcheck.inc\");\ninclude(\"smb_hotfixes.inc\");\ninclude(\"smb_func.inc\");\ninclude(\"misc_func.inc\");\n\nget_kb_item_or_exit(\"SMB/MS_Bulletin_Checks/Possible\");\n\nbulletin = \"MS20-11\";\nkbs = make_list('4586830');\n\nif (get_kb_item(\"Host/patch_management_checks\")) hotfix_check_3rd_party(bulletin:bulletin, kbs:kbs, severity:SECURITY_HOLE);\n\nget_kb_item_or_exit(\"SMB/Registry/Enumerated\");\nget_kb_item_or_exit(\"SMB/WindowsVersion\", exit_code:1);\n\nif (hotfix_check_sp_range(win10:'0') <= 0) audit(AUDIT_OS_SP_NOT_VULN);\n\nshare = hotfix_get_systemdrive(as_share:TRUE, exit_on_fail:TRUE);\nif (!is_accessible_share(share:share)) audit(AUDIT_SHARE_FAIL, share);\n\nif (\n smb_check_rollup(os:\"10\",\n sp:0,\n os_build:\"14393\",\n rollup_date:\"11_2020\",\n bulletin:bulletin,\n rollup_kb_list:[4586830])\n)\n{\n replace_kb_item(name:'SMB/Missing/'+bulletin, value:TRUE);\n hotfix_security_hole();\n hotfix_check_fversion_end();\n exit(0);\n}\nelse\n{\n hotfix_check_fversion_end();\n audit(AUDIT_HOST_NOT, hotfix_get_audit_report());\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-02-04T14:40:16", "description": "The remote Windows host is missing security update 5000822.\nIt is, therefore, affected by multiple vulnerabilities :\n\n - An elevation of privilege vulnerability. An attacker can exploit this to gain elevated privileges.\n (CVE-2021-1640, CVE-2021-1729, CVE-2021-24095, CVE-2021-26860, CVE-2021-26862, CVE-2021-26863, CVE-2021-26864, CVE-2021-26865, CVE-2021-26866, CVE-2021-26868, CVE-2021-26870, CVE-2021-26872, CVE-2021-26873, CVE-2021-26874, CVE-2021-26875, CVE-2021-26878, CVE-2021-26880, CVE-2021-26882, CVE-2021-26889, CVE-2021-26891, CVE-2021-26898, CVE-2021-26899, CVE-2021-26901, CVE-2021-27077)\n\n - An information disclosure vulnerability. An attacker can exploit this to disclose potentially sensitive information. (CVE-2021-24107, CVE-2021-26869, CVE-2021-26884)\n\n - An memory corruption vulnerability exists. An attacker can exploit this to corrupt the memory and cause unexpected behaviors within the system/application.\n (CVE-2021-26411)\n\n - A remote code execution vulnerability. An attacker can exploit this to bypass authentication and execute unauthorized arbitrary commands. (CVE-2021-26861, CVE-2021-26876, CVE-2021-26877, CVE-2021-26881, CVE-2021-26890, CVE-2021-26893, CVE-2021-26894, CVE-2021-26895, CVE-2021-26897, CVE-2021-27085)\n\n - A denial of service (DoS) vulnerability. An attacker can exploit this issue to cause the affected component to deny system or application services. (CVE-2021-26879, CVE-2021-26886, CVE-2021-26896, CVE-2021-27063)\n\n - A security feature bypass vulnerability exists. An attacker can exploit this and bypass the security feature and perform unauthorized actions compromising the integrity of the system/application.\n (CVE-2021-26892)", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-03-09T00:00:00", "type": "nessus", "title": "KB5000822: Windows 10 Version 1809 and Windows Server 2019 March 2021 Security Update", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-1640", "CVE-2021-1729", "CVE-2021-24095", "CVE-2021-24107", "CVE-2021-26411", "CVE-2021-26860", "CVE-2021-26861", "CVE-2021-26862", "CVE-2021-26863", "CVE-2021-26864", "CVE-2021-26865", "CVE-2021-26866", "CVE-2021-26868", "CVE-2021-26869", "CVE-2021-26870", "CVE-2021-26872", "CVE-2021-26873", "CVE-2021-26874", "CVE-2021-26875", "CVE-2021-26876", "CVE-2021-26877", "CVE-2021-26878", "CVE-2021-26879", "CVE-2021-26880", "CVE-2021-26881", "CVE-2021-26882", "CVE-2021-26884", "CVE-2021-26886", "CVE-2021-26889", "CVE-2021-26890", "CVE-2021-26891", "CVE-2021-26892", "CVE-2021-26893", "CVE-2021-26894", "CVE-2021-26895", "CVE-2021-26896", "CVE-2021-26897", "CVE-2021-26898", "CVE-2021-26899", "CVE-2021-26901", "CVE-2021-27063", "CVE-2021-27077", "CVE-2021-27085"], "modified": "2023-02-03T00:00:00", "cpe": ["cpe:/o:microsoft:windows"], "id": "SMB_NT_MS21_MAR_5000822.NASL", "href": "https://www.tenable.com/plugins/nessus/147223", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the Microsoft Security Updates API. The text\n# itself is copyright (C) Microsoft Corporation.\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(147223);\n script_version(\"1.15\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/02/03\");\n\n script_cve_id(\n \"CVE-2021-1640\",\n \"CVE-2021-1729\",\n \"CVE-2021-24095\",\n \"CVE-2021-24107\",\n \"CVE-2021-26411\",\n \"CVE-2021-26860\",\n \"CVE-2021-26861\",\n \"CVE-2021-26862\",\n \"CVE-2021-26863\",\n \"CVE-2021-26864\",\n \"CVE-2021-26865\",\n \"CVE-2021-26866\",\n \"CVE-2021-26868\",\n \"CVE-2021-26869\",\n \"CVE-2021-26870\",\n \"CVE-2021-26872\",\n \"CVE-2021-26873\",\n \"CVE-2021-26874\",\n \"CVE-2021-26875\",\n \"CVE-2021-26876\",\n \"CVE-2021-26877\",\n \"CVE-2021-26878\",\n \"CVE-2021-26879\",\n \"CVE-2021-26880\",\n \"CVE-2021-26881\",\n \"CVE-2021-26882\",\n \"CVE-2021-26884\",\n \"CVE-2021-26886\",\n \"CVE-2021-26889\",\n \"CVE-2021-26890\",\n \"CVE-2021-26891\",\n \"CVE-2021-26892\",\n \"CVE-2021-26893\",\n \"CVE-2021-26894\",\n \"CVE-2021-26895\",\n \"CVE-2021-26896\",\n \"CVE-2021-26897\",\n \"CVE-2021-26898\",\n \"CVE-2021-26899\",\n \"CVE-2021-26901\",\n \"CVE-2021-27063\",\n \"CVE-2021-27077\",\n \"CVE-2021-27085\"\n );\n script_xref(name:\"MSKB\", value:\"5000822\");\n script_xref(name:\"MSFT\", value:\"MS21-5000822\");\n script_xref(name:\"IAVA\", value:\"2021-A-0129-S\");\n script_xref(name:\"IAVA\", value:\"2021-A-0130-S\");\n script_xref(name:\"IAVA\", value:\"2021-A-0134-S\");\n script_xref(name:\"IAVA\", value:\"2021-A-0131-S\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2021/11/17\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2021-0015\");\n\n script_name(english:\"KB5000822: Windows 10 Version 1809 and Windows Server 2019 March 2021 Security Update\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Windows host is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Windows host is missing security update 5000822.\nIt is, therefore, affected by multiple vulnerabilities :\n\n - An elevation of privilege vulnerability. An attacker can\n exploit this to gain elevated privileges.\n (CVE-2021-1640, CVE-2021-1729, CVE-2021-24095,\n CVE-2021-26860, CVE-2021-26862, CVE-2021-26863,\n CVE-2021-26864, CVE-2021-26865, CVE-2021-26866,\n CVE-2021-26868, CVE-2021-26870, CVE-2021-26872,\n CVE-2021-26873, CVE-2021-26874, CVE-2021-26875,\n CVE-2021-26878, CVE-2021-26880, CVE-2021-26882,\n CVE-2021-26889, CVE-2021-26891, CVE-2021-26898,\n CVE-2021-26899, CVE-2021-26901, CVE-2021-27077)\n\n - An information disclosure vulnerability. An attacker can\n exploit this to disclose potentially sensitive\n information. (CVE-2021-24107, CVE-2021-26869,\n CVE-2021-26884)\n\n - An memory corruption vulnerability exists. An attacker\n can exploit this to corrupt the memory and cause\n unexpected behaviors within the system/application.\n (CVE-2021-26411)\n\n - A remote code execution vulnerability. An attacker can\n exploit this to bypass authentication and execute\n unauthorized arbitrary commands. (CVE-2021-26861,\n CVE-2021-26876, CVE-2021-26877, CVE-2021-26881,\n CVE-2021-26890, CVE-2021-26893, CVE-2021-26894,\n CVE-2021-26895, CVE-2021-26897, CVE-2021-27085)\n\n - A denial of service (DoS) vulnerability. An attacker can\n exploit this issue to cause the affected component to\n deny system or application services. (CVE-2021-26879,\n CVE-2021-26886, CVE-2021-26896, CVE-2021-27063)\n\n - A security feature bypass vulnerability exists. An\n attacker can exploit this and bypass the security\n feature and perform unauthorized actions compromising\n the integrity of the system/application.\n (CVE-2021-26892)\");\n # https://support.microsoft.com/en-us/topic/march-9-2021-kb5000822-os-build-17763-1817-2eb6197f-e3b1-4f42-ab51-84345e063564\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?1b432623\");\n script_set_attribute(attribute:\"solution\", value:\n\"Apply Cumulative Update KB5000822.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-26897\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:\"CANVAS\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/03/08\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/03/08\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/03/09\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:microsoft:windows\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows : Microsoft Bulletins\");\n\n script_copyright(english:\"This script is Copyright (C) 2021-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"smb_check_rollup.nasl\", \"smb_hotfixes.nasl\", \"ms_bulletin_checks_possible.nasl\");\n script_require_keys(\"SMB/MS_Bulletin_Checks/Possible\");\n script_require_ports(139, 445, \"Host/patch_management_checks\");\n\n exit(0);\n}\n\ninclude('smb_func.inc');\ninclude('smb_hotfixes.inc');\ninclude('smb_hotfixes_fcheck.inc');\ninclude('smb_reg_query.inc');\n\nget_kb_item_or_exit('SMB/MS_Bulletin_Checks/Possible');\n\nvar bulletin = 'MS21-03';\nvar kbs = make_list(\n '5000822'\n);\n\nif (get_kb_item('Host/patch_management_checks')) hotfix_check_3rd_party(bulletin:bulletin, kbs:kbs, severity:SECURITY_HOLE);\n\nget_kb_item_or_exit('SMB/Registry/Enumerated');\nget_kb_item_or_exit('SMB/WindowsVersion', exit_code:1);\n\nif (hotfix_check_sp_range(win10:'0') <= 0) audit(AUDIT_OS_SP_NOT_VULN);\n\nvar share = hotfix_get_systemdrive(as_share:TRUE, exit_on_fail:TRUE);\nif (!is_accessible_share(share:share)) audit(AUDIT_SHARE_FAIL, share);\n\nif (\n smb_check_rollup(os:'10',\n sp:0,\n os_build:'17763',\n rollup_date:'03_2021',\n bulletin:bulletin,\n rollup_kb_list:[5000822])\n)\n{\n replace_kb_item(name:'SMB/Missing/'+bulletin, value:TRUE);\n hotfix_security_hole();\n hotfix_check_fversion_end();\n exit(0);\n}\nelse\n{\n hotfix_check_fversion_end();\n audit(AUDIT_HOST_NOT, hotfix_get_audit_report());\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "amazon": [{"lastseen": "2023-02-08T17:07:37", "description": "**Issue Overview:**\n\nIt was found that the Kerberos Key Distribution Center (KDC) delegation feature, Service for User (S4U), did not sufficiently protect the tickets it's providing from tempering. A malicious, authenticated service principal allowed to delegate could use this flaw to impersonate a non-forwardable user. (CVE-2020-17049)\n\nA flaw was found in Samba. Some SMB1 write requests were not correctly range-checked to ensure the client had sent enough data to fulfill the write, allowing server memory contents to be written into the file (or printer) instead of client-supplied data. The client cannot control the area of the server memory written to the file (or printer). (CVE-2022-32742)\n\nA flaw was found in Samba. The KDC accepts kpasswd requests encrypted with any key known to it. By encrypting forged kpasswd requests with its own key, a user can change other users' passwords, enabling full domain takeover. (CVE-2022-32744)\n\nA flaw was found in Samba. Samba AD users can cause the server to access uninitialized data with an LDAP add or modify the request, usually resulting in a segmentation fault. (CVE-2022-32745)\n\nA flaw was found in the Samba AD LDAP server. The AD DC database audit logging module can access LDAP message values freed by a preceding database module, resulting in a use-after-free issue. This issue is only possible when modifying certain privileged attributes, such as userAccountControl. (CVE-2022-32746)\n\n \n**Affected Packages:** \n\n\nsamba\n\n \n**Issue Correction:** \nRun _yum update samba_ to update your system. \n\n\n \n\n\n**New Packages:**\n \n \n i686: \n \u00a0\u00a0\u00a0 samba-devel-4.10.16-20.62.amzn1.i686 \n \u00a0\u00a0\u00a0 samba-common-libs-4.10.16-20.62.amzn1.i686 \n \u00a0\u00a0\u00a0 libwbclient-4.10.16-20.62.amzn1.i686 \n \u00a0\u00a0\u00a0 samba-winbind-clients-4.10.16-20.62.amzn1.i686 \n \u00a0\u00a0\u00a0 samba-python-4.10.16-20.62.amzn1.i686 \n \u00a0\u00a0\u00a0 samba-debuginfo-4.10.16-20.62.amzn1.i686 \n \u00a0\u00a0\u00a0 samba-client-libs-4.10.16-20.62.amzn1.i686 \n \u00a0\u00a0\u00a0 samba-test-4.10.16-20.62.amzn1.i686 \n \u00a0\u00a0\u00a0 libsmbclient-devel-4.10.16-20.62.amzn1.i686 \n \u00a0\u00a0\u00a0 samba-winbind-modules-4.10.16-20.62.amzn1.i686 \n \u00a0\u00a0\u00a0 samba-winbind-krb5-locator-4.10.16-20.62.amzn1.i686 \n \u00a0\u00a0\u00a0 ctdb-tests-4.10.16-20.62.amzn1.i686 \n \u00a0\u00a0\u00a0 samba-python-test-4.10.16-20.62.amzn1.i686 \n \u00a0\u00a0\u00a0 samba-common-tools-4.10.16-20.62.amzn1.i686 \n \u00a0\u00a0\u00a0 libwbclient-devel-4.10.16-20.62.amzn1.i686 \n \u00a0\u00a0\u00a0 samba-libs-4.10.16-20.62.amzn1.i686 \n \u00a0\u00a0\u00a0 samba-test-libs-4.10.16-20.62.amzn1.i686 \n \u00a0\u00a0\u00a0 ctdb-4.10.16-20.62.amzn1.i686 \n \u00a0\u00a0\u00a0 libsmbclient-4.10.16-20.62.amzn1.i686 \n \u00a0\u00a0\u00a0 samba-krb5-printing-4.10.16-20.62.amzn1.i686 \n \u00a0\u00a0\u00a0 samba-winbind-4.10.16-20.62.amzn1.i686 \n \u00a0\u00a0\u00a0 samba-4.10.16-20.62.amzn1.i686 \n \u00a0\u00a0\u00a0 samba-client-4.10.16-20.62.amzn1.i686 \n \n noarch: \n \u00a0\u00a0\u00a0 samba-pidl-4.10.16-20.62.amzn1.noarch \n \u00a0\u00a0\u00a0 samba-common-4.10.16-20.62.amzn1.noarch \n \n src: \n \u00a0\u00a0\u00a0 samba-4.10.16-20.62.amzn1.src \n \n x86_64: \n \u00a0\u00a0\u00a0 libsmbclient-devel-4.10.16-20.62.amzn1.x86_64 \n \u00a0\u00a0\u00a0 samba-test-libs-4.10.16-20.62.amzn1.x86_64 \n \u00a0\u00a0\u00a0 libwbclient-devel-4.10.16-20.62.amzn1.x86_64 \n \u00a0\u00a0\u00a0 samba-python-4.10.16-20.62.amzn1.x86_64 \n \u00a0\u00a0\u00a0 ctdb-4.10.16-20.62.amzn1.x86_64 \n \u00a0\u00a0\u00a0 samba-4.10.16-20.62.amzn1.x86_64 \n \u00a0\u00a0\u00a0 libwbclient-4.10.16-20.62.amzn1.x86_64 \n \u00a0\u00a0\u00a0 samba-client-4.10.16-20.62.amzn1.x86_64 \n \u00a0\u00a0\u00a0 samba-krb5-printing-4.10.16-20.62.amzn1.x86_64 \n \u00a0\u00a0\u00a0 samba-winbind-modules-4.10.16-20.62.amzn1.x86_64 \n \u00a0\u00a0\u00a0 samba-winbind-krb5-locator-4.10.16-20.62.amzn1.x86_64 \n \u00a0\u00a0\u00a0 samba-devel-4.10.16-20.62.amzn1.x86_64 \n \u00a0\u00a0\u00a0 samba-winbind-clients-4.10.16-20.62.amzn1.x86_64 \n \u00a0\u00a0\u00a0 ctdb-tests-4.10.16-20.62.amzn1.x86_64 \n \u00a0\u00a0\u00a0 samba-python-test-4.10.16-20.62.amzn1.x86_64 \n \u00a0\u00a0\u00a0 samba-libs-4.10.16-20.62.amzn1.x86_64 \n \u00a0\u00a0\u00a0 samba-test-4.10.16-20.62.amzn1.x86_64 \n \u00a0\u00a0\u00a0 samba-common-tools-4.10.16-20.62.amzn1.x86_64 \n \u00a0\u00a0\u00a0 samba-winbind-4.10.16-20.62.amzn1.x86_64 \n \u00a0\u00a0\u00a0 samba-debuginfo-4.10.16-20.62.amzn1.x86_64 \n \u00a0\u00a0\u00a0 libsmbclient-4.10.16-20.62.amzn1.x86_64 \n \u00a0\u00a0\u00a0 samba-common-libs-4.10.16-20.62.amzn1.x86_64 \n \u00a0\u00a0\u00a0 samba-client-libs-4.10.16-20.62.amzn1.x86_64 \n \n \n\n### Additional References\n\nRed Hat: [CVE-2020-17049](<https://access.redhat.com/security/cve/CVE-2020-17049>), [CVE-2022-32742](<https://access.redhat.com/security/cve/CVE-2022-32742>), [CVE-2022-32744](<https://access.redhat.com/security/cve/CVE-2022-32744>), [CVE-2022-32745](<https://access.redhat.com/security/cve/CVE-2022-32745>), [CVE-2022-32746](<https://access.redhat.com/security/cve/CVE-2022-32746>)\n\nMitre: [CVE-2020-17049](<https://vulners.com/cve/CVE-2020-17049>), [CVE-2022-32742](<https://vulners.com/cve/CVE-2022-32742>), [CVE-2022-32744](<https://vulners.com/cve/CVE-2022-32744>), [CVE-2022-32745](<https://vulners.com/cve/CVE-2022-32745>), [CVE-2022-32746](<https://vulners.com/cve/CVE-2022-32746>)\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-12-01T17:33:00", "type": "amazon", "title": "Important: samba", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.0, "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-17049", "CVE-2022-32742", "CVE-2022-32744", "CVE-2022-32745", "CVE-2022-32746"], "modified": "2022-12-10T00:46:00", "id": "ALAS-2022-1642", "href": "https://alas.aws.amazon.com/ALAS-2022-1642.html", "cvss": {"score": 9.0, "vector": "AV:N/AC:L/Au:S/C:C/I:C/A:C"}}], "suse": [{"lastseen": "2022-11-06T19:34:23", "description": "An update that fixes 8 vulnerabilities is now available.\n\nDescription:\n\n This update for samba and ldb fixes the following issues:\n\n - CVE-2020-25718: Fixed that an RODC can issue (forge) administrator\n tickets to other servers (bsc#1192246).\n - CVE-2021-3738: Fixed crash in dsdb stack (bsc#1192215).\n - CVE-2016-2124: Fixed not to fallback to non spnego authentication if we\n require kerberos (bsc#1014440).\n - CVE-2020-25717: Fixed privilege escalation inside an AD Domain where a\n user could become root on domain members (bsc#1192284).\n - CVE-2020-25719: Fixed AD DC Username based races when no PAC is given\n (bsc#1192247).\n - CVE-2020-25722: Fixed AD DC UPN vs samAccountName not checked (top-level\n bug for AD DC validation issues) (bsc#1192283).