KB5005033: Windows 10 Version 2004 / Windows 10 Version 20H2 / Windows 10 Version 21H1 Security Update (August 2021)

2021-08-10T00:00:00

Description

The remote Windows host is missing security update 5005033. It is, therefore, affected by multiple vulnerabilities : - An elevation of privilege vulnerability. An attacker can exploit this to gain elevated privileges. (CVE-2021-26425, CVE-2021-26426, CVE-2021-26431, CVE-2021-34483, CVE-2021-34484, CVE-2021-34486, CVE-2021-34487, CVE-2021-34536, CVE-2021-34537, CVE-2021-36948) - A remote code execution vulnerability. An attacker can exploit this to bypass authentication and execute unauthorized arbitrary commands. (CVE-2021-26424, CVE-2021-26432, CVE-2021-34530, CVE-2021-34533, CVE-2021-34534, CVE-2021-34535, CVE-2021-36936, CVE-2021-36937, CVE-2021-36947) - An information disclosure vulnerability. An attacker can exploit this to disclose potentially sensitive information. (CVE-2021-26433, CVE-2021-36926, CVE-2021-36932, CVE-2021-36933) - An memory corruption vulnerability exists. An attacker can exploit this to corrupt the memory and cause unexpected behaviors within the system/application. (CVE-2021-34480)

{"id": "SMB_NT_MS21_AUG_5005033.NASL", "vendorId": null, "type": "nessus", "bulletinFamily": "scanner", "title": "KB5005033: Windows 10 Version 2004 / Windows 10 Version 20H2 / Windows 10 Version 21H1 Security Update (August 2021)", "description": "The remote Windows host is missing security update 5005033.\nIt is, therefore, affected by multiple vulnerabilities :\n\n - An elevation of privilege vulnerability. An attacker can exploit this to gain elevated privileges.\n (CVE-2021-26425, CVE-2021-26426, CVE-2021-26431, CVE-2021-34483, CVE-2021-34484, CVE-2021-34486, CVE-2021-34487, CVE-2021-34536, CVE-2021-34537, CVE-2021-36948)\n\n - A remote code execution vulnerability. An attacker can exploit this to bypass authentication and execute unauthorized arbitrary commands. (CVE-2021-26424, CVE-2021-26432, CVE-2021-34530, CVE-2021-34533, CVE-2021-34534, CVE-2021-34535, CVE-2021-36936, CVE-2021-36937, CVE-2021-36947)\n\n - An information disclosure vulnerability. An attacker can exploit this to disclose potentially sensitive information. (CVE-2021-26433, CVE-2021-36926, CVE-2021-36932, CVE-2021-36933)\n\n - An memory corruption vulnerability exists. An attacker can exploit this to corrupt the memory and cause unexpected behaviors within the system/application.\n (CVE-2021-34480)", "published": "2021-08-10T00:00:00", "modified": "2022-04-07T00:00:00", "epss": [], "cvss": {"score": 0.0, "vector": "NONE"}, "cvss2": {}, "cvss3": {}, "href": "https://www.tenable.com/plugins/nessus/152431", "reporter": "This script is Copyright (C) 2021-2022 and is owned by Tenable, Inc. or an Affiliate thereof.", "references": ["http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-26424", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-26432", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-34484", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-26426", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-34537", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-34530", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-36926", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-26425", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-36937", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-36933", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-36932", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-34535", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-36948", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-34536", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-26431", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-36947", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-34533", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-34480", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-34487", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-34534", "http://www.nessus.org/u?526975a8", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-34486", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-36936", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-26433", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-34483"], "cvelist": ["CVE-2021-26424", "CVE-2021-26425", "CVE-2021-26426", "CVE-2021-26431", "CVE-2021-26432", "CVE-2021-26433", "CVE-2021-34480", "CVE-2021-34483", "CVE-2021-34484", "CVE-2021-34486", "CVE-2021-34487", "CVE-2021-34530", "CVE-2021-34533", "CVE-2021-34534", "CVE-2021-34535", "CVE-2021-34536", "CVE-2021-34537", "CVE-2021-36926", "CVE-2021-36932", "CVE-2021-36933", "CVE-2021-36936", "CVE-2021-36937", "CVE-2021-36947", "CVE-2021-36948"], "immutableFields": [], "lastseen": "2023-05-21T14:07:27", "viewCount": 30, "enchantments": {"dependencies": {"references": [{"type": "attackerkb", "idList": ["AKB:008B7980-D9F8-4D56-A194-F83ACBEEC5D4", "AKB:20A31239-28EC-43E3-854A-6CA8B1F44AB8", "AKB:2A1BFBBE-FD48-497E-8F3E-BB65670A94FA", "AKB:5ABBD3E2-AA30-41CB-96DA-34B5E76D030C", "AKB:C32E9872-B8A4-43F3-A8CC-05532AA65E51", "AKB:D92D1688-7724-40C4-AD86-DF44F4611D40"]}, {"type": "avleonov", "idList": ["AVLEONOV:3530747E605445686B7211B2B0853579", "AVLEONOV:535BC5E36A5D2C8F60753A2CD4676692"]}, {"type": "checkpoint_advisories", "idList": ["CPAI-2021-0490", "CPAI-2021-0491", "CPAI-2021-0493", "CPAI-2021-0508"]}, {"type": "cisa_kev", "idList": ["CISA-KEV-CVE-2021-34484", "CISA-KEV-CVE-2021-34486", "CISA-KEV-CVE-2021-36948"]}, {"type": "cnvd", "idList": ["CNVD-2022-10025"]}, {"type": "cve", "idList": ["CVE-2021-26424", "CVE-2021-26425", "CVE-2021-26426", "CVE-2021-26431", "CVE-2021-26432", "CVE-2021-26433", "CVE-2021-34480", "CVE-2021-34483", "CVE-2021-34484", "CVE-2021-34486", "CVE-2021-34487", "CVE-2021-34530", "CVE-2021-34533", "CVE-2021-34534", "CVE-2021-34535", "CVE-2021-34536", "CVE-2021-34537", "CVE-2021-36926", "CVE-2021-36932", "CVE-2021-36933", "CVE-2021-36936", "CVE-2021-36937", "CVE-2021-36947", "CVE-2021-36948", "CVE-2021-36958"]}, {"type": "githubexploit", "idList": ["C9364BDE-48F8-5D2B-8852-D23E7FB2CDDC"]}, {"type": "googleprojectzero", "idList": ["GOOGLEPROJECTZERO:C8077AF60F0E22ECAD33F23194C38BB6", "GOOGLEPROJECTZERO:CA925EE6A931620550EF819815B14156"]}, {"type": "hivepro", "idList": ["HIVEPRO:1BBAC0CD5F3681EC49D06BE85DC90A92", "HIVEPRO:98B56CB60C0C2B248824B5ECAE47E387", "HIVEPRO:E7F36EC1E4DCF018F94ECD22747B7093"]}, {"type": "kaspersky", "idList": ["KLA12250", "KLA12259"]}, {"type": "krebs", "idList": ["KREBS:AE87E964E683A56CFE4E51E96F3530AD"]}, {"type": "malwarebytes", "idList": ["MALWAREBYTES:9F3181D8BD5EF0E44A305AF69898B9E0"]}, {"type": "metasploit", "idList": ["MSF:EXPLOIT-WINDOWS-LOCAL-CVE_2022_26904_SUPERPROFILE-"]}, {"type": "mmpc", "idList": ["MMPC:85647D37E79AFEF2BFF74B4682648C5E"]}, {"type": "mscve", "idList": ["MS:CVE-2021-26424", "MS:CVE-2021-26425", "MS:CVE-2021-26426", "MS:CVE-2021-26431", "MS:CVE-2021-26432", "MS:CVE-2021-26433", "MS:CVE-2021-34480", "MS:CVE-2021-34483", "MS:CVE-2021-34484", "MS:CVE-2021-34486", "MS:CVE-2021-34487", "MS:CVE-2021-34530", "MS:CVE-2021-34533", "MS:CVE-2021-34534", "MS:CVE-2021-34535", "MS:CVE-2021-34536", "MS:CVE-2021-34537", "MS:CVE-2021-36926", "MS:CVE-2021-36932", "MS:CVE-2021-36933", "MS:CVE-2021-36936", "MS:CVE-2021-36937", "MS:CVE-2021-36947", "MS:CVE-2021-36948"]}, {"type": "mskb", "idList": ["KB5005030", "KB5005031", "KB5005033", "KB5005036", "KB5005076", "KB5005088", "KB5005089", "KB5005090", "KB5005094", "KB5005095", "KB5005099", "KB5005106"]}, {"type": "mssecure", "idList": ["MSSECURE:85647D37E79AFEF2BFF74B4682648C5E"]}, {"type": "nessus", "idList": ["SMB_NT_MS21_AUG_5005030.NASL", "SMB_NT_MS21_AUG_5005031.NASL", "SMB_NT_MS21_AUG_5005040.NASL", "SMB_NT_MS21_AUG_5005043.NASL", "SMB_NT_MS21_AUG_5005089.NASL", "SMB_NT_MS21_AUG_5005094.NASL", "SMB_NT_MS21_AUG_5005095.NASL", "SMB_NT_MS21_AUG_5005106.NASL", "SMB_NT_MS21_AUG_INTERNET_EXPLORER.NASL", "SMB_NT_MS21_AUG_RDC.NASL"]}, {"type": "qualysblog", "idList": ["QUALYSBLOG:0082A77BD8EFFF48B406D107FEFD0DD3", "QUALYSBLOG:0F0ACCA731E84F3B1067935E483FC950", "QUALYSBLOG:BC22CE22A3E70823D5F0E944CBD5CE4A"]}, {"type": "rapid7blog", "idList": ["RAPID7BLOG:DE426F8A59CA497BB6C0B90C0F1849CD"]}, {"type": "securelist", "idList": ["SECURELIST:C540EBB7FD8B7FB9E54E119E88DB5C48"]}, {"type": "thn", "idList": ["THN:6428957E9DED493169A2E63839F98667", "THN:BABD510622DAA320F3F1F55EEDD7549A", "THN:DFA2CC41C78DFA4BED87B1410C21CE2A", "THN:F601EBBE359B3547B8E79F0217562FEF"]}, {"type": "threatpost", "idList": ["THREATPOST:53A062956C31459E2846CD4C959DFD49", "THREATPOST:84909E392F4171398A52202CCC4E215A", "THREATPOST:8D4EA8B0593FD44763915E703BC9AB72", "THREATPOST:95B32358658F5FEFA1715F69C5D6051D", "THREATPOST:B7A9B20B1E9413BB675D8C2810F1365F"]}, {"type": "zdi", "idList": ["ZDI-21-1053", "ZDI-21-963", "ZDI-21-964", "ZDI-21-965", "ZDI-21-966", "ZDI-21-967"]}, {"type": "zdt", "idList": ["1337DAY-ID-37625"]}]}, "score": {"value": 0.5, "vector": "NONE"}, "backreferences": {"references": [{"type": "attackerkb", "idList": ["AKB:D92D1688-7724-40C4-AD86-DF44F4611D40"]}, {"type": "avleonov", "idList": ["AVLEONOV:3530747E605445686B7211B2B0853579"]}, {"type": "checkpoint_advisories", "idList": ["CPAI-2021-0490", "CPAI-2021-0491", "CPAI-2021-0493", "CPAI-2021-0508"]}, {"type": "cve", "idList": ["CVE-2021-26424", "CVE-2021-26425", "CVE-2021-26426", "CVE-2021-26431", "CVE-2021-26432", "CVE-2021-26433", "CVE-2021-34480", "CVE-2021-34483", "CVE-2021-34484", "CVE-2021-34486", "CVE-2021-34487", "CVE-2021-34530", "CVE-2021-34533", "CVE-2021-34534", "CVE-2021-34535", "CVE-2021-34536", "CVE-2021-34537", "CVE-2021-36926", "CVE-2021-36932", "CVE-2021-36933", "CVE-2021-36936", "CVE-2021-36937", "CVE-2021-36947", "CVE-2021-36948"]}, {"type": "githubexploit", "idList": ["C9364BDE-48F8-5D2B-8852-D23E7FB2CDDC"]}, {"type": "googleprojectzero", "idList": ["GOOGLEPROJECTZERO:C8077AF60F0E22ECAD33F23194C38BB6"]}, {"type": "hivepro", "idList": ["HIVEPRO:1BBAC0CD5F3681EC49D06BE85DC90A92"]}, {"type": "kaspersky", "idList": ["KLA12250", "KLA12259"]}, {"type": "krebs", "idList": ["KREBS:AE87E964E683A56CFE4E51E96F3530AD"]}, {"type": "malwarebytes", "idList": ["MALWAREBYTES:9F3181D8BD5EF0E44A305AF69898B9E0"]}, {"type": "mscve", "idList": ["MS:CVE-2021-26424", "MS:CVE-2021-26425", "MS:CVE-2021-26426", "MS:CVE-2021-26431", "MS:CVE-2021-26432", "MS:CVE-2021-26433", "MS:CVE-2021-34480", "MS:CVE-2021-34483", "MS:CVE-2021-34484", "MS:CVE-2021-34486", "MS:CVE-2021-34487", "MS:CVE-2021-34530", "MS:CVE-2021-34533", "MS:CVE-2021-34534", "MS:CVE-2021-34535", "MS:CVE-2021-34536", "MS:CVE-2021-34537", "MS:CVE-2021-36926", "MS:CVE-2021-36932", "MS:CVE-2021-36933", "MS:CVE-2021-36936", "MS:CVE-2021-36937", "MS:CVE-2021-36947", "MS:CVE-2021-36948"]}, {"type": "mskb", "idList": ["KB5005033"]}, {"type": "nessus", "idList": ["SMB_HOTFIXES.NASL"]}, {"type": "qualysblog", "idList": ["QUALYSBLOG:0F0ACCA731E84F3B1067935E483FC950"]}, {"type": "rapid7blog", "idList": ["RAPID7BLOG:DE426F8A59CA497BB6C0B90C0F1849CD"]}, {"type": "securelist", "idList": ["SECURELIST:C540EBB7FD8B7FB9E54E119E88DB5C48"]}, {"type": "thn", "idList": ["THN:6428957E9DED493169A2E63839F98667", "THN:F601EBBE359B3547B8E79F0217562FEF"]}, {"type": "threatpost", "idList": ["THREATPOST:8D4EA8B0593FD44763915E703BC9AB72"]}, {"type": "zdi", "idList": ["ZDI-21-963", "ZDI-21-964", "ZDI-21-965", "ZDI-21-966", "ZDI-21-967"]}]}, "exploitation": null, "epss": [{"cve": "CVE-2021-26424", "epss": 0.01512, "percentile": 0.84984, "modified": "2023-05-07"}, {"cve": "CVE-2021-26425", "epss": 0.00044, "percentile": 0.10535, "modified": "2023-05-07"}, {"cve": "CVE-2021-26426", "epss": 0.00044, "percentile": 0.10535, "modified": "2023-05-07"}, {"cve": "CVE-2021-26431", "epss": 0.00053, "percentile": 0.19089, "modified": "2023-05-07"}, {"cve": "CVE-2021-26432", "epss": 0.01512, "percentile": 0.84984, "modified": "2023-05-07"}, {"cve": "CVE-2021-26433", "epss": 0.00284, "percentile": 0.63941, "modified": "2023-05-07"}, {"cve": "CVE-2021-34480", "epss": 0.60444, "percentile": 0.97212, "modified": "2023-05-07"}, {"cve": "CVE-2021-34483", "epss": 0.00043, "percentile": 0.07428, "modified": "2023-05-07"}, {"cve": "CVE-2021-34484", "epss": 0.00131, "percentile": 0.46548, "modified": "2023-05-07"}, {"cve": "CVE-2021-34486", "epss": 0.01158, "percentile": 0.82789, "modified": "2023-05-07"}, {"cve": "CVE-2021-34487", "epss": 0.00043, "percentile": 0.07428, "modified": "2023-05-07"}, {"cve": "CVE-2021-34530", "epss": 0.00527, "percentile": 0.7359, "modified": "2023-05-07"}, {"cve": "CVE-2021-34533", "epss": 0.00527, "percentile": 0.7359, "modified": "2023-05-07"}, {"cve": "CVE-2021-34534", "epss": 0.00524, "percentile": 0.73499, "modified": "2023-05-07"}, {"cve": "CVE-2021-34535", "epss": 0.01512, "percentile": 0.84984, "modified": "2023-05-07"}, {"cve": "CVE-2021-34536", "epss": 0.00043, "percentile": 0.07628, "modified": "2023-05-07"}, {"cve": "CVE-2021-34537", "epss": 0.00043, "percentile": 0.07428, "modified": "2023-05-07"}, {"cve": "CVE-2021-36926", "epss": 0.00284, "percentile": 0.63941, "modified": "2023-05-07"}, {"cve": "CVE-2021-36932", "epss": 0.00284, "percentile": 0.63941, "modified": "2023-05-07"}, {"cve": "CVE-2021-36933", "epss": 0.00284, "percentile": 0.63941, "modified": "2023-05-07"}, {"cve": "CVE-2021-36936", "epss": 0.01512, "percentile": 0.84984, "modified": "2023-05-07"}, {"cve": "CVE-2021-36937", "epss": 0.00527, "percentile": 0.7359, "modified": "2023-05-07"}, {"cve": "CVE-2021-36947", "epss": 0.01996, "percentile": 0.871, "modified": "2023-05-07"}, {"cve": "CVE-2021-36948", "epss": 0.00097, "percentile": 0.39144, "modified": "2023-05-07"}], "vulnersScore": 0.5}, "_state": {"dependencies": 1684696727, "score": 1684678826, "epss": 0}, "_internal": {"score_hash": "76c4f1f4caec2ab1f7711bcbd7a5b053"}, "pluginID": "152431", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the Microsoft Security Updates API. The text\n# itself is copyright (C) Microsoft Corporation.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(152431);\n script_version(\"1.11\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/04/07\");\n\n script_cve_id(\n \"CVE-2021-26424\",\n \"CVE-2021-26425\",\n \"CVE-2021-26426\",\n \"CVE-2021-26431\",\n \"CVE-2021-26432\",\n \"CVE-2021-26433\",\n \"CVE-2021-34480\",\n \"CVE-2021-34483\",\n \"CVE-2021-34484\",\n \"CVE-2021-34486\",\n \"CVE-2021-34487\",\n \"CVE-2021-34530\",\n \"CVE-2021-34533\",\n \"CVE-2021-34534\",\n \"CVE-2021-34535\",\n \"CVE-2021-34536\",\n \"CVE-2021-34537\",\n \"CVE-2021-36926\",\n \"CVE-2021-36932\",\n \"CVE-2021-36933\",\n \"CVE-2021-36936\",\n \"CVE-2021-36937\",\n \"CVE-2021-36947\",\n \"CVE-2021-36948\"\n );\n script_xref(name:\"MSKB\", value:\"5005033\");\n script_xref(name:\"MSFT\", value:\"MS21-5005033\");\n script_xref(name:\"IAVA\", value:\"2021-A-0373-S\");\n script_xref(name:\"IAVA\", value:\"2021-A-0374-S\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2021/11/17\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2022/04/18\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2022/04/21\");\n\n script_name(english:\"KB5005033: Windows 10 Version 2004 / Windows 10 Version 20H2 / Windows 10 Version 21H1 Security Update (August 2021)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Windows host is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Windows host is missing security update 5005033.\nIt is, therefore, affected by multiple vulnerabilities :\n\n - An elevation of privilege vulnerability. An attacker can\n exploit this to gain elevated privileges.\n (CVE-2021-26425, CVE-2021-26426, CVE-2021-26431,\n CVE-2021-34483, CVE-2021-34484, CVE-2021-34486,\n CVE-2021-34487, CVE-2021-34536, CVE-2021-34537,\n CVE-2021-36948)\n\n - A remote code execution vulnerability. An attacker can\n exploit this to bypass authentication and execute\n unauthorized arbitrary commands. (CVE-2021-26424,\n CVE-2021-26432, CVE-2021-34530, CVE-2021-34533,\n CVE-2021-34534, CVE-2021-34535, CVE-2021-36936,\n CVE-2021-36937, CVE-2021-36947)\n\n - An information disclosure vulnerability. An attacker can\n exploit this to disclose potentially sensitive\n information. (CVE-2021-26433, CVE-2021-36926,\n CVE-2021-36932, CVE-2021-36933)\n\n - An memory corruption vulnerability exists. An attacker\n can exploit this to corrupt the memory and cause\n unexpected behaviors within the system/application.\n (CVE-2021-34480)\");\n # https://support.microsoft.com/en-us/topic/august-10-2021-kb5005033-os-builds-19041-1165-19042-1165-and-19043-1165-b4c77d08-435a-4833-b9f7-e092372079a4\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?526975a8\");\n script_set_attribute(attribute:\"solution\", value:\n\"Apply Cumulative Update KB5005033.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-36936\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/08/10\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/08/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/08/10\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:microsoft:windows\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows : Microsoft Bulletins\");\n\n script_copyright(english:\"This script is Copyright (C) 2021-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"smb_check_rollup.nasl\", \"smb_hotfixes.nasl\", \"ms_bulletin_checks_possible.nasl\");\n script_require_keys(\"SMB/MS_Bulletin_Checks/Possible\");\n script_require_ports(139, 445, \"Host/patch_management_checks\");\n\n exit(0);\n}\n\ninclude('smb_func.inc');\ninclude('smb_hotfixes.inc');\ninclude('smb_hotfixes_fcheck.inc');\ninclude('smb_reg_query.inc');\n\nget_kb_item_or_exit('SMB/MS_Bulletin_Checks/Possible');\n\nvar bulletin = 'MS21-08';\nvar kbs = make_list(\n '5005033'\n);\n\nif (get_kb_item('Host/patch_management_checks')) hotfix_check_3rd_party(bulletin:bulletin, kbs:kbs, severity:SECURITY_HOLE);\n\nget_kb_item_or_exit('SMB/Registry/Enumerated');\nget_kb_item_or_exit('SMB/WindowsVersion', exit_code:1);\n\nif (hotfix_check_sp_range(win10:'0') <= 0) audit(AUDIT_OS_SP_NOT_VULN);\n\nvar share = hotfix_get_systemdrive(as_share:TRUE, exit_on_fail:TRUE);\nif (!is_accessible_share(share:share)) audit(AUDIT_SHARE_FAIL, share);\n\nif (\n smb_check_rollup(os:'10', \n sp:0,\n os_build:19041,\n rollup_date:'08_2021',\n bulletin:bulletin,\n rollup_kb_list:[5005033])\n||\n smb_check_rollup(os:'10', \n sp:0,\n os_build:19042,\n rollup_date:'08_2021',\n bulletin:bulletin,\n rollup_kb_list:[5005033])\n||\n smb_check_rollup(os:'10', \n sp:0,\n os_build:19043,\n rollup_date:'08_2021',\n bulletin:bulletin,\n rollup_kb_list:[5005033])\n)\n{\n replace_kb_item(name:'SMB/Missing/'+bulletin, value:TRUE);\n hotfix_security_hole();\n hotfix_check_fversion_end();\n exit(0);\n}\nelse\n{\n hotfix_check_fversion_end();\n audit(AUDIT_HOST_NOT, hotfix_get_audit_report());\n}\n", "naslFamily": "Windows : Microsoft Bulletins", "cpe": ["cpe:/o:microsoft:windows"], "solution": "Apply Cumulative Update KB5005033.", "nessusSeverity": "High", "cvssScoreSource": "CVE-2021-36936", "vendor_cvss2": {"score": 7.5, "vector": "CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "vendor_cvss3": {"score": 9.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "vpr": {"risk factor": "Critical", "score": "9.5"}, "exploitAvailable": true, "exploitEase": "Exploits are available", "patchPublicationDate": "2021-08-10T00:00:00", "vulnerabilityPublicationDate": "2021-08-10T00:00:00", "exploitableWith": []}