\n - CVE-2021-23192: Fixed dcerpc requests to don't check all fragments\n against the first auth_state (bsc#1192214).\n - CVE-2020-25721: Fixed fill in the new HAS_SAM_NAME_AND_SID values\n (bsc#1192505).\n\n Samba was updated to 4.13.13\n\n * rodc_rwdc test flaps;(bso#14868).\n * Backport bronze bit fixes, tests, and selftest improvements; (bso#14881).\n * Provide a fix for MS CVE-2020-17049 in Samba [SECURITY] 'Bronze bit'\n S4U2Proxy Constrained Delegation bypass in Samba with embedded\n Heimdal;(bso#14642).\n * Python ldb.msg_diff() memory handling failure;(bso#14836).\n * \"in\" operator on ldb.Message is case sensitive;(bso#14845).\n * Fix Samba support for UF_NO_AUTH_DATA_REQUIRED;(bso#14871).\n * Allow special chars like \"@\" in samAccountName when generating the\n salt;(bso#14874).\n * Fix transit path validation;(bso#12998).\n * Prepare to operate with MIT krb5 >= 1.20;(bso#14870).\n * rpcclient NetFileEnum and net rpc file both cause lock order violation:\n brlock.tdb, share_entries.tdb;(bso#14645).\n * Python ldb.msg_diff() memory handling failure;(bso#14836).\n * Release LDB 2.3.1 for Samba 4.14.9;(bso#14848).\n\n Samba was updated to 4.13.12:\n\n * Address a signifcant performance regression in database access in the AD\n DC since Samba 4.12;(bso#14806).\n * Fix performance regression in lsa_LookupSids3/LookupNames4 since Samba\n 4.9 by using an explicit database handle cache; (bso#14807).\n * An unuthenticated user can crash the AD DC KDC by omitting the server\n name in a TGS-REQ;(bso#14817).\n * Address flapping samba_tool_drs_showrepl test;(bso#14818).\n * Address flapping dsdb_schema_attributes test;(bso#14819).\n * An unuthenticated user can crash the AD DC KDC by omitting the server\n name in a TGS-REQ;(bso#14817).\n * Fix CTDB flag/status update race conditions(bso#14784).\n\n Samba was updated to 4.13.11:\n\n * smbd: panic on force-close share during offload write; (bso#14769).\n * Fix returned attributes on fake quota file handle and avoid hitting the\n VFS;(bso#14731).\n * smbd: \"deadtime\" parameter doesn't work anymore;(bso#14783).\n * net conf list crashes when run as normal user;(bso#14787).\n * Work around special SMB2 READ response behavior of NetApp Ontap\n 7.3.7;(bso#14607).\n * Start the SMB encryption as soon as possible;(bso#14793).\n * Winbind should not start if the socket path for the privileged pipe is\n too long;(bso#14792).\n\n ldb was updated to 2.2.2:\n\n + CVE-2020-25718: samba: An RODC can issue (forge) administrator tickets\n to other servers; (bsc#1192246); (bso#14558)\n + CVE-2021-3738: samba: crash in dsdb stack; (bsc#1192215);(bso#14848)\n\n Release ldb 2.2.2\n\n + Corrected python behaviour for 'in' for LDAP attributes contained as\n part of ldb.Message;(bso#14845).\n + Fix memory handling in ldb.msg_diff Corrected python\n docstrings;(bso#14836)\n + Backport bronze bit fixes, tests, and selftest improvements; (bso#14881).\n\n\nPatch Instructions:\n\n To install this openSUSE Security Update use the SUSE recommended installation methods\n like YaST online_update or \"zypper patch\".\n\n Alternatively you can run the command listed for your product:\n\n - openSUSE Leap 15.3:\n\n zypper in -t patch openSUSE-SLE-15.3-2021-3647=1", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-11-10T00:00:00", "type": "suse", "title": "Security update for samba and ldb (important)", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.0, "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-2124", "CVE-2020-17049", "CVE-2020-25717", "CVE-2020-25718", "CVE-2020-25719", "CVE-2020-25721", "CVE-2020-25722", "CVE-2021-23192", "CVE-2021-3738"], "modified": "2021-11-10T00:00:00", "id": "OPENSUSE-SU-2021:3647-1", "href": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/36K5HNX67LYX5XOVQRL3MSIC5YSJ5M5W/", "cvss": {"score": 9.0, "vector": "AV:N/AC:L/Au:S/C:C/I:C/A:C"}}], "kaspersky": [{"lastseen": "2023-02-08T15:49:32", "description": "### *Detect date*:\n11/10/2020\n\n### *Severity*:\nCritical\n\n### *Description*:\nMultiple vulnerabilities were found in Microsoft Products (Extended Support Update). Malicious users can exploit these vulnerabilities to gain privileges, obtain sensitive information, execute arbitrary code, cause denial of service, spoof user interface, bypass security restrictions.\n\n### *Exploitation*:\nMalware exists for this vulnerability. Usually such malware is classified as Exploit. [More details](<https://threats.kaspersky.com/en/class/Exploit/>).\n\n### *Affected products*:\nWindows 10 Version 1909 for ARM64-based Systems \nWindows Server 2019 \nWindows 10 Version 1903 for ARM64-based Systems \nWindows 8.1 for x64-based systems \nWindows Server, version 1903 (Server Core installation) \nWindows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) \nWindows 10 Version 1809 for ARM64-based Systems \nWindows 10 Version 1803 for 32-bit Systems \nWindows Server 2012 R2 (Server Core installation) \nWindows 10 Version 1607 for x64-based Systems \nWindows Server 2019 (Server Core installation) \nWindows 10 Version 1809 for 32-bit Systems \nWindows Server, version 1909 (Server Core installation) \nWindows 10 Version 20H2 for x64-based Systems \nWindows Server 2008 for x64-based Systems Service Pack 2 \nWindows Server 2008 for 32-bit Systems Service Pack 2 \nWindows 10 for 32-bit Systems \nWindows Server 2008 R2 for x64-based Systems Service Pack 1 \nWindows 10 Version 2004 for ARM64-based Systems \nWindows 10 Version 20H2 for 32-bit Systems \nWindows 10 Version 1909 for x64-based Systems \nWindows RT 8.1 \nWindows 10 Version 1803 for ARM64-based Systems \nWindows Server, version 20H2 (Server Core Installation) \nWindows 10 Version 1607 for 32-bit Systems \nWindows 10 Version 1809 for x64-based Systems \nWindows Server 2012 (Server Core installation) \nWindows 10 Version 2004 for x64-based Systems \nWindows 10 Version 2004 for 32-bit Systems \nWindows 10 Version 1903 for x64-based Systems \nWindows 10 Version 1803 for x64-based Systems \nWindows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) \nWindows 10 for x64-based Systems \nWindows Server 2012 \nWindows Server 2016 (Server Core installation) \nWindows 7 for x64-based Systems Service Pack 1 \nWindows 8.1 for 32-bit systems \nWindows Server 2012 R2 \nWindows 10 Version 1903 for 32-bit Systems \nWindows Server 2016 \nWindows 10 Version 20H2 for ARM64-based Systems \nWindows 10 Version 1909 for 32-bit Systems \nWindows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) \nWindows Server, version 2004 (Server Core installation) \nWindows 7 for 32-bit Systems Service Pack 1\n\n### *Solution*:\nInstall necessary updates from the KB section, that are listed in your Windows Update (Windows Update usually can be accessed from the Control Panel)\n\n### *Original advisories*:\n[CVE-2020-17043](<https://nvd.nist.gov/vuln/detail/CVE-2020-17043>) \n[CVE-2020-17069](<https://nvd.nist.gov/vuln/detail/CVE-2020-17069>) \n[CVE-2020-17087](<https://nvd.nist.gov/vuln/detail/CVE-2020-17087>) \n[CVE-2020-17088](<https://nvd.nist.gov/vuln/detail/CVE-2020-17088>) \n[CVE-2020-17045](<https://nvd.nist.gov/vuln/detail/CVE-2020-17045>) \n[CVE-2020-17051](<https://nvd.nist.gov/vuln/detail/CVE-2020-17051>) \n[CVE-2020-17047](<https://nvd.nist.gov/vuln/detail/CVE-2020-17047>) \n[CVE-2020-17042](<https://nvd.nist.gov/vuln/detail/CVE-2020-17042>) \n[CVE-2020-1599](<https://nvd.nist.gov/vuln/detail/CVE-2020-1599>) \n[CVE-2020-17044](<https://nvd.nist.gov/vuln/detail/CVE-2020-17044>) \n[CVE-2020-16997](<https://nvd.nist.gov/vuln/detail/CVE-2020-16997>) \n[CVE-2020-17014](<https://nvd.nist.gov/vuln/detail/CVE-2020-17014>) \n[CVE-2020-17038](<https://nvd.nist.gov/vuln/detail/CVE-2020-17038>) \n[CVE-2020-17011](<https://nvd.nist.gov/vuln/detail/CVE-2020-17011>) \n[CVE-2020-17029](<https://nvd.nist.gov/vuln/detail/CVE-2020-17029>) \n[CVE-2020-17000](<https://nvd.nist.gov/vuln/detail/CVE-2020-17000>) \n[CVE-2020-17001](<https://nvd.nist.gov/vuln/detail/CVE-2020-17001>) \n[CVE-2020-17068](<https://nvd.nist.gov/vuln/detail/CVE-2020-17068>) \n[CVE-2020-17036](<https://nvd.nist.gov/vuln/detail/CVE-2020-17036>) \n[CVE-2020-17004](<https://nvd.nist.gov/vuln/detail/CVE-2020-17004>) \n[CVE-2020-17049](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-17049>) \n\n\n### *Impacts*:\nACE \n\n### *Related products*:\n[Microsoft Windows](<https://threats.kaspersky.com/en/product/Microsoft-Windows/>)\n\n### *CVE-IDS*:\n[CVE-2020-17043](<https://vulners.com/cve/CVE-2020-17043>)6.8High \n[CVE-2020-17069](<https://vulners.com/cve/CVE-2020-17069>)2.1Warning \n[CVE-2020-17087](<https://vulners.com/cve/CVE-2020-17087>)7.2High \n[CVE-2020-17088](<https://vulners.com/cve/CVE-2020-17088>)4.6Warning \n[CVE-2020-17045](<https://vulners.com/cve/CVE-2020-17045>)4.9Warning \n[CVE-2020-17047](<https://vulners.com/cve/CVE-2020-17047>)7.8Critical \n[CVE-2020-17042](<https://vulners.com/cve/CVE-2020-17042>)9.3Critical \n[CVE-2020-1599](<https://vulners.com/cve/CVE-2020-1599>)2.1Warning \n[CVE-2020-17044](<https://vulners.com/cve/CVE-2020-17044>)6.8High \n[CVE-2020-16997](<https://vulners.com/cve/CVE-2020-16997>)4.0Warning \n[CVE-2020-17014](<https://vulners.com/cve/CVE-2020-17014>)6.6High \n[CVE-2020-17038](<https://vulners.com/cve/CVE-2020-17038>)7.2High \n[CVE-2020-17011](<https://vulners.com/cve/CVE-2020-17011>)7.2High \n[CVE-2020-17029](<https://vulners.com/cve/CVE-2020-17029>)4.9Warning \n[CVE-2020-17000](<https://vulners.com/cve/CVE-2020-17000>)2.1Warning \n[CVE-2020-17001](<https://vulners.com/cve/CVE-2020-17001>)4.6Warning \n[CVE-2020-17068](<https://vulners.com/cve/CVE-2020-17068>)7.2High \n[CVE-2020-17036](<https://vulners.com/cve/CVE-2020-17036>)4.9Warning \n[CVE-2020-17004](<https://vulners.com/cve/CVE-2020-17004>)2.1Warning \n[CVE-2020-17049](<https://vulners.com/cve/CVE-2020-17049>)9.0Critical\n\n### *KB list*:\n[4586827](<http://support.microsoft.com/kb/4586827>) \n[4586817](<http://support.microsoft.com/kb/4586817>) \n[4586805](<http://support.microsoft.com/kb/4586805>) \n[4586807](<http://support.microsoft.com/kb/4586807>) \n[5004289](<http://support.microsoft.com/kb/5004289>) \n[5004307](<http://support.microsoft.com/kb/5004307>) \n[5004299](<http://support.microsoft.com/kb/5004299>) \n[5004305](<http://support.microsoft.com/kb/5004305>)\n\n### *Microsoft official advisories*:", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2020-11-10T00:00:00", "type": "kaspersky", "title": "KLA12003 Multiple vulnerabilities in Microsoft Products (ESU)", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-1599", "CVE-2020-16997", "CVE-2020-17000", "CVE-2020-17001", "CVE-2020-17004", "CVE-2020-17011", "CVE-2020-17014", "CVE-2020-17029", "CVE-2020-17036", "CVE-2020-17038", "CVE-2020-17042", "CVE-2020-17043", "CVE-2020-17044", "CVE-2020-17045", "CVE-2020-17047", "CVE-2020-17049", "CVE-2020-17051", "CVE-2020-17068", "CVE-2020-17069", "CVE-2020-17087", "CVE-2020-17088"], "modified": "2022-01-18T00:00:00", "id": "KLA12003", "href": "https://threats.kaspersky.com/en/vulnerability/KLA12003/", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-02-08T15:47:35", "description": "### *Detect date*:\n03/09/2021\n\n### *Severity*:\nCritical\n\n### *Description*:\nMultiple vulnerabilities were found in Microsoft Products (Extended Security Update). Malicious users can exploit these vulnerabilities to execute arbitrary code, gain privileges, cause denial of service, obtain sensitive information.\n\n### *Exploitation*:\nMalware exists for this vulnerability. Usually such malware is classified as Exploit. [More details](<https://threats.kaspersky.com/en/class/Exploit/>).\n\n### *Affected products*:\nWindows 7 for 32-bit Systems Service Pack 1 \nWindows Server 2008 for x64-based Systems Service Pack 2 \nWindows 7 for x64-based Systems Service Pack 1 \nWindows Server 2008 for 32-bit Systems Service Pack 2 \nWindows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) \nInternet Explorer 9 \nWindows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) \nWindows Server 2008 R2 for x64-based Systems Service Pack 1 \nWindows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation)\n\n### *Solution*:\nInstall necessary updates from the KB section, that are listed in your Windows Update (Windows Update usually can be accessed from the Control Panel)\n\n### *Original advisories*:\n[CVE-2021-26411](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-26411>) \n[CVE-2021-26899](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-26899>) \n[CVE-2021-26875](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-26875>) \n[CVE-2021-27063](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-27063>) \n[CVE-2021-26895](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-26895>) \n[CVE-2021-24107](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-24107>) \n[CVE-2021-26878](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-26878>) \n[CVE-2021-27077](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-27077>) \n[CVE-2021-26894](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-26894>) \n[CVE-2021-26898](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-26898>) \n[CVE-2021-26893](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-26893>) \n[CVE-2021-26896](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-26896>) \n[CVE-2021-26869](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-26869>) \n[CVE-2021-26877](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-26877>) \n[CVE-2021-1640](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-1640>) \n[CVE-2021-26897](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-26897>) \n[CVE-2021-26872](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-26872>) \n[CVE-2021-26861](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-26861>) \n[CVE-2021-26901](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-26901>) \n[CVE-2021-26881](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-26881>) \n[CVE-2021-26882](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-26882>) \n[CVE-2021-26862](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-26862>) \n[CVE-2021-26873](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-26873>) \n[CVE-2021-26887](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-26887>) \n\n\n### *Impacts*:\nACE \n\n### *Related products*:\n[Microsoft Internet Explorer](<https://threats.kaspersky.com/en/product/Microsoft-Internet-Explorer/>)\n\n### *CVE-IDS*:\n[CVE-2021-26411](<https://vulners.com/cve/CVE-2021-26411>)5.1High \n[CVE-2021-26899](<https://vulners.com/cve/CVE-2021-26899>)7.2High \n[CVE-2021-26875](<https://vulners.com/cve/CVE-2021-26875>)4.6Warning \n[CVE-2021-27063](<https://vulners.com/cve/CVE-2021-27063>)5.0Critical \n[CVE-2021-24107](<https://vulners.com/cve/CVE-2021-24107>)2.1Warning \n[CVE-2021-26887](<https://vulners.com/cve/CVE-2021-26887>)4.6Warning \n[CVE-2021-26878](<https://vulners.com/cve/CVE-2021-26878>)4.6Warning \n[CVE-2021-27077](<https://vulners.com/cve/CVE-2021-27077>)4.6Warning \n[CVE-2021-26898](<https://vulners.com/cve/CVE-2021-26898>)7.2High \n[CVE-2021-26893](<https://vulners.com/cve/CVE-2021-26893>)7.5Critical \n[CVE-2021-26896](<https://vulners.com/cve/CVE-2021-26896>)5.0Critical \n[CVE-2021-26869](<https://vulners.com/cve/CVE-2021-26869>)2.1Warning \n[CVE-2021-26877](<https://vulners.com/cve/CVE-2021-26877>)7.5Critical \n[CVE-2021-1640](<https://vulners.com/cve/CVE-2021-1640>)4.6Warning \n[CVE-2021-26872](<https://vulners.com/cve/CVE-2021-26872>)4.6Warning \n[CVE-2021-26861](<https://vulners.com/cve/CVE-2021-26861>)6.8High \n[CVE-2021-26901](<https://vulners.com/cve/CVE-2021-26901>)7.2High \n[CVE-2021-26881](<https://vulners.com/cve/CVE-2021-26881>)6.5High \n[CVE-2021-26882](<https://vulners.com/cve/CVE-2021-26882>)4.6Warning \n[CVE-2021-26862](<https://vulners.com/cve/CVE-2021-26862>)7.2High \n[CVE-2021-26873](<https://vulners.com/cve/CVE-2021-26873>)4.6Warning\n\n### *KB list*:\n[5000800](<http://support.microsoft.com/kb/5000800>) \n[5000841](<http://support.microsoft.com/kb/5000841>) \n[5000851](<http://support.microsoft.com/kb/5000851>) \n[5000856](<http://support.microsoft.com/kb/5000856>) \n[5000844](<http://support.microsoft.com/kb/5000844>)\n\n### *Microsoft official advisories*:", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-03-09T00:00:00", "type": "kaspersky", "title": "KLA12112 Multiple vulnerabilities in Microsoft Products (ESU)", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-1640", "CVE-2021-24107", "CVE-2021-26411", "CVE-2021-26861", "CVE-2021-26862", "CVE-2021-26869", "CVE-2021-26872", "CVE-2021-26873", "CVE-2021-26875", "CVE-2021-26877", "CVE-2021-26878", "CVE-2021-26881", "CVE-2021-26882", "CVE-2021-26887", "CVE-2021-26893", "CVE-2021-26894", "CVE-2021-26895", "CVE-2021-26896", "CVE-2021-26897", "CVE-2021-26898", "CVE-2021-26899", "CVE-2021-26901", "CVE-2021-27063", "CVE-2021-27077"], "modified": "2022-09-14T00:00:00", "id": "KLA12112", "href": "https://threats.kaspersky.com/en/vulnerability/KLA12112/", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-02-08T15:47:36", "description": "### *Detect date*:\n03/09/2021\n\n### *Severity*:\nCritical\n\n### *Description*:\nMultiple vulnerabilities were found in Microsoft Windows. Malicious users can exploit these vulnerabilities to gain privileges, execute arbitrary code, cause denial of service, bypass security restrictions, obtain sensitive information.