{"nessus": [{"lastseen": "2023-05-18T15:32:18", "description": "The remote Windows host is missing security update 5005040.\nIt is, therefore, affected by multiple vulnerabilities :\n\n - A remote code execution vulnerability. An attacker can exploit this to bypass authentication and execute unauthorized arbitrary commands. (CVE-2021-26424, CVE-2021-26432, CVE-2021-34530, CVE-2021-34533, CVE-2021-34534, CVE-2021-34535, CVE-2021-36936, CVE-2021-36937, CVE-2021-36947)\n\n - An information disclosure vulnerability. An attacker can exploit this to disclose potentially sensitive information. (CVE-2021-26433, CVE-2021-36926, CVE-2021-36932, CVE-2021-36933, CVE-2021-36938)\n\n - An elevation of privilege vulnerability. An attacker can exploit this to gain elevated privileges.\n (CVE-2021-26425, CVE-2021-26426, CVE-2021-34483, CVE-2021-34484, CVE-2021-34536, CVE-2021-34537)\n\n - An memory corruption vulnerability exists. An attacker can exploit this to corrupt the memory and cause unexpected behaviors within the system/application.\n (CVE-2021-34480)", "cvss3": {}, "published": "2021-08-10T00:00:00", "type": "nessus", "title": "KB5005040: Windows 10 version 1507 LTS Security Update (August 2021)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2021-26424", "CVE-2021-26425", "CVE-2021-26426", "CVE-2021-26432", "CVE-2021-26433", "CVE-2021-34480", "CVE-2021-34483", "CVE-2021-34484", "CVE-2021-34530", "CVE-2021-34533", "CVE-2021-34534", "CVE-2021-34535", "CVE-2021-34536", "CVE-2021-34537", "CVE-2021-36926", "CVE-2021-36932", "CVE-2021-36933", "CVE-2021-36936", "CVE-2021-36937", "CVE-2021-36938", "CVE-2021-36947"], "modified": "2022-04-07T00:00:00", "cpe": ["cpe:/o:microsoft:windows"], "id": "SMB_NT_MS21_AUG_5005040.NASL", "href": "https://www.tenable.com/plugins/nessus/152422", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the Microsoft Security Updates API. The text\n# itself is copyright (C) Microsoft Corporation.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(152422);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/04/07\");\n\n script_cve_id(\n \"CVE-2021-26424\",\n \"CVE-2021-26425\",\n \"CVE-2021-26426\",\n \"CVE-2021-26432\",\n \"CVE-2021-26433\",\n \"CVE-2021-34480\",\n \"CVE-2021-34483\",\n \"CVE-2021-34484\",\n \"CVE-2021-34530\",\n \"CVE-2021-34533\",\n \"CVE-2021-34534\",\n \"CVE-2021-34535\",\n \"CVE-2021-34536\",\n \"CVE-2021-34537\",\n \"CVE-2021-36926\",\n \"CVE-2021-36932\",\n \"CVE-2021-36933\",\n \"CVE-2021-36936\",\n \"CVE-2021-36937\",\n \"CVE-2021-36938\",\n \"CVE-2021-36947\"\n );\n script_xref(name:\"MSKB\", value:\"5005040\");\n script_xref(name:\"MSFT\", value:\"MS21-5005040\");\n script_xref(name:\"IAVA\", value:\"2021-A-0373-S\");\n script_xref(name:\"IAVA\", value:\"2021-A-0374-S\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2022/04/21\");\n\n script_name(english:\"KB5005040: Windows 10 version 1507 LTS Security Update (August 2021)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Windows host is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Windows host is missing security update 5005040.\nIt is, therefore, affected by multiple vulnerabilities :\n\n - A remote code execution vulnerability. An attacker can\n exploit this to bypass authentication and execute\n unauthorized arbitrary commands. (CVE-2021-26424,\n CVE-2021-26432, CVE-2021-34530, CVE-2021-34533,\n CVE-2021-34534, CVE-2021-34535, CVE-2021-36936,\n CVE-2021-36937, CVE-2021-36947)\n\n - An information disclosure vulnerability. An attacker can\n exploit this to disclose potentially sensitive\n information. (CVE-2021-26433, CVE-2021-36926,\n CVE-2021-36932, CVE-2021-36933, CVE-2021-36938)\n\n - An elevation of privilege vulnerability. An attacker can\n exploit this to gain elevated privileges.\n (CVE-2021-26425, CVE-2021-26426, CVE-2021-34483,\n CVE-2021-34484, CVE-2021-34536, CVE-2021-34537)\n\n - An memory corruption vulnerability exists. An attacker\n can exploit this to corrupt the memory and cause\n unexpected behaviors within the system/application.\n (CVE-2021-34480)\");\n # https://support.microsoft.com/en-us/topic/august-10-2021-kb5005040-os-build-10240-19022-e8bbfa7a-1012-4e18-a2d7-8ae6a8acf8fb\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?cab780fc\");\n script_set_attribute(attribute:\"solution\", value:\n\"Apply Cumulative Update KB5005040.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-36936\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/08/10\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/08/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/08/10\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:microsoft:windows\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows : Microsoft Bulletins\");\n\n script_copyright(english:\"This script is Copyright (C) 2021-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"smb_check_rollup.nasl\", \"smb_hotfixes.nasl\", \"ms_bulletin_checks_possible.nasl\");\n script_require_keys(\"SMB/MS_Bulletin_Checks/Possible\");\n script_require_ports(139, 445, \"Host/patch_management_checks\");\n\n exit(0);\n}\n\ninclude('smb_func.inc');\ninclude('smb_hotfixes.inc');\ninclude('smb_hotfixes_fcheck.inc');\ninclude('smb_reg_query.inc');\n\nget_kb_item_or_exit('SMB/MS_Bulletin_Checks/Possible');\n\nbulletin = 'MS21-08';\nkbs = make_list(\n '5005040'\n);\n\nif (get_kb_item('Host/patch_management_checks')) hotfix_check_3rd_party(bulletin:bulletin, kbs:kbs, severity:SECURITY_HOLE);\n\nget_kb_item_or_exit('SMB/Registry/Enumerated');\nget_kb_item_or_exit('SMB/WindowsVersion', exit_code:1);\n\nif (hotfix_check_sp_range(win10:'0') <= 0) audit(AUDIT_OS_SP_NOT_VULN);\n\nshare = hotfix_get_systemdrive(as_share:TRUE, exit_on_fail:TRUE);\nif (!is_accessible_share(share:share)) audit(AUDIT_SHARE_FAIL, share);\n\nif (\n smb_check_rollup(os:'10', \n sp:0,\n os_build:10240,\n rollup_date:'08_2021',\n bulletin:bulletin,\n rollup_kb_list:[5005040])\n)\n{\n replace_kb_item(name:'SMB/Missing/'+bulletin, value:TRUE);\n hotfix_security_hole();\n hotfix_check_fversion_end();\n exit(0);\n}\nelse\n{\n hotfix_check_fversion_end();\n audit(AUDIT_HOST_NOT, hotfix_get_audit_report());\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-19T15:13:14", "description": "The remote Windows host is missing security update 5005031.\nIt is, therefore, affected by multiple vulnerabilities :\n\n - A remote code execution vulnerability. An attacker can exploit this to bypass authentication and execute unauthorized arbitrary commands. (CVE-2021-26424, CVE-2021-26432, CVE-2021-34530, CVE-2021-34533, CVE-2021-34534, CVE-2021-34535, CVE-2021-36936, CVE-2021-36937, CVE-2021-36947)\n\n - An elevation of privilege vulnerability. An attacker can exploit this to gain elevated privileges.\n (CVE-2021-26425, CVE-2021-26426, CVE-2021-34483, CVE-2021-34484, CVE-2021-34486, CVE-2021-34487, CVE-2021-34536, CVE-2021-34537, CVE-2021-36948)\n\n - An information disclosure vulnerability. An attacker can exploit this to disclose potentially sensitive information. (CVE-2021-26433, CVE-2021-36926, CVE-2021-36932, CVE-2021-36933)\n\n - An memory corruption vulnerability exists. An attacker can exploit this to corrupt the memory and cause unexpected behaviors within the system/application.\n (CVE-2021-34480)", "cvss3": {}, "published": "2021-08-10T00:00:00", "type": "nessus", "title": "KB5005031: Windows 10 Version 1909 Security Update (August 2021)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2021-26424", "CVE-2021-26425", "CVE-2021-26426", "CVE-2021-26432", "CVE-2021-26433", "CVE-2021-34480", "CVE-2021-34481", "CVE-2021-34483", "CVE-2021-34484", "CVE-2021-34486", "CVE-2021-34487", "CVE-2021-34530", "CVE-2021-34533", "CVE-2021-34534", "CVE-2021-34535", "CVE-2021-34536", "CVE-2021-34537", "CVE-2021-36926", "CVE-2021-36932", "CVE-2021-36933", "CVE-2021-36936", "CVE-2021-36937", "CVE-2021-36947", "CVE-2021-36948"], "modified": "2022-04-07T00:00:00", "cpe": ["cpe:/o:microsoft:windows"], "id": "SMB_NT_MS21_AUG_5005031.NASL", "href": "https://www.tenable.com/plugins/nessus/152430", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the Microsoft Security Updates API. The text\n# itself is copyright (C) Microsoft Corporation.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(152430);\n script_version(\"1.10\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/04/07\");\n\n script_cve_id(\n \"CVE-2021-26424\",\n \"CVE-2021-26425\",\n \"CVE-2021-26426\",\n \"CVE-2021-26432\",\n \"CVE-2021-26433\",\n \"CVE-2021-34480\",\n \"CVE-2021-34481\",\n \"CVE-2021-34483\",\n \"CVE-2021-34484\",\n \"CVE-2021-34486\",\n \"CVE-2021-34487\",\n \"CVE-2021-34530\",\n \"CVE-2021-34533\",\n \"CVE-2021-34534\",\n \"CVE-2021-34535\",\n \"CVE-2021-34536\",\n \"CVE-2021-34537\",\n \"CVE-2021-36926\",\n \"CVE-2021-36932\",\n \"CVE-2021-36933\",\n \"CVE-2021-36936\",\n \"CVE-2021-36937\",\n \"CVE-2021-36947\",\n \"CVE-2021-36948\"\n );\n script_xref(name:\"MSKB\", value:\"5005031\");\n script_xref(name:\"MSFT\", value:\"MS21-5005031\");\n script_xref(name:\"IAVA\", value:\"2021-A-0373-S\");\n script_xref(name:\"IAVA\", value:\"2021-A-0374-S\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2021/11/17\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2022/04/18\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2022/04/21\");\n\n script_name(english:\"KB5005031: Windows 10 Version 1909 Security Update (August 2021)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Windows host is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Windows host is missing security update 5005031.\nIt is, therefore, affected by multiple vulnerabilities :\n\n - A remote code execution vulnerability. An attacker can\n exploit this to bypass authentication and execute\n unauthorized arbitrary commands. (CVE-2021-26424,\n CVE-2021-26432, CVE-2021-34530, CVE-2021-34533,\n CVE-2021-34534, CVE-2021-34535, CVE-2021-36936,\n CVE-2021-36937, CVE-2021-36947)\n\n - An elevation of privilege vulnerability. An attacker can\n exploit this to gain elevated privileges.\n (CVE-2021-26425, CVE-2021-26426, CVE-2021-34483,\n CVE-2021-34484, CVE-2021-34486, CVE-2021-34487,\n CVE-2021-34536, CVE-2021-34537, CVE-2021-36948)\n\n - An information disclosure vulnerability. An attacker can\n exploit this to disclose potentially sensitive\n information. (CVE-2021-26433, CVE-2021-36926,\n CVE-2021-36932, CVE-2021-36933)\n\n - An memory corruption vulnerability exists. An attacker\n can exploit this to corrupt the memory and cause\n unexpected behaviors within the system/application.\n (CVE-2021-34480)\");\n # https://support.microsoft.com/en-us/topic/august-10-2021-kb5005031-os-build-18363-1734-8af726da-a39b-417d-a5fb-670c42d69e78\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?819616f3\");\n script_set_attribute(attribute:\"solution\", value:\n\"Apply Cumulative Update KB5005031.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-36936\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/08/10\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/08/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/08/10\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:microsoft:windows\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows : Microsoft Bulletins\");\n\n script_copyright(english:\"This script is Copyright (C) 2021-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"smb_check_rollup.nasl\", \"smb_hotfixes.nasl\", \"ms_bulletin_checks_possible.nasl\");\n script_require_keys(\"SMB/MS_Bulletin_Checks/Possible\");\n script_require_ports(139, 445, \"Host/patch_management_checks\");\n\n exit(0);\n}\n\ninclude('smb_func.inc');\ninclude('smb_hotfixes.inc');\ninclude('smb_hotfixes_fcheck.inc');\ninclude('smb_reg_query.inc');\n\nget_kb_item_or_exit('SMB/MS_Bulletin_Checks/Possible');\n\nbulletin = 'MS21-08';\nkbs = make_list(\n '5005031'\n);\n\nif (get_kb_item('Host/patch_management_checks')) hotfix_check_3rd_party(bulletin:bulletin, kbs:kbs, severity:SECURITY_HOLE);\n\nget_kb_item_or_exit('SMB/Registry/Enumerated');\nget_kb_item_or_exit('SMB/WindowsVersion', exit_code:1);\n\nif (hotfix_check_sp_range(win10:'0') <= 0) audit(AUDIT_OS_SP_NOT_VULN);\n\nshare = hotfix_get_systemdrive(as_share:TRUE, exit_on_fail:TRUE);\nif (!is_accessible_share(share:share)) audit(AUDIT_SHARE_FAIL, share);\n\nif (\n smb_check_rollup(os:'10', \n sp:0,\n os_build:18363,\n rollup_date:'08_2021',\n bulletin:bulletin,\n rollup_kb_list:[5005031])\n)\n{\n replace_kb_item(name:'SMB/Missing/'+bulletin, value:TRUE);\n hotfix_security_hole();\n hotfix_check_fversion_end();\n exit(0);\n}\nelse\n{\n hotfix_check_fversion_end();\n audit(AUDIT_HOST_NOT, hotfix_get_audit_report());\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-19T15:13:14", "description": "The remote Windows host is missing security update 5005030.\nIt is, therefore, affected by multiple vulnerabilities :\n\n - A remote code execution vulnerability. An attacker can exploit this to bypass authentication and execute unauthorized arbitrary commands. (CVE-2021-26424, CVE-2021-26432, CVE-2021-34530, CVE-2021-34533, CVE-2021-34534, CVE-2021-34535, CVE-2021-36936, CVE-2021-36937, CVE-2021-36947)\n\n - A session spoofing vulnerability exists. An attacker can exploit this to perform actions with the privileges of another user. (CVE-2021-36942)\n\n - An elevation of privilege vulnerability. An attacker can exploit this to gain elevated privileges.\n (CVE-2021-26425, CVE-2021-26426, CVE-2021-34483, CVE-2021-34484, CVE-2021-34486, CVE-2021-34487, CVE-2021-34536, CVE-2021-34537, CVE-2021-36948)\n\n - An memory corruption vulnerability exists. An attacker can exploit this to corrupt the memory and cause unexpected behaviors within the system/application.\n (CVE-2021-34480)\n\n - An information disclosure vulnerability. An attacker can exploit this to disclose potentially sensitive information. (CVE-2021-26433, CVE-2021-36926, CVE-2021-36932, CVE-2021-36933, CVE-2021-36938)", "cvss3": {}, "published": "2021-08-10T00:00:00", "type": "nessus", "title": "KB5005030: Windows 10 Version 1809 and Windows Server 2019 Security Update (August 2021)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2021-26424", "CVE-2021-26425", "CVE-2021-26426", "CVE-2021-26432", "CVE-2021-26433", "CVE-2021-34480", "CVE-2021-34481", "CVE-2021-34483", "CVE-2021-34484", "CVE-2021-34486", "CVE-2021-34487", "CVE-2021-34530", "CVE-2021-34533", "CVE-2021-34534", "CVE-2021-34535", "CVE-2021-34536", "CVE-2021-34537", "CVE-2021-36926", "CVE-2021-36932", "CVE-2021-36933", "CVE-2021-36936", "CVE-2021-36937", "CVE-2021-36938", "CVE-2021-36942", "CVE-2021-36947", "CVE-2021-36948"], "modified": "2022-04-07T00:00:00", "cpe": ["cpe:/o:microsoft:windows"], "id": "SMB_NT_MS21_AUG_5005030.NASL", "href": "https://www.tenable.com/plugins/nessus/152435", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the Microsoft Security Updates API. The text\n# itself is copyright (C) Microsoft Corporation.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(152435);\n script_version(\"1.10\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/04/07\");\n\n script_cve_id(\n \"CVE-2021-26424\",\n \"CVE-2021-26425\",\n \"CVE-2021-26426\",\n \"CVE-2021-26432\",\n \"CVE-2021-26433\",\n \"CVE-2021-34480\",\n \"CVE-2021-34481\",\n \"CVE-2021-34483\",\n \"CVE-2021-34484\",\n \"CVE-2021-34486\",\n \"CVE-2021-34487\",\n \"CVE-2021-34530\",\n \"CVE-2021-34533\",\n \"CVE-2021-34534\",\n \"CVE-2021-34535\",\n \"CVE-2021-34536\",\n \"CVE-2021-34537\",\n \"CVE-2021-36926\",\n \"CVE-2021-36932\",\n \"CVE-2021-36933\",\n \"CVE-2021-36936\",\n \"CVE-2021-36937\",\n \"CVE-2021-36938\",\n \"CVE-2021-36942\",\n \"CVE-2021-36947\",\n \"CVE-2021-36948\"\n );\n script_xref(name:\"MSKB\", value:\"5005030\");\n script_xref(name:\"MSFT\", value:\"MS21-5005030\");\n script_xref(name:\"IAVA\", value:\"2021-A-0373-S\");\n script_xref(name:\"IAVA\", value:\"2021-A-0374-S\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2021/11/17\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2022/04/18\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2022/04/21\");\n\n script_name(english:\"KB5005030: Windows 10 Version 1809 and Windows Server 2019 Security Update (August 2021)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Windows host is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Windows host is missing security update 5005030.\nIt is, therefore, affected by multiple vulnerabilities :\n\n - A remote code execution vulnerability. An attacker can\n exploit this to bypass authentication and execute\n unauthorized arbitrary commands. (CVE-2021-26424,\n CVE-2021-26432, CVE-2021-34530, CVE-2021-34533,\n CVE-2021-34534, CVE-2021-34535, CVE-2021-36936,\n CVE-2021-36937, CVE-2021-36947)\n\n - A session spoofing vulnerability exists. An attacker can\n exploit this to perform actions with the privileges of\n another user. (CVE-2021-36942)\n\n - An elevation of privilege vulnerability. An attacker can\n exploit this to gain elevated privileges.\n (CVE-2021-26425, CVE-2021-26426, CVE-2021-34483,\n CVE-2021-34484, CVE-2021-34486, CVE-2021-34487,\n CVE-2021-34536, CVE-2021-34537, CVE-2021-36948)\n\n - An memory corruption vulnerability exists. An attacker\n can exploit this to corrupt the memory and cause\n unexpected behaviors within the system/application.\n (CVE-2021-34480)\n\n - An information disclosure vulnerability. An attacker can\n exploit this to disclose potentially sensitive\n information. (CVE-2021-26433, CVE-2021-36926,\n CVE-2021-36932, CVE-2021-36933, CVE-2021-36938)\");\n # https://support.microsoft.com/en-us/topic/august-10-2021-kb5005030-os-build-17763-2114-cec503ed-cc09-4641-bdc1-988153e0bd9a\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?34b43ea5\");\n script_set_attribute(attribute:\"solution\", value:\n\"Apply Cumulative Update KB5005030.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-36936\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/08/10\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/08/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/08/10\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:microsoft:windows\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows : Microsoft Bulletins\");\n\n script_copyright(english:\"This script is Copyright (C) 2021-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"smb_check_rollup.nasl\", \"smb_hotfixes.nasl\", \"ms_bulletin_checks_possible.nasl\");\n script_require_keys(\"SMB/MS_Bulletin_Checks/Possible\");\n script_require_ports(139, 445, \"Host/patch_management_checks\");\n\n exit(0);\n}\n\ninclude('smb_func.inc');\ninclude('smb_hotfixes.inc');\ninclude('smb_hotfixes_fcheck.inc');\ninclude('smb_reg_query.inc');\n\nget_kb_item_or_exit('SMB/MS_Bulletin_Checks/Possible');\n\nbulletin = 'MS21-08';\nkbs = make_list(\n '5005030'\n);\n\nif (get_kb_item('Host/patch_management_checks')) hotfix_check_3rd_party(bulletin:bulletin, kbs:kbs, severity:SECURITY_HOLE);\n\nget_kb_item_or_exit('SMB/Registry/Enumerated');\nget_kb_item_or_exit('SMB/WindowsVersion', exit_code:1);\n\nif (hotfix_check_sp_range(win10:'0') <= 0) audit(AUDIT_OS_SP_NOT_VULN);\n\nshare = hotfix_get_systemdrive(as_share:TRUE, exit_on_fail:TRUE);\nif (!is_accessible_share(share:share)) audit(AUDIT_SHARE_FAIL, share);\n\nif (\n smb_check_rollup(os:'10', \n sp:0,\n os_build:17763,\n rollup_date:'08_2021',\n bulletin:bulletin,\n rollup_kb_list:[5005030])\n)\n{\n replace_kb_item(name:'SMB/Missing/'+bulletin, value:TRUE);\n hotfix_security_hole();\n hotfix_check_fversion_end();\n exit(0);\n}\nelse\n{\n hotfix_check_fversion_end();\n audit(AUDIT_HOST_NOT, hotfix_get_audit_report());\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T15:32:50", "description": "The remote Windows host is missing security update 5005043.\nIt is, therefore, affected by multiple vulnerabilities :\n\n - A remote code execution vulnerability. An attacker can exploit this to bypass authentication and execute unauthorized arbitrary commands. (CVE-2021-26424, CVE-2021-26432, CVE-2021-34530, CVE-2021-34533, CVE-2021-34534, CVE-2021-34535, CVE-2021-36936, CVE-2021-36937, CVE-2021-36947)\n\n - A session spoofing vulnerability exists. An attacker can exploit this to perform actions with the privileges of another user. (CVE-2021-36942)\n\n - An elevation of privilege vulnerability. An attacker can exploit this to gain elevated privileges.\n (CVE-2021-26425, CVE-2021-26426, CVE-2021-34483, CVE-2021-34484, CVE-2021-34487, CVE-2021-34536, CVE-2021-34537)\n\n - An memory corruption vulnerability exists. An attacker can exploit this to corrupt the memory and cause unexpected behaviors within the system/application.\n (CVE-2021-34480)\n\n - An information disclosure vulnerability. An attacker can exploit this to disclose potentially sensitive information. (CVE-2021-26433, CVE-2021-36926, CVE-2021-36932, CVE-2021-36933, CVE-2021-36938)", "cvss3": {}, "published": "2021-08-10T00:00:00", "type": "nessus", "title": "KB5005043: Windows 10 Version 1607 and Windows Server 2016 Security Update (August 2021)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2021-26424", "CVE-2021-26425", "CVE-2021-26426", "CVE-2021-26432", "CVE-2021-26433", "CVE-2021-34480", "CVE-2021-34481", "CVE-2021-34483", "CVE-2021-34484", "CVE-2021-34487", "CVE-2021-34530", "CVE-2021-34533", "CVE-2021-34534", "CVE-2021-34535", "CVE-2021-34536", "CVE-2021-34537", "CVE-2021-36926", "CVE-2021-36932", "CVE-2021-36933", "CVE-2021-36936", "CVE-2021-36937", "CVE-2021-36938", "CVE-2021-36942", "CVE-2021-36947"], "modified": "2022-04-07T00:00:00", "cpe": ["cpe:/o:microsoft:windows"], "id": "SMB_NT_MS21_AUG_5005043.NASL", "href": "https://www.tenable.com/plugins/nessus/152434", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the Microsoft Security Updates API. The text\n# itself is copyright (C) Microsoft Corporation.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(152434);\n script_version(\"1.9\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/04/07\");\n\n script_cve_id(\n \"CVE-2021-26424\",\n \"CVE-2021-26425\",\n \"CVE-2021-26426\",\n \"CVE-2021-26432\",\n \"CVE-2021-26433\",\n \"CVE-2021-34480\",\n \"CVE-2021-34481\",\n \"CVE-2021-34483\",\n \"CVE-2021-34484\",\n \"CVE-2021-34487\",\n \"CVE-2021-34530\",\n \"CVE-2021-34533\",\n \"CVE-2021-34534\",\n \"CVE-2021-34535\",\n \"CVE-2021-34536\",\n \"CVE-2021-34537\",\n \"CVE-2021-36926\",\n \"CVE-2021-36932\",\n \"CVE-2021-36933\",\n \"CVE-2021-36936\",\n \"CVE-2021-36937\",\n \"CVE-2021-36938\",\n \"CVE-2021-36942\",\n \"CVE-2021-36947\"\n );\n script_xref(name:\"MSKB\", value:\"5005043\");\n script_xref(name:\"MSFT\", value:\"MS21-5005043\");\n script_xref(name:\"IAVA\", value:\"2021-A-0373-S\");\n script_xref(name:\"IAVA\", value:\"2021-A-0374-S\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2021/11/17\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2022/04/21\");\n\n script_name(english:\"KB5005043: Windows 10 Version 1607 and Windows Server 2016 Security Update (August 2021)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Windows host is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Windows host is missing security update 5005043.\nIt is, therefore, affected by multiple vulnerabilities :\n\n - A remote code execution vulnerability. An attacker can\n exploit this to bypass authentication and execute\n unauthorized arbitrary commands. (CVE-2021-26424,\n CVE-2021-26432, CVE-2021-34530, CVE-2021-34533,\n CVE-2021-34534, CVE-2021-34535, CVE-2021-36936,\n CVE-2021-36937, CVE-2021-36947)\n\n - A session spoofing vulnerability exists. An attacker can\n exploit this to perform actions with the privileges of\n another user. (CVE-2021-36942)\n\n - An elevation of privilege vulnerability. An attacker can\n exploit this to gain elevated privileges.\n (CVE-2021-26425, CVE-2021-26426, CVE-2021-34483,\n CVE-2021-34484, CVE-2021-34487, CVE-2021-34536,\n CVE-2021-34537)\n\n - An memory corruption vulnerability exists. An attacker\n can exploit this to corrupt the memory and cause\n unexpected behaviors within the system/application.\n (CVE-2021-34480)\n\n - An information disclosure vulnerability. An attacker can\n exploit this to disclose potentially sensitive\n information. (CVE-2021-26433, CVE-2021-36926,\n CVE-2021-36932, CVE-2021-36933, CVE-2021-36938)\");\n # https://support.microsoft.com/en-us/topic/august-10-2021-kb5005043-os-build-14393-4583-709d481e-b02a-4eb9-80d9-75c4b8170240\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?e5193663\");\n script_set_attribute(attribute:\"solution\", value:\n\"Apply Cumulative Update KB5005043.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-36936\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/08/10\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/08/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/08/10\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:microsoft:windows\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows : Microsoft Bulletins\");\n\n script_copyright(english:\"This script is Copyright (C) 2021-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"smb_check_rollup.nasl\", \"smb_hotfixes.nasl\", \"ms_bulletin_checks_possible.nasl\");\n script_require_keys(\"SMB/MS_Bulletin_Checks/Possible\");\n script_require_ports(139, 445, \"Host/patch_management_checks\");\n\n exit(0);\n}\n\ninclude('smb_func.inc');\ninclude('smb_hotfixes.inc');\ninclude('smb_hotfixes_fcheck.inc');\ninclude('smb_reg_query.inc');\n\nget_kb_item_or_exit('SMB/MS_Bulletin_Checks/Possible');\n\nbulletin = 'MS21-08';\nkbs = make_list(\n '5005043'\n);\n\nif (get_kb_item('Host/patch_management_checks')) hotfix_check_3rd_party(bulletin:bulletin, kbs:kbs, severity:SECURITY_HOLE);\n\nget_kb_item_or_exit('SMB/Registry/Enumerated');\nget_kb_item_or_exit('SMB/WindowsVersion', exit_code:1);\n\nif (hotfix_check_sp_range(win10:'0') <= 0) audit(AUDIT_OS_SP_NOT_VULN);\n\nshare = hotfix_get_systemdrive(as_share:TRUE, exit_on_fail:TRUE);\nif (!is_accessible_share(share:share)) audit(AUDIT_SHARE_FAIL, share);\n\nif (\n smb_check_rollup(os:'10', \n sp:0,\n os_build:14393,\n rollup_date:'08_2021',\n bulletin:bulletin,\n rollup_kb_list:[5005043])\n)\n{\n replace_kb_item(name:'SMB/Missing/'+bulletin, value:TRUE);\n hotfix_security_hole();\n hotfix_check_fversion_end();\n exit(0);\n}\nelse\n{\n hotfix_check_fversion_end();\n audit(AUDIT_HOST_NOT, hotfix_get_audit_report());\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T15:32:36", "description": "The remote Windows host is missing security update 5005106 or cumulative update 5005076. It is, therefore, affected by multiple vulnerabilities :\n\n - An elevation of privilege vulnerability. An attacker can exploit this to gain elevated privileges.\n (CVE-2021-26425, CVE-2021-26426, CVE-2021-34483, CVE-2021-34484, CVE-2021-34537, CVE-2021-36927)\n\n - A session spoofing vulnerability exists. An attacker can exploit this to perform actions with the privileges of another user. (CVE-2021-36942)\n\n - A remote code execution vulnerability. An attacker can exploit this to bypass authentication and execute unauthorized arbitrary commands. (CVE-2021-26424, CVE-2021-26432, CVE-2021-34533, CVE-2021-34535, CVE-2021-36936, CVE-2021-36937, CVE-2021-36947)\n\n - An information disclosure vulnerability. An attacker can exploit this to disclose potentially sensitive information. (CVE-2021-26433, CVE-2021-36926, CVE-2021-36932, CVE-2021-36933)\n\n - An memory corruption vulnerability exists. An attacker can exploit this to corrupt the memory and cause unexpected behaviors within the system/application.\n (CVE-2021-34480)", "cvss3": {}, "published": "2021-08-10T00:00:00", "type": "nessus", "title": "KB5005106: Windows Server 2012 R2 Security Update (August 2021)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2021-26424", "CVE-2021-26425", "CVE-2021-26426", "CVE-2021-26432", "CVE-2021-26433", "CVE-2021-34480", "CVE-2021-34481", "CVE-2021-34483", "CVE-2021-34484", "CVE-2021-34533", "CVE-2021-34535", "CVE-2021-34537", "CVE-2021-36926", "CVE-2021-36927", "CVE-2021-36932", "CVE-2021-36933", "CVE-2021-36936", "CVE-2021-36937", "CVE-2021-36942", "CVE-2021-36947"], "modified": "2022-04-07T00:00:00", "cpe": ["cpe:/o:microsoft:windows"], "id": "SMB_NT_MS21_AUG_5005106.NASL", "href": "https://www.tenable.com/plugins/nessus/152433", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the Microsoft Security Updates API. The text\n# itself is copyright (C) Microsoft Corporation.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(152433);\n script_version(\"1.9\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/04/07\");\n\n script_cve_id(\n \"CVE-2021-26424\",\n \"CVE-2021-26425\",\n \"CVE-2021-26426\",\n \"CVE-2021-26432\",\n \"CVE-2021-26433\",\n \"CVE-2021-34480\",\n \"CVE-2021-34481\",\n \"CVE-2021-34483\",\n \"CVE-2021-34484\",\n \"CVE-2021-34533\",\n \"CVE-2021-34535\",\n \"CVE-2021-34537\",\n \"CVE-2021-36926\",\n \"CVE-2021-36927\",\n \"CVE-2021-36932\",\n \"CVE-2021-36933\",\n \"CVE-2021-36936\",\n \"CVE-2021-36937\",\n \"CVE-2021-36942\",\n \"CVE-2021-36947\"\n );\n script_xref(name:\"MSKB\", value:\"5005036\");\n script_xref(name:\"MSKB\", value:\"5005076\");\n script_xref(name:\"MSKB\", value:\"5005106\");\n script_xref(name:\"MSFT\", value:\"MS21-5005036\");\n script_xref(name:\"MSFT\", value:\"MS21-5005076\");\n script_xref(name:\"MSFT\", value:\"MS21-5005106\");\n script_xref(name:\"IAVA\", value:\"2021-A-0373-S\");\n script_xref(name:\"IAVA\", value:\"2021-A-0374-S\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2021/11/17\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2022/04/21\");\n\n script_name(english:\"KB5005106: Windows Server 2012 R2 Security Update (August 2021)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Windows host is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Windows host is missing security update 5005106\nor cumulative update 5005076. It is, therefore, affected by\nmultiple vulnerabilities :\n\n - An elevation of privilege vulnerability. An attacker can\n exploit this to gain elevated privileges.\n (CVE-2021-26425, CVE-2021-26426, CVE-2021-34483,\n CVE-2021-34484, CVE-2021-34537, CVE-2021-36927)\n\n - A session spoofing vulnerability exists. An attacker can\n exploit this to perform actions with the privileges of\n another user. (CVE-2021-36942)\n\n - A remote code execution vulnerability. An attacker can\n exploit this to bypass authentication and execute\n unauthorized arbitrary commands. (CVE-2021-26424,\n CVE-2021-26432, CVE-2021-34533, CVE-2021-34535,\n CVE-2021-36936, CVE-2021-36937, CVE-2021-36947)\n\n - An information disclosure vulnerability. An attacker can\n exploit this to disclose potentially sensitive\n information. (CVE-2021-26433, CVE-2021-36926,\n CVE-2021-36932, CVE-2021-36933)\n\n - An memory corruption vulnerability exists. An attacker\n can exploit this to corrupt the memory and cause\n unexpected behaviors within the system/application.\n (CVE-2021-34480)\");\n # https://support.microsoft.com/en-us/topic/kb5005036-cumulative-security-update-for-internet-explorer-august-10-2021-621b1edb-b461-4d99-ae3e-5add55e53895\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?0fe73cef\");\n # https://support.microsoft.com/en-us/topic/august-10-2021-kb5005076-monthly-rollup-bf677fed-96d9-475e-87c1-a053fa75fef7\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?0e0382f6\");\n # https://support.microsoft.com/en-us/topic/august-10-2021-kb5005106-security-only-update-d1ab5a34-55c1-4f66-8776-54a0c3bf40a7\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?57da6a50\");\n script_set_attribute(attribute:\"solution\", value:\n\"Apply Security Only update KB5005106 or Cumulative Update KB5005076.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-36936\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/08/10\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/08/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/08/10\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:microsoft:windows\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows : Microsoft Bulletins\");\n\n script_copyright(english:\"This script is Copyright (C) 2021-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"smb_check_rollup.nasl\", \"smb_hotfixes.nasl\", \"ms_bulletin_checks_possible.nasl\");\n script_require_keys(\"SMB/MS_Bulletin_Checks/Possible\");\n script_require_ports(139, 445, \"Host/patch_management_checks\");\n\n exit(0);\n}\n\ninclude('smb_func.inc');\ninclude('smb_hotfixes.inc');\ninclude('smb_hotfixes_fcheck.inc');\ninclude('smb_reg_query.inc');\n\nget_kb_item_or_exit('SMB/MS_Bulletin_Checks/Possible');\n\nbulletin = 'MS21-08';\nkbs = make_list(\n '5005106',\n '5005076'\n);\n\nif (get_kb_item('Host/patch_management_checks')) hotfix_check_3rd_party(bulletin:bulletin, kbs:kbs, severity:SECURITY_HOLE);\n\nget_kb_item_or_exit('SMB/Registry/Enumerated');\nget_kb_item_or_exit('SMB/WindowsVersion', exit_code:1);\n\nif (hotfix_check_sp_range(win81:'0') <= 0) audit(AUDIT_OS_SP_NOT_VULN);\n\nshare = hotfix_get_systemdrive(as_share:TRUE, exit_on_fail:TRUE);\nif (!is_accessible_share(share:share)) audit(AUDIT_SHARE_FAIL, share);\n\nif (\n smb_check_rollup(os:'6.3', \n sp:0,\n rollup_date:'08_2021',\n bulletin:bulletin,\n rollup_kb_list:[5005106, 5005076])\n)\n{\n replace_kb_item(name:'SMB/Missing/'+bulletin, value:TRUE);\n hotfix_security_hole();\n hotfix_check_fversion_end();\n exit(0);\n}\nelse\n{\n hotfix_check_fversion_end();\n audit(AUDIT_HOST_NOT, hotfix_get_audit_report());\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T15:32:36", "description": "The remote Windows host is missing security update 5005094 or cumulative update 5005099. It is, therefore, affected by multiple vulnerabilities :\n\n - An elevation of privilege vulnerability. An attacker can exploit this to gain elevated privileges.\n (CVE-2021-26425, CVE-2021-26426, CVE-2021-34483, CVE-2021-34484, CVE-2021-36927)\n\n - A session spoofing vulnerability exists. An attacker can exploit this to perform actions with the privileges of another user. (CVE-2021-36942)\n\n - A remote code execution vulnerability. An attacker can exploit this to bypass authentication and execute unauthorized arbitrary commands. (CVE-2021-26424, CVE-2021-26432, CVE-2021-34533, CVE-2021-34535, CVE-2021-36936, CVE-2021-36937, CVE-2021-36947)\n\n - An information disclosure vulnerability. An attacker can exploit this to disclose potentially sensitive information. (CVE-2021-26433, CVE-2021-36926, CVE-2021-36932, CVE-2021-36933)\n\n - An memory corruption vulnerability exists. An attacker can exploit this to corrupt the memory and cause unexpected behaviors within the system/application.\n (CVE-2021-34480)", "cvss3": {}, "published": "2021-08-10T00:00:00", "type": "nessus", "title": "KB5005094: Windows Server 2012 Security Update (August 2021)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2021-26424", "CVE-2021-26425", "CVE-2021-26426", "CVE-2021-26432", "CVE-2021-26433", "CVE-2021-34480", "CVE-2021-34481", "CVE-2021-34483", "CVE-2021-34484", "CVE-2021-34533", "CVE-2021-34535", "CVE-2021-36926", "CVE-2021-36927", "CVE-2021-36932", "CVE-2021-36933", "CVE-2021-36936", "CVE-2021-36937", "CVE-2021-36942", "CVE-2021-36947"], "modified": "2022-04-07T00:00:00", "cpe": ["cpe:/o:microsoft:windows"], "id": "SMB_NT_MS21_AUG_5005094.NASL", "href": "https://www.tenable.com/plugins/nessus/152421", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the Microsoft Security Updates API. The text\n# itself is copyright (C) Microsoft Corporation.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(152421);\n script_version(\"1.9\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/04/07\");\n\n script_cve_id(\n \"CVE-2021-26424\",\n \"CVE-2021-26425\",\n \"CVE-2021-26426\",\n \"CVE-2021-26432\",\n \"CVE-2021-26433\",\n \"CVE-2021-34480\",\n \"CVE-2021-34481\",\n \"CVE-2021-34483\",\n \"CVE-2021-34484\",\n \"CVE-2021-34533\",\n \"CVE-2021-34535\",\n \"CVE-2021-36926\",\n \"CVE-2021-36927\",\n \"CVE-2021-36932\",\n \"CVE-2021-36933\",\n \"CVE-2021-36936\",\n \"CVE-2021-36937\",\n \"CVE-2021-36942\",\n \"CVE-2021-36947\"\n );\n script_xref(name:\"MSKB\", value:\"5005094\");\n script_xref(name:\"MSKB\", value:\"5005036\");\n script_xref(name:\"MSKB\", value:\"5005099\");\n script_xref(name:\"MSFT\", value:\"MS21-5005094\");\n script_xref(name:\"MSFT\", value:\"MS21-5005036\");\n script_xref(name:\"MSFT\", value:\"MS21-5005099\");\n script_xref(name:\"IAVA\", value:\"2021-A-0373-S\");\n script_xref(name:\"IAVA\", value:\"2021-A-0374-S\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2021/11/17\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2022/04/21\");\n\n script_name(english:\"KB5005094: Windows Server 2012 Security Update (August 2021)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Windows host is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Windows host is missing security update 5005094\nor cumulative update 5005099. It is, therefore, affected by\nmultiple vulnerabilities :\n\n - An elevation of privilege vulnerability. An attacker can\n exploit this to gain elevated privileges.\n (CVE-2021-26425, CVE-2021-26426, CVE-2021-34483,\n CVE-2021-34484, CVE-2021-36927)\n\n - A session spoofing vulnerability exists. An attacker can\n exploit this to perform actions with the privileges of\n another user. (CVE-2021-36942)\n\n - A remote code execution vulnerability. An attacker can\n exploit this to bypass authentication and execute\n unauthorized arbitrary commands. (CVE-2021-26424,\n CVE-2021-26432, CVE-2021-34533, CVE-2021-34535,\n CVE-2021-36936, CVE-2021-36937, CVE-2021-36947)\n\n - An information disclosure vulnerability. An attacker can\n exploit this to disclose potentially sensitive\n information. (CVE-2021-26433, CVE-2021-36926,\n CVE-2021-36932, CVE-2021-36933)\n\n - An memory corruption vulnerability exists. An attacker\n can exploit this to corrupt the memory and cause\n unexpected behaviors within the system/application.\n (CVE-2021-34480)\");\n # https://support.microsoft.com/en-us/topic/august-10-2021-kb5005094-security-only-update-276b95ad-c923-454c-8758-5b90175d86cc\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?ed9c2c14\");\n # https://support.microsoft.com/en-us/topic/kb5005036-cumulative-security-update-for-internet-explorer-august-10-2021-621b1edb-b461-4d99-ae3e-5add55e53895\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?0fe73cef\");\n # https://support.microsoft.com/en-us/topic/august-10-2021-kb5005099-monthly-rollup-34a20feb-f899-4d10-91e0-d5ab32c4e009\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?9af3c64c\");\n script_set_attribute(attribute:\"solution\", value:\n\"Apply Security Only update KB5005094 or Cumulative Update KB5005099.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-36936\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/08/10\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/08/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/08/10\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:microsoft:windows\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows : Microsoft Bulletins\");\n\n script_copyright(english:\"This script is Copyright (C) 2021-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"smb_check_rollup.nasl\", \"smb_hotfixes.nasl\", \"ms_bulletin_checks_possible.nasl\");\n script_require_keys(\"SMB/MS_Bulletin_Checks/Possible\");\n script_require_ports(139, 445, \"Host/patch_management_checks\");\n\n exit(0);\n}\ninclude('smb_func.inc');\ninclude('smb_hotfixes.inc');\ninclude('smb_hotfixes_fcheck.inc');\ninclude('smb_reg_query.inc');\n\nget_kb_item_or_exit('SMB/MS_Bulletin_Checks/Possible');\n\nbulletin = 'MS21-08';\nkbs = make_list(\n '5005099',\n '5005094'\n);\n\nif (get_kb_item('Host/patch_management_checks')) hotfix_check_3rd_party(bulletin:bulletin, kbs:kbs, severity:SECURITY_HOLE);\n\nget_kb_item_or_exit('SMB/Registry/Enumerated');\nget_kb_item_or_exit('SMB/WindowsVersion', exit_code:1);\n\nif (hotfix_check_sp_range(win8:'0') <= 0) audit(AUDIT_OS_SP_NOT_VULN);\n\nshare = hotfix_get_systemdrive(as_share:TRUE, exit_on_fail:TRUE);\nif (!is_accessible_share(share:share)) audit(AUDIT_SHARE_FAIL, share);\n\nif (\n smb_check_rollup(os:'6.2', \n sp:0,\n rollup_date:'08_2021',\n bulletin:bulletin,\n rollup_kb_list:[5005099, 5005094])\n)\n{\n replace_kb_item(name:'SMB/Missing/'+bulletin, value:TRUE);\n hotfix_security_hole();\n hotfix_check_fversion_end();\n exit(0);\n}\nelse\n{\n hotfix_check_fversion_end();\n audit(AUDIT_HOST_NOT, hotfix_get_audit_report());\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T15:32:06", "description": "The remote Windows host is missing security update 5005089 or cumulative update 5005088. It is, therefore, affected by multiple vulnerabilities :\n\n - An elevation of privilege vulnerability. An attacker can exploit this to gain elevated privileges.\n (CVE-2021-26425, CVE-2021-34483, CVE-2021-34484, CVE-2021-34537, CVE-2021-36927)\n\n - A session spoofing vulnerability exists. An attacker can exploit this to perform actions with the privileges of another user. (CVE-2021-36942)\n\n - A remote code execution vulnerability. An attacker can exploit this to bypass authentication and execute unauthorized arbitrary commands. (CVE-2021-26424, CVE-2021-34533, CVE-2021-34535, CVE-2021-36936, CVE-2021-36937, CVE-2021-36947)\n\n - An memory corruption vulnerability exists. An attacker can exploit this to corrupt the memory and cause unexpected behaviors within the system/application.