\n\n### *Exploitation*:\nMalware exists for this vulnerability. Usually such malware is classified as Exploit. [More details](<https://threats.kaspersky.com/en/class/Exploit/>).\n\n### *Affected products*:\nWindows Server 2012 R2 \nWindows Server, version 1909 (Server Core installation) \nWindows 7 for 32-bit Systems Service Pack 1 \nWindows 10 Version 2004 for x64-based Systems \nWindows RT 8.1 \nWindows 10 Version 1909 for ARM64-based Systems \nWindows Admin Center \nWindows 10 Version 20H2 for x64-based Systems \nHEVC Video Extensions \nWindows Server 2008 for x64-based Systems Service Pack 2 \nWindows Server, version 2004 (Server Core installation) \nWindows Server 2016 (Server Core installation) \nWindows 10 Version 2004 for ARM64-based Systems \nWindows 7 for x64-based Systems Service Pack 1 \nWindows Server 2016 \nWindows 10 for 32-bit Systems \nWindows 10 Version 1803 for x64-based Systems \nWindows 8.1 for 32-bit systems \nWindows Server 2008 for 32-bit Systems Service Pack 2 \nWindows 10 Version 1803 for ARM64-based Systems \nWindows 10 Version 1607 for 32-bit Systems \nWindows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) \nWindows Server 2019 \nWindows 10 Version 20H2 for 32-bit Systems \nWindows 10 Version 1809 for 32-bit Systems \nWindows 10 Version 1909 for 32-bit Systems \nWindows 10 Version 1909 for x64-based Systems \nWindows 10 Version 1809 for x64-based Systems \nWindows 8.1 for x64-based systems \nWindows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) \nWindows 10 Version 2004 for 32-bit Systems \nWindows 10 Version 1803 for 32-bit Systems \nWindows Server 2019 (Server Core installation) \nWindows 10 for x64-based Systems \nWindows Server 2012 \nWindows Server, version 20H2 (Server Core Installation) \nWindows Server 2008 R2 for x64-based Systems Service Pack 1 \nWindows 10 Version 20H2 for ARM64-based Systems \nWindows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) \nWindows 10 Version 1809 for ARM64-based Systems \nWindows 10 Version 1607 for x64-based Systems \nWindows Server 2012 R2 (Server Core installation) \nWindows Server 2012 (Server Core installation)\n\n### *Solution*:\nInstall necessary updates from the KB section, that are listed in your Windows Update (Windows Update usually can be accessed from the Control Panel)\n\n### *Original advisories*:\n[CVE-2021-26899](<https://nvd.nist.gov/vuln/detail/CVE-2021-26899>) \n[CVE-2021-26876](<https://nvd.nist.gov/vuln/detail/CVE-2021-26876>) \n[CVE-2021-1729](<https://nvd.nist.gov/vuln/detail/CVE-2021-1729>) \n[CVE-2021-26875](<https://nvd.nist.gov/vuln/detail/CVE-2021-26875>) \n[CVE-2021-27048](<https://nvd.nist.gov/vuln/detail/CVE-2021-27048>) \n[CVE-2021-26866](<https://nvd.nist.gov/vuln/detail/CVE-2021-26866>) \n[CVE-2021-26902](<https://nvd.nist.gov/vuln/detail/CVE-2021-26902>) \n[CVE-2021-26886](<https://nvd.nist.gov/vuln/detail/CVE-2021-26886>) \n[CVE-2021-27066](<https://nvd.nist.gov/vuln/detail/CVE-2021-27066>) \n[CVE-2021-27063](<https://nvd.nist.gov/vuln/detail/CVE-2021-27063>) \n[CVE-2021-27050](<https://nvd.nist.gov/vuln/detail/CVE-2021-27050>) \n[CVE-2021-26889](<https://nvd.nist.gov/vuln/detail/CVE-2021-26889>) \n[CVE-2021-26890](<https://nvd.nist.gov/vuln/detail/CVE-2021-26890>) \n[CVE-2021-26895](<https://nvd.nist.gov/vuln/detail/CVE-2021-26895>) \n[CVE-2021-26885](<https://nvd.nist.gov/vuln/detail/CVE-2021-26885>) \n[CVE-2021-24107](<https://nvd.nist.gov/vuln/detail/CVE-2021-24107>) \n[CVE-2021-26892](<https://nvd.nist.gov/vuln/detail/CVE-2021-26892>) \n[CVE-2021-24090](<https://nvd.nist.gov/vuln/detail/CVE-2021-24090>) \n[CVE-2021-24110](<https://nvd.nist.gov/vuln/detail/CVE-2021-24110>) \n[CVE-2021-24095](<https://nvd.nist.gov/vuln/detail/CVE-2021-24095>) \n[CVE-2021-26887](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2021-26887>) \n[CVE-2021-24089](<https://nvd.nist.gov/vuln/detail/CVE-2021-24089>) \n[CVE-2021-26878](<https://nvd.nist.gov/vuln/detail/CVE-2021-26878>) \n[CVE-2021-27077](<https://nvd.nist.gov/vuln/detail/CVE-2021-27077>) \n[CVE-2021-26894](<https://nvd.nist.gov/vuln/detail/CVE-2021-26894>) \n[CVE-2021-26884](<https://nvd.nist.gov/vuln/detail/CVE-2021-26884>) \n[CVE-2021-26898](<https://nvd.nist.gov/vuln/detail/CVE-2021-26898>) \n[CVE-2021-26864](<https://nvd.nist.gov/vuln/detail/CVE-2021-26864>) \n[CVE-2021-27061](<https://nvd.nist.gov/vuln/detail/CVE-2021-27061>) \n[CVE-2021-26865](<https://nvd.nist.gov/vuln/detail/CVE-2021-26865>) \n[CVE-2021-26891](<https://nvd.nist.gov/vuln/detail/CVE-2021-26891>) \n[CVE-2021-26893](<https://nvd.nist.gov/vuln/detail/CVE-2021-26893>) \n[CVE-2021-26896](<https://nvd.nist.gov/vuln/detail/CVE-2021-26896>) \n[CVE-2021-26867](<https://nvd.nist.gov/vuln/detail/CVE-2021-26867>) \n[CVE-2021-27049](<https://nvd.nist.gov/vuln/detail/CVE-2021-27049>) \n[CVE-2021-27070](<https://nvd.nist.gov/vuln/detail/CVE-2021-27070>) \n[CVE-2021-26869](<https://nvd.nist.gov/vuln/detail/CVE-2021-26869>) \n[CVE-2021-26868](<https://nvd.nist.gov/vuln/detail/CVE-2021-26868>) \n[CVE-2021-26877](<https://nvd.nist.gov/vuln/detail/CVE-2021-26877>) \n[CVE-2021-1640](<https://nvd.nist.gov/vuln/detail/CVE-2021-1640>) \n[CVE-2021-27062](<https://nvd.nist.gov/vuln/detail/CVE-2021-27062>) \n[CVE-2021-26880](<https://nvd.nist.gov/vuln/detail/CVE-2021-26880>) \n[CVE-2021-26879](<https://nvd.nist.gov/vuln/detail/CVE-2021-26879>) \n[CVE-2021-26870](<https://nvd.nist.gov/vuln/detail/CVE-2021-26870>) \n[CVE-2021-26897](<https://nvd.nist.gov/vuln/detail/CVE-2021-26897>) \n[CVE-2021-26872](<https://nvd.nist.gov/vuln/detail/CVE-2021-26872>) \n[CVE-2021-26861](<https://nvd.nist.gov/vuln/detail/CVE-2021-26861>) \n[CVE-2021-26901](<https://nvd.nist.gov/vuln/detail/CVE-2021-26901>) \n[CVE-2021-27047](<https://nvd.nist.gov/vuln/detail/CVE-2021-27047>) \n[CVE-2021-26881](<https://nvd.nist.gov/vuln/detail/CVE-2021-26881>) \n[CVE-2021-26900](<https://nvd.nist.gov/vuln/detail/CVE-2021-26900>) \n[CVE-2021-27051](<https://nvd.nist.gov/vuln/detail/CVE-2021-27051>) \n[CVE-2021-26882](<https://nvd.nist.gov/vuln/detail/CVE-2021-26882>) \n[CVE-2021-26871](<https://nvd.nist.gov/vuln/detail/CVE-2021-26871>) \n[CVE-2021-26860](<https://nvd.nist.gov/vuln/detail/CVE-2021-26860>) \n[CVE-2021-26863](<https://nvd.nist.gov/vuln/detail/CVE-2021-26863>) \n[CVE-2021-26862](<https://nvd.nist.gov/vuln/detail/CVE-2021-26862>) \n[CVE-2021-26874](<https://nvd.nist.gov/vuln/detail/CVE-2021-26874>) \n[CVE-2021-26873](<https://nvd.nist.gov/vuln/detail/CVE-2021-26873>) \n\n\n### *Impacts*:\nACE \n\n### *Related products*:\n[Microsoft Windows](<https://threats.kaspersky.com/en/product/Microsoft-Windows/>)\n\n### *CVE-IDS*:\n[CVE-2021-26899](<https://vulners.com/cve/CVE-2021-26899>)7.2High \n[CVE-2021-26876](<https://vulners.com/cve/CVE-2021-26876>)6.8High \n[CVE-2021-1729](<https://vulners.com/cve/CVE-2021-1729>)7.2High \n[CVE-2021-26875](<https://vulners.com/cve/CVE-2021-26875>)4.6Warning \n[CVE-2021-27048](<https://vulners.com/cve/CVE-2021-27048>)6.8High \n[CVE-2021-26866](<https://vulners.com/cve/CVE-2021-26866>)3.6Warning \n[CVE-2021-26902](<https://vulners.com/cve/CVE-2021-26902>)6.8High \n[CVE-2021-26886](<https://vulners.com/cve/CVE-2021-26886>)3.6Warning \n[CVE-2021-27066](<https://vulners.com/cve/CVE-2021-27066>)4.0Warning \n[CVE-2021-27063](<https://vulners.com/cve/CVE-2021-27063>)5.0Critical \n[CVE-2021-27050](<https://vulners.com/cve/CVE-2021-27050>)6.8High \n[CVE-2021-26889](<https://vulners.com/cve/CVE-2021-26889>)4.6Warning \n[CVE-2021-26890](<https://vulners.com/cve/CVE-2021-26890>)4.6Warning \n[CVE-2021-26885](<https://vulners.com/cve/CVE-2021-26885>)4.6Warning \n[CVE-2021-24107](<https://vulners.com/cve/CVE-2021-24107>)2.1Warning \n[CVE-2021-26892](<https://vulners.com/cve/CVE-2021-26892>)2.1Warning \n[CVE-2021-24090](<https://vulners.com/cve/CVE-2021-24090>)9.3Critical \n[CVE-2021-24110](<https://vulners.com/cve/CVE-2021-24110>)6.8High \n[CVE-2021-24095](<https://vulners.com/cve/CVE-2021-24095>)4.6Warning \n[CVE-2021-26887](<https://vulners.com/cve/CVE-2021-26887>)4.6Warning \n[CVE-2021-24089](<https://vulners.com/cve/CVE-2021-24089>)6.8High \n[CVE-2021-26878](<https://vulners.com/cve/CVE-2021-26878>)4.6Warning \n[CVE-2021-27077](<https://vulners.com/cve/CVE-2021-27077>)4.6Warning \n[CVE-2021-26884](<https://vulners.com/cve/CVE-2021-26884>)2.1Warning \n[CVE-2021-26898](<https://vulners.com/cve/CVE-2021-26898>)7.2High \n[CVE-2021-26864](<https://vulners.com/cve/CVE-2021-26864>)4.6Warning \n[CVE-2021-27061](<https://vulners.com/cve/CVE-2021-27061>)6.8High \n[CVE-2021-26865](<https://vulners.com/cve/CVE-2021-26865>)4.6Warning \n[CVE-2021-26891](<https://vulners.com/cve/CVE-2021-26891>)4.6Warning \n[CVE-2021-26893](<https://vulners.com/cve/CVE-2021-26893>)7.5Critical \n[CVE-2021-26896](<https://vulners.com/cve/CVE-2021-26896>)5.0Critical \n[CVE-2021-26867](<https://vulners.com/cve/CVE-2021-26867>)7.2High \n[CVE-2021-27049](<https://vulners.com/cve/CVE-2021-27049>)6.8High \n[CVE-2021-27070](<https://vulners.com/cve/CVE-2021-27070>)9.3Critical \n[CVE-2021-26869](<https://vulners.com/cve/CVE-2021-26869>)2.1Warning \n[CVE-2021-26868](<https://vulners.com/cve/CVE-2021-26868>)4.6Warning \n[CVE-2021-26877](<https://vulners.com/cve/CVE-2021-26877>)7.5Critical \n[CVE-2021-1640](<https://vulners.com/cve/CVE-2021-1640>)4.6Warning \n[CVE-2021-27062](<https://vulners.com/cve/CVE-2021-27062>)6.8High \n[CVE-2021-26880](<https://vulners.com/cve/CVE-2021-26880>)4.6Warning \n[CVE-2021-26879](<https://vulners.com/cve/CVE-2021-26879>)5.0Critical \n[CVE-2021-26870](<https://vulners.com/cve/CVE-2021-26870>)4.6Warning \n[CVE-2021-26872](<https://vulners.com/cve/CVE-2021-26872>)4.6Warning \n[CVE-2021-26861](<https://vulners.com/cve/CVE-2021-26861>)6.8High \n[CVE-2021-26901](<https://vulners.com/cve/CVE-2021-26901>)7.2High \n[CVE-2021-27047](<https://vulners.com/cve/CVE-2021-27047>)6.8High \n[CVE-2021-26881](<https://vulners.com/cve/CVE-2021-26881>)6.5High \n[CVE-2021-26900](<https://vulners.com/cve/CVE-2021-26900>)7.2High \n[CVE-2021-27051](<https://vulners.com/cve/CVE-2021-27051>)6.8High \n[CVE-2021-26882](<https://vulners.com/cve/CVE-2021-26882>)4.6Warning \n[CVE-2021-26871](<https://vulners.com/cve/CVE-2021-26871>)4.6Warning \n[CVE-2021-26860](<https://vulners.com/cve/CVE-2021-26860>)4.6Warning \n[CVE-2021-26863](<https://vulners.com/cve/CVE-2021-26863>)7.2High \n[CVE-2021-26862](<https://vulners.com/cve/CVE-2021-26862>)7.2High \n[CVE-2021-26874](<https://vulners.com/cve/CVE-2021-26874>)4.6Warning \n[CVE-2021-26873](<https://vulners.com/cve/CVE-2021-26873>)4.6Warning\n\n### *KB list*:\n[5000809](<http://support.microsoft.com/kb/5000809>) \n[5000822](<http://support.microsoft.com/kb/5000822>) \n[5000847](<http://support.microsoft.com/kb/5000847>) \n[5000808](<http://support.microsoft.com/kb/5000808>) \n[5000803](<http://support.microsoft.com/kb/5000803>) \n[5000807](<http://support.microsoft.com/kb/5000807>) \n[5000848](<http://support.microsoft.com/kb/5000848>) \n[5000802](<http://support.microsoft.com/kb/5000802>) \n[5000853](<http://support.microsoft.com/kb/5000853>) \n[5000840](<http://support.microsoft.com/kb/5000840>)\n\n### *Microsoft official advisories*:", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-03-09T00:00:00", "type": "kaspersky", "title": "KLA12111 Multiple vulnerabilities in Microsoft Windows", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-1640", "CVE-2021-1729", "CVE-2021-24089", "CVE-2021-24090", "CVE-2021-24095", "CVE-2021-24107", "CVE-2021-24110", "CVE-2021-26860", "CVE-2021-26861", "CVE-2021-26862", "CVE-2021-26863", "CVE-2021-26864", "CVE-2021-26865", "CVE-2021-26866", "CVE-2021-26867", "CVE-2021-26868", "CVE-2021-26869", "CVE-2021-26870", "CVE-2021-26871", "CVE-2021-26872", "CVE-2021-26873", "CVE-2021-26874", "CVE-2021-26875", "CVE-2021-26876", "CVE-2021-26877", "CVE-2021-26878", "CVE-2021-26879", "CVE-2021-26880", "CVE-2021-26881", "CVE-2021-26882", "CVE-2021-26884", "CVE-2021-26885", "CVE-2021-26886", "CVE-2021-26887", "CVE-2021-26889", "CVE-2021-26890", "CVE-2021-26891", "CVE-2021-26892", "CVE-2021-26893", "CVE-2021-26894", "CVE-2021-26895", "CVE-2021-26896", "CVE-2021-26897", "CVE-2021-26898", "CVE-2021-26899", "CVE-2021-26900", "CVE-2021-26901", "CVE-2021-26902", "CVE-2021-27047", "CVE-2021-27048", "CVE-2021-27049", "CVE-2021-27050", "CVE-2021-27051", "CVE-2021-27061", "CVE-2021-27062", "CVE-2021-27063", "CVE-2021-27066", "CVE-2021-27070", "CVE-2021-27077"], "modified": "2021-06-22T00:00:00", "id": "KLA12111", "href": "https://threats.kaspersky.com/en/vulnerability/KLA12111/", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-02-08T15:49:30", "description": "### *Detect date*:\n11/10/2020\n\n### *Severity*:\nCritical\n\n### *Description*:\nMultiple vulnerabilities were found in Microsoft Windows. Malicious users can exploit these vulnerabilities to obtain sensitive information, execute arbitrary code, gain privileges, bypass security restrictions, cause denial of service, spoof user interface.\n\n### *Exploitation*:\nMalware exists for this vulnerability. Usually such malware is classified as Exploit. [More details](<https://threats.kaspersky.com/en/class/Exploit/>).\n\n### *Affected products*:\nWindows 10 Version 1909 for ARM64-based Systems \nWindows Server 2019 \nWindows 10 Version 1903 for ARM64-based Systems \nWindows 8.1 for x64-based systems \nWindows Server, version 1903 (Server Core installation) \nRaw Image Extension \nWindows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) \nWindows 10 Version 1809 for ARM64-based Systems \nWindows 10 Version 1803 for 32-bit Systems \nWindows Server 2012 R2 (Server Core installation) \nWindows 10 Version 1607 for x64-based Systems \nWindows Server 2019 (Server Core installation) \nWindows 10 Version 1809 for 32-bit Systems \nWindows Server, version 1909 (Server Core installation) \nWindows 10 Version 20H2 for x64-based Systems \nWindows Server 2008 for x64-based Systems Service Pack 2 \nWindows Server 2008 for 32-bit Systems Service Pack 2 \nWindows 10 for 32-bit Systems \nWindows Server 2008 R2 for x64-based Systems Service Pack 1 \nWindows 10 Version 2004 for ARM64-based Systems \nAV1 Video Extension \nWindows 10 Version 20H2 for 32-bit Systems \nWindows 10 Version 1909 for x64-based Systems \nWindows RT 8.1 \nWebP Image Extension \nWindows 10 Version 1803 for ARM64-based Systems \nWindows Server, version 20H2 (Server Core Installation) \nWindows 10 Version 1607 for 32-bit Systems \nWindows 10 Version 1809 for x64-based Systems \nWindows Server 2012 (Server Core installation) \nWindows 10 Version 2004 for x64-based Systems \nWindows 10 Version 2004 for 32-bit Systems \nWindows 10 Version 1903 for x64-based Systems \nWindows 10 Version 1803 for x64-based Systems \nHEVC Video Extensions \nWindows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) \nWindows 10 for x64-based Systems \nWindows Server 2012 \nHEIF Image Extension \nWindows Server 2016 (Server Core installation) \nWindows 7 for x64-based Systems Service Pack 1 \nWindows 8.1 for 32-bit systems \nWindows Server 2012 R2 \nWindows 10 Version 1903 for 32-bit Systems \nWindows Server 2016 \nWindows 10 Version 20H2 for ARM64-based Systems \nWindows 10 Version 1909 for 32-bit Systems \nWindows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) \nWindows Server, version 2004 (Server Core installation) \nWindows 7 for 32-bit Systems Service Pack 1\n\n### *Solution*:\nInstall necessary updates from the KB section, that are listed in your Windows Update (Windows Update usually can be accessed from the Control Panel)\n\n### *Original advisories*:\n[CVE-2020-17081](<https://nvd.nist.gov/vuln/detail/CVE-2020-17081>) \n[CVE-2020-17082](<https://nvd.nist.gov/vuln/detail/CVE-2020-17082>) \n[CVE-2020-17075](<https://nvd.nist.gov/vuln/detail/CVE-2020-17075>) \n[CVE-2020-17049](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-17049>) \n[CVE-2020-17086](<https://nvd.nist.gov/vuln/detail/CVE-2020-17086>) \n[CVE-2020-17087](<https://nvd.nist.gov/vuln/detail/CVE-2020-17087>) \n[CVE-2020-17088](<https://nvd.nist.gov/vuln/detail/CVE-2020-17088>) \n[CVE-2020-17045](<https://nvd.nist.gov/vuln/detail/CVE-2020-17045>) \n[CVE-2020-17046](<https://nvd.nist.gov/vuln/detail/CVE-2020-17046>) \n[CVE-2020-17047](<https://nvd.nist.gov/vuln/detail/CVE-2020-17047>) \n[CVE-2020-17040](<https://nvd.nist.gov/vuln/detail/CVE-2020-17040>) \n[CVE-2020-17041](<https://nvd.nist.gov/vuln/detail/CVE-2020-17041>) \n[CVE-2020-17042](<https://nvd.nist.gov/vuln/detail/CVE-2020-17042>) \n[CVE-2020-17043](<https://nvd.nist.gov/vuln/detail/CVE-2020-17043>) \n[CVE-2020-17101](<https://nvd.nist.gov/vuln/detail/CVE-2020-17101>) \n[CVE-2020-17026](<https://nvd.nist.gov/vuln/detail/CVE-2020-17026>) \n[CVE-2020-17102](<https://nvd.nist.gov/vuln/detail/CVE-2020-17102>) \n[CVE-2020-17106](<https://nvd.nist.gov/vuln/detail/CVE-2020-17106>) \n[CVE-2020-17028](<https://nvd.nist.gov/vuln/detail/CVE-2020-17028>) \n[CVE-2020-17029](<https://nvd.nist.gov/vuln/detail/CVE-2020-17029>) \n[CVE-2020-17000](<https://nvd.nist.gov/vuln/detail/CVE-2020-17000>) \n[CVE-2020-17001](<https://nvd.nist.gov/vuln/detail/CVE-2020-17001>) \n[CVE-2020-17024](<https://nvd.nist.gov/vuln/detail/CVE-2020-17024>) \n[CVE-2020-17025](<https://nvd.nist.gov/vuln/detail/CVE-2020-17025>) \n[CVE-2020-17004](<https://nvd.nist.gov/vuln/detail/CVE-2020-17004>) \n[CVE-2020-17068](<https://nvd.nist.gov/vuln/detail/CVE-2020-17068>) \n[CVE-2020-17007](<https://nvd.nist.gov/vuln/detail/CVE-2020-17007>) \n[CVE-2020-17069](<https://nvd.nist.gov/vuln/detail/CVE-2020-17069>) \n[CVE-2020-16999](<https://nvd.nist.gov/vuln/detail/CVE-2020-16999>) \n[CVE-2020-17038](<https://nvd.nist.gov/vuln/detail/CVE-2020-17038>) \n[CVE-2020-17034](<https://nvd.nist.gov/vuln/detail/CVE-2020-17034>) \n[CVE-2020-1599](<https://nvd.nist.gov/vuln/detail/CVE-2020-1599>) \n[CVE-2020-17044](<https://nvd.nist.gov/vuln/detail/CVE-2020-17044>) \n[CVE-2020-17109](<https://nvd.nist.gov/vuln/detail/CVE-2020-17109>) \n[CVE-2020-17033](<https://nvd.nist.gov/vuln/detail/CVE-2020-17033>) \n[CVE-2020-17090](<https://nvd.nist.gov/vuln/detail/CVE-2020-17090>) \n[CVE-2020-17027](<https://nvd.nist.gov/vuln/detail/CVE-2020-17027>) \n[CVE-2020-17030](<https://nvd.nist.gov/vuln/detail/CVE-2020-17030>) \n[CVE-2020-17051](<https://nvd.nist.gov/vuln/detail/CVE-2020-17051>) \n[CVE-2020-17057](<https://nvd.nist.gov/vuln/detail/CVE-2020-17057>) \n[CVE-2020-17056](<https://nvd.nist.gov/vuln/detail/CVE-2020-17056>) \n[CVE-2020-17055](<https://nvd.nist.gov/vuln/detail/CVE-2020-17055>) \n[CVE-2020-17108](<https://nvd.nist.gov/vuln/detail/CVE-2020-17108>) \n[CVE-2020-17070](<https://nvd.nist.gov/vuln/detail/CVE-2020-17070>) \n[CVE-2020-17073](<https://nvd.nist.gov/vuln/detail/CVE-2020-17073>) \n[CVE-2020-17014](<https://nvd.nist.gov/vuln/detail/CVE-2020-17014>) \n[CVE-2020-17013](<https://nvd.nist.gov/vuln/detail/CVE-2020-17013>) \n[CVE-2020-17074](<https://nvd.nist.gov/vuln/detail/CVE-2020-17074>) \n[CVE-2020-17011](<https://nvd.nist.gov/vuln/detail/CVE-2020-17011>) \n[CVE-2020-17010](<https://nvd.nist.gov/vuln/detail/CVE-2020-17010>) \n[CVE-2020-17035](<https://nvd.nist.gov/vuln/detail/CVE-2020-17035>) \n[CVE-2020-17078](<https://nvd.nist.gov/vuln/detail/CVE-2020-17078>) \n[CVE-2020-17037](<https://nvd.nist.gov/vuln/detail/CVE-2020-17037>) \n[CVE-2020-17036](<https://nvd.nist.gov/vuln/detail/CVE-2020-17036>) \n[CVE-2020-17031](<https://nvd.nist.gov/vuln/detail/CVE-2020-17031>) \n[CVE-2020-16998](<https://nvd.nist.gov/vuln/detail/CVE-2020-16998>) \n[CVE-2020-17076](<https://nvd.nist.gov/vuln/detail/CVE-2020-17076>) \n[CVE-2020-17032](<https://nvd.nist.gov/vuln/detail/CVE-2020-17032>) \n[CVE-2020-16997](<https://nvd.nist.gov/vuln/detail/CVE-2020-16997>) \n[CVE-2020-17071](<https://nvd.nist.gov/vuln/detail/CVE-2020-17071>) \n[CVE-2020-17113](<https://nvd.nist.gov/vuln/detail/CVE-2020-17113>) \n[CVE-2020-17077](<https://nvd.nist.gov/vuln/detail/CVE-2020-17077>) \n[CVE-2020-17110](<https://nvd.nist.gov/vuln/detail/CVE-2020-17110>) \n[CVE-2020-17107](<https://nvd.nist.gov/vuln/detail/CVE-2020-17107>) \n[CVE-2020-17105](<https://nvd.nist.gov/vuln/detail/CVE-2020-17105>) \n[CVE-2020-17079](<https://nvd.nist.gov/vuln/detail/CVE-2020-17079>) \n[CVE-2020-17012](<https://nvd.nist.gov/vuln/detail/CVE-2020-17012>) \n\n\n### *Impacts*:\nACE \n\n### *Related products*:\n[Microsoft Windows Server 2012](<https://threats.kaspersky.com/en/product/Microsoft-Windows-Server-2012/>)\n\n### *CVE-IDS*:\n[CVE-2020-17043](<https://vulners.com/cve/CVE-2020-17043>)6.8High \n[CVE-2020-17069](<https://vulners.com/cve/CVE-2020-17069>)2.1Warning \n[CVE-2020-17087](<https://vulners.com/cve/CVE-2020-17087>)7.2High \n[CVE-2020-17088](<https://vulners.com/cve/CVE-2020-17088>)4.6Warning \n[CVE-2020-17045](<https://vulners.com/cve/CVE-2020-17045>)4.9Warning \n[CVE-2020-17047](<https://vulners.com/cve/CVE-2020-17047>)7.8Critical \n[CVE-2020-17042](<https://vulners.com/cve/CVE-2020-17042>)9.3Critical \n[CVE-2020-1599](<https://vulners.com/cve/CVE-2020-1599>)2.1Warning \n[CVE-2020-17044](<https://vulners.com/cve/CVE-2020-17044>)6.8High \n[CVE-2020-16997](<https://vulners.com/cve/CVE-2020-16997>)4.0Warning \n[CVE-2020-17014](<https://vulners.com/cve/CVE-2020-17014>)6.6High \n[CVE-2020-17038](<https://vulners.com/cve/CVE-2020-17038>)7.2High \n[CVE-2020-17011](<https://vulners.com/cve/CVE-2020-17011>)7.2High \n[CVE-2020-17029](<https://vulners.com/cve/CVE-2020-17029>)4.9Warning \n[CVE-2020-17000](<https://vulners.com/cve/CVE-2020-17000>)2.1Warning \n[CVE-2020-17001](<https://vulners.com/cve/CVE-2020-17001>)4.6Warning \n[CVE-2020-17068](<https://vulners.com/cve/CVE-2020-17068>)7.2High \n[CVE-2020-17036](<https://vulners.com/cve/CVE-2020-17036>)4.9Warning \n[CVE-2020-17004](<https://vulners.com/cve/CVE-2020-17004>)2.1Warning \n[CVE-2020-17081](<https://vulners.com/cve/CVE-2020-17081>)5.0Critical \n[CVE-2020-17082](<https://vulners.com/cve/CVE-2020-17082>)7.5Critical \n[CVE-2020-17075](<https://vulners.com/cve/CVE-2020-17075>)4.6Warning \n[CVE-2020-17049](<https://vulners.com/cve/CVE-2020-17049>)9.0Critical \n[CVE-2020-17086](<https://vulners.com/cve/CVE-2020-17086>)7.5Critical \n[CVE-2020-17046](<https://vulners.com/cve/CVE-2020-17046>)4.9Warning \n[CVE-2020-17040](<https://vulners.com/cve/CVE-2020-17040>)7.5Critical \n[CVE-2020-17041](<https://vulners.com/cve/CVE-2020-17041>)7.2High \n[CVE-2020-17101](<https://vulners.com/cve/CVE-2020-17101>)4.6Warning \n[CVE-2020-17026](<https://vulners.com/cve/CVE-2020-17026>)4.6Warning \n[CVE-2020-17102](<https://vulners.com/cve/CVE-2020-17102>)2.1Warning \n[CVE-2020-17106](<https://vulners.com/cve/CVE-2020-17106>)9.3Critical \n[CVE-2020-17028](<https://vulners.com/cve/CVE-2020-17028>)4.6Warning \n[CVE-2020-17024](<https://vulners.com/cve/CVE-2020-17024>)7.2High \n[CVE-2020-17025](<https://vulners.com/cve/CVE-2020-17025>)4.6Warning \n[CVE-2020-17007](<https://vulners.com/cve/CVE-2020-17007>)4.6Warning \n[CVE-2020-16999](<https://vulners.com/cve/CVE-2020-16999>)2.1Warning \n[CVE-2020-17034](<https://vulners.com/cve/CVE-2020-17034>)4.6Warning \n[CVE-2020-17109](<https://vulners.com/cve/CVE-2020-17109>)9.3Critical \n[CVE-2020-17033](<https://vulners.com/cve/CVE-2020-17033>)4.6Warning \n[CVE-2020-17090](<https://vulners.com/cve/CVE-2020-17090>)7.5Critical \n[CVE-2020-17027](<https://vulners.com/cve/CVE-2020-17027>)4.6Warning \n[CVE-2020-17030](<https://vulners.com/cve/CVE-2020-17030>)4.9Warning \n[CVE-2020-17057](<https://vulners.com/cve/CVE-2020-17057>)7.2High \n[CVE-2020-17056](<https://vulners.com/cve/CVE-2020-17056>)2.1Warning \n[CVE-2020-17055](<https://vulners.com/cve/CVE-2020-17055>)6.8High \n[CVE-2020-17108](<https://vulners.com/cve/CVE-2020-17108>)9.3Critical \n[CVE-2020-17070](<https://vulners.com/cve/CVE-2020-17070>)7.2High \n[CVE-2020-17073](<https://vulners.com/cve/CVE-2020-17073>)4.6Warning \n[CVE-2020-17013](<https://vulners.com/cve/CVE-2020-17013>)2.1Warning \n[CVE-2020-17074](<https://vulners.com/cve/CVE-2020-17074>)7.2High \n[CVE-2020-17010](<https://vulners.com/cve/CVE-2020-17010>)7.2High \n[CVE-2020-17035](<https://vulners.com/cve/CVE-2020-17035>)7.2High \n[CVE-2020-17078](<https://vulners.com/cve/CVE-2020-17078>)7.5Critical \n[CVE-2020-17037](<https://vulners.com/cve/CVE-2020-17037>)7.2High \n[CVE-2020-17031](<https://vulners.com/cve/CVE-2020-17031>)4.6Warning \n[CVE-2020-16998](<https://vulners.com/cve/CVE-2020-16998>)4.6Warning \n[CVE-2020-17076](<https://vulners.com/cve/CVE-2020-17076>)7.2High \n[CVE-2020-17032](<https://vulners.com/cve/CVE-2020-17032>)4.6Warning \n[CVE-2020-17071](<https://vulners.com/cve/CVE-2020-17071>)2.1Warning \n[CVE-2020-17113](<https://vulners.com/cve/CVE-2020-17113>)2.1Warning \n[CVE-2020-17077](<https://vulners.com/cve/CVE-2020-17077>)7.2High \n[CVE-2020-17110](<https://vulners.com/cve/CVE-2020-17110>)9.3Critical \n[CVE-2020-17107](<https://vulners.com/cve/CVE-2020-17107>)9.3Critical \n[CVE-2020-17079](<https://vulners.com/cve/CVE-2020-17079>)7.5Critical \n[CVE-2020-17012](<https://vulners.com/cve/CVE-2020-17012>)4.6Warning\n\n### *KB list*:\n[4586785](<http://support.microsoft.com/kb/4586785>) \n[4586793](<http://support.microsoft.com/kb/4586793>) \n[4586787](<http://support.microsoft.com/kb/4586787>) \n[4586786](<http://support.microsoft.com/kb/4586786>) \n[4586781](<http://support.microsoft.com/kb/4586781>) \n[4586834](<http://support.microsoft.com/kb/4586834>) \n[4586830](<http://support.microsoft.com/kb/4586830>) \n[4586845](<http://support.microsoft.com/kb/4586845>) \n[4586808](<http://support.microsoft.com/kb/4586808>) \n[4586823](<http://support.microsoft.com/kb/4586823>) \n[4592449](<http://support.microsoft.com/kb/4592449>) \n[4598278](<http://support.microsoft.com/kb/4598278>) \n[4598297](<http://support.microsoft.com/kb/4598297>) \n[5001337](<http://support.microsoft.com/kb/5001337>) \n[5004238](<http://support.microsoft.com/kb/5004238>) \n[5004302](<http://support.microsoft.com/kb/5004302>) \n[5004294](<http://support.microsoft.com/kb/5004294>) \n[5004237](<http://support.microsoft.com/kb/5004237>) \n[5004244](<http://support.microsoft.com/kb/5004244>) \n[5004298](<http://support.microsoft.com/kb/5004298>) \n[5004285](<http://support.microsoft.com/kb/5004285>)\n\n### *Microsoft official advisories*:", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2020-11-10T00:00:00", "type": "kaspersky", "title": "KLA12004 Multiple vulnerabilities in Microsoft Windows", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-1599", "CVE-2020-16997", "CVE-2020-16998", "CVE-2020-16999", "CVE-2020-17000", "CVE-2020-17001", "CVE-2020-17004", "CVE-2020-17007", "CVE-2020-17010", "CVE-2020-17011", "CVE-2020-17012", "CVE-2020-17013", "CVE-2020-17014", "CVE-2020-17024", "CVE-2020-17025", "CVE-2020-17026", "CVE-2020-17027", "CVE-2020-17028", "CVE-2020-17029", "CVE-2020-17030", "CVE-2020-17031", "CVE-2020-17032", "CVE-2020-17033", "CVE-2020-17034", "CVE-2020-17035", "CVE-2020-17036", "CVE-2020-17037", "CVE-2020-17038", "CVE-2020-17040", "CVE-2020-17041", "CVE-2020-17042", "CVE-2020-17043", "CVE-2020-17044", "CVE-2020-17045", "CVE-2020-17046", "CVE-2020-17047", "CVE-2020-17049", "CVE-2020-17051", "CVE-2020-17055", "CVE-2020-17056", "CVE-2020-17057", "CVE-2020-17068", "CVE-2020-17069", "CVE-2020-17070", "CVE-2020-17071", "CVE-2020-17073", "CVE-2020-17074", "CVE-2020-17075", "CVE-2020-17076", "CVE-2020-17077", "CVE-2020-17078", "CVE-2020-17079", "CVE-2020-17081", "CVE-2020-17082", "CVE-2020-17086", "CVE-2020-17087", "CVE-2020-17088", "CVE-2020-17090", "CVE-2020-17101", "CVE-2020-17102", "CVE-2020-17105", "CVE-2020-17106", "CVE-2020-17107", "CVE-2020-17108", "CVE-2020-17109", "CVE-2020-17110", "CVE-2020-17113"], "modified": "2022-01-18T00:00:00", "id": "KLA12004", "href": "https://threats.kaspersky.com/en/vulnerability/KLA12004/", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "securelist": [{"lastseen": "2021-11-26T12:37:38", "description": "\n\n * [IT threat evolution Q3 2021](<https://securelist.com/it-threat-evolution-q3-2021/104876/>)\n * **IT threat evolution in Q3 2021. PC statistics**\n * [IT threat evolution in Q3 2021. Mobile statistics](<https://securelist.com/it-threat-evolution-in-q3-2021-mobile-statistics/105020/>)\n\n_These statistics are based on detection verdicts of Kaspersky products received from users who consented to providing statistical data._\n\n## Quarterly figures\n\nAccording to Kaspersky Security Network, in Q3 2021:\n\n * Kaspersky solutions blocked 1,098,968,315 attacks from online resources across the globe.\n * Web Anti-Virus recognized 289,196,912 unique URLs as malicious.\n * Attempts to run malware for stealing money from online bank accounts were stopped on the computers of 104,257 unique users.\n * Ransomware attacks were defeated on the computers of 108,323 unique users.\n * Our File Anti-Virus detected 62,577,326 unique malicious and potentially unwanted objects.\n\n## Financial threats\n\n### Financial threat statistics\n\nIn Q3 2021, Kaspersky solutions blocked the launch of at least one piece of banking malware on the computers of 104,257 unique users.\n\n_Number of unique users attacked by financial malware, Q3 2021 ([download](<https://media.kasperskycontenthub.com/wp-content/uploads/sites/43/2021/11/23150303/01-en-malware-report-q3-2021-pc-graphs.png>))_\n\n**Geography of financial malware attacks**\n\n_To evaluate and compare the risk of being infected by banking Trojans and ATM/POS malware worldwide, for each country we calculated the share of users of Kaspersky products who faced this threat during the reporting period as a percentage of all users of our products in that country._\n\n_Geography of financial malware attacks, Q3 2021 ([download](<https://media.kasperskycontenthub.com/wp-content/uploads/sites/43/2021/11/23150355/02-en-malware-report-q3-2021-pc-graphs.png>))_\n\n**Top 10 countries by share of attacked users**\n\n| **Country*** | **%**** \n---|---|--- \n1 | Turkmenistan | 5.4 \n2 | Tajikistan | 3.7 \n3 | Afghanistan | 3.5 \n4 | Uzbekistan | 3.0 \n5 | Yemen | 1.9 \n6 | Kazakhstan | 1.6 \n7 | Paraguay | 1.6 \n8 | Sudan | 1.6 \n9 | Zimbabwe | 1.4 \n10 | Belarus | 1.1 \n \n_* Excluded are countries with relatively few Kaspersky product users (under 10,000)._ \n_** Unique users whose computers were targeted by financial malware as a percentage of all unique users of Kaspersky products in the country._\n\n**Top 10 banking malware families**\n\n| Name | Verdicts | %* \n---|---|---|--- \n1 | Zbot | Trojan.Win32.Zbot | 17.7 \n2 | SpyEye | Trojan-Spy.Win32.SpyEye | 17.5 \n3 | CliptoShuffler | Trojan-Banker.Win32.CliptoShuffler | 9.6 \n4 | Trickster | Trojan.Win32.Trickster | 4.5 \n5 | RTM | Trojan-Banker.Win32.RTM | 3.6 \n6 | Nimnul | Virus.Win32.Nimnul | 3.0 \n7 | Gozi | Trojan-Banker.Win32.Gozi | 2.7 \n8 | Danabot | Trojan-Banker.Win32.Danabot | 2.4 \n9 | Tinba | Trojan-Banker.Win32.Tinba | 1.5 \n10 | Cridex | Backdoor.Win32.Cridex | 1.3 \n \n_* Unique users who encountered this malware family as a percentage of all users attacked by financial malware._\n\nIn Q3, the family ZeuS/Zbot (17.7%), as usual, became the most widespread family of bankers. Next came the SpyEye (17.5%) family, whose share doubled from 8.8% in the previous quarter. The Top 3 was rounded out by the CliptoShuffler family (9.6%) \u2014 one position and just 0.3 p.p. down. The families Trojan-Banker.Win32.Gozi (2.7%) and Trojan-Banker.Win32.Tinba (1.5%) have made it back into the Top 10 in Q3 \u2014 seventh and ninth places, respectively.\n\n## Ransomware programs\n\n### Quarterly trends and highlights\n\n#### Attack on Kaseya and the REvil story\n\nIn early July, the group REvil/Sodinokibi [attempted an attack](<https://securelist.com/revil-ransomware-attack-on-msp-companies/103075/>) on the remote administration software Kaseya VSA, compromising several managed services providers (MSP) who used this system. Thanks to this onslaught on the supply chain, the attackers were able to infect over one thousand of the compromised MSPs&#x27; client businesses. REvil&#x27;s original $70 million ransom demand in exchange for decryption of all the users hit by the attack was soon moderated to 50 million.\n\nFollowing this massive attack, law enforcement agencies stepped up their attention to REvil, so by mid-July the gang turned off their Trojan infrastructure, suspended new infections and dropped out of sight. Meanwhile, Kaseya got a universal decryptor for all those affected by the attack. [According to](<https://helpdesk.kaseya.com/hc/en-gb/articles/4403440684689-Important-Notice-August-4th-2021>) Kaseya, it &quot;did not pay a ransom \u2014 either directly or indirectly through a third party&quot;. Later [it emerged](<https://www.washingtonpost.com/national-security/ransomware-fbi-revil-decryption-key/2021/09/21/4a9417d0-f15f-11eb-a452-4da5fe48582d_story.html>) that the company got the decryptor and the key from the FBI.