\n (CVE-2021-34480)", "cvss3": {}, "published": "2021-08-10T00:00:00", "type": "nessus", "title": "KB5005089: Windows 7 and Windows Server 2008 R2 Security Update (August 2021)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2021-26424", "CVE-2021-26425", "CVE-2021-34480", "CVE-2021-34481", "CVE-2021-34483", "CVE-2021-34484", "CVE-2021-34533", "CVE-2021-34535", "CVE-2021-34537", "CVE-2021-36927", "CVE-2021-36936", "CVE-2021-36937", "CVE-2021-36942", "CVE-2021-36947"], "modified": "2022-08-30T00:00:00", "cpe": ["cpe:/o:microsoft:windows"], "id": "SMB_NT_MS21_AUG_5005089.NASL", "href": "https://www.tenable.com/plugins/nessus/152436", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the Microsoft Security Updates API. The text\n# itself is copyright (C) Microsoft Corporation.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(152436);\n script_version(\"1.9\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/08/30\");\n\n script_cve_id(\n \"CVE-2021-26424\",\n \"CVE-2021-26425\",\n \"CVE-2021-34480\",\n \"CVE-2021-34481\",\n \"CVE-2021-34483\",\n \"CVE-2021-34484\",\n \"CVE-2021-34533\",\n \"CVE-2021-34535\",\n \"CVE-2021-34537\",\n \"CVE-2021-36927\",\n \"CVE-2021-36936\",\n \"CVE-2021-36937\",\n \"CVE-2021-36942\",\n \"CVE-2021-36947\"\n );\n script_xref(name:\"IAVA\", value:\"2021-A-0373-S\");\n script_xref(name:\"IAVA\", value:\"2021-A-0374-S\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2021/11/17\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2022/04/21\");\n script_xref(name:\"MSKB\", value:\"5005036\");\n script_xref(name:\"MSKB\", value:\"5005088\");\n script_xref(name:\"MSKB\", value:\"5005089\");\n script_xref(name:\"MSFT\", value:\"MS21-5005036\");\n script_xref(name:\"MSFT\", value:\"MS21-5005088\");\n script_xref(name:\"MSFT\", value:\"MS21-5005089\");\n\n script_name(english:\"KB5005089: Windows 7 and Windows Server 2008 R2 Security Update (August 2021)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Windows host is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Windows host is missing security update 5005089\nor cumulative update 5005088. It is, therefore, affected by\nmultiple vulnerabilities :\n\n - An elevation of privilege vulnerability. An attacker can\n exploit this to gain elevated privileges.\n (CVE-2021-26425, CVE-2021-34483, CVE-2021-34484,\n CVE-2021-34537, CVE-2021-36927)\n\n - A session spoofing vulnerability exists. An attacker can\n exploit this to perform actions with the privileges of\n another user. (CVE-2021-36942)\n\n - A remote code execution vulnerability. An attacker can\n exploit this to bypass authentication and execute\n unauthorized arbitrary commands. (CVE-2021-26424,\n CVE-2021-34533, CVE-2021-34535, CVE-2021-36936,\n CVE-2021-36937, CVE-2021-36947)\n\n - An memory corruption vulnerability exists. An attacker\n can exploit this to corrupt the memory and cause\n unexpected behaviors within the system/application.\n (CVE-2021-34480)\");\n # https://support.microsoft.com/en-us/topic/august-10-2021-kb5005089-security-only-update-28805642-8266-40f9-a2be-9003329f661c\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?383d9541\");\n # https://support.microsoft.com/en-us/topic/august-10-2021-kb5005088-monthly-rollup-69ec750d-30ee-4cbd-82eb-0b1ec2fd5f78\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?7d931097\");\n # https://support.microsoft.com/en-us/topic/kb5005036-cumulative-security-update-for-internet-explorer-august-10-2021-621b1edb-b461-4d99-ae3e-5add55e53895\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?0fe73cef\");\n script_set_attribute(attribute:\"solution\", value:\n\"Apply Security Only update KB5005089 or Cumulative Update KB5005088.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-36936\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/08/10\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/08/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/08/10\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:microsoft:windows\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows : Microsoft Bulletins\");\n\n script_copyright(english:\"This script is Copyright (C) 2021-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"smb_check_rollup.nasl\", \"smb_hotfixes.nasl\", \"ms_bulletin_checks_possible.nasl\");\n script_require_keys(\"SMB/MS_Bulletin_Checks/Possible\");\n script_require_ports(139, 445, \"Host/patch_management_checks\");\n\n exit(0);\n}\n\ninclude('smb_func.inc');\ninclude('smb_hotfixes.inc');\ninclude('smb_hotfixes_fcheck.inc');\ninclude('smb_reg_query.inc');\n\nget_kb_item_or_exit('SMB/MS_Bulletin_Checks/Possible');\n\nbulletin = 'MS21-08';\nkbs = make_list(\n '5005089',\n '5005088'\n);\n\nif (get_kb_item('Host/patch_management_checks')) hotfix_check_3rd_party(bulletin:bulletin, kbs:kbs, severity:SECURITY_HOLE);\n\nget_kb_item_or_exit('SMB/Registry/Enumerated');\nget_kb_item_or_exit('SMB/WindowsVersion', exit_code:1);\n\nif (hotfix_check_sp_range(win7:'1') <= 0) audit(AUDIT_OS_SP_NOT_VULN);\n\nshare = hotfix_get_systemdrive(as_share:TRUE, exit_on_fail:TRUE);\nif (!is_accessible_share(share:share)) audit(AUDIT_SHARE_FAIL, share);\n\nif (\n smb_check_rollup(os:'6.1', \n sp:1,\n rollup_date:'08_2021',\n bulletin:bulletin,\n rollup_kb_list:[5005089, 5005088])\n)\n{\n replace_kb_item(name:'SMB/Missing/'+bulletin, value:TRUE);\n hotfix_security_hole();\n hotfix_check_fversion_end();\n exit(0);\n}\nelse\n{\n hotfix_check_fversion_end();\n audit(AUDIT_HOST_NOT, hotfix_get_audit_report());\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T15:32:36", "description": "The remote Windows host is missing security update 5005095 or cumulative update 5005090. It is, therefore, affected by multiple vulnerabilities :\n\n - A remote code execution vulnerability. An attacker can exploit this to bypass authentication and execute unauthorized arbitrary commands. (CVE-2021-26424, CVE-2021-34533, CVE-2021-36936, CVE-2021-36937, CVE-2021-36947)\n\n - A session spoofing vulnerability exists. An attacker can exploit this to perform actions with the privileges of another user. (CVE-2021-36942)\n\n - An elevation of privilege vulnerability. An attacker can exploit this to gain elevated privileges.\n (CVE-2021-26425, CVE-2021-34483, CVE-2021-34484, CVE-2021-36927)", "cvss3": {}, "published": "2021-08-10T00:00:00", "type": "nessus", "title": "KB5005095: Windows Server 2008 Security Update (August 2021)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2021-26424", "CVE-2021-26425", "CVE-2021-34481", "CVE-2021-34483", "CVE-2021-34484", "CVE-2021-34533", "CVE-2021-36927", "CVE-2021-36936", "CVE-2021-36937", "CVE-2021-36942", "CVE-2021-36947"], "modified": "2022-04-07T00:00:00", "cpe": ["cpe:/o:microsoft:windows"], "id": "SMB_NT_MS21_AUG_5005095.NASL", "href": "https://www.tenable.com/plugins/nessus/152425", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the Microsoft Security Updates API. The text\n# itself is copyright (C) Microsoft Corporation.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(152425);\n script_version(\"1.9\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/04/07\");\n\n script_cve_id(\n \"CVE-2021-26424\",\n \"CVE-2021-26425\",\n \"CVE-2021-34481\",\n \"CVE-2021-34483\",\n \"CVE-2021-34484\",\n \"CVE-2021-34533\",\n \"CVE-2021-36927\",\n \"CVE-2021-36936\",\n \"CVE-2021-36937\",\n \"CVE-2021-36942\",\n \"CVE-2021-36947\"\n );\n script_xref(name:\"MSKB\", value:\"5005095\");\n script_xref(name:\"MSKB\", value:\"5005090\");\n script_xref(name:\"MSFT\", value:\"MS21-5005095\");\n script_xref(name:\"MSFT\", value:\"MS21-5005090\");\n script_xref(name:\"IAVA\", value:\"2021-A-0373-S\");\n script_xref(name:\"IAVA\", value:\"2021-A-0374-S\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2021/11/17\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2022/04/21\");\n\n script_name(english:\"KB5005095: Windows Server 2008 Security Update (August 2021)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Windows host is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Windows host is missing security update 5005095\nor cumulative update 5005090. It is, therefore, affected by\nmultiple vulnerabilities :\n\n - A remote code execution vulnerability. An attacker can\n exploit this to bypass authentication and execute\n unauthorized arbitrary commands. (CVE-2021-26424,\n CVE-2021-34533, CVE-2021-36936, CVE-2021-36937,\n CVE-2021-36947)\n\n - A session spoofing vulnerability exists. An attacker can\n exploit this to perform actions with the privileges of\n another user. (CVE-2021-36942)\n\n - An elevation of privilege vulnerability. An attacker can\n exploit this to gain elevated privileges.\n (CVE-2021-26425, CVE-2021-34483, CVE-2021-34484,\n CVE-2021-36927)\");\n # https://support.microsoft.com/en-us/topic/august-10-2021-kb5005095-security-only-update-a324fdbb-ce90-4c4d-8d9d-e9f2f2a57e0e\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?de72daa6\");\n # https://support.microsoft.com/en-us/topic/august-10-2021-kb5005090-monthly-rollup-8feea9cd-25f9-41ef-b8e1-815211dc4e6c\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?910509c6\");\n script_set_attribute(attribute:\"solution\", value:\n\"Apply Security Only update KB5005095 or Cumulative Update KB5005090.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-36936\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/08/10\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/08/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/08/10\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:microsoft:windows\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows : Microsoft Bulletins\");\n\n script_copyright(english:\"This script is Copyright (C) 2021-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"smb_check_rollup.nasl\", \"smb_hotfixes.nasl\", \"ms_bulletin_checks_possible.nasl\");\n script_require_keys(\"SMB/MS_Bulletin_Checks/Possible\");\n script_require_ports(139, 445, \"Host/patch_management_checks\");\n\n exit(0);\n}\n\ninclude('smb_func.inc');\ninclude('smb_hotfixes.inc');\ninclude('smb_hotfixes_fcheck.inc');\ninclude('smb_reg_query.inc');\n\nget_kb_item_or_exit('SMB/MS_Bulletin_Checks/Possible');\n\nbulletin = 'MS21-08';\nkbs = make_list(\n '5005095',\n '5005090'\n);\n\nif (get_kb_item('Host/patch_management_checks')) hotfix_check_3rd_party(bulletin:bulletin, kbs:kbs, severity:SECURITY_HOLE);\n\nget_kb_item_or_exit('SMB/Registry/Enumerated');\nget_kb_item_or_exit('SMB/WindowsVersion', exit_code:1);\n\nif (hotfix_check_sp_range(vista:'2') <= 0) audit(AUDIT_OS_SP_NOT_VULN);\n\nshare = hotfix_get_systemdrive(as_share:TRUE, exit_on_fail:TRUE);\nif (!is_accessible_share(share:share)) audit(AUDIT_SHARE_FAIL, share);\n\nif (\n smb_check_rollup(os:'6.0', \n sp:2,\n rollup_date:'08_2021',\n bulletin:bulletin,\n rollup_kb_list:[5005095, 5005090])\n)\n{\n replace_kb_item(name:'SMB/Missing/'+bulletin, value:TRUE);\n hotfix_security_hole();\n hotfix_check_fversion_end();\n exit(0);\n}\nelse\n{\n hotfix_check_fversion_end();\n audit(AUDIT_HOST_NOT, hotfix_get_audit_report());\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T15:32:21", "description": "The Windows Remote Desktop client for Windows installed on the remote host is affected by a remote code execution vulnerability. An attacker who successfully exploited the vulnerability could execute arbitrary code.", "cvss3": {}, "published": "2021-08-19T00:00:00", "type": "nessus", "title": "Remote Desktop client for Windows RCE (August 2021)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2021-34535"], "modified": "2021-08-20T00:00:00", "cpe": ["cpe:/o:microsoft:windows"], "id": "SMB_NT_MS21_AUG_RDC.NASL", "href": "https://www.tenable.com/plugins/nessus/152669", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# Tenable Network Security, Inc.\n##\n# The descriptive text and package checks in this plugin were\n# extracted from the Microsoft Security Updates API. The text\n# itself is copyright (C) Microsoft Corporation.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(152669);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/08/20\");\n\n script_cve_id(\"CVE-2021-34535\");\n\n script_name(english:\"Remote Desktop client for Windows RCE (August 2021)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The Windows app installed on the remote host is affected by a remote code\nexecution vulnerability.\");\n script_set_attribute(attribute:\"description\", value:\n\"The Windows Remote Desktop client for Windows installed on the remote\nhost is affected by a remote code execution vulnerability. An attacker who\nsuccessfully exploited the vulnerability could execute arbitrary code.\");\n # https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-34535\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?d2a45a5b\");\n # https://docs.microsoft.com/en-us/windows-server/remote/remote-desktop-services/clients/windowsdesktop-whatsnew#updates-for-version-122223\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?bb5c6218\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to client version 1.2.2223 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-34535\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/08/10\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/08/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/08/19\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:microsoft:windows\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows\");\n\n script_copyright(english:\"This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"remote_desktop_installed.nbin\");\n script_require_keys(\"installed_sw/Microsoft Remote Desktop\");\n\n exit(0);\n}\n\ninclude('vcf.inc');\n\nvar appname = \"Microsoft Remote Desktop\";\n\nvar app_info = vcf::get_app_info(app:appname, win_local:TRUE);\n\nvcf::check_granularity(app_info:app_info, sig_segments:3);\n\nvar constraints = [\n { 'fixed_version' : '1.2.2223.0' }\n];\n\nvcf::check_version_and_report(app_info:app_info, constraints:constraints, severity:SECURITY_WARNING);\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T15:32:49", "description": "The Internet Explorer installation on the remote host is missing a security update. It is, therefore, affected by a memory corruption error in the scripting engine. An unauthenticated, remote attacker can exploit this to execute arbitrary commands. (CVE-2021-34480)", "cvss3": {}, "published": "2021-08-10T00:00:00", "type": "nessus", "title": "Security Updates for Internet Explorer (August 2021)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2021-34480"], "modified": "2021-08-25T00:00:00", "cpe": ["cpe:/a:microsoft:ie"], "id": "SMB_NT_MS21_AUG_INTERNET_EXPLORER.NASL", "href": "https://www.tenable.com/plugins/nessus/152432", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(152432);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/08/25\");\n\n script_cve_id(\"CVE-2021-34480\");\n script_xref(name:\"MSKB\", value:\"5005036\");\n script_xref(name:\"MSKB\", value:\"5005076\");\n script_xref(name:\"MSKB\", value:\"5005088\");\n script_xref(name:\"MSKB\", value:\"5005090\");\n script_xref(name:\"MSKB\", value:\"5005099\");\n script_xref(name:\"MSFT\", value:\"MS21-5005036\");\n script_xref(name:\"MSFT\", value:\"MS21-5005076\");\n script_xref(name:\"MSFT\", value:\"MS21-5005088\");\n script_xref(name:\"MSFT\", value:\"MS21-5005090\");\n script_xref(name:\"MSFT\", value:\"MS21-5005099\");\n\n script_name(english:\"Security Updates for Internet Explorer (August 2021)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The Internet Explorer installation on the remote host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"The Internet Explorer installation on the remote host is missing a security update. It is, therefore, affected by a\nmemory corruption error in the scripting engine. An unauthenticated, remote attacker can exploit this to execute\narbitrary commands. (CVE-2021-34480)\");\n script_set_attribute(attribute:\"see_also\", value:\"https://support.microsoft.com/en-us/topic/5005036\");\n script_set_attribute(attribute:\"see_also\", value:\"https://support.microsoft.com/en-us/topic/5005076\");\n script_set_attribute(attribute:\"see_also\", value:\"https://support.microsoft.com/en-us/topic/5005088\");\n script_set_attribute(attribute:\"see_also\", value:\"https://support.microsoft.com/en-us/topic/5005090\");\n script_set_attribute(attribute:\"see_also\", value:\"https://support.microsoft.com/en-us/topic/5005099\");\n script_set_attribute(attribute:\"solution\", value:\n\"Microsoft has released the following security updates to address this issue: \n -KB5005036\n -KB5005076\n -KB5005088\n -KB5005090\n -KB5005099\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-34480\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/08/10\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/08/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/08/10\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:microsoft:ie\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows : Microsoft Bulletins\");\n\n script_copyright(english:\"This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"smb_check_rollup.nasl\", \"smb_hotfixes.nasl\", \"ms_bulletin_checks_possible.nasl\");\n script_require_keys(\"SMB/MS_Bulletin_Checks/Possible\");\n script_require_ports(139, 445, \"Host/patch_management_checks\");\n\n exit(0);\n}\ninclude('smb_hotfixes_fcheck.inc');\ninclude('smb_hotfixes.inc');\ninclude('smb_func.inc');\n\nget_kb_item_or_exit('SMB/MS_Bulletin_Checks/Possible');\n\nvar bulletin = 'MS21-08';\nvar kbs = make_list(\n '5005036',\n '5005076',\n '5005088',\n '5005090',\n '5005099'\n);\n\nif (get_kb_item('Host/patch_management_checks')) hotfix_check_3rd_party(bulletin:bulletin, kbs:kbs, severity:SECURITY_WARNING);\n\nget_kb_item_or_exit('SMB/Registry/Enumerated');\nvar os = get_kb_item_or_exit('SMB/WindowsVersion', exit_code:1);\n\nif (hotfix_check_sp_range(vista:'2', win7:'1', win8:'0', win81:'0') <= 0) audit(AUDIT_OS_SP_NOT_VULN);\n\nvar productname = get_kb_item_or_exit('SMB/ProductName', exit_code:1);\nif ('Windows 8' >< productname && '8.1' >!< productname)\n audit(AUDIT_OS_SP_NOT_VULN);\nif ('Vista' >< productname) audit(AUDIT_OS_SP_NOT_VULN);\n\nif (hotfix_check_server_core() == 1) audit(AUDIT_WIN_SERVER_CORE);\n\nvar share = hotfix_get_systemdrive(as_share:TRUE, exit_on_fail:TRUE);\nif (!is_accessible_share(share:share)) audit(AUDIT_SHARE_FAIL, share);\n\nif (\n # Windows 8.1 / Windows Server 2012 R2\n # Internet Explorer 11\n hotfix_is_vulnerable(os:'6.3', sp:0, file:'mshtml.dll', version:'11.0.9600.20091', min_version:'11.0.9600.16000', dir:'\\\\system32', bulletin:bulletin, kb:'5005036') ||\n\n # Windows Server 2012\n # Internet Explorer 11\n hotfix_is_vulnerable(os:'6.2', sp:0, file:'mshtml.dll', version:'11.0.9600.20091', min_version:'11.0.9600.16000', dir:'\\\\system32', bulletin:bulletin, kb:'5005036') ||\n\n # Windows 7 / Server 2008 R2\n # Internet Explorer 11\n hotfix_is_vulnerable(os:'6.1', sp:1, file:'mshtml.dll', version:'11.0.9600.20091', min_version:'11.0.9600.16000', dir:'\\\\system32', bulletin:bulletin, kb:'5005036') ||\n\n # Windows Server 2008\n # Internet Explorer 9\n hotfix_is_vulnerable(os:'6.0', sp:2, file:'mshtml.dll', version:'9.0.8112.21581', min_version:'9.0.8112.16000', dir:'\\\\system32', bulletin:bulletin, kb:'5005036')\n)\n{\n var report = '\\nNote: The fix for this issue is available in either of the following updates:\\n';\n report += ' - KB5005036 : Cumulative Security Update for Internet Explorer\\n';\n\n if(os == '6.3')\n {\n report += ' - KB5005076 : Windows 8.1 / Server 2012 R2 Monthly Rollup\\n';\n hotfix_add_report(bulletin:bulletin, kb:'5005076', report);\n }\n else if(os == '6.2')\n {\n report += ' - KB5005099 : Windows Server 2012 Monthly Rollup\\n';\n hotfix_add_report(bulletin:bulletin, kb:'5005099', report);\n }\n else if(os == '6.1')\n {\n report += ' - KB5005088 : Windows 7 / Server 2008 R2 Monthly Rollup\\n';\n hotfix_add_report(bulletin:bulletin, kb:'5005088', report);\n }\n else if(os == '6.0')\n {\n report += ' - KB5005090 : Windows Server 2008 Monthly Rollup\\n';\n hotfix_add_report(bulletin:bulletin, kb:'5005090', report);\n }\n\n set_kb_item(name:'SMB/Missing/'+bulletin, value:TRUE);\n\n var port = kb_smb_transport();\n\n hotfix_security_warning();\n hotfix_check_fversion_end();\n}\nelse\n{\n hotfix_check_fversion_end();\n audit(AUDIT_HOST_NOT, hotfix_get_audit_report());\n}\n\n", "cvss": {"score": 0.0, "vector": "NONE"}}], "kaspersky": [{"lastseen": "2023-05-27T14:57:59", "description": "### *Detect date*:\n08/10/2021\n\n### *Severity*:\nCritical\n\n### *Description*:\nMultiple vulnerabilities were found in Microsoft Windows. Malicious users can exploit these vulnerabilities to execute arbitrary code, gain privileges, spoof user interface, cause denial of service, obtain sensitive information.