\n\nBut already in the first half of September, REvil was up and running again. [According to](<https://www.bleepingcomputer.com/news/security/revil-ransomware-is-back-in-full-attack-mode-and-leaking-data/>) the hacking forum XSS, the group&#x27;s former public representative known as UNKN &quot;disappeared&quot;, and the malware developers, failing to find him, waited awhile and restored the Trojan infrastructure from backups.\n\n#### The arrival of BlackMatter: DarkSide restored?\n\nAs we already wrote in our Q2 report, the group DarkSide folded its operations after their &quot;too high-profile&quot; attack on Colonial Pipeline. And now there is a &quot;new&quot; arrival known as BlackMatter, which, as its members [claim](<https://therecord.media/an-interview-with-blackmatter-a-new-ransomware-group-thats-learning-from-the-mistakes-of-darkside-and-revil>), represents the &quot;best&quot; of DarkSide, REvil and LockBit.\n\nFrom our analysis of the BlackMatter Trojan&#x27;s executable we conclude that most likely it was built using DarkSide&#x27;s source codes.\n\n#### Q3 closures\n\n * Europol and the Ukrainian police have [arrested](<https://www.europol.europa.eu/newsroom/news/ransomware-gang-arrested-in-ukraine-europol's-support>) two members of an unnamed ransomware gang. The only detail made known is that the ransom demands amounted to \u20ac5 to \u20ac70 million.\n * Following its attack on Washington DC&#x27;s Metropolitan Police Department, the group Babuk folded (or just suspended) its operations and published an archive containing the Trojan&#x27;s source code, build tools and keys for some of the victims.\n * At the end of August, Ragnarok (not to be confused with RagnarLocker) suddenly called it a day, deleted all their victims&#x27; info from their portal and published the master key for decryption. The group gave no reasons for this course of action.\n\n#### Exploitation of vulnerabilities and new attack methods\n\n * The group HelloKitty used to distribute its ransomware by exploiting the vulnerability CVE-2019-7481 in SonicWall gateways.\n * Magniber and Vice Society penetrated the target systems by exploiting the vulnerabilities from the PrintNightmare family (CVE-2021-1675, CVE-2021-34527, CVE-2021-36958).\n * The group LockFile exploited ProxyShell vulnerabilities (CVE-2021-34473, CVE-2021-34523, CVE-2021-31207) to penetrate the victim&#x27;s network; for lateral expansion they relied on the new PetitPotam attack that gained control of the domain controller.\n * The group Conti also used ProxyShell exploits for its attacks.\n\n### Number of new ransomware modifications\n\nIn Q3 2021, we detected 11 new ransomware families and 2,486 new modifications of this malware type.\n\n_Number of new ransomware modifications, Q3 2020 \u2014 Q3 2021 ([download](<https://media.kasperskycontenthub.com/wp-content/uploads/sites/43/2021/11/23150433/03-en-ru-es-malware-report-q3-2021-pc-graphs.png>))_\n\n## Number of users attacked by ransomware Trojans\n\nIn Q3 2021, Kaspersky products and technologies protected 108,323 users from ransomware attacks.\n\n_Number of unique users attacked by ransomware Trojans, Q3 2021 ([download](<https://media.kasperskycontenthub.com/wp-content/uploads/sites/43/2021/11/23150459/04-en-malware-report-q3-2021-pc-graphs.png>))_\n\n## Geography of ransomware attacks\n\n_Geography of attacks by ransomware Trojans, Q3 2021 ([download](<https://media.kasperskycontenthub.com/wp-content/uploads/sites/43/2021/11/23150535/05-en-malware-report-q3-2021-pc-graphs.png>))_\n\n**Top 10 countries attacked by ransomware Trojans**\n\n| **Country*** | **%**** \n---|---|--- \n1 | Bangladesh | 1.98 \n2 | Uzbekistan | 0.59 \n3 | Bolivia | 0.55 \n4 | Pakistan | 0.52 \n5 | Myanmar | 0.51 \n6 | China | 0.51 \n7 | Mozambique | 0.51 \n8 | Nepal | 0.48 \n9 | Indonesia | 0.47 \n10 | Egypt | 0.45 \n \n_* Excluded are countries with relatively few Kaspersky users (under 50,000). \n** Unique users attacked by ransomware Trojans as a percentage of all unique users of Kaspersky products in the country._\n\n## Top 10 most common families of ransomware Trojans\n\n| **Name** | **Verdicts** | **%*** \n---|---|---|--- \n1 | Stop/Djvu | Trojan-Ransom.Win32.Stop | 27.67% \n2 | (generic verdict) | Trojan-Ransom.Win32.Crypren | 17.37% \n3 | WannaCry | Trojan-Ransom.Win32.Wanna | 11.84% \n4 | (generic verdict) | Trojan-Ransom.Win32.Gen | 7.78% \n5 | (generic verdict) | Trojan-Ransom.Win32.Encoder | 5.58% \n6 | (generic verdict) | Trojan-Ransom.Win32.Phny | 5.57% \n7 | PolyRansom/VirLock | Virus.Win32.Polyransom / Trojan-Ransom.Win32.PolyRansom | 2.65% \n8 | (generic verdict) | Trojan-Ransom.Win32.Agent | 2.04% \n9 | (generic verdict) | Trojan-Ransom.MSIL.Encoder | 1.07% \n10 | (generic verdict) | Trojan-Ransom.Win32.Crypmod | 1.04% \n \n_* Unique Kaspersky users attacked by this family of ransomware Trojans as a percentage of all users attacked by such malware._\n\n## Miners\n\n### Number of new miner modifications\n\nIn Q3 2021, Kaspersky solutions detected 46,097 new modifications of miners.\n\n_Number of new miner modifications, Q3 2021 ([download](<https://media.kasperskycontenthub.com/wp-content/uploads/sites/43/2021/11/23150605/06-en-malware-report-q3-2021-pc-graphs.png>))_\n\n### Number of users attacked by miners\n\nIn Q3, we detected attacks using miners on the computers of 322,131 unique users of Kaspersky products worldwide. And while during Q2 the number of attacked users gradually decreased, the trend was reversed in July and August 2021. With slightly over 140,000 unique users attacked by miners in July, the number of potential victims almost reached 150,000 in September.\n\n_Number of unique users attacked by miners, Q3 2021 ([download](<https://media.kasperskycontenthub.com/wp-content/uploads/sites/43/2021/11/23150635/07-en-malware-report-q3-2021-pc-graphs.png>))_\n\n### Geography of miner attacks\n\n_Geography of miner attacks, Q3 2021 ([download](<https://media.kasperskycontenthub.com/wp-content/uploads/sites/43/2021/11/23150710/08-en-malware-report-q3-2021-pc-graphs.png>))_\n\n**Top 10 countries attacked by miners**\n\n| **Country*** | **%**** \n---|---|--- \n1 | Ethiopia | 2.41 \n2 | Rwanda | 2.26 \n3 | Myanmar | 2.22 \n4 | Uzbekistan | 1.61 \n5 | Ecuador | 1.47 \n6 | Pakistan | 1.43 \n7 | Tanzania | 1.40 \n8 | Mozambique | 1.34 \n9 | Kazakhstan | 1.34 \n10 | Azerbaijan | 1.27 \n \n_* Excluded are countries with relatively few users of Kaspersky products (under 50,000). \n** Unique users attacked by miners as a percentage of all unique users of Kaspersky products in the country._\n\n## Vulnerable applications used by cybercriminals during cyberattacks\n\n### Quarter highlights\n\nMuch clamor was caused in Q3 by a whole new family of vulnerabilities in Microsoft Windows printing subsystem, one already known to the media as PrintNightmare: [CVE-2021-1640](<https://nvd.nist.gov/vuln/detail/CVE-2021-1640>), [CVE-2021-26878](<https://nvd.nist.gov/vuln/detail/CVE-2021-26878>), [CVE-2021-1675](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-1675>), [CVE-2021-34527](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-34527>), [CVE-2021-36936](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-36936>), [CVE-2021-36947](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-36947>), [CVE-2021-34483](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-34483>). All those vulnerabilities allow for local escalation of privileges or remote execution of commands with system rights and, as they require next to nothing for exploitation, they are often used by popular mass infection tools. To fix them, several Microsoft patches are required.\n\nThe vulnerability known as PetitPotam proved no less troublesome. It allows an unprivileged user to take control of a Windows domain computer \u2014 or even a domain controller \u2014 provided the Active Directory certificate service is present and active.\n\nIn the newest OS Windows 11, even before its official release, the vulnerability [CVE-2021-36934](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-34483>) was detected and dubbed HiveNightmare/SeriousSam. It allows an unprivileged user to copy all the registry threads, including SAM, through the shadow copy mechanism, potentially exposing passwords and other critical data.\n\nIn Q3, attackers greatly favored exploits targeting the vulnerabilities ProxyToken, ProxyShell and ProxyOracle ([CVE-2021-31207](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-31207>), [CVE-2021-34473](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-34473>), [CVE-2021-31207](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-31207>), [CVE-2021-33766](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-33766>), [CVE-2021-31195](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-31195>), [CVE-2021-31196](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-31196>)). If exploited in combination, these open full control of mail servers managed by Microsoft Exchange Server. We already covered [similar vulnerabilities](<https://securelist.com/zero-day-vulnerabilities-in-microsoft-exchange-server/101096/>) \u2014 for instance, they were used in a HAFNIUM attack, also targeting Microsoft Exchange Server.\n\nAs before, server attacks relying on brute-forcing of passwords to various network services, such as MS SQL, RDP, etc., stand out among Q3 2021 network threats. Attacks using the exploits EternalBlue, EternalRomance and similar are as popular as ever. Among the new ones is the grim vulnerability enabling remote code execution when processing the Object-Graph Navigation Language in the product Atlassian Confluence Server ([CVE-2021-26084](<https://jira.atlassian.com/browse/CONFSERVER-67940>)) often used in various corporate environments. Also, Pulse Connect Secure was found to contain the vulnerability [CVE-2021-22937](<https://nvd.nist.gov/vuln/detail/CVE-2021-22937>), which however requires the administrator password for it to be exploited.\n\n### Statistics\n\nAs before, exploits for Microsoft Office vulnerabilities are still leading the pack in Q3 2021 (60,68%). These are popular due to the large body of users, most of whom still use older versions of the software, thus making the attackers&#x27; job much easier. The share of Microsoft Office exploits increased by almost 5 p.p. from the previous quarter. Among other things, it was due to the fact that the new vulnerability [CVE-2021-40444](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-40444>) was discovered in the wild, instantly employed to compromise user machines. The attacker can exploit it by using the standard functionality that allows office documents to download templates, implemented with the help of special ActiveX components. There is no proper validation of the processed data during the operation, so any malicious code can be downloaded. As you are reading this, the relevant security update is already available.\n\nThe way individual Microsoft Office vulnerabilities are ranked by the number of detections does not change much with time: the first positions are still shared by [CVE-2018-0802](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0802>) and [CVE-2017-8570](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8570>), with another popular vulnerability [CVE-2017-11882](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11882>) not far behind. We already covered these many times \u2014 all the above-mentioned vulnerabilities execute commands on behalf of the user and infect the system.\n\n_Distribution of exploits used by cybercriminals, by type of attacked application, Q3 2021 ([download](<https://media.kasperskycontenthub.com/wp-content/uploads/sites/43/2021/11/23151038/09-en-malware-report-q3-2021-pc-graphs.png>))_\n\nThe share of exploits for the popular browsers fell by 3 p.p. from the previous reporting period to 25.57% in Q3. In the three months covered by the report several vulnerabilities were discovered in Google Chrome browser and its script engine V8 \u2014 some of them in the wild. Among these, the following JavaScript engine vulnerabilities stand out: [CVE-2021-30563](<https://chromereleases.googleblog.com/2021/07/stable-channel-update-for-desktop.html>) (type confusion error corrupting the heap memory), [CVE-2021-30632](<https://chromereleases.googleblog.com/2021/09/stable-channel-update-for-desktop.html>) (out-of-bounds write in V8) and [CVE-2021-30633](<https://chromereleases.googleblog.com/2021/09/stable-channel-update-for-desktop.html>) (use-after-free in Indexed DB). All these can potentially allow remote execution of code. But it should be remembered that for modern browsers a chain of several exploits is often required to leave the sandbox and secure broader privileges in the system. It should also be noted that with Google Chromium codebase (in particular the Blink component and V8) being used in many browsers, any newly detected Google Chrome vulnerability automatically makes other browsers built with its open codebase vulnerable.\n\nThe third place if held by Google Android vulnerabilities (5.36%) \u2014 1 p.p. down from the previous period. They are followed by exploits for Adobe Flash (3.41%), their share gradually decreasing. The platform is no longer supported but is still favored by users, which is reflected in our statistics.\n\nOur ranking is rounded out by vulnerabilities for Java (2.98%), its share also noticeably lower, and Adobe PDF (1.98%).\n\n## Attacks on macOS\n\nWe will remember Q3 2021 for the two interesting revelations. The first one is the use of [malware code targeting macOS](<https://securelist.com/wildpressure-targets-macos/103072/>) as part of the WildPressure campaign. The second is the detailed [review of the previously unknown FinSpy implants](<https://securelist.com/finspy-unseen-findings/104322/>) for macOS.\n\nSpeaking of the most widespread threats detected by Kaspersky security solutions for macOS, most of our Top 20 ranking positions are occupied by various adware apps. Among the noteworthy ones is Monitor.OSX.HistGrabber.b (second place on the list) \u2014 this potentially unwanted software sends user browser history to its owners&#x27; servers.\n\n**Top 20 threats for macOS**\n\n| **Verdict** | **%*** \n---|---|--- \n1 | AdWare.OSX.Pirrit.j | 13.22 \n2 | Monitor.OSX.HistGrabber.b | 11.19 \n3 | AdWare.OSX.Pirrit.ac | 10.31 \n4 | AdWare.OSX.Pirrit.o | 9.32 \n5 | AdWare.OSX.Bnodlero.at | 7.43 \n6 | Trojan-Downloader.OSX.Shlayer.a | 7.22 \n7 | AdWare.OSX.Pirrit.gen | 6.41 \n8 | AdWare.OSX.Cimpli.m | 6.29 \n9 | AdWare.OSX.Bnodlero.bg | 6.13 \n10 | AdWare.OSX.Pirrit.ae | 5.96 \n11 | AdWare.OSX.Agent.gen | 5.65 \n12 | AdWare.OSX.Pirrit.aa | 5.39 \n13 | Trojan-Downloader.OSX.Agent.h | 4.49 \n14 | AdWare.OSX.Bnodlero.ay | 4.18 \n15 | AdWare.OSX.Ketin.gen | 3.56 \n16 | AdWare.OSX.Ketin.h | 3.46 \n17 | Backdoor.OSX.Agent.z | 3.45 \n18 | Trojan-Downloader.OSX.Lador.a | 3.06 \n19 | AdWare.OSX.Bnodlero.t | 2.80 \n20 | AdWare.OSX.Bnodlero.ax | 2.64 \n \n_* Unique users who encountered this malware as a percentage of all users of Kaspersky security solutions for macOS who were attacked._\n\n### Geography of threats for macOS\n\n_Geography of threats for macOS, Q3 2021 ([download](<https://media.kasperskycontenthub.com/wp-content/uploads/sites/43/2021/11/23151108/10-en-malware-report-q3-2021-pc-graphs.png>))_\n\n**Top 10 countries by share of attacked users**\n\n| **Country*** | **%**** \n---|---|--- \n1 | France | 3.05 \n2 | Spain | 2.85 \n3 | India | 2.70 \n4 | Mexico | 2.59 \n5 | Canada | 2.52 \n6 | Italy | 2.42 \n7 | United States | 2.37 \n8 | Australia | 2.23 \n9 | Brazil | 2.21 \n10 | United Kingdom | 2.12 \n \n_* Excluded from the rating are countries with relatively few users of Kaspersky security solutions for macOS (under 10,000). \n** Unique users attacked as a percentage of all users of Kaspersky security solutions for macOS in the country._\n\nIn Q3 2021, France took the lead having the greatest percentage of attacks on users of Kaspersky security solutions (3.05%), with the potentially unwanted software Monitor.OSX.HistGrabber being the prevalent threat there. Spain and India came in second and third, with the Pirrit family adware as their prevalent threat.\n\n## IoT attacks\n\n### IoT threat statistics\n\nIn Q3 2021, most of the devices that attacked Kaspersky honeypots did so using the Telnet protocol. Just less than a quarter of all devices attempted brute-forcing our traps via SSH.\n\nTelnet | 76.55% \n---|--- \nSSH | 23.45% \n \n_Distribution of attacked services by number of unique IP addresses of devices that carried out attacks, Q3 2021_\n\nThe statistics for working sessions with Kaspersky honeypots show similar Telnet dominance.