\n\n### *Exploitation*:\nMalware exists for this vulnerability. Usually such malware is classified as Exploit. [More details](<https://threats.kaspersky.com/en/class/Exploit/>).\n\n### *Affected products*:\nWindows 10 Version 1607 for 32-bit Systems \nWindows 10 Version 20H2 for x64-based Systems \nWindows 10 Version 1909 for ARM64-based Systems \nWindows Server 2008 R2 for x64-based Systems Service Pack 1 \nWindows Server 2008 for 32-bit Systems Service Pack 2 \nWindows 8.1 for 32-bit systems \nWindows Server 2019 (Server Core installation) \nWindows 10 Version 1809 for 32-bit Systems \nWindows Server 2016 (Server Core installation) \nWindows 10 for x64-based Systems \nWindows Server 2012 (Server Core installation) \nWindows 7 for 32-bit Systems Service Pack 1 \nWindows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) \nWindows 10 Version 2004 for ARM64-based Systems \nWindows 10 Version 1909 for 32-bit Systems \nWindows Server 2019 \nWindows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) \nWindows 10 Version 1607 for x64-based Systems \nWindows Server 2008 for x64-based Systems Service Pack 2 \nWindows 10 Version 1809 for x64-based Systems \nWindows 10 for 32-bit Systems \nWindows 10 Version 20H2 for 32-bit Systems \nWindows Server, version 20H2 (Server Core Installation) \nWindows 10 Version 2004 for x64-based Systems \nWindows Server 2012 R2 \nWindows 10 Version 21H1 for 32-bit Systems \nWindows Server 2016 \nWindows RT 8.1 \nWindows 10 Version 21H1 for ARM64-based Systems \nWindows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) \nWindows 10 Version 20H2 for ARM64-based Systems \nWindows Server 2012 \nWindows 8.1 for x64-based systems \nRemote Desktop client for Windows Desktop \nWindows 7 for x64-based Systems Service Pack 1 \nWindows 10 Version 1909 for x64-based Systems \nWindows 10 Version 2004 for 32-bit Systems \nWindows 10 Version 1809 for ARM64-based Systems \nWindows 10 Version 21H1 for x64-based Systems \nWindows Server 2012 R2 (Server Core installation) \nWindows Server, version 2004 (Server Core installation)\n\n### *Solution*:\nInstall necessary updates from the KB section, that are listed in your Windows Update (Windows Update usually can be accessed from the Control Panel)\n\n### *Original advisories*:\n[CVE-2021-36948](<https://nvd.nist.gov/vuln/detail/CVE-2021-36948>) \n[CVE-2021-26424](<https://nvd.nist.gov/vuln/detail/CVE-2021-26424>) \n[CVE-2021-26433](<https://nvd.nist.gov/vuln/detail/CVE-2021-26433>) \n[CVE-2021-36945](<https://nvd.nist.gov/vuln/detail/CVE-2021-36945>) \n[CVE-2021-26432](<https://nvd.nist.gov/vuln/detail/CVE-2021-26432>) \n[CVE-2021-36926](<https://nvd.nist.gov/vuln/detail/CVE-2021-36926>) \n[CVE-2021-36942](<https://nvd.nist.gov/vuln/detail/CVE-2021-36942>) \n[CVE-2021-36947](<https://nvd.nist.gov/vuln/detail/CVE-2021-36947>) \n[CVE-2021-34487](<https://nvd.nist.gov/vuln/detail/CVE-2021-34487>) \n[CVE-2021-34530](<https://nvd.nist.gov/vuln/detail/CVE-2021-34530>) \n[CVE-2021-34480](<https://nvd.nist.gov/vuln/detail/CVE-2021-34480>) \n[CVE-2021-34534](<https://nvd.nist.gov/vuln/detail/CVE-2021-34534>) \n[CVE-2021-36927](<https://nvd.nist.gov/vuln/detail/CVE-2021-36927>) \n[CVE-2021-34486](<https://nvd.nist.gov/vuln/detail/CVE-2021-34486>) \n[CVE-2021-36932](<https://nvd.nist.gov/vuln/detail/CVE-2021-36932>) \n[CVE-2021-34533](<https://nvd.nist.gov/vuln/detail/CVE-2021-34533>) \n[CVE-2021-34537](<https://nvd.nist.gov/vuln/detail/CVE-2021-34537>) \n[CVE-2021-36937](<https://nvd.nist.gov/vuln/detail/CVE-2021-36937>) \n[CVE-2021-36936](<https://nvd.nist.gov/vuln/detail/CVE-2021-36936>) \n[CVE-2021-26425](<https://nvd.nist.gov/vuln/detail/CVE-2021-26425>) \n[CVE-2021-34483](<https://nvd.nist.gov/vuln/detail/CVE-2021-34483>) \n[CVE-2021-26431](<https://nvd.nist.gov/vuln/detail/CVE-2021-26431>) \n[CVE-2021-26426](<https://nvd.nist.gov/vuln/detail/CVE-2021-26426>) \n[CVE-2021-34536](<https://nvd.nist.gov/vuln/detail/CVE-2021-34536>) \n[CVE-2021-34484](<https://nvd.nist.gov/vuln/detail/CVE-2021-34484>) \n[CVE-2021-34535](<https://nvd.nist.gov/vuln/detail/CVE-2021-34535>) \n[CVE-2021-36933](<https://nvd.nist.gov/vuln/detail/CVE-2021-36933>) \n[CVE-2021-36938](<https://nvd.nist.gov/vuln/detail/CVE-2021-36938>) \n\n\n### *Impacts*:\nACE \n\n### *Related products*:\n[Microsoft Windows](<https://threats.kaspersky.com/en/product/Microsoft-Windows/>)\n\n### *KB list*:\n[4023814](<http://support.microsoft.com/kb/4023814>) \n[5005036](<http://support.microsoft.com/kb/5005036>) \n[5005031](<http://support.microsoft.com/kb/5005031>) \n[5005033](<http://support.microsoft.com/kb/5005033>) \n[5005030](<http://support.microsoft.com/kb/5005030>) \n[5005106](<http://support.microsoft.com/kb/5005106>) \n[5005040](<http://support.microsoft.com/kb/5005040>) \n[5005099](<http://support.microsoft.com/kb/5005099>) \n[5005043](<http://support.microsoft.com/kb/5005043>) \n[5005076](<http://support.microsoft.com/kb/5005076>) \n[5005094](<http://support.microsoft.com/kb/5005094>) \n[5011535](<http://support.microsoft.com/kb/5011535>) \n[5011564](<http://support.microsoft.com/kb/5011564>) \n[5011560](<http://support.microsoft.com/kb/5011560>) \n[5011527](<http://support.microsoft.com/kb/5011527>)\n\n### *Microsoft official advisories*:", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-08-10T00:00:00", "type": "kaspersky", "title": "KLA12259 Multiple vulnerabilities in Microsoft Windows", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-26424", "CVE-2021-26425", "CVE-2021-26426", "CVE-2021-26431", "CVE-2021-26432", "CVE-2021-26433", "CVE-2021-34480", "CVE-2021-34483", "CVE-2021-34484", "CVE-2021-34486", "CVE-2021-34487", "CVE-2021-34530", "CVE-2021-34533", "CVE-2021-34534", "CVE-2021-34535", "CVE-2021-34536", "CVE-2021-34537", "CVE-2021-36926", "CVE-2021-36927", "CVE-2021-36932", "CVE-2021-36933", "CVE-2021-36936", "CVE-2021-36937", "CVE-2021-36938", "CVE-2021-36942", "CVE-2021-36945", "CVE-2021-36947", "CVE-2021-36948"], "modified": "2022-10-18T00:00:00", "id": "KLA12259", "href": "https://threats.kaspersky.com/en/vulnerability/KLA12259/", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-05-27T14:58:15", "description": "### *Detect date*:\n08/10/2021\n\n### *Severity*:\nCritical\n\n### *Description*:\nMultiple vulnerabilities were found in Microsoft Products (Extended Security Update). Malicious users can exploit these vulnerabilities to execute arbitrary code, gain privileges, spoof user interface, cause denial of service.\n\n### *Exploitation*:\nMalware exists for this vulnerability. Usually such malware is classified as Exploit. [More details](<https://threats.kaspersky.com/en/class/Exploit/>).\n\n### *Affected products*:\nWindows 10 Version 1607 for 32-bit Systems \nWindows 10 Version 20H2 for x64-based Systems \nWindows Server 2008 R2 for x64-based Systems Service Pack 1 \nWindows Server 2008 for 32-bit Systems Service Pack 2 \nWindows 8.1 for 32-bit systems \nWindows Server 2016 (Server Core installation) \nWindows 10 Version 1909 for ARM64-based Systems \nWindows Server 2019 (Server Core installation) \nWindows 10 Version 1809 for 32-bit Systems \nWindows 10 for x64-based Systems \nWindows Server 2012 (Server Core installation) \nWindows 7 for 32-bit Systems Service Pack 1 \nWindows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) \nWindows 10 Version 2004 for ARM64-based Systems \nWindows 10 Version 1909 for 32-bit Systems \nWindows Server 2019 \nWindows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) \nWindows 10 Version 1607 for x64-based Systems \nWindows Server 2008 for x64-based Systems Service Pack 2 \nWindows 10 Version 1809 for x64-based Systems \nWindows 10 for 32-bit Systems \nWindows 10 Version 20H2 for 32-bit Systems \nWindows Server, version 20H2 (Server Core Installation) \nWindows Server 2012 R2 \nWindows 10 Version 2004 for x64-based Systems \nWindows 10 Version 21H1 for 32-bit Systems \nWindows Server 2016 \nWindows RT 8.1 \nWindows 10 Version 21H1 for ARM64-based Systems \nWindows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) \nWindows 10 Version 20H2 for ARM64-based Systems \nWindows Server 2012 \nWindows 8.1 for x64-based systems \nRemote Desktop client for Windows Desktop \nWindows 7 for x64-based Systems Service Pack 1 \nWindows 10 Version 1909 for x64-based Systems \nWindows 10 Version 2004 for 32-bit Systems \nWindows 10 Version 1809 for ARM64-based Systems \nWindows 10 Version 21H1 for x64-based Systems \nWindows Server 2012 R2 (Server Core installation) \nWindows Server, version 2004 (Server Core installation)\n\n### *Solution*:\nInstall necessary updates from the KB section, that are listed in your Windows Update (Windows Update usually can be accessed from the Control Panel)\n\n### *Original advisories*:\n[CVE-2021-34533](<https://nvd.nist.gov/vuln/detail/CVE-2021-34533>) \n[CVE-2021-26424](<https://nvd.nist.gov/vuln/detail/CVE-2021-26424>) \n[CVE-2021-34537](<https://nvd.nist.gov/vuln/detail/CVE-2021-34537>) \n[CVE-2021-26425](<https://nvd.nist.gov/vuln/detail/CVE-2021-26425>) \n[CVE-2021-36936](<https://nvd.nist.gov/vuln/detail/CVE-2021-36936>) \n[CVE-2021-34483](<https://nvd.nist.gov/vuln/detail/CVE-2021-34483>) \n[CVE-2021-36937](<https://nvd.nist.gov/vuln/detail/CVE-2021-36937>) \n[CVE-2021-36942](<https://nvd.nist.gov/vuln/detail/CVE-2021-36942>) \n[CVE-2021-36947](<https://nvd.nist.gov/vuln/detail/CVE-2021-36947>) \n[CVE-2021-34484](<https://nvd.nist.gov/vuln/detail/CVE-2021-34484>) \n[CVE-2021-34535](<https://nvd.nist.gov/vuln/detail/CVE-2021-34535>) \n[CVE-2021-36927](<https://nvd.nist.gov/vuln/detail/CVE-2021-36927>) \n[CVE-2021-34480](<https://nvd.nist.gov/vuln/detail/CVE-2021-34480>) \n\n\n### *Impacts*:\nACE \n\n### *Related products*:\n[Microsoft Windows](<https://threats.kaspersky.com/en/product/Microsoft-Windows/>)\n\n### *KB list*:\n[5005090](<http://support.microsoft.com/kb/5005090>) \n[5005089](<http://support.microsoft.com/kb/5005089>) \n[5005036](<http://support.microsoft.com/kb/5005036>) \n[5005095](<http://support.microsoft.com/kb/5005095>) \n[5005088](<http://support.microsoft.com/kb/5005088>) \n[5011525](<http://support.microsoft.com/kb/5011525>) \n[5011534](<http://support.microsoft.com/kb/5011534>) \n[5011552](<http://support.microsoft.com/kb/5011552>) \n[5011529](<http://support.microsoft.com/kb/5011529>)\n\n### *Microsoft official advisories*:", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-08-10T00:00:00", "type": "kaspersky", "title": "KLA12250 Multiple vulnerabilities in Microsoft Products (ESU)", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-26424", "CVE-2021-26425", "CVE-2021-34480", "CVE-2021-34483", "CVE-2021-34484", "CVE-2021-34533", "CVE-2021-34535", "CVE-2021-34537", "CVE-2021-36927", "CVE-2021-36936", "CVE-2021-36937", "CVE-2021-36942", "CVE-2021-36947"], "modified": "2022-03-09T00:00:00", "id": "KLA12250", "href": "https://threats.kaspersky.com/en/vulnerability/KLA12250/", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "hivepro": [{"lastseen": "2021-08-23T15:19:10", "description": "#### THREAT LEVEL: Red.\n\nFor a detailed advisory, [download the pdf file here.](<https://www.hivepro.com/wp-content/uploads/2021/08/TA202129.pdf>)\n\nMultiple vulnerabilities have been patched by Microsoft in August 2021 Patch Tuesday. Three of them have been labeled as zero-day vulnerabilities (CVE-2021-36936, CVE-2021-36942, and CVE-2021-36948). One of them (CVE-2021-36948) has already been exploited in the wild. The attacker is yet to be identified. Microsoft has classified six vulnerabilities as critical, and patches for all of them are now available.\n\n#### Vulnerability Details\n\n![](https://www.hivepro.com/wp-content/uploads/2021/08/Screenshot-2021-08-11-172434.png) ![](https://www.hivepro.com/wp-content/uploads/2021/08/Screenshot-2021-08-11-172509.png)\n\n#### Patch Links\n\n<https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-36948>\n\n<https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-34530>\n\n<https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-34534>\n\n<https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-36936>\n\n<https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-26432>\n\n<https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-34480>\n\n<https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-34535>\n\n<https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-26424>\n\n<https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-36942>\n\n#### References\n\n<https://www.bleepingcomputer.com/news/microsoft/microsoft-august-2021-patch-tuesday-fixes-3-zero-days-44-flaws/>", "cvss3": {}, "published": "2021-08-11T13:25:48", "type": "hivepro", "title": "Critical Vulnerabilities revealed in Microsoft\u2019s Patch Tuesday", "bulletinFamily": "info", "cvss2": {}, "cvelist": ["CVE-2021-26424", "CVE-2021-26432", "CVE-2021-34480", "CVE-2021-34530", "CVE-2021-34534", "CVE-2021-34535", "CVE-2021-36936", "CVE-2021-36942", "CVE-2021-36948"], "modified": "2021-08-11T13:25:48", "id": "HIVEPRO:1BBAC0CD5F3681EC49D06BE85DC90A92", "href": "https://www.hivepro.com/critical-vulnerabilities-revealed-in-microsofts-patch-tuesday/", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-03-25T14:28:59", "description": "THREAT LEVEL: Amber. For a detailed advisory, download the pdf file here After seven months, a vulnerability that was addressed in August 2021 patch Tuesday remained unpatched. This locally exploited vulnerability is tracked as CVE-2021-34484 and affects the Windows User Profile Service. While Proof-of-concept is been available for some time now, it is not been actively exploited in the wild. This Elevation of Privilege vulnerability was found by renowned researcher Abdelhamid Naceri and reported to Microsoft, which addressed it in their August 2021 release. Naceri noted that Microsoft's fix was incomplete soon after it was issued and presented a proof of concept (POC) that bypassed it on all Windows versions. That is when the 0patch team, published an unofficial security update for all Windows versions and made it available for free download to all registered users. Microsoft then patched this security flaw in their January 2022 release, tracking it as CVE-2022-21919. Naceri, on the other hand, discovered a way around this second patch. However, Microsoft's second attempt to fix the bug altered the "profext.dll" file, resulting in the removal of the unofficial workaround of 0patch from everyone who had installed the January 2022 Windows updates. Organizations could apply the 0patch unofficial patch to patch this vulnerability using the steps given below: 1. Update Windows 10 to the latest March 2022 patch.2. Create a free account in 0patch Central3. Install and register the 0patch Agent4. An automated micro-patching process will initiate to apply this patch. Potential MITRE ATT&CK TTPs are: TA0042: Resource DevelopmentT1588: Obtain CapabilitiesT1588.006: Obtain Capabilities: VulnerabilitiesTA0001: Initial AccessT1190: Exploit Public-Facing ApplicationTA0004: Privilege EscalationT1068: Exploitation for Privilege EscalationTA0005: Defense Evasion T1548: Abuse Elevation Control Mechanism Vulnerability Details References https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-21919 https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-34484 https://www.bleepingcomputer.com/news/microsoft/windows-zero-day-flaw-giving-admin-rights-gets-unofficial-patch-again/ https://blog.0patch.com/2022/03/a-bug-that-doesnt-want-to-die-cve-2021.html", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-03-25T13:56:19", "type": "hivepro", "title": "Microsoft\u2019s privilege escalation vulnerability that refuses to go away", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.4, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 6.9, "vectorString": "AV:L/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-34484", "CVE-2022-21919"], "modified": "2022-03-25T13:56:19", "id": "HIVEPRO:98B56CB60C0C2B248824B5ECAE47E387", "href": "https://www.hivepro.com/microsofts-privilege-escalation-vulnerability-that-refuses-to-go-away/", "cvss": {"score": 6.9, "vector": "AV:L/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-03-30T07:42:21", "description": "For a detailed threat digest, download the pdf file here Published Vulnerabilities Interesting Vulnerabilities Active Threat Groups Targeted Countries Targeted Industries ATT&CK TTPs 340 10 5 53 24 84 The fourth week of March 2022 witnessed the discovery of 340 vulnerabilities out of which 10 gained the attention of Threat Actors and security researchers worldwide. Among these 10, there was 1 which is undergoing reanalysis, and 2 were not present in the NVD at all. Hive Pro Threat Research Team has curated a list of 10 CVEs that require immediate action. Furthermore, we also observed five threat actor groups being highly active in the last week. The Lapsus$, a new extortion threat actor group had attacked popular organizations such as Brazilian Ministry of Health, NVIDIA, Samsung, Vodafone, Ubisoft, Octa, and Microsoft for data theft and destruction, was observed using the Redline info-stealer. Additionally, North Korean state hackers known as Lazarus group, was exploiting the zero-day vulnerability in Google Chrome's web browser (CVE-2022-0609). AvosLocker is a Ransomware as a Service (RaaS) affiliate-based group that has targeted 50+ organizations is currently exploiting Proxy Shell vulnerabilities (CVE-2021-31206, CVE-2021-31207, CVE-2021-34523, CVE-2021-34473, CVE-2021-26855). The threat actor APT35 aka Magic Hound, an Iranian-backed threat group is exploiting the Proxy Shell vulnerabilities to attack organizations across the globe. Another South Korean APT group DarkHotel was targeting the hospitality industry in China. Common TTPs which could potentially be exploited by these threat actors or CVEs can be found in the detailed section below. Detailed Report: Interesting Vulnerabilities: Vendor CVEs Patch Link CVE-2021-34484 CVE-2022-21919 https://central.0patch.com/auth/login CVE-2022-0609* CVE-2022-1096* https://www.google.com/intl/en/chrome/?standalone=1 CVE-2021-31206 CVE-2021-31207 CVE-2021-34523 CVE-2021-34473 CVE-2021-26855 https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-31206 https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-31207 https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-34473 https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-34523 https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-26855 CVE-2022-0543 https://security-tracker.debian.org/tracker/CVE-2022-0543 Active Actors: Icon Name Origin Motive APT 35 (Magic Hound, Cobalt Illusion, Charming Kitten, TEMP.Beanie, Timberworm, Tarh Andishan, TA453, ITG18, Phosphorus, Newscaster) Iran Information theft and espionage AvosLocker Unknown Ecrime, Information theft, and Financial gain Lazarus Group (Labyrinth Chollima, Group 77, Hastati Group, Whois Hacking Team, NewRomanic Cyber Army Team, Zinc, Hidden Cobra, Appleworm, APT-C-26, ATK 3, SectorA01, ITG03) North Korea Information theft and espionage, Sabotage and destruction, Financial crime Lapsus$ (DEV-0537) Unknown Data theft and Destruction DarkHotel (APT-C-06, SIG25, Dubnium, Fallout Team, Shadow Crane, CTG-1948, Tungsten Bridge, ATK 52, Higaisa, TAPT-02, Luder) South Korea Information theft and espionage Targeted Location: Targeted Sectors: Common TTPs: TA0042: Resource Development TA0001: Initial Access TA0002: Execution TA0003: Persistence TA0004: Privilege Escalation TA0005: Defense Evasion TA0006: Credential Access TA0007: Discovery TA0008: Lateral Movement TA0009: Collection TA0011: Command and Control TA0010: Exfiltration TA0040: Impact T1583: Acquire Infrastructure T1189: Drive-by Compromise T1059: Command and Scripting Interpreter T1098: Account Manipulation T1548: Abuse Elevation Control Mechanism T1548: Abuse Elevation Control Mechanism T1110: Brute Force T1010: Application Window Discovery T1021: Remote Services T1560: Archive Collected Data T1071: Application Layer Protocol T1048: Exfiltration Over Alternative Protocol T1485: Data Destruction T1583.001: Domains T1190: Exploit Public-Facing Application T1059.001: PowerShell T1547: Boot or Logon Autostart Execution T1134: Access Token Manipulation T1134: Access Token Manipulation T1110.003: Password Spraying T1083: File and Directory Discovery T1021.001: Remote Desktop Protocol T1560.003: Archive via Custom Method T1071.001: Web Protocols T1048.003: Exfiltration Over Unencrypted/Obfuscated Non-C2 Protocol T1486: Data Encrypted for Impact T1583.006: Web Services T1133: External Remote Services T1059.005: Visual Basic T1547.006: Kernel Modules and Extensions T1134.002: Create Process with Token T1134.002: Create Process with Token T1056: Input Capture T1120: Peripheral Device Discovery T1021.002: SMB/Windows Admin Shares T1560.002: Archive via Library T1132: Data Encoding T1041: Exfiltration Over C2 Channel T1491: Defacement T1587: Develop Capabilities T1566: Phishing T1059.004: Unix Shell T1547.001: Registry Run Keys / Startup Folder T1547: Boot or Logon Autostart Execution T1564: Hide Artifacts T1056.004: Credential API Hooking T1057: Process Discovery T1021.004: SSH T1213: Data from Information Repositories T1132.001: Standard Encoding T1537: Transfer Data to Cloud Account T1491.001: Internal Defacement T1587.001: Malware T1566.001: Spearphishing Attachment T1059.003: Windows Command Shell T1547.009: Shortcut Modification T1547.006: Kernel Modules and Extensions T1564.001: Hidden Files and Directories T1056.001: Keylogging T1012: Query Registry T1005: Data from Local System T1001: Data Obfuscation T1561: Disk Wipe T1588: Obtain Capabilities T1199: Trusted Relationship T1203: Exploitation for Client Execution T1543: Create or Modify System Process T1547.001: Registry Run Keys / Startup Folder T1562: Impair Defenses T1003: OS Credential Dumping T1082: System Information Discovery T1074: Data Staged T1001.003: Protocol Impersonation T1561.001: Disk Content Wipe T1588.004: Digital Certificates T1078: Valid Accounts T1106: Native API T1543.003: Windows Service T1547.009: Shortcut Modification T1562.004: Disable or Modify System Firewall T1111: Two-Factor Authentication Interception T1016: System Network Configuration Discovery T1074.001: Local Data Staging T1573: Encrypted Channel T1561.002: Disk Structure Wipe T1588.006: Vulnerabilities T1053: Scheduled Task/Job T1133: External Remote Services T1543: Create or Modify System Process T1562.001: Disable or Modify Tools T1552: Unsecured Credentials T1033: System Owner/User Discovery T1056: Input Capture T1573.001: Symmetric Cryptography T1490: Inhibit System Recovery T1204: User Execution T1137: Office Application Startup T1543.003: Windows Service T1070: Indicator Removal on Host T1124: System Time Discovery T1056.004: Credential API Hooking T1008: Fallback Channels T1489: Service Stop T1204.002: Malicious File T1542: Pre-OS Boot T1068: Exploitation for Privilege Escalation T1070.004: File Deletion T1056.001: Keylogging T1105: Ingress Tool Transfer T1529: System Shutdown/Reboot T1047: Windows Management Instrumentation T1542.003: Bootkit T1055: Process Injection T1070.006: Timestomp T1571: Non-Standard Port T1053: Scheduled Task/Job T1055.001: Dynamic-link Library Injection T1036: Masquerading T1090: Proxy T1505: Server Software Component T1053: Scheduled Task/Job T1036.005: Match Legitimate Name or Location T1090.002: External Proxy T1505.003: Web Shell T1078: Valid Accounts T1027: Obfuscated Files or Information T1078: Valid Accounts T1027.006: HTML Smuggling T1027.002: Software Packing T1542: Pre-OS Boot T1542.003: Bootkit T1055: Process Injection T1055.001: Dynamic-link Library Injection T1218: Signed Binary Proxy Execution T1218.001: Compiled HTML File T1078: Valid Accounts T1497: Virtualization/Sandbox Evasion Threat Advisories: Microsoft\u2019s privilege escalation vulnerability that refuses to go away Google Chrome\u2019s second zero-day in 2022 Magic Hound Exploiting Old Microsoft Exchange ProxyShell Vulnerabilities AvosLocker Ransomware group has targeted 50+ Organizations Worldwide North Korean state-sponsored threat actor Lazarus Group exploiting Chrome Zero-day vulnerability LAPSUS$ \u2013 New extortion group involved in the breach against Nvidia, Microsoft, Okta and Samsung DarkHotel APT group targeting the Hospitality Industry in China New Threat Actor using Serpent Backdoor attacking French Entities Muhstik botnet adds another vulnerability exploit to its arsenal", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 10.0, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 6.0}, "published": "2022-03-29T13:56:10", "type": "hivepro", "title": "Weekly Threat Digest: 21 \u2013 27 March 2022", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-26855", "CVE-2021-31206", "CVE-2021-31207", "CVE-2021-34473", "CVE-2021-34484", "CVE-2021-34523", "CVE-2022-0543", "CVE-2022-0609", "CVE-2022-1096", "CVE-2022-21919"], "modified": "2022-03-29T13:56:10", "id": "HIVEPRO:E7F36EC1E4DCF018F94ECD22747B7093", "href": "https://www.hivepro.com/weekly-threat-digest-21-27-march-2022/", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "avleonov": [{"lastseen": "2021-11-26T18:43:30", "description": "Hello everyone! Yet another news episode.\n\n## Microsoft's August Patch Tuesday\n\nLet's start with Microsoft's August Patch Tuesday. I think the most interesting thing is that it contains a fix for the PetitPotam vulnerability. I talked about this vulnerability two weeks ago. At the time, Microsoft had no plans to release a patch because PetitPotam was a "classic NTLM Relay Attack". But the patch was actually released as part of August Patch Tuesday.\n\nA [quote from Rapid7](<https://www.rapid7.com/blog/post/2021/08/03/petitpotam-novel-attack-chain-can-fully-compromise-windows-domains-running-ad-cs/>): _"Tracked as CVE-2021-36942, the August 2021 Patch Tuesday security update blocks the affected API calls OpenEncryptedFileRawA and OpenEncryptedFileRawW through the LSARPC interface"_. \n\nThere are no formal signs that this vulnerability is critical other than comments from the vendors. My Vulristics tool has flagged this "Windows LSA Spoofing" as a Medium level Vulnerability. But this fix seems to be the most important thing in this Patch Tuesday. So install this patch first.\n\nSpeaking of other vulnerabilities. There was nothing critical. No vulnerabilities with public exploits. Only one vulnerability that has been exploited in the wild, CVE-2021-36948 \u2013 Windows Update Medic Service Elevation of Privilege. But this is EoP and there are no public exploits yet, so I think you can patch it as planned without hurry.\n\nSeveral potentially dangerous RCEs:\n\n * Windows Print Spooler (CVE-2021-36936, CVE-2021-36947). They look similar to PrintNightmare, but there are no details yet.\n * Windows TCP/IP (CVE-2021-26424) and Remote Desktop Client (CVE-2021-34535). Such vulnerabilities rarely get public exploits.\n * NFS ONCRPC XDR Driver (CVE-2021-26432). Nothing is clear at all.\n\nIn general, it looks like a ptetty calm Patch Tuesday. If you're interested, a link to the Vulristics report: In general, it looks like a ptetty calm Patch Tuesday. If you're interested, a link to the Vulristics report: [ms_patch_tuesday_august2021](<https://avleonov.com/vulristics_reports/ms_patch_tuesday_august2021_report_avleonov_comments.html>)\n\n## Phishers started using reCAPTCHA\n\nFunny news that I really liked. [Phishers started using reCAPTCHA](<https://threatpost.com/cyberattackers-captchas-phishing-malware/168684/>) to bypass the automatic detection of phishing sites. The script only sees the safe page with a CAPTCHA and can't solve it. But a real person just solves it without thinking, because people used to seeing and solving such CAPTCHAs, and see the complete phishing site. It's very simple and ingenious! \n\n## Scan one IP and go to the prison\n\nAnd the last will be [a local news from Russia](<https://www.rbc.ru/technology_and_media/17/08/2021/611a95059a7947e9bf954a8f>). But the case is interesting. One guy worked in the tech support of some internet provider. And he decided to scan the network of this provider, detect misconfigured routers of the clients and inform them about the found vulnerabilities. His boss knew about it. Unfortunatelly, these clients included some government scientific research-to-production facility with a mail server available on the scanned IP. This facility is a \u201ccritical infrastructure\u201d object and the actions of a support technician are classified as an attack on critical infrastructure. He can spend up to 7 years in prison. Why he personally and not his employer? That guy worked remotelly from home and scanned from his personal IP address.\n\nA pretty crazy story, but it shows the cirumstances of "penetration testing" or "bughunting" without getting all necessery formal permissions. It also shows how, in theory, a person could be easily framed as an attacker if that person's personal device is compromised. Also, I don't think port scanning or banner grabbing is actually an attack, IMHO this is normal network activity. And I don't think that checking the default passwords is always an attack, but it is a topic for discussion. In fact it doesn't matter what I or we think, it's only law enforcement practice that matters, and that practice can be pretty harsh. So keep that in mind and don't scan the unknown hosts that don't belong to you unless you want sudden problems.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 5.9}, "published": "2021-08-19T21:38:46", "type": "avleonov", "title": "Security News: Microsoft Patch Tuesday August 2021, Phishers Started Using reCAPTCHA, Scan 1 IP and Go to Jail", "bulletinFamily": "blog", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-26424", "CVE-2021-26432", "CVE-2021-34535", "CVE-2021-36936", "CVE-2021-36942", "CVE-2021-36947", "CVE-2021-36948"], "modified": "2021-08-19T21:38:46", "id": "AVLEONOV:3530747E605445686B7211B2B0853579", "href": "https://avleonov.com/2021/08/20/security-news-microsoft-patch-tuesday-august-2021-phishers-started-using-recaptcha-scan-1-ip-and-go-to-jail/", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-04-23T12:23:39", "description": "Hello everyone! This episode will be about Microsoft Patch Tuesday for April 2022 and new improvements in my [Vulristics](<https://github.com/leonov-av/vulristics>) project. I decided to add more comment sources. Because it's not just Tenable, Qualys, Rapid7 and ZDI make Microsoft Patch Tuesday reviews, but also other security companies and bloggers. \n\nAlternative video link (for Russia): <https://vk.com/video-149273431_456239085>\n\nYou can see them in my automated security news telegram channel [avleonovnews](<https://t.me/avleonovnews>) after every second Tuesday of the month. So, now you can add any links with CVE comments to Vulristics.\n\nFor April Patch Tuesday I will add these sources:\n\n * [Kaspersky](<https://www.kaspersky.com/blog/microsoft-patches-128-vulnerabilities/44099/>)\n * [KrebsOnSecurity](<https://krebsonsecurity.com/2022/04/microsoft-patch-tuesday-april-2022-edition/>)\n * [ComputerWeekly](<https://www.computerweekly.com/news/252515909/Microsoft-patches-two-zero-days-10-critical-bugs>)\n * [TheHackersNews](<https://thehackernews.com/2022/04/microsoft-issues-patches-for-2-windows.html>)\n * [Threatpost](<https://threatpost.com/microsoft-zero-days-wormable-bugs/179273/>)\n\nLet's see if they highlight different sets of vulnerabilities.\n \n \n $ cat comments_links.txt\n Qualys|April 2022 Patch Tuesday: Microsoft Releases 145 Vulnerabilities with 10 Critical; Adobe Releases 4 Advisories, 78 Vulnerabilities with 51 Critical.|https://blog.qualys.com/vulnerabilities-threat-research/2022/04/12/april-2022-patch-tuesday\n ZDI|THE APRIL 2022 SECURITY UPDATE REVIEW|https://www.zerodayinitiative.com/blog/2022/4/11/the-april-2022-security-update-review\n Kaspersky|A bunch of vulnerabilities in Windows, one already exploited|https://www.kaspersky.com/blog/microsoft-patches-128-vulnerabilities/44099/\n KrebsOnSecurity|Microsoft Patch Tuesday, April 2022 Edition|https://krebsonsecurity.com/2022/04/microsoft-patch-tuesday-april-2022-edition/\n ComputerWeekly|Microsoft patches two zero-days, 10 critical bugs|https://www.computerweekly.com/news/252515909/Microsoft-patches-two-zero-days-10-critical-bugs\n TheHackersNews|Microsoft Issues Patches for 2 Windows Zero-Days and 126 Other Vulnerabilities|https://thehackernews.com/2022/04/microsoft-issues-patches-for-2-windows.html\n Threatpost|Microsoft Zero-Days, Wormable Bugs Spark Concern|https://threatpost.com/microsoft-zero-days-wormable-bugs/179273/\n\nI have also added links to [Qualys](<https://blog.qualys.com/vulnerabilities-threat-research/2022/04/12/april-2022-patch-tuesday>) and [ZDI](<https://www.zerodayinitiative.com/blog/2022/4/11/the-april-2022-security-update-review>) blogposts. Qualys didn't fix their blog search (apparently no one uses it). ZDI don't have a blog search, and duckduckgo stopped indexing them properly. \n\nIn addition, Tenable closed access to their [tenable.com](<http://tenable.com>). This is rather ironic considering that [Russian Tenable Security Day](<https://tenable-day.tiger-optics.ru/>) took place on February 10, 2022, just two months ago. [I participated in it](<https://www.youtube.com/watch?v=V5T3ftcFwdY>). It was a formal event with [Tenable's EMEA CTO and Regional Manager](<https://t.me/avleonovcom/961>). And now we are not talking about any support, updates and licenses for Russian companies and individuals, but even about access to the Tenable website. This is how the situation can change rapidly, if you trust Western vendors. Try not to do this.\n\nBut in any case, you can still use the Tenable blog as a source of comments about Patch Tuesday vulnerabilities. I have added socks proxy support to Vulristics.\n \n \n vulners_key = \"SFKJKEWRID2JFIJ...AAK3DHKSJD\"\n proxies = {\n 'http': \"socks5://<host>:<port>\",\n 'https': \"socks5://<host>:<port>\"\n }\n\nI run the command like this:\n \n \n $ python3.8 vulristics.py --report-type \"ms_patch_tuesday_extended\" --mspt-year 2022 --mspt-month \"April\" --mspt-comments-links-path \"comments_links.txt\" --rewrite-flag \"True\"\n\nJust like last month, I'm taking into account not only the vulnerabilities published on April 11 (117 CVEs), but also all the vulnerabilities since last Patch Tuesday (40 CVEs). There are a total of 157 CVEs in the report.\n \n \n MS PT Year: 2022\n MS PT Month: April\n MS PT Date: 2022-04-12\n MS PT CVEs found: 117\n Ext MS PT Date from: 2022-03-09\n Ext MS PT Date to: 2022-04-11\n Ext MS PT CVEs found: 40\n ALL MS PT CVEs: 157\n\n * Critical: 5\n * High: 51\n * Medium: 91\n * Low: 10\n\nLet's start with the critical ones:\n\n * **Elevation of Privilege** - Windows Common Log File System Driver ([CVE-2022-24521](<https://vulners.com/cve/CVE-2022-24521>)). Exploitation in the wild is mentioned in AttackerKB and Microsoft. Public exploit is mentioned by Microsoft in CVSS Temporal Score (Functional Exploit). Since this vulnerability only allows a privilege escalation, it is likely paired with a separate code execution bug. This vulnerability was reported by the US National Security Agency.\n * **Remote Code Execution** - Remote Procedure Call Runtime ([CVE-2022-26809](<https://vulners.com/cve/CVE-2022-26809>)). An unauthenticated, remote attacker could exploit this vulnerability by sending \u201ca specially crafted RPC call to an RPC host.\u201d The vulnerability could allow a remote attacker to execute code at high privileges on an affected system. Since no user interaction is required, these factors combine to make this wormable, at least between machine where RPC can be reached. A proof of concept of this vulnerability [is available on giithub](<https://github.com/XmasSnow1/cve-2022-26809>). Other RCEs in RPC ([CVE-2022-24492](<https://vulners.com/cve/CVE-2022-24492>), [CVE-2022-24528](<https://vulners.com/cve/CVE-2022-24528>)) were also classified as Critical, but this is due to misattribution of exploits. The only exploitable is [CVE-2022-26809](<https://vulners.com/githubexploit/706a6eeb-1d07-53eb-8455-f7809863dadc>). \n * ****Remote Code Execution**** - Microsoft Edge ([CVE-2022-1096](<https://vulners.com/cve/CVE-2022-1096>)). In Vulristics report it was detected as **Unknown Vulnerability Type** because it's impossible to detect vulnerability type by description. "This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information. Google is aware that an exploit for CVE-2022-1096 exists in the wild." In fact it is a well-known 0day RCE in Chrome, that affected all other Chromium-based browsers. Exploitation in the wild is mentioned in AttackerKB. The Vulristics report states that "Public exploit is found at Vulners". However, it's just a "Powershell script that dumps Chrome and Edge version to a text file in order to determine if you need to update due to CVE-2022-1096". Yes, it is difficult to determine what exactly was uploaded on github.\n\nNow let's see the most interesting vulnerabilities with the High level.\n\n * **Elevation of Privilege** - Windows User Profile Service ([CVE-2022-26904](<https://vulners.com/cve/CVE-2022-26904>)). This vulnerability supposed to have been fixed in the August 2021 update, when it was tracked as CVE-2021-34484. However, the researcher who discovered it later discovered a bypass, and then when that was fixed again in January, he went and bypassed it a second time. Not only is PoC out there for it, there\u2019s a [Metasploit module](<https://vulners.com/metasploit/msf:exploit/windows/local/cve_2022_26904_superprofile/>) as well. This privilege escalation vulnerability allows an attacker to gain code execution at SYSTEM level on affected systems. The vulnerability relies on winning a race condition, which can be tricky to reliably achieve.\n * **Information Disclosure** - Windows Kernel ([CVE-2022-24483](<https://vulners.com/cve/CVE-2022-24483>)). Little is known about this vulnerability and no one has highlighted this vulnerability, but there is a [PoC for it on github](<https://github.com/waleedassar/CVE-2022-24483>).\n * **Remote Code Execution** - Windows DNS Server ([CVE-2022-26812](<https://vulners.com/cve/CVE-2022-26812>), [CVE-2022-26814](<https://vulners.com/cve/CVE-2022-26814>), [CVE-2022-26829](<https://vulners.com/cve/CVE-2022-26829>)). Also, no one highlighted this vulnerability. Public exploit is mentioned by Microsoft in CVSS Temporal Score (Proof-of-Concept Exploit). There were 18(!) DNS Server bugs receiving patches this month.\n\nFor the remaining vulnerabilities, there is neither a sign of exploitation in the wild, nor a sign of a public exploit. Let's see the most interesting ones.\n\n * **Remote Code Execution** - Windows SMB ([CVE-2022-24500](<https://vulners.com/cve/CVE-2022-24500>)). This vulnerability requires that a user with an affected version of Windows access a malicious server. An attacker would have to host a specially crafted server share or website. Exploitability Assessment: Exploitation Less Likely. **Remote Code Execution** - Windows Kernel ([CVE-2022-24541](<https://vulners.com/cve/CVE-2022-24541>)) is actually a similar SMB vulnerability as well.\n * **Remote Code Execution** - Windows Network File System ([CVE-2022-24491](<https://vulners.com/cve/CVE-2022-24491>), [CVE-2022-24497](<https://vulners.com/cve/CVE-2022-24497>)). An attacker could send a specially crafted NFS protocol network message to a vulnerable Windows machine, which could enable remote code execution. NOTE: This vulnerability is only exploitable for systems that have the NFS role enabled. Exploitability Assessment: Exploitation More Likely.\n\nAs you can see, additional sources of comments actually repeat everything that ZDI, Qualys, Rapid7 and Tenable highlight, but sometimes they add interesting details about vulnerabilities.\n\nThe full report is available: [ms_patch_tuesday_april2022_report](<https://avleonov.com/vulristics_reports/ms_patch_tuesday_april2022_report_with_comments_ext_img.html>)", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-04-23T09:22:32", "type": "avleonov", "title": "Microsoft Patch Tuesday April 2022 and custom CVE comments sources in Vulristics", "bulletinFamily": "blog", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-34484", "CVE-2022-1096", "CVE-2022-24483", "CVE-2022-24491", "CVE-2022-24492", "CVE-2022-24497", "CVE-2022-24500", "CVE-2022-24521", "CVE-2022-24528", "CVE-2022-24541", "CVE-2022-26809", "CVE-2022-26812", "CVE-2022-26814", "CVE-2022-26829", "CVE-2022-26904"], "modified": "2022-04-23T09:22:32", "id": "AVLEONOV:535BC5E36A5D2C8F60753A2CD4676692", "href": "https://avleonov.com/2022/04/23/microsoft-patch-tuesday-april-2022-and-custom-cve-comments-sources-in-vulristics/", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "threatpost": [{"lastseen": "2021-08-11T19:56:07", "description": "Microsoft has patched 51 security vulnerabilities in its scheduled August Patch Tuesday update, including seven critical bugs, two issues that were publicly disclosed but unpatched until now, and one that\u2019s listed as a zero-day that has been exploited in the wild.\n\nOf note, there are 17 elevation-of-privilege (EoP) vulnerabilities, 13 remote code-execution (RCE) issues, eight information-disclosure flaws and two denial-of-service (DoS) bugs.\n\nThe update also includes patches for three more Print Spooler bugs, familiar from the PrintNightmare saga.\n\n[![Infosec Insiders Newsletter](https://media.threatpost.com/wp-content/uploads/sites/103/2021/07/10165815/infosec_insiders_in_article_promo.png)](<https://threatpost.com/infosec-insider-subscription-page/>)\n\n\u201cFortunately, it was a lighter month than usual,\u201d said Eric Feldman, senior product marketing manager at Automox, in a [Patch Tuesday analysis](<https://blog.automox.com/automox-experts-weigh-in-august-patch-tuesday-2021>) from the vendor. \u201cThis represents a 56 percent reduction in overall vulnerabilities from July, and 33 percent fewer vulnerabilities on average for each month so far this year. We have also seen a similar reduction in critical vulnerabilities this month, with 30 percent less compared to the monthly average.\u201d\n\n## **Windows Critical Security Vulnerabilities**\n\nThe seven critical bugs [addressed in August](<https://msrc.microsoft.com/update-guide/>) are as follows:\n\n * CVE-2021-26424 \u2013 Windows TCP/IP RCE Vulnerability\n * CVE-2021-26432 \u2013 Windows Services for NFS ONCRPC XDR Driver RCE Vulnerability\n * CVE-2021-34480 \u2013 Scripting Engine Memory Corruption Vulnerability\n * CVE-2021-34530 \u2013 Windows Graphics Component RCE Vulnerability\n * CVE-2021-34534 \u2013 Windows MSHTML Platform RCE Vulnerability\n * CVE-2021-34535 \u2013 Remote Desktop Client RCE Vulnerability\n * CVE-2021-36936 \u2013 Windows Print Spooler RCE Vulnerability\n\nThe bug tracked as **CVE-2021-26424** exists in the TCP/IP protocol stack identified in Windows 7 and newer Microsoft operating systems, including servers.\n\n\u201cDespite its CVSS rating of 9.9, this may prove to be a trivial bug, but it\u2019s still fascinating,\u201d said Dustin Childs of Trend Micro\u2019s Zero Day Initiative (ZDI) in his [Tuesday analysis](<https://www.zerodayinitiative.com/blog/2021/8/10/the-august-2021-security-update-review>). \u201cAn attacker on a guest Hyper-V OS could execute code on the host Hyper-V server by sending a specially crafted IPv6 ping. This keeps it out of the wormable category. Still, a successful attack would allow the guest OS to completely take over the Hyper-V host. While not wormable, it\u2019s still cool to see new bugs in new scenarios being found in protocols that have been around for years.\u201d\n\nThe next bug, **CVE-2021-26432** in Windows Services, is more likely to be exploited given its low complexity status, according to Microsoft\u2019s advisory; it doesn\u2019t require privileges or user interaction to exploit, but Microsoft offered no further details.\n\n\u201cThis may fall into the \u2018wormable\u2019 category, at least between servers with NFS installed, especially since the open network computing remote procedure call (ONCRPC) consists of an External Data Representation (XDR) runtime built on the Winsock Kernel (WSK) interface,\u201d Childs said. \u201cThat certainly sounds like elevated code on a listening network service. Don\u2019t ignore this patch.\u201d\n\nAleks Haugom, product marketing manager at Automox, added, \u201cExploitation results in total loss of confidentiality across all devices managed by the same security authority. Furthermore, attackers can utilize it for denial-of-service attacks or to maliciously modify files. So far, no further details have been divulged by Microsoft or the security researcher (Liubenjin from Codesafe Team of Legendsec at Qi\u2019anxin Group) that discovered this vulnerability. Given the broad potential impact, its label \u2018Exploitation More Likely\u2019 and apparent secrecy, patching should be completed ASAP.\u201d\n\nMeanwhile, the memory-corruption bug (**CVE-2021-34480**) arises from how the scripting engine handles objects in memory, and it also allows RCE. Using a web-based attack or a malicious file, such as a malicious landing page or phishing email, attackers can use this vulnerability to take control of an affected system, install programs, view or change data, or create new user accounts with full user rights.\n\n\u201cCVE-2021-34480 should also be a priority,\u201d Kevin Breen, director of cyber-threat research at Immersive Labs, told Threatpost. \u201cIt is a low score in terms of CVSS, coming in at 6.8, but has been marked by Microsoft as \u2018Exploitation More Likely\u2019 because it is the type of attack commonly used to increase the success rate of spear phishing attacks to gain network access. Simple, but effective.\u201d\n\nThe Windows Graphic Component bug (**CVE-2021-34530**) allows attackers to remotely execute malicious code in the context of the current user, according to Microsoft \u2013 if they can social-engineer a target into opening a specially crafted file.\n\nAnother bug exists in the Windows MSHTML platform, also known as Trident (**CVE-2021-34534**). Trident is the rendering engine (mshtml.dll) used by Internet Explorer. The bug affects many Windows 10 versions (1607, 1809,1909, 2004, 20H2, 21H1) as well as Windows Server 2016 and 2019.\n\nBut while it potentially affects a large number of users, exploitation is not trivial.\n\n\u201cTo exploit, a threat actor would need to pull off a highly complex attack with user interaction \u2013 still entirely possible with the sophisticated attackers of today,\u201d said Peter Pflaster, technical product marketing manager at Automox.\n\nThe bug tracked as **CVE-2021-34535** impacts the Microsoft Remote Desktop Client, Microsoft\u2019s nearly ubiquitous utility for connecting to remote PCs.\n\n\u201cWith today\u2019s highly dispersed workforce, CVE-2021-34535, an RCE vulnerability in Remote Desktop Clients, should be a priority patch,\u201d said Breen. \u201cAttackers increasingly use RDP access as the tip of the spear to gain network access, often combining it with privilege escalation to move laterally. These can be powerful as, depending on the method, it may allow the attacker to authenticate in the network in the same way a user would, making detection difficult.\u201d\n\nIt\u2019s not as dangerous of a bug [as BlueKeep,](<https://threatpost.com/one-million-devices-open-to-wormable-microsoft-bluekeep-flaw/145113/>) according to Childs, which also affected RDP.\n\n\u201cBefore you start having flashbacks to BlueKeep, this bug affects the RDP client and not the RDP server,\u201d he said. \u201cHowever, the CVSS 9.9 bug is nothing to ignore. An attacker can take over a system if they can convince an affected RDP client to connect to an RDP server they control. On Hyper-V servers, a malicious program running in a guest VM could trigger guest-to-host RCE by exploiting this vulnerability in the Hyper-V Viewer. This is the more likely scenario and the reason you should test and deploy this patch quickly.\u201d\n\n## **Windows Print Spooler Bugs \u2013 Again**\n\nThe final critical bug is **CVE-2021-36936**, a Windows Print Spooler RCE bug that\u2019s listed as publicly known.\n\nPrint Spooler made headlines last month, when Microsoft patched what it thought was a minor elevation-of-privilege vulnerability in the service (CVE-2021-1675). But the listing was updated later in the week, after researchers from Tencent and NSFOCUS TIANJI Lab figured out it could be used for RCE \u2013 [requiring a new patch](<https://threatpost.com/microsoft-emergency-patch-printnightmare/167578/>).\n\nIt also disclosed a second bug, similar to PrintNightmare (CVE-2021-34527); and a third, [an EoP issue](<https://threatpost.com/microsoft-unpatched-bug-windows-print-spooler/167855/>) ([CVE-2021-34481](<https://support.microsoft.com/en-us/topic/kb5005652-manage-new-point-and-print-default-driver-installation-behavior-cve-2021-34481-873642bf-2634-49c5-a23b-6d8e9a302872>)).\n\n\u201cAnother month, another remote code-execution bug in the Print Spooler,\u201d said ZDI\u2019s Childs. \u201cThis bug is listed as publicly known, but it\u2019s not clear if this bug is a variant of PrintNightmare or a unique vulnerability all on its own. There are quite a few print-spooler bugs to keep track of. Either way, attackers can use this to execute code on affected systems. Microsoft does state low privileges are required, so that should put this in the non-wormable category, but you should still prioritize testing and deployment of this critical-rated bug.\u201d\n\nThe critical vulnerability is just one of three Print Spooler issues in the August Patch Tuesday release.\n\n\u201cThe specter of the PrintNightmare continues to haunt this patch Tuesday with three more print spooler vulnerabilities, CVE-2021-36947, CVE-2021-36936 and CVE-2021-34481,\u201d said Breen. \u201cAll three are listed as RCE over the network, requiring a low level of access, similar to PrintNightmare. Microsoft has marked these as \u2018Exploitation More Likely\u2019 which, if the previous speed of POC code being published is anything to go by, is certainly true.\u201d\n\n## **RCE Zero-Day in Windows Update Medic Service **\n\nThe actively exploited bug is tracked as **CVE-2021-36948** and is rated as important; it could pave the way for RCE via the Windows Update Medic Service in Windows 10 and Server 2019 and newer operating systems.\n\n\u201cUpdate Medic is a new service that allows users to repair Windows Update components from a damaged state such that the device can continue to receive updates,\u201d Automox\u2019 Jay Goodman explained. \u201cThe exploit is both low complexity and can be exploited without user interaction, making this an easy vulnerability to include in an adversary\u2019s toolbox.\u201d\n\nImmersive\u2019s Breen added, \u201cCVE-2021-36948 is a privilege-escalation vulnerability \u2013 the cornerstone of modern intrusions as they allow attackers the level of access to do things like hide their tracks and create user accounts. In the case of ransomware attacks, they have also been used to ensure maximum damage.\u201d\n\nThough the bug is being reported as being exploited in the wild by Microsoft, activity appears to remain limited or targeted: \u201cWe have seen no evidence of it at Kenna Security at this time,\u201d Jerry Gamblin, director of security research at Kenna Security (now part of Cisco) told Threatpost.\n\n## **Publicly Known Windows LSA Spoofing Bug**\n\nThe second publicly known bug (after the Print Spooler issue covered earlier) is tracked as **CVE-2021-36942**, and it\u2019s an important-rated Windows LSA (Local Security Authority) spoofing vulnerability.\n\n\u201cIt fixes a flaw that could be used to steal NTLM hashes from a domain controller or other vulnerable host,\u201d Immersive\u2019s Breen said. \u201cThese types of attacks are well known for lateral movement and privilege escalation, as has been demonstrated recently by a [new exploit called PetitPotam](<https://threatpost.com/microsoft-petitpotam-poc/168163/>). It is a post-intrusion exploit \u2013 further down the attack chain \u2013 but still a useful tool for attackers.\u201d\n\nChilds offered a bit of context around the bug.\n\n\u201cMicrosoft released this patch to further protect against NTLM relay attacks by issuing this update to block the LSARPC interface,\u201d he said. \u201cThis will impact some systems, notably Windows Server 2008 SP2, that use the EFS API OpenEncryptedFileRawA function. You should apply this to your Domain Controllers first and follow the additional guidance in [ADV210003](<https://msrc.microsoft.com/update-guide/vulnerability/ADV210003>) and [KB5005413](<https://support.microsoft.com/en-us/topic/kb5005413-mitigating-ntlm-relay-attacks-on-active-directory-certificate-services-ad-cs-3612b773-4043-4aa9-b23d-b87910cd3429>). This has been an ongoing issue since 2009, and, likely, this isn\u2019t the last we\u2019ll hear of this persistent issue.\u201d\n\nMicrosoft\u2019s next Patch Tuesday will fall on September 14.\n\n![Threatpost Webinar Series ](https://media.threatpost.com/wp-content/uploads/sites/103/2021/07/27093135/threatpost-webinar-300x51.jpg)Worried about where the next attack is coming from? We\u2019ve got your back. **[REGISTER NOW](<https://threatpost.com/webinars/how-to-think-like-a-threat-actor/?utm_source=ART&utm_medium=ART&utm_campaign=August_Uptycs_Webinar>)** for our upcoming live webinar, How to **Think Like a Threat Actor**, in partnership with Uptycs on Aug. 17 at 11 AM EST and find out precisely where attackers are targeting you and how to get there first. Join host Becky Bracken and Uptycs researchers Amit Malik and Ashwin Vamshi on **[Aug. 17 at 11AM EST for this LIVE discussion](<https://threatpost.com/webinars/how-to-think-like-a-threat-actor/?utm_source=ART&utm_medium=ART&utm_campaign=August_Uptycs_Webinar>)**.\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 8.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.1"}, "impactScore": 5.9}, "published": "2021-08-10T21:17:58", "type": "threatpost", "title": "Actively Exploited Windows Zero-Day Gets a Patch", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-1675", "CVE-2021-26424", "CVE-2021-26432", "CVE-2021-34480", "CVE-2021-34481", "CVE-2021-34527", "CVE-2021-34530", "CVE-2021-34534", "CVE-2021-34535", "CVE-2021-36936", "CVE-2021-36942", "CVE-2021-36947", "CVE-2021-36948"], "modified": "2021-08-10T21:17:58", "id": "THREATPOST:8D4EA8B0593FD44763915E703BC9AB72", "href": "https://threatpost.com/exploited-windows-zero-day-patch/168539/", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-11-15T21:22:00", "description": "A security vulnerability in Intel chips opens the door for encrypted file access and espionage, plus the ability to bypass copyright protection for digital content.\n\nThat\u2019s according to Positive Technologies (PT), which found that the vulnerability (CVE-2021-0146) is a debugging functionality with excessive privileges, which is not protected as it should be.\n\nThe high-severity privilege-escalation issue is rated 7.1 out of 10 on the CVSS vulnerability-severity scale.\n\n[![](https://media.threatpost.com/wp-content/uploads/sites/103/2021/11/10110941/Uptycs-November-Article-Promo-300x300.jpg)](<https://threatpost.com/webinars/multi-cloud-security-and-visibility-an-intro-to-osquery-and-cloudquery/?utm_source=uptycs&utm_medium=email&utm_campaign=event&utm_id=uptycs&utm_term=nov_event&utm_content=IA>)\n\nRegister now for our LIVE event!\n\n\u201c[The] hardware allows activation of test or debug logic at runtime for some Intel processors which may allow an unauthenticated user to potentially enable escalation of privilege via physical access,\u201d according to Intel\u2019s advisory, [issued last week](<https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00528.html>).\n\nIn terms of scope, the vulnerability affects the Pentium, Celeron and Atom processors of the Apollo Lake, Gemini Lake and Gemini Lake Refresh platforms. These chips power laptops, mobile devices, embedded systems, medical devices and a variety of internet of things (IoT) offerings.\n\n\u201cAccording to a study by Mordor Intelligence, Intel ranks fourth in the IoT chip market, while its Intel Atom E3900 series IoT processors, which also contain the CVE-2021-0146 vulnerability, are used by car manufacturers in more than 30 models, including, according to unofficial sources, in Tesla\u2019s Model 3,\u201d PT noted in a writeup shared with Threatpost.\n\nTo address the issue, users should install the [UEFI BIOS](<https://threatpost.com/intel-security-holes-cpus-bluetooth-security/166747/>) updates published by manufacturers of each piece of electronic equipment. The following processor models are affected:\n\n![](https://media.threatpost.com/wp-content/uploads/sites/103/2021/11/15150632/Intel-chip-bug.png)\n\nSource: Intel.\n\n## **CVE-2021-0146 Impact for End Users**\n\nWhen it comes to impact, an exploit would allow cybercriminals to extract a device\u2019s encryption key and gain access to information.\n\n\u201cOne example of a real threat is lost or stolen laptops that contain confidential information in encrypted form,\u201d said Mark Ermolov, a PT researcher who was credited with discovering the bug (along with PT\u2019s Dmitry Sklyarov and independent researcher Maxim Goryachy).\n\nThe vulnerability is also dangerous because it facilitates the extraction of the root encryption key used in Intel\u2019s Platform Trust Technology and Enhanced Privacy ID technologies, which are used to protect digital content from illegal copying, Ermolov added\n\n\u201cFor example, a number of Amazon e-book models use Intel EPID-based protection for digital rights management,\u201d he explained. \u201cUsing this vulnerability, an intruder might extract the root EPID key from a device (e-book), and then, having compromised Intel EPID technology, download electronic materials from providers in file form, copy and distribute them.\u201d\n\nAdditionally, an exploit could allow cyberattackers to conduct targeted attacks across the supply chain, Ermolov noted.\n\n\u201cFor example, an employee of an Intel processor-based device supplier could extract the Intel CSME firmware key and deploy spyware that security software would not detect,\u201d he said.\n\n**_Want to win back control of the flimsy passwords standing between your network and the next cyberattack? Join Darren James, head of internal IT at Specops, and Roger Grimes, data-driven defense evangelist at KnowBe4, to find out how during a free, LIVE Threatpost event, _**[**_\u201cPassword Reset: Claiming Control of Credentials to Stop Attacks,\u201d_**](<https://bit.ly/3bBMX30>) **_on Wed., Nov. 17 at 2 p.m. ET. Sponsored by Specops._**\n\n[**_Register NOW_**](<https://bit.ly/3bBMX30>)_** for the LIVE event!**_\n", "cvss3": {}, "published": "2021-11-15T20:52:27", "type": "threatpost", "title": "High-Severity Intel Processor Bug Exposes Encryption Keys", "bulletinFamily": "info", "cvss2": {}, "cvelist": ["CVE-2021-0146", "CVE-2021-34484"], "modified": "2021-11-15T20:52:27", "id": "THREATPOST:53A062956C31459E2846CD4C959DFD49", "href": "https://threatpost.com/intel-processor-bug-encryption-keys/176355/", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-11-15T21:22:03", "description": "A partially unpatched security bug in Windows that could allow local privilege escalation from a regular user to System remains unaddressed fully by Microsoft \u2013 but an unofficial micropatch from oPatch has hit the scene.\n\nThe bug ([CVE-2021-34484](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-34484>)) was originally disclosed and patched as part of Microsoft\u2019s [August Patch Tuesday updates](<https://threatpost.com/exploited-windows-zero-day-patch/168539/>). At the time, it was categorized as an arbitrary directory-deletion issue that was considered low-priority because an attacker would need to locally log into the targeted computer to exploit it, which, in theory, would allow the adversary to delete file folders anyway.\n\nHowever, the security researcher who discovered it, Abdelhamid Naceri, [soon uncovered](<https://halove23.blogspot.com/2021/10/windows-user-profile-service-0day.html>) that it could also be used for privilege escalation, which is a whole other ball of wax. System-level users have access to resources, databases and servers on other parts of the network.