\n\nTelnet | 84.29% \n---|--- \nSSH | 15.71% \n \n_Distribution of cybercriminal working sessions with Kaspersky traps, Q3 2021_\n\n**Top 10 threats delivered to IoT devices via Telnet**\n\n| **Verdict** | **%*** \n---|---|--- \n1 | Backdoor.Linux.Mirai.b | 39.48 \n2 | Trojan-Downloader.Linux.NyaDrop.b | 20.67 \n3 | Backdoor.Linux.Agent.bc | 10.00 \n4 | Backdoor.Linux.Mirai.ba | 8.65 \n5 | Trojan-Downloader.Shell.Agent.p | 3.50 \n6 | Backdoor.Linux.Gafgyt.a | 2.52 \n7 | RiskTool.Linux.BitCoinMiner.b | 1.69 \n8 | Backdoor.Linux.Ssh.a | 1.23 \n9 | Backdoor.Linux.Mirai.ad | 1.20 \n10 | HackTool.Linux.Sshbru.s | 1.12 \n \n_* Share of each threat delivered to infected devices as a result of a successful Telnet attack out of the total number of delivered threats._\n\nDetailed IoT threat statistics are published in our Q3 2021 DDoS report: <https://securelist.com/ddos-attacks-in-q3-2021/104796/#attacks-on-iot-honeypots>\n\n## Attacks via web resources\n\n_The statistics in this section are based on Web Anti-Virus, which protects users when malicious objects are downloaded from malicious/infected web pages. Cybercriminals create such sites on purpose and web resources with user-created content (for example, forums), as well as hacked legitimate resources, can be infected._\n\n### Countries that serve as sources of web-based attacks: Top 10\n\n_The following statistics show the distribution by country of the sources of Internet attacks blocked by Kaspersky products on user computers (web pages with redirects to exploits, sites hosting malicious programs, botnet C&amp;C centers, etc.). Any unique host could be the source of one or more web-based attacks._\n\n_To determine the geographic source of web attacks, the GeoIP technique was used to match the domain name to the real IP address at which the domain is hosted._\n\nIn Q3 2021, Kaspersky solutions blocked 1,098,968,315 attacks launched from online resources located across the globe. Web Anti-Virus recognized 289,196,912 unique URLs as malicious.\n\n_Distribution of web-attack sources by country, Q3 2021 ([download](<https://media.kasperskycontenthub.com/wp-content/uploads/sites/43/2021/11/23151328/13-en-malware-report-q3-2021-pc-graphs-1.png>))_\n\n### Countries where users faced the greatest risk of online infection\n\nTo assess the risk of online infection faced by users in different countries, for each country we calculated the percentage of Kaspersky users on whose computers Web Anti-Virus was triggered during the quarter. The resulting data provides an indication of the aggressiveness of the environment in which computers operate in different countries.\n\nThis rating only includes attacks by malicious programs that fall under the **Malware class**; it does not include Web Anti-Virus detections of potentially dangerous or unwanted programs such as RiskTool or adware.\n\n| **Country*** | **% of attacked users**** \n---|---|--- \n1 | Tunisia | 27.15 \n2 | Syria | 17.19 \n3 | Yemen | 17.05 \n4 | Nepal | 15.27 \n5 | Algeria | 15.27 \n6 | Macao | 14.83 \n7 | Belarus | 14.50 \n8 | Moldova | 13.91 \n9 | Madagascar | 13.80 \n10 | Serbia | 13.48 \n11 | Libya | 13.13 \n12 | Mauritania | 13.06 \n13 | Mongolia | 13.06 \n14 | India | 12.89 \n15 | Palestine | 12.79 \n16 | Sri Lanka | 12.76 \n17 | Ukraine | 12.39 \n18 | Estonia | 11.61 \n19 | Tajikistan | 11.44 \n20 | Qatar | 11.14 \n \n_* Excluded are countries with relatively few Kaspersky users (under 10,000). \n** Unique users targeted by **Malware-class** attacks as a percentage of all unique users of Kaspersky products in the country._\n\n_These statistics are based on detection verdicts by the Web Anti-Virus module that were received from users of Kaspersky products who consented to provide statistical data._\n\nOn average during the quarter, 8.72% of computers of Internet users worldwide were subjected to at least one **Malware-class** web attack.\n\n_Geography of web-based malware attacks, Q3 2021 ([download](<https://media.kasperskycontenthub.com/wp-content/uploads/sites/43/2021/11/23151358/14-en-malware-report-q3-2021-pc-graphs.png>))_\n\n## Local threats\n\n_In this section, we analyze statistical data obtained from the OAS and ODS modules in Kaspersky products. It takes into account malicious programs that were found directly on users&#x27; computers or removable media connected to them (flash drives, camera memory cards, phones, external hard drives), or which initially made their way onto the computer in non-open form (for example, programs in complex installers, encrypted files, etc.)._\n\nIn Q3 2021, our File Anti-Virus detected **62,577,326** malicious and potentially unwanted objects.\n\n### Countries where users faced the highest risk of local infection\n\nFor each country, we calculated the percentage of Kaspersky product users on whose computers File Anti-Virus was triggered during the reporting period. These statistics reflect the level of personal computer infection in different countries.\n\nNote that this rating only includes attacks by malicious programs that fall under the **Malware class**; it does not include File Anti-Virus triggers in response to potentially dangerous or unwanted programs, such as RiskTool or adware.\n\n| **Country*** | **% of attacked users**** \n---|---|--- \n1 | Turkmenistan | 47.42 \n2 | Yemen | 44.27 \n3 | Ethiopia | 42.57 \n4 | Tajikistan | 42.51 \n5 | Uzbekistan | 40.41 \n6 | South Sudan | 40.15 \n7 | Afghanistan | 40.07 \n8 | Cuba | 38.20 \n9 | Bangladesh | 36.49 \n10 | Myanmar | 35.96 \n11 | Venezuela | 35.20 \n12 | China | 35.16 \n13 | Syria | 34.64 \n14 | Madagascar | 33.49 \n15 | Rwanda | 33.06 \n16 | Sudan | 33.01 \n17 | Benin | 32.68 \n18 | Burundi | 31.88 \n19 | Laos | 31.70 \n20 | Cameroon | 31.28 \n \n_* Excluded are countries with relatively few Kaspersky users (under 10,000). \n** Unique users on whose computers **Malware-class** local threats were blocked, as a percentage of all unique users of Kaspersky products in the country._\n\n_Geography of local infection attempts, Q3 2021 ([download](<https://media.kasperskycontenthub.com/wp-content/uploads/sites/43/2021/11/23151433/15-en-malware-report-q3-2021-pc-graphs.png>))_\n\nOn average worldwide, **Malware-class** local threats were recorded on 15.14% of users&#x27; computers at least once during the quarter. Russia scored 14.64% in this rating.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 5.9}, "published": "2021-11-26T12:00:36", "type": "securelist", "title": "IT threat evolution in Q3 2021. PC statistics", "bulletinFamily": "blog", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-11882", "CVE-2017-8570", "CVE-2018-0802", "CVE-2019-7481", "CVE-2021-1640", "CVE-2021-1675", "CVE-2021-22937", "CVE-2021-26084", "CVE-2021-26878", "CVE-2021-30563", "CVE-2021-30632", "CVE-2021-30633", "CVE-2021-31195", "CVE-2021-31196", "CVE-2021-31207", "CVE-2021-33766", "CVE-2021-34473", "CVE-2021-34483", "CVE-2021-34523", "CVE-2021-34527", "CVE-2021-36934", "CVE-2021-36936", "CVE-2021-36947", "CVE-2021-36958", "CVE-2021-40444"], "modified": "2021-11-26T12:00:36", "id": "SECURELIST:C540EBB7FD8B7FB9E54E119E88DB5C48", "href": "https://securelist.com/it-threat-evolution-in-q3-2021-pc-statistics/104982/", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "avleonov": [{"lastseen": "2021-01-30T22:26:39", "description": "In this episode I would like to make a status update of my [Vulristics project](<https://github.com/leonov-av/vulristics>). For those who don&#x27;t know, in this project I retrieve publicly available vulnerability data and analyze it to better understand the severity of these vulnerabilities and better prioritize them. Currently, it is mainly about Microsoft Patch Tuesday vulnerabilities, but I have plans to go further. Also in this episode I want to demonstrate the new Vulristics features on Microsoft Patch Tuesday reports for October, November and December 2020.\n\n\n\n## Patch Tuesdays Automated Data Collection\n\nFirst of all, I dealt with the annoying collecting of the data for Microsoft Patch Tuesdays reports. Previously it took pretty long time. I had to go to Microsoft website and [search for CVE IDs](<https://msrc.microsoft.com/update-guide/vulnerability>). After that, I had to get the comments from various Vulnerability Management vendors and researchers blogs (Tenable, Qualys, Rapid7, ZDI). I wanted this to be as much automated as possible. I have added some code to make CVE search requests on the Microsoft website for a date range (including the second Tuesday of the month). I also figured out how to make searches on the Vulnerability Management vendors blogs. So, now to get a Microsoft Patch Tuesday report it&#x27;s only necessary to set the year and month. \n\nSimple like this:\n \n \n import functions_report_ms_patch_tuesday_\n \n _functions_report_ms_patch_tuesday.make_ms_patch_tuesday_report(year=**\"2020\"**, month=**\"December\"**, rewrite_flag=True)\n\n## Vulristics Vulnerability Scoring (VVS)\n\nI decided that CVSS is not suitable for evaluating, sorting and comparing vulnerabilities. I needed something to automatically process hundreds vulnerabilities every month and to highlight the most critical ones. Finally, I decided to make my own scoring - Vulristics Vulnerability Scoring (VVS). \n\nDo you know the perfect formula for counting vulnerability criticality? Well, I don&#x27;t.  Any scoring that I can make will be subjective and will probably change over time. But at least I can make it transparent and easily changeable, so that everyone can make their own vulnerability scoring most appropriate for a particular organization.\n\nSuch scoring should consider \n\n * CVSS Base score \n * existence of the exploit\n * exploitability of the vulnerability in the wild\n * popularity of the vulnerable software \n * type of the vulnerability\n\nExamples: \n\n2\\.  **Elevation of Privilege** - Windows Kernel Local ([CVE-2020-17087](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-17087>)) - Critical [628] \ncomponent| value| weight| comment \n---|---|---|--- \nExploited in the Wild| 1.0| 18| Exploitation in the wild is mentioned at Vulners ([AttackerKB](<https://vulners.com/attackerkb/AKB:B72B19ED-8E0B-4C11-9C2D-95A25BCC42A6>) object), [AttackerKB](<https://attackerkb.com/topics/y8mmBHc710/cve-2020-17087-windows-kernel-local-privilege-escalation-0day>), [Microsoft](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2020-17087>) \nPublic Exploit Exists| 0| 17| Public exploit is NOT found at Vulners website \nCriticality of Vulnerability Type| 0.5| 15| Elevation of Privilege \nVulnerable Product is Common| 1.0| 14| Windows component \nCVSS Base Score| 0.7| 10| NVD Vulnerability Severity Rating is High \n3\\.  **Elevation of Privilege** - Windows Print Spooler ([CVE-2020-17001](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-17001>)) - Critical [614] \ncomponent| value| weight| comment \n---|---|---|--- \nExploited in the Wild| 0| 18| Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites \nPublic Exploit Exists| 1.0| 17| Public exploit is found at Vulners ([Microsoft Windows Local Spooler Bypass](<https://vulners.com/PACKETSTORM/PACKETSTORM:160028>)) \nCriticality of Vulnerability Type| 0.5| 15| Elevation of Privilege \nVulnerable Product is Common| 1.0| 14| Windows component \nCVSS Base Score| 0.7| 10| NVD Vulnerability Severity Rating is High \n \n### Exploitablity in The Wild and Vulners\n\nThe really interesting thing was to detect if the vulnerability is being exploited in real attacks. I made a post in my telegram channel asking for ideas. We can&#x27;t use Microsoft data directly because they do not update it after the initial vulnerability release. Other good sources are [AttackerKB by Rapid7](<https://attackerkb.com/>) and [US-CERT Bulletins](<https://us-cert.cisa.gov/ncas/current-activity/2020/10/29/microsoft-warns-continued-exploitation-cve-2020-1472>). \n\nI asked my friends from the Vulners team to add this feature and now you can [search for CVEs exploited in the wild](<https://vulners.com/search?query=enchantments.exploitation.wildExploited:true>) based on data from AttackerKB and US-CERT. \n\n\n\nAnd also this data is available in JSON format for the vulnerability:\n \n \n ... \n \"exploitation\": {\n \"wildExploited\": true,\n \"wildExploitedSources\": [\n {\n \"type\": \"cisa\",\n \"idList\": [\n \"CISA:2B970469D89016F563E142BE209443D8\",\n \"CISA:61F2653EF56231DB3AEC3A9E938133FE\",\n \"CISA:990FCFCEB1D9B60F5FAA47A1F537A3CB\"\n ]\n },\n {\n \"type\": \"attackerkb\",\n \"idList\": [\n \"AKB:7C5703D3-9E18-4F5C-A4D2-25E1F09B43CB\"\n ]\n }\n ],\n \"modified\": \"2020-12-25T13:57:26\"\n },\n ... \n \n\nI also added direct AttackerKB processing to Vulristics and some code to filter out false positives in &quot;Exploitablity in The Wild&quot;.\n\n### VM Vendor&#x27;s Comments \n\nWhat about VM Vendor&#x27;s Comments? Firstly I thought that the existence of the comment from the vendor should be taken into consideration when counting the vulnerability score. But then I decided that it&#x27;s a bad practice because the vendors are not who makes the criticality but they help you to test your scoring.\n\nFor example, if your score shows that some vulnerability is critical and vulnerability management vendors don&#x27;t mention it, this means that your scoring has some flaws or the experts of VM vendor don&#x27;t understand something. \n\n## Microsoft Patch Tuesdays Q4 2020\n\nNow let&#x27;s take a look on the Vulrisctics Microsoft Patch Tuesday reports for October, November and December 2020.\n\n### October 2020\n\n * All vulnerabilities: 87\n * Urgent: 0\n * Critical: 2\n * High: 20\n * Medium: 63\n * Low: 2\n\nIt has been an interesting month. \n\nMost of the VM vendors and researchers focused on &quot;**Remote Code Execution** - Windows TCP/IP ([CVE-2020-16898](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-16898>)) - High [500]&quot;, dubbed &quot;Bad Neighbor&quot;. It affects all supported versions of Windows OS, and maybe unsupported/earlier versions of Windows as well. Tenable wrote: &quot;According to a blog post from McAfee, Microsoft Active Protections Program (MAPP) members were provided with a test script that successfully demonstrates exploitation of this vulnerability to cause a denial of service (DoS). While the test scenario does not provide the ability to pivot to RCE, an attacker could craft a wormable exploit to achieve RCE. While an additional bug would be required to craft an exploit, it is likely that we will see proof-of-concept (PoC) code released in the near future.&quot; However, there has been no news since October.\n\nBut there is a more critical vulnerability with a public exploit &quot;**Remote Code Execution** - Microsoft SharePoint ([CVE-2020-16952](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-16952>)) - Critical [640]&quot;. It was mentioned by all vendors, but without much emphasis.\n\nAnd the second critical vulnerability is &quot;**Elevation of Privilege** - Windows COM Server ([CVE-2020-16916](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-16916>)) - Critical [628]&quot; for which there is a flag of exploitation in the wild in AttackerKB. How much can you believe it? Well AttackerKB is a crowdsourcing platform, so possibly it can be fake.\n\nFor many other vulnerabilities (including 19 RCEs), there are no exploits or signs of exploitation in the wild. Among them, much attention has been paid to RCE in Microsoft Outlook ([CVE-2020-16947](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-16947>)). A quote from Tenable: &quot;Because Outlook\u2019s Preview Pane is affected by this flaw, a user does not have to open the message in order for the vulnerability to be exploited. As Outlook is widely used for enterprise email, we highly recommend prioritizing the patching of this CVE.&quot;\n\n### November 2020\n\n * All vulnerabilities: 112\n * Urgent: 0\n * Critical: 3\n * High: 17\n * Medium: 90\n * Low: 2\n\n2 vulnerabilities were critical because there is information about them that they are Exploited in the wild. \n\nAll VM vendors initially did not notice &quot;**Security Feature Bypass** - Kerberos KDC ([CVE-2020-17049](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-17049>)) - Critical [709]&quot;, only ZDI wrote that they don&#x27;t understand what it is: &quot;What security feature in Kerberos is being bypassed? What is the likelihood?&quot;. But then a post appeared with a [detailed description of the exploitation](<https://blog.netspi.com/cve-2020-17049-kerberos-bronze-bit-attack/>). \n\nThe second critical is &quot;**Elevation of Privilege** - Windows Kernel Local ([CVE-2020-17087](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-17087>)) - Critical [628]&quot;. It was used to escape Google Chrome\u2019s sandbox in order to elevate privileges on the exploited system.