\n\nAbdelhamid also took a look at Microsoft\u2019s original patch, subsequently finding a bypass for it via a simple tweak to the exploit code he had developed, essentially reverting it to zero-day status.\n\n> CVE-2021-34484 bypass as 0day<https://t.co/W0gnYHxJ6B>\n> \n> \u2014 Abdelhamid Naceri (@KLINIX5) [October 22, 2021](<https://twitter.com/KLINIX5/status/1451558296872173577?ref_src=twsrc%5Etfw>)\n\n\u201cThe vulnerability lies in the User Profile Service, specifically in the code responsible for creating a temporary user profile folder in case the user\u2019s original profile folder is damaged or locked for some reason,\u201d explained 0Patch\u2019s Mitja Kolsek in a [Thursday writeup](<https://blog.0patch.com/2021/11/micropatching-incompletely-patched.html>) . \u201cAbdelhamid found that the process (executed as Local System) of copying folders and files from user\u2019s original profile folder to the temporary one can be attacked with symbolic links to create attacker-writable folders in a system location from which a subsequently launched system process would load and execute attacker\u2019s DLL.\u201d\n\n[![](https://media.threatpost.com/wp-content/uploads/sites/103/2021/11/10110941/Uptycs-November-Article-Promo-300x300.jpg)](<https://threatpost.com/webinars/multi-cloud-security-and-visibility-an-intro-to-osquery-and-cloudquery/?utm_source=uptycs&utm_medium=email&utm_campaign=event&utm_id=uptycs&utm_term=nov_event&utm_content=IA>)\n\nRegister now for our LIVE event!\n\nThe exploit is straightforward: An attacker would create a specially crafted symbolic link (essentially, a shortcut link that points to a specific file or folder), then would need to save it in the temporary user profile folder (C:\\Users\\TEMP).\n\nThen, when the User Profile Service copies a folder from user\u2019s original profile folder as described by Kolsek, the symbolic link will force it to create a folder containing a malicious library (DLL) payload somewhere else where the attacker would normally not have permissions to create one.\n\n\u201cMicrosoft, even though believing the vulnerability only allowed for deletion of an arbitrarily \u2018symlinked\u2019 folder, made a conceptually correct fix: it checked whether the destination folder under C:\\Users\\TEMP was a symbolic link, and aborted the operation if so,\u201d explained Kolsek. \u201cThe incompleteness of this fix, as noticed by Abdelhamid, was in the fact that the symbolic link need not be in the upper-most folder (which Microsoft\u2019s fix checked), but in any folder along the destination path.\u201d\n\nThe micropatch fixes this by extending the security check for symbolic links to the entire destination path by calling the \u201cGetFinalPathNameByHandle\u201d function.\n\nIt should be noted that a workable exploit also requires attackers to be able to win a race condition (with unlimited attempts) since the system will be attempting to perform two operations (one malicious, one legitimate) at the same time. Also, even though Abdelhamid said that \u201cit might be possible to [exploit] without knowing someone [else\u2019s] password,\u201d so far, having user credentials for the targeted computer remains an obstacle, Kolsek noted.\n\nThe bug affects Windows 10 (both 32 and 64 bit), versions v21H1, v20H2, v2004 and v1909; and Windows Server 2019 64 bit.\n\nMicrosoft hasn\u2019t released a timeline for updating its official patch and didn\u2019t immediately respond to a request for comment.\n\n**_Want to win back control of the flimsy passwords standing between your network and the next cyberattack? Join Darren James, head of internal IT at Specops, and Roger Grimes, data-driven defense evangelist at KnowBe4, to find out how during a free, LIVE Threatpost event, _**[**_\u201cPassword Reset: Claiming Control of Credentials to Stop Attacks,\u201d_**](<https://bit.ly/3bBMX30>) **_on Wed., Nov. 17 at 2 p.m. ET. Sponsored by Specops._**\n\n[**_Register NOW_**](<https://bit.ly/3bBMX30>)_** for the LIVE event!**_\n", "cvss3": {}, "published": "2021-11-12T19:49:05", "type": "threatpost", "title": "Windows 10 Privilege-Escalation Zero-Day Gets Unofficial Fix", "bulletinFamily": "info", "cvss2": {}, "cvelist": ["CVE-2021-0146", "CVE-2021-34484"], "modified": "2021-11-12T19:49:05", "id": "THREATPOST:84909E392F4171398A52202CCC4E215A", "href": "https://threatpost.com/windows-10-privilege-escalation-zero-day-unofficial-fix/176313/", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-11-15T21:22:33", "description": "Newly surfaced malware that is difficult to detect and written in Google\u2019s open-source programming language has the potential to [exploit millions](<https://threatpost.com/bug-iot-millions-devices-attackers-eavesdrop/168729/>) of routers and [IoT devices](<https://threatpost.com/iot-attacks-doubling/169224/>), researchers have found.\n\nDiscovered by researchers at AT&T AlienLabs, BotenaGo can exploit more than 30 different vulnerabilities to attack a target, Ofer Caspi, a security researcher at Alien Labs, wrote in a [blog post](<https://cybersecurity.att.com/blogs/labs-research/att-alien-labs-finds-new-golang-malwarebotenago-targeting-millions-of-routers-and-iot-devices-with-more-than-30-exploits>) published Thursday.\n\nThe malware, which is written in [Golang](<https://golang.org/>)\u2014a language Google first published in 2007\u2013works by creating a backdoor to the device. It then waits to either receive a target to attack from a remote operator through port 19412 or from another related module running on the same machine, he wrote.\n\n[![](https://media.threatpost.com/wp-content/uploads/sites/103/2021/11/10110941/Uptycs-November-Article-Promo-300x300.jpg)](<https://threatpost.com/webinars/multi-cloud-security-and-visibility-an-intro-to-osquery-and-cloudquery/?utm_source=uptycs&utm_medium=email&utm_campaign=event&utm_id=uptycs&utm_term=nov_event&utm_content=IA>)\n\nRegister now for our LIVE event!\n\nGolang, also known as Go, is aimed at simplifying how software is built by making it easy for developers to compile the same code for different systems. This feature may be the reason why it\u2019s caught on with malware developers in the last few years, since it also makes it easier for attackers to spread malware on multiple operating systems, Caspi wrote.\n\nIndeed, [research from Intezer](<https://www.intezer.com/blog/malware-analysis/year-of-the-gopher-2020-go-malware-round-up/>), which offers a platform for analyzing malware, suggests that there has been a 2,000 percent increase in malware code written in Go being found in the wild, he wrote.\n\nResearchers said at this time they don\u2019t know which threat actor or actors developed BotenaGo, nor the full scale of devices that are vulnerable to the malware. So far, antivirus protections also don\u2019t seem to recognize the malware, sometimes misidentifying it as a [variant of Mirai malware](<https://threatpost.com/mirai-variant-sonicwall-d-link-iot/164811/>), Caspi wrote.\n\n## **Setting Up the Attack**\n\nBotenaGo commences its work with some exploratory moves to see if a device is vulnerable to attack, Caspi wrote. It starts by initializing global infection counters that will be printed to the screen, informing the attacker about total successful infections. The malware then looks for the \u2018dlrs\u2019 folder in which to load shell scripts files. If this folder is missing, BotenaGo stops the infection process.\n\nIn its last step before fully engaging, BotenaGo calls the function \u2018scannerInitExploits\u2019, \u201cwhich initiates the malware attack surface by mapping all offensive functions with its relevant string that represent the targeted system,\u201d Caspi wrote.\n\n[![](https://media.threatpost.com/wp-content/uploads/sites/103/2021/11/12123900/specops_midroll-promo.jpg)](<https://threatpost.com/webinars/password-reset-claiming-control-of-credentials-to-stop-attacks/?utm_source=Specops+&utm_medium=web&utm_campaign=event&utm_id=Specops+&utm_term=nov_event&utm_content=IA>)\n\nRegister now for our LIVE event!\n\nOnce it establishes that a device is vulnerable to attack, BotenaGo proceeds with exploit delivery by first querying the target with a simple \u201cGET\u201d request. It then searches the returned data from the \u201cGET\u201d request with each system signature that was mapped to attack functions.\n\nResearchers detail several possible attacks that can be carried out using this query. In one, the malware maps the string \u201cServer: Boa/0.93.15\u201d to the function \u201cmain_infectFunctionGponFiber,\u201d which attempts to exploit a vulnerable target, Caspi wrote.\n\nThis allows the attacker to execute an OS command via a specific web request using a vulnerability tracked as [CVE-2020-8958](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8958>). A [SHODAN search](<https://www.shodan.io/>) turned up nearly 2 million devices that are vulnerable to this type of attack alone, he wrote.\n\n\u201cIn total, the malware initiates 33 exploit functions that are ready to infect potential victims,\u201d Caspi wrote. A full list of the vulnerabilities that BotenaGo can exploit is included in the post.\n\n## **Backdooring Devices to Execute Commands**\n\nThere are two different ways that the malware can receive commands to target victims, researchers found. One is the create backdoor ports\u201331421 and 19412\u2014that are used in an attack scenario, Caspi wrote.\n\n\u201cOn port 19412 it will listen to receive the victim IP,\u201d he wrote. \u201cOnce a connection with information to that port is received, it will loop through mapped exploit functions and execute them with the given IP.\u201d\n\nThe second way BotenaGo can receive a target command is by setting a listener to system IO (terminal) user input, getting the command to the device that way, Caspi explained.\n\n\u201cFor example, if the malware is running locally on a virtual machine, a command can be sent through telnet,\u201d he wrote.\n\n## **Dangers to Corporate Network**\n\nGiven its ability to exploit devices connected over internet ports, BotenaGo can be potentially dangerous to corporate networks by gaining access through vulnerable devices, said one security professional.\n\n\u201cBad actors, such as those at work here, love to exploit these devices to gain access to the internal networks behind them, or just to use it as a platform from which to launch other attacks,\u201d observed Erich Kron, security awareness advocate at security firm [KnowBe4](<http://www.knowbe4.com/>), in an email to Threatpost.\n\nAttackers that can be launched once a hacker takes over a device and piggybacks on the network it\u2019s using include [DDoS attacks](<https://threatpost.com/ddos-attacks-records-q3/176082/>), which that can lead to extortion of money from victims, he said. Attackers also can host and spread malware using a victim\u2019s internet connection, Kron observed.\n\nGiven the number of vulnerabilities of which it can take advantage, BotenaGo also shows the importance of keeping IoT and routers updated with the latest firmware and patches to avoid leaving them available to exploit, he added.\n\n_**Want to win back control of the flimsy passwords standing between your network and the next cyberattack? Join Darren James, head of internal IT at Specops, and Roger Grimes, data-driven defense evangelist at KnowBe4, to find out how during a free, LIVE Threatpost event, **_[**\u201cPassword Reset: Claiming Control of Credentials to Stop Attacks,\u201d**](<https://bit.ly/3bBMX30>)_** on Wed., Nov. 17 at 2 p.m. ET. Sponsored by Specops.**_\n\n[**Register NOW**](<https://bit.ly/3bBMX30>)_** for the LIVE event and submit questions ahead of time to Threatpost\u2019s Becky Bracken at **_[**becky.bracken@threatpost.com**](<mailto:becky.bracken@threatpost.com>)_**.**_\n", "cvss3": {"exploitabilityScore": 1.2, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 7.2, "privilegesRequired": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 5.9}, "published": "2021-11-12T13:14:44", "type": "threatpost", "title": "Millions of Routers, IoT Devices at Risk from BotenaGo Malware", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.0, "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "acInsufInfo": false, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-8958", "CVE-2021-0146", "CVE-2021-34484"], "modified": "2021-11-12T13:14:44", "id": "THREATPOST:95B32358658F5FEFA1715F69C5D6051D", "href": "https://threatpost.com/routers-iot-open-source-malware/176270/", "cvss": {"score": 9.0, "vector": "AV:N/AC:L/Au:S/C:C/I:C/A:C"}}, {"lastseen": "2022-05-11T11:15:19", "description": "Microsoft has revealed 73 new patches for [May\u2019s monthly update of security fixes](<https://msrc.microsoft.com/update-guide/releaseNote/2022-May>), including a patch for one flaw\u2013a zero-day Windows LSA Spoofing Vulnerability rated as \u201cimportant\u201d\u2014that is currently being exploited with man-in-the-middle attacks.\n\nThe software giant\u2019s monthly update of patches that comes out every second Tuesday of the month\u2013known as Patch Tuesday\u2014also included fixes for seven \u201ccritical\u201d flaws, 65 others rated as \u201cimportant,\u201d and one rated as \u201clow.\u201d\n\n\u201cAlthough this isn\u2019t a large number, this month makes up for it in severity and infrastructure headaches,\u201d observed Chris Hass, director of security at security firm [Automox](<https://www.automox.com/>)_, _in an email to Threatpost. \u201cThe big news is the critical vulnerabilities that need to be highlighted for immediate action.\u201d\n\nOf the seven critical flaws, five allow for remote code execution (RCE) and two give attackers elevation of privilege (EoP). The remainder of the flaws also include a high percentage of RCE and EoP bugs, with the former accounting for 32.9 percent of the flaws patched this month, while the latter accounted for 28.8 percent of fixes, according to [a blog post](<https://www.tenable.com/blog/microsofts-may-2022-patch-tuesday-addresses-73-cves-cve-2022-26925>) by researchers at Tenable.\n\nThe Windows LSA Spoofing Vulnerability, tracked as [CVE-2022-26925](<https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2022-26925>), in and of itself was not rated as critical. However, when chained with a new technology LAN manager (NTLM) relay attack, the combined CVSSv3 score for the attack chain is 9.8, noted Allan Liska, a senior security architect at Recorded Future, in an e-mail to Threatpost.\n\nMoreover, the flaw\u2014which allows an unauthenticated attacker to coerce domain controllers to authenticate to an attacker-controller server using NTLM\u2013is being exploited in the wild as a zero-day, he said. This makes it a priority to patch, Liska added, echoing guidance from Microsoft.\n\n## **Critical Infrastructure Vulnerabilities **\n\nOf the other critical RCE flaws patched by Microsoft, four are worth noting because of their presence in infrastructure that\u2019s fairly ubiquitous in many enterprise and/or cloud environments.\n\nOne is tracked as [CVE-2022-29972](<https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2022-29972>) and is found in Insight Software\u2019s Magnitude Simba Amazon Redshift ODBC Driver, and would need to be patched by a cloud provider\u2014something organizations should follow up on, Liska said.\n\n[CVE-2022-22012](<https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2022-22012>) and [CVE-2022-29130](<https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2022-29130>) are RCE vulnerabilities found in Microsoft\u2019s LDAP service that are rated as critical. However, a caveat by Microsoft in its security bulletin noted that they are only exploitable \u201cif the MaxReceiveBuffer LDAP policy is set to a value higher than the default value.\u201d That means that systems with the default value of this policy would not be vulnerable, the company said.\n\nWhile \u201chaving the MaxReceiveBuffer set to a higher value than the default\u201d seems an \u201cuncommon configuration,\u201d if an organization has this setting, it should prioritize patching these vulnerabilities, Liska observed.\n\nAnother critical RCE, [CVE-2022-26937](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-26937>), is found in the Network File System (NFS) and has broad impact for Windows Server versions 2008 through 2022. However, this vulnerability only affects NFSV2 and NFSV3, and Microsoft has included instructions for disabling these [versions of the NFS in the bulletin](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-26937>).\n\nAt the same time, Microsoft characterized the ease of exploitation of these vulnerabilities as \u201cExploitation More Likely,\u201d as was the case with a similar vulnerability, [CVE-2021-26432](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-26432>), an actively exploited zero day in the TCP/IP protocol stack in Windows server that [was patched](<https://threatpost.com/exploited-windows-zero-day-patch/168539/>) in August 2021.\n\n\u201cGiven the similarities between these vulnerabilities and those of August of 2021, we could all be in store for a rough May,\u201d Liska noted.\n\n## **Another Important Flaw Fixed**\n\nOf the other flaws, another \u201cimportant\u201d one to note is [CVE-2022-22019](<https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2022-22019>), a companion vulnerability to three previously disclosed and patched flaws found in Microsoft\u2019s Remote Procedure Call (RPC) runtime library.\n\nThe vulnerability, discovered by Akamai researcher Ben Barnea, takes advantage of three RPC runtime library flaws that Microsoft had patched in April\u2013[CVE-2022-26809](<https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2022-26809>), [CVE-2022-24492](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-24492>) and [CVE-2022-24528](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-24528>), he revealed in [a blog post Tuesday](<https://www.akamai.com/blog/security/rpc-runtime-patch-tuesday-take-two>). The flaws affected Windows 7, 8, 10 and 11, and Windows Servers 2008, 2012, 2019 and 2022, and could allow a remote, unauthenticated attacker to execute code on the vulnerable machine with the privileges of the RPC service.\n\nAkamai researchers discovered that the previous patch only partially addressed the problem, allowing the new vulnerability to create the same integer overflow that was supposed to be fixed, he explained.\n\n\u201cDuring our research, we found that right before allocating memory for the new coalesced buffer, the code adds another 24 bytes to the allocation size,\u201d Barnea wrote in the post. \u201cThese 24 bytes are the size of a struct called \u2018rpcconn_request_hdr_t,\u2019 which serves as the buffer header.\u201d\n\nThe previous patch performs the check for integer overflow before adding the header size, so it does not take into account this header\u2013which can lead to the same integer overflow that the patch was attempting to mitigate, he explained.\n\n\u201cThe new patch adds another call to validate that the addition of 24 bytes does not overflow,\u201d mitigating the problem, Barnea wrote.\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-05-11T11:12:11", "type": "threatpost", "title": "Actively Exploited Zero-Day Bug Patched by Microsoft", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-26432", "CVE-2022-22012", "CVE-2022-22019", "CVE-2022-24492", "CVE-2022-24528", "CVE-2022-26809", "CVE-2022-26925", "CVE-2022-26937", "CVE-2022-29130", "CVE-2022-29972"], "modified": "2022-05-11T11:12:11", "id": "THREATPOST:B7A9B20B1E9413BB675D8C2810F1365F", "href": "https://threatpost.com/microsoft-zero-day-mays-patch-tuesday/179579/", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "cve": [{"lastseen": "2023-05-23T15:35:37", "description": "Windows Services for NFS ONCRPC XDR Driver Information Disclosure Vulnerability This CVE ID is unique from CVE-2021-26433, CVE-2021-36926, CVE-2021-36932.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2021-08-12T18:15:00", "type": "cve", "title": "CVE-2021-36933", "cwe": ["NVD-CWE-noinfo"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-26433", "CVE-2021-36926", "CVE-2021-36932", "CVE-2021-36933"], "modified": "2021-08-20T19:04:00", "cpe": ["cpe:/o:microsoft:windows_10:2004", "cpe:/o:microsoft:windows_server_2016:20h2", "cpe:/o:microsoft:windows_server_