\n\nThe third critical vulnerability &quot;**Elevation of Privilege** - Windows Print Spooler ([CVE-2020-17001](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-17001>)) - Critical [614]&quot; has a public exploit at Vulners ([Microsoft Windows Local Spooler Bypass](<https://vulners.com/PACKETSTORM/160028>)) \n\nMost of the comments this month were about &quot;**Remote Code Execution** - Windows Network File System ([CVE-2020-17051](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-17051>)) - High [513]&quot;. A quote from Tenable: &quot;In a blog post by McAfee, there is speculation about combining **CVE-2020-17051** with CVE-2020-17056, a remote kernel data read vulnerability in NFS, in order to bypass address space layout randomization (ASLR), which could increase the probability of a remote exploit&quot;. But in fact, we did not see any attacks or exploits for this vulnerability.\n\nAlso worth mentioning RCEs in\n\n * Microsoft Exchange Server ([CVE-2020-17083](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-17083>), [CVE-2020-17084](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-17084>))\n * Windows Print Spooler ([CVE-2020-17042](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-17042>))\n * Microsoft Excel ([CVE-2020-17019](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-17019>), [CVE-2020-17064](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-17064>), [CVE-2020-17065](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-17065>), [CVE-2020-17066](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-17066>))\n * Microsoft SharePoint ([CVE-2020-17061](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-17061>))\n * Microsoft Teams ([CVE-2020-17091](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-17091>))\n\nBut we did not see any attacks or exploits for them either.\n\n### December 2020\n\n * All vulnerabilities: 58\n * Urgent: 0\n * Critical: 1\n * High: 23\n * Medium: 30\n * Low: 4\n\nThere were no vulnerabilities with exploits. \n\nThe critical is only &quot;**Remote Code Execution** - Microsoft Exchange ([CVE-2020-17144](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-17144>)) - Critical [705]&quot;, because of AttackerKB. How realistic is this? You know, crowdsourcing. Rapid7: **CVE-2020-17144** which is another remote code execution vulnerability also stemming from improper validation for cmdlet arguments, this one only affects Exchange Server 2010 SP3 and does require additional user interaction to successfully execute&quot;. Besides this, there were many other Microsoft Exchange RCEs ([CVE-2020-17117](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-17117>), [CVE-2020-17132](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-17132>), [CVE-2020-17141](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-17141>), [CVE-2020-17142](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-17142>)).\n\nOther RCEs worth mentioning were in:\n\n * Windows NTFS ([CVE-2020-17096](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-17096>)). Tenable: &quot;An RCE in Windows NT File System (NTFS), the file system used in Microsoft Windows and Microsoft Windows Server. No user interaction is required to exploit this vulnerability. Depending on the attacker\u2019s position, there are a few avenues for exploitation. For an attacker that has already established a local position on the vulnerable system, executing a malicious application that exploits the flaw would result in an elevation of privileges. Alternatively, a remote attacker could exploit the flaw by sending malicious requests to a vulnerable system, so long as they could access it over the Server Message Block version 2 protocol (SMBv2). Successful exploitation in this context would grant the attacker arbitrary code execution&quot;.\n * Hyper-V ([CVE-2020-17095](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-17095>))\n * Microsoft SharePoint ([CVE-2020-17118](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-17118>), [CVE-2020-17121](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-17121>))\n * Microsoft Excel ([CVE-2020-17122](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-17122>), [CVE-2020-17123](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-17123>), [CVE-2020-17125](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-17125>), [CVE-2020-17127](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-17127>), [CVE-2020-17128](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-17128>), [CVE-2020-17129](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-17129>))\n\nThank you, I will be glad to know your opinion about Vulristics and how it can be further improved. Write to <https://t.me/avleonovchat>.\n\nFull reports are available here:\n\n * [October 2020](<http://avleonov.com/vulristics_reports/october2020_report_avleonov_comments.html>)\n * [November 2020](<http://avleonov.com/vulristics_reports/november2020_report_avleonov_comments.html>)\n * [December 2020](<http://avleonov.com/vulristics_reports/december2020_report_avleonov_comments.html>)\n", "edition": 2, "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 5.9}, "published": "2021-01-11T01:50:44", "type": "avleonov", "title": "Vulristics Vulnerability Score, Automated Data Collection and Microsoft Patch Tuesdays Q4 2020", "bulletinFamily": "blog", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-1472", "CVE-2020-16898", "CVE-2020-16916", "CVE-2020-16947", "CVE-2020-16952", "CVE-2020-17001", "CVE-2020-17019", "CVE-2020-17042", "CVE-2020-17049", "CVE-2020-17051", "CVE-2020-17056", "CVE-2020-17061", "CVE-2020-17064", "CVE-2020-17065", "CVE-2020-17066", "CVE-2020-17083", "CVE-2020-17084", "CVE-2020-17087", "CVE-2020-17091", "CVE-2020-17095", "CVE-2020-17096", "CVE-2020-17117", "CVE-2020-17118", "CVE-2020-17121", "CVE-2020-17122", "CVE-2020-17123", "CVE-2020-17125", "CVE-2020-17127", "CVE-2020-17128", "CVE-2020-17129", "CVE-2020-17132", "CVE-2020-17141", "CVE-2020-17142", "CVE-2020-17144"], "modified": "2021-01-11T01:50:44", "id": "AVLEONOV:28E47C69DA4A069031694EB4C2C931BA", "href": "http://feedproxy.google.com/~r/avleonov/~3/mC48TITxRfM/", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "rapid7blog": [{"lastseen": "2021-03-13T12:49:58", "description": "\n\nAnother Patch Tuesday ([2021-Mar](<https://msrc.microsoft.com/update-guide/releaseNote/2021-Mar>)) is upon us and with this month comes a whopping 122 CVEs. As usual Windows tops the list of the most patched product. However, this month it\u2019s browser vulnerabilities taking the second place, outnumbering Office vulnerabilities 3:1! Lastly, the Exchange Server vulnerabilities this month are not to be ignored as more than half of them have been seen exploited in the wild.\n\n### Vulnerability Breakdown by Software Family\n\nFamily | Vulnerability Count \n---|--- \nWindows | 59 \nBrowser | 35 \nESU | 24 \nMicrosoft Office | 11 \nExchange Server | 7 \nDeveloper Tools | 6 \nAzure | 3 \nSQL Server | 1 \n \n## [Exchange Server Vulnerabilities](<https://support.microsoft.com/en-us/topic/description-of-the-security-update-for-microsoft-exchange-server-2019-2016-and-2013-march-2-2021-kb5000871-9800a6bb-0a21-4ee7-b9da-fa85b3e1d23b>)\n\nEarlier this month Microsoft [released out of band updates for Exchange Server](<https://msrc-blog.microsoft.com/2021/03/02/multiple-security-updates-released-for-exchange-server>). These critical updates fixed a number of publicly exploited vulnerabilities, but not before attackers were able to compromise over 30,000 internet facing instances. \n\nYesterday, Microsoft issued an [additional set of patches](<https://msrc-blog.microsoft.com/2021/03/05/microsoft-exchange-server-vulnerabilities-mitigations-march-2021/>) for older, unsupported versions of Exchange Server. This allows customers who have not been able to update to the most recent version of Exchange the ability to defend against these widespread exploit attempts.\n\nIf you administer an Exchange Server,** stop reading this blog and go patch these systems!** For more information [please see our blog post on the topic](<https://blog.rapid7.com/2021/03/03/mass-exploitation-of-exchange-server-zero-day-cves-what-you-need-to-know/>).\n\n## Patch those Windows systems!\n\nAlmost half of the newly announced vulnerabilities this month affect components of Windows itself. Some major highlights include:\n\n * Multiple high severity RCE vulnerabilities in Windows DNS Server \n([CVE-2021-26877](<https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-26877>), [CVE-2021-26893](<https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-26893>), [CVE-2021-26894](<https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-26894>), [CVE-2021-26895](<https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-26895>), and [CVE-2021-26897](<https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-26897>))\n * Remote Code Execution in Hyper-V ([CVE-2021-26867](<https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-26867>)) enabling virtual machine escape (CVSSv3 9.9)\n\n## Browser Vulnerabilities\n\nSince going end-of-life in November 2020, we haven't seen any Internet Explorer patches from Microsoft. However, this month Microsoft has made two new updates available: [CVE-2021-27085](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-27085>) and [CVE-2021-26411](<https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-26411>). CVE-2021-26411 has been exploited in the wild, so don't delay applying patches if IE is still in your environment.\n\nThe majority of the browser vulnerabilities announced this month affect Microsoft Edge on Chromium. These patches are courtesy of vulnerabilities being fixed upstream in the Chromium project.\n\n## Summary Tables\n\nHere are this month's patched vulnerabilities split by the product family.\n\n## Azure Vulnerabilities\n\nCVE | Vulnerability Title | Exploited | Disclosed | CVSS3 | FAQ \n---|---|---|---|---|--- \n[CVE-2021-27075](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-27075>) | Azure Virtual Machine Information Disclosure Vulnerability | No | No | 6.8 | Yes \n[CVE-2021-27080](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-27080>) | Azure Sphere Unsigned Code Execution Vulnerability | No | No | 9.3 | Yes \n[CVE-2021-27074](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-27074>) | Azure Sphere Unsigned Code Execution Vulnerability | No | No | 6.2 | Yes \n \n## Browser Vulnerabilities\n\nCVE | Vulnerability Title | Exploited | Disclosed | CVSS3 | FAQ \n---|---|---|---|---|--- \n[CVE-2021-27085](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-27085>) | Internet Explorer Remote Code Execution Vulnerability | No | No | 8.8 | No \n[CVE-2021-21190](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-21190>) | Chromium CVE-2021-21190 : Uninitialized Use in PDFium | No | No | N/A | Yes \n[CVE-2021-21189](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-21189>) | Chromium CVE-2021-21189: Insufficient policy enforcement in payments | No | No | N/A | Yes \n[CVE-2021-21188](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-21188>) | Chromium CVE-2021-21188: Use after free in Blink | No | No | N/A | Yes \n[CVE-2021-21187](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-21187>) | Chromium CVE-2021-21187: Insufficient data validation in URL formatting | No | No | N/A | Yes \n[CVE-2021-21186](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-21186>) | Chromium CVE-2021-21186: Insufficient policy enforcement in QR scanning | No | No | N/A | Yes \n[CVE-2021-21185](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-21185>) | Chromium CVE-2021-21185: Insufficient policy enforcement in extensions | No | No | N/A | Yes \n[CVE-2021-21184](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-21184>) | Chromium CVE-2021-21184: Inappropriate implementation in performance APIs | No | No | N/A | Yes \n[CVE-2021-21183](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-21183>) | Chromium CVE-2021-21183: Inappropriate implementation in performance APIs | No | No | N/A | Yes \n[CVE-2021-21182](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-21182>) | Chromium CVE-2021-21182: Insufficient policy enforcement in navigations | No | No | N/A | Yes \n[CVE-2021-21181](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-21181>) | Chromium CVE-2021-21181: Side-channel information leakage in autofill | No | No | N/A | Yes \n[CVE-2021-21180](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-21180>) | Chromium CVE-2021-21180: Use after free in tab search | No | No | N/A | Yes \n[CVE-2021-21179](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-21179>) | Chromium CVE-2021-21179: Use after free in Network Internals | No | No | N/A | Yes \n[CVE-2021-21178](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-21178>) | Chromium CVE-2021-21178 : Inappropriate implementation in Compositing | No | No | N/A | Yes \n[CVE-2021-21177](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-21177>) | Chromium CVE-2021-21177: Insufficient policy enforcement in Autofill | No | No | N/A | Yes \n[CVE-2021-21176](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-21176>) | Chromium CVE-2021-21176: Inappropriate implementation in full screen mode | No | No | N/A | Yes \n[CVE-2021-21175](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-21175>) | Chromium CVE-2021-21175: Inappropriate implementation in Site isolation | No | No | N/A | Yes \n[CVE-2021-21174](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-21174>) | Chromium CVE-2021-21174: Inappropriate implementation in Referrer | No | No | N/A | Yes \n[CVE-2021-21173](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-21173>) | Chromium CVE-2021-21173: Side-channel information leakage in Network Internals | No | No | N/A | Yes \n[CVE-2021-21172](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-21172>) | Chromium CVE-2021-21172: Insufficient policy enforcement in File System API | No | No | N/A | Yes \n[CVE-2021-21171](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-21171>) | Chromium CVE-2021-21171: Incorrect security UI in TabStrip and Navigation | No | No | N/A | Yes \n[CVE-2021-21170](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-21170>) | Chromium CVE-2021-21170: Incorrect security UI in Loader | No | No | N/A | Yes \n[CVE-2021-21169](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-21169>) | Chromium CVE-2021-21169: Out of bounds memory access in V8 | No | No | N/A | Yes \n[CVE-2021-21168](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-21168>) | Chromium CVE-2021-21168: Insufficient policy enforcement in appcache | No | No | N/A | Yes \n[CVE-2021-21167](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-21167>) | Chromium CVE-2021-21167: Use after free in bookmarks | No | No | N/A | Yes \n[CVE-2021-21166](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-21166>) | Chromium CVE-2021-21166: Object lifecycle issue in audio | No | No | N/A | Yes \n[CVE-2021-21165](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-21165>) | Chromium CVE-2021-21165: Object lifecycle issue in audio | No | No | N/A | Yes \n[CVE-2021-21164](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-21164>) | Chromium CVE-2021-21164: Insufficient data validation in Chrome for iOS | No | No | N/A | Yes \n[CVE-2021-21163](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-21163>) | Chromium CVE-2021-21163: Insufficient data validation in Reader Mode | No | No | N/A | Yes \n[CVE-2021-21162](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-21162>) | Chromium CVE-2021-21162: Use after free in WebRTC | No | No | N/A | Yes \n[CVE-2021-21161](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-21161>) | Chromium CVE-2021-21161: Heap buffer overflow in TabStrip | No | No | N/A | Yes \n[CVE-2021-21160](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-21160>) | Chromium CVE-2021-21160: Heap buffer overflow in WebAudio | No | No | N/A | Yes \n[CVE-2021-21159](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-21159>) | Chromium CVE-2021-21159: Heap buffer overflow in TabStrip | No | No | N/A | Yes \n[CVE-2020-27844](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-27844>) | Chromium CVE-2020-27844: Heap buffer overflow in OpenJPEG | No | No | N/A | Yes \n \n## Browser ESU Vulnerabilities\n\nCVE | Vulnerability Title | Exploited | Disclosed | CVSS3 | FAQ \n---|---|---|---|---|--- \n[CVE-2021-26411](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-26411>) | Internet Explorer Memory Corruption Vulnerability | Yes | Yes | 8.8 | Yes \n \n## Developer Tools Vulnerabilities\n\nCVE | Vulnerability Title | Exploited | Disclosed | CVSS3 | FAQ \n---|---|---|---|---|--- \n[CVE-2021-27060](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-27060>) | Visual Studio Code Remote Code Execution Vulnerability | No | No | 7.8 | No \n[CVE-2021-27084](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-27084>) | Visual Studio Code Java Extension Pack Remote Code Execution Vulnerability | No | No | N/A | No \n[CVE-2021-27081](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-27081>) | Visual Studio Code ESLint Extension Remote Code Execution Vulnerability | No | No | 7.8 | No \n[CVE-2021-27083](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-27083>) | Remote Development Extension for Visual Studio Code Remote Code Execution Vulnerability | No | No | 7.8 | No \n[CVE-2021-27082](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-27082>) | Quantum Development Kit for Visual Studio Code Remote Code Execution Vulnerability | No | No | 7.8 | No \n[CVE-2021-21300](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-21300>) | Git for Visual Studio Remote Code Execution Vulnerability | No | No | 8.8 | No \n \n## Exchange Server Vulnerabilities\n\nCVE | Vulnerability Title | Exploited | Disclosed | CVSS3 | FAQ \n---|---|---|---|---|--- \n[CVE-2021-26412](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-26412>) | Microsoft Exchange Server Remote Code Execution Vulnerability | No | No | 9.1 | No \n[CVE-2021-26855](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-26855>) | Microsoft Exchange Server Remote Code Execution Vulnerability | Yes | No | 9.1 | Yes \n[CVE-2021-27078](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-27078>) | Microsoft Exchange Server Remote Code Execution Vulnerability | No | No | 9.1 | No \n[CVE-2021-26857](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-26857>) | Microsoft Exchange Server Remote Code Execution Vulnerability | Yes | No | 7.8 | Yes \n[CVE-2021-27065](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-27065>) | Microsoft Exchange Server Remote Code Execution Vulnerability | Yes | No | 7.8 | Yes \n[CVE-2021-26858](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-26858>) | Microsoft Exchange Server Remote Code Execution Vulnerability | Yes | No | 7.8 | Yes \n[CVE-2021-26854](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-26854>) | Microsoft Exchange Server Remote Code Execution Vulnerability | No | No | 6.6 | No \n \n## Microsoft Office Vulnerabilities\n\nCVE | Vulnerability Title | Exploited | Disclosed | CVSS3 | FAQ \n---|---|---|---|---|--- \n[CVE-2021-27055](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-27055>) | Microsoft Visio Security Feature Bypass Vulnerability | No | No | 7 | Yes \n[CVE-2021-24104](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-24104>) | Microsoft SharePoint Spoofing Vulnerability | No | No | 4.6 | Yes \n[CVE-2021-27076](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-27076>) | Microsoft SharePoint Server Remote Code Execution Vulnerability | No | No | 8.8 | Yes \n[CVE-2021-27052](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-27052>) | Microsoft SharePoint Server Information Disclosure Vulnerability | No | No | 5.3 | Yes \n[CVE-2021-27056](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-27056>) | Microsoft PowerPoint Remote Code Execution Vulnerability | No | No | 7.8 | Yes \n[CVE-2021-24108](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-24108>) | Microsoft Office Remote Code Execution Vulnerability | No | No | 7.8 | Yes \n[CVE-2021-27057](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-27057>) | Microsoft Office Remote Code Execution Vulnerability | No | No | 7.8 | Yes \n[CVE-2021-27059](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-27059>) | Microsoft Office Remote Code Execution Vulnerability | No | No | 7.6 | Yes \n[CVE-2021-27058](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-27058>) | Microsoft Office ClickToRun Remote Code Execution Vulnerability | No | No | 7.8 | Yes \n[CVE-2021-27053](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-27053>) | Microsoft Excel Remote Code Execution Vulnerability | No | No | 7.8 | Yes \n[CVE-2021-27054](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-27054>) | Microsoft Excel Remote Code Execution Vulnerability | No | No | 7.8 | Yes \n \n## SQL Server Vulnerabilities\n\nCVE | Vulnerability Title | Exploited | Disclosed | CVSS3 | FAQ \n---|---|---|---|---|--- \n[CVE-2021-26859](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-26859>) | Microsoft Power BI Information Disclosure Vulnerability | No | No | 7.7 | Yes \n \n## Windows Vulnerabilities\n\nCVE | Vulnerability Title | Exploited | Disclosed | CVSS3 | FAQ \n---|---|---|---|---|--- \n[CVE-2021-26900](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-26900>) | Windows Win32k Elevation of Privilege Vulnerability | No | No | 7.8 | No \n[CVE-2021-26863](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-26863>) | Windows Win32k Elevation of Privilege Vulnerability | No | No | 7 | No \n[CVE-2021-26871](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-26871>) | Windows WalletService Elevation of Privilege Vulnerability | No | No | 7.8 | No \n[CVE-2021-26885](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-26885>) | Windows WalletService Elevation of Privilege Vulnerability | No | No | 7.8 | No \n[CVE-2021-26864](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-26864>) | Windows Virtual Registry Provider Elevation of Privilege Vulnerability | No | No | 8.4 | No \n[CVE-2021-1729](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-1729>) | Windows Update Stack Setup Elevation of Privilege Vulnerability | No | No | 7.1 | No \n[CVE-2021-26889](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-26889>) | Windows Update Stack Elevation of Privilege Vulnerability | No | No | 7.1 | No \n[CVE-2021-26866](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-26866>) | Windows Update Service Elevation of Privilege Vulnerability | No | No | 7.1 | No \n[CVE-2021-26870](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-26870>) | Windows Projected File System Elevation of Privilege Vulnerability | No | No | 7.8 | No \n[CVE-2021-26874](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-26874>) | Windows Overlay Filter Elevation of Privilege Vulnerability | No | No | 7.8 | No \n[CVE-2021-26879](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-26879>) | Windows NAT Denial of Service Vulnerability | No | No | 7.5 | No \n[CVE-2021-26884](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-26884>) | Windows Media Photo Codec Information Disclosure Vulnerability | No | No | 5.5 | Yes \n[CVE-2021-26867](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-26867>) | Windows Hyper-V Remote Code Execution Vulnerability | No | No | 9.9 | Yes \n[CVE-2021-26868](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-26868>) | Windows Graphics Component Elevation of Privilege Vulnerability | No | No | 7.8 | No \n[CVE-2021-26892](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-26892>) | Windows Extensible Firmware Interface Security Feature Bypass Vulnerability | No | No | 6.2 | No \n[CVE-2021-24090](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-24090>) | Windows Error Reporting Elevation of Privilege Vulnerability | No | No | 7.8 | No \n[CVE-2021-26865](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-26865>) | Windows Container Execution Agent Elevation of Privilege Vulnerability | No | No | 8.8 | No \n[CVE-2021-26891](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-26891>) | Windows Container Execution Agent Elevation of Privilege Vulnerability | No | No | 7.8 | No \n[CVE-2021-26860](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-26860>) | Windows App-V Overlay Filter Elevation of Privilege Vulnerability | No | No | 7.8 | No \n[CVE-2021-27066](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-27066>) | Windows Admin Center Security Feature Bypass Vulnerability | No | No | 4.3 | No \n[CVE-2021-27070](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-27070>) | Windows 10 Update Assistant Elevation of Privilege Vulnerability | No | No | 7.3 | No \n[CVE-2021-26886](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-26886>) | User Profile Service Denial of Service Vulnerability | No | No | 5.5 | No \n[CVE-2021-26880](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-26880>) | Storage Spaces Controller Elevation of Privilege Vulnerability | No | No | 7.8 | No \n[CVE-2021-26876](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-26876>) | OpenType Font Parsing Remote Code Execution Vulnerability | No | No | 8.8 | No \n[CVE-2021-24089](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-24089>) | HEVC Video Extensions Remote Code Execution Vulnerability | No | No | 7.8 | Yes \n[CVE-2021-26902](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-26902>) | HEVC Video Extensions Remote Code Execution Vulnerability | No | No | 7.8 | Yes \n[CVE-2021-27061](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-27061>) | HEVC Video Extensions Remote Code Execution Vulnerability | No | No | 7.8 | Yes \n[CVE-2021-24110](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-24110>) | HEVC Video Extensions Remote Code Execution Vulnerability | No | No | 7.8 | Yes \n[CVE-2021-27047](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-27047>) | HEVC Video Extensions Remote Code Execution Vulnerability | No | No | 7.8 | Yes \n[CVE-2021-27048](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-27048>) | HEVC Video Extensions Remote Code Execution Vulnerability | No | No | 7.8 | Yes \n[CVE-2021-27049](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-27049>) | HEVC Video Extensions Remote Code Execution Vulnerability | No | No | 7.8 | Yes \n[CVE-2021-27050](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-27050>) | HEVC Video Extensions Remote Code Execution Vulnerability | No | No | 7.8 | Yes \n[CVE-2021-27051](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-27051>) | HEVC Video Extensions Remote Code Execution Vulnerability | No | No | 7.8 | Yes \n[CVE-2021-27062](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-27062>) | HEVC Video Extensions Remote Code Execution Vulnerability | No | No | 7.8 | Yes \n[CVE-2021-24095](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-24095>) | DirectX Elevation of Privilege Vulnerability | No | No | 7 | No \n[CVE-2021-26890](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-26890>) | Application Virtualization Remote Code Execution Vulnerability | No | No | 7.8 | No \n \n## Windows ESU Vulnerabilities\n\nCVE | Vulnerability Title | Exploited | Disclosed | CVSS3 | FAQ \n---|---|---|---|---|--- \n[CVE-2021-27077](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-27077>) | Windows Win32k Elevation of Privilege Vulnerability | No | Yes | 7.8 | No \n[CVE-2021-26875](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-26875>) | Windows Win32k Elevation of Privilege Vulnerability | No | No | 7.8 | No \n[CVE-2021-26873](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-26873>) | Windows User Profile Service Elevation of Privilege Vulnerability | No | No | 7 | No \n[CVE-2021-26899](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-26899>) | Windows UPnP Device Host Elevation of Privilege Vulnerability | No | No | 7.8 | No \n[CVE-2021-1640](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-1640>) | Windows Print Spooler Elevation of Privilege Vulnerability | No | No | 7.8 | Yes \n[CVE-2021-26878](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-26878>) | Windows Print Spooler Elevation of Privilege Vulnerability | No | No | 7.8 | No \n[CVE-2021-26862](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-26862>) | Windows Installer Elevation of Privilege Vulnerability | No | No | 6.3 | No \n[CVE-2021-26861](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-26861>) | Windows Graphics Component Remote Code Execution Vulnerability | No | No | 7.8 | No \n[CVE-2021-24107](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-24107>) | Windows Event Tracing Information Disclosure Vulnerability | No | No | 5.5 | Yes \n[CVE-2021-26872](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-26872>) | Windows Event Tracing Elevation of Privilege Vulnerability | No | No | 7.8 | No \n[CVE-2021-26898](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-26898>) | Windows Event Tracing Elevation of Privilege Vulnerability | No | No | 7.8 | No \n[CVE-2021-26901](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-26901>) | Windows Event Tracing Elevation of Privilege Vulnerability | No | No | 7.8 | No \n[CVE-2021-26897](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-26897>) | Windows DNS Server Remote Code Execution Vulnerability | No | No | 9.8 | Yes \n[CVE-2021-26877](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-26877>) | Windows DNS Server Remote Code Execution Vulnerability | No | No | 9.8 | Yes \n[CVE-2021-26893](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-26893>) | Windows DNS Server Remote Code Execution Vulnerability | No | No | 9.8 | Yes \n[CVE-2021-26894](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-26894>) | Windows DNS Server Remote Code Execution Vulnerability | No | No | 9.8 | Yes \n[CVE-2021-26895](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-26895>) | Windows DNS Server Remote Code Execution Vulnerability | No | No | 9.8 | Yes \n[CVE-2021-26896](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-26896>) | Windows DNS Server Denial of Service Vulnerability | No | No | 7.5 | Yes \n[CVE-2021-27063](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-27063>) | Windows DNS Server Denial of Service Vulnerability | No | No | 7.5 | Yes \n[CVE-2021-26869](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-26869>) | Windows ActiveX Installer Service Information Disclosure Vulnerability | No | No | 5.5 | Yes \n[CVE-2021-26882](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-26882>) | Remote Access API Elevation of Privilege Vulnerability | No | No | 7.8 | No \n[CVE-2021-26881](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-26881>) | Microsoft Windows Media Foundation Remote Code Execution Vulnerability | No | No | 7.5 | No \n[CVE-2021-26887](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-26887>) | Microsoft Windows Folder Redirection Elevation of Privilege Vulnerability | No | No | 7.8 | Yes \n \n## Summary Graphs\n\n", "cvss3": {}, "published": "2021-03-09T22:13:03", "type": "rapid7blog", "title": "Patch Tuesday - March 2021", "bulletinFamily": "info", "cvss2": {}, "cvelist": ["CVE-2020-27844", "CVE-2021-1640", "CVE-2021-1729", "CVE-2021-21159", "CVE-2021-21160", "CVE-2021-21161", "CVE-2021-21162", "CVE-2021-21163", "CVE-2021-21164", "CVE-2021-21165", "CVE-2021-21166", "CVE-2021-21167", "CVE-2021-21168", "CVE-2021-21169", "CVE-2021-21170", "CVE-2021-21171", "CVE-2021-21172", "CVE-2021-21173", "CVE-2021-21174", "CVE-2021-21175", "CVE-2021-21176", "CVE-2021-21177", "CVE-2021-21178", "CVE-2021-21179", "CVE-2021-21180", "CVE-2021-21181", "CVE-2021-21182", "CVE-2021-21183", "CVE-2021-21184", "CVE-2021-21185", "CVE-2021-21186", "CVE-2021-21187", "CVE-2021-21188", "CVE-2021-21189", "CVE-2021-21190", "CVE-2021-21300", "CVE-2021-24089", "CVE-2021-24090", "CVE-2021-24095", "CVE-2021-24104", "CVE-2021-24107", "CVE-2021-24108", "CVE-2021-24110", "CVE-2021-26411", "CVE-2021-26412", "CVE-2021-26854", "CVE-2021-26855", "CVE-2021-26857", "CVE-2021-26858", "CVE-2021-26859", "CVE-2021-26860", "CVE-2021-26861", "CVE-2021-26862", "CVE-2021-26863", "CVE-2021-26864", "CVE-2021-26865", "CVE-2021-26866", "CVE-2021-26867", "CVE-2021-26868", "CVE-2021-26869", "CVE-2021-26870", "CVE-2021-26871", "CVE-2021-26872", "CVE-2021-26873", "CVE-2021-26874", "CVE-2021-26875", "CVE-2021-26876", "CVE-2021-26877", "CVE-2021-26878", "CVE-2021-26879", "CVE-2021-26880", "CVE-2021-26881", "CVE-2021-26882", "CVE-2021-26884", "CVE-2021-26885", "CVE-2021-26886", "CVE-2021-26887", "CVE-2021-26889", "CVE-2021-26890", "CVE-2021-26891", "CVE-2021-26892", "CVE-2021-26893", "CVE-2021-26894", "CVE-2021-26895", "CVE-2021-26896", "CVE-2021-26897", "CVE-2021-26898", "CVE-2021-26899", "CVE-2021-26900", "CVE-2021-26901", "CVE-2021-26902", "CVE-2021-27047", "CVE-2021-27048", "CVE-2021-27049", "CVE-2021-27050", "CVE-2021-27051", "CVE-2021-27052", "CVE-2021-27053", "CVE-2021-27054", "CVE-2021-27055", "CVE-2021-27056", "CVE-2021-27057", "CVE-2021-27058", "CVE-2021-27059", "CVE-2021-27060", "CVE-2021-27061", "CVE-2021-27062", "CVE-2021-27063", "CVE-2021-27065", "CVE-2021-27066", "CVE-2021-27070", "CVE-2021-27074", "CVE-2021-27075", "CVE-2021-27076", "CVE-2021-27077", "CVE-2021-27078", "CVE-2021-27080", "CVE-2021-27081", "CVE-2021-27082", "CVE-2021-27083", "CVE-2021-27084", "CVE-2021-27085"], "modified": "2021-03-09T22:13:03", "id": "RAPID7BLOG:88A83067D8D3C5AEBAF1B793818EEE53", "href": "https://blog.rapid7.com/2021/03/09/patch-tuesday-march-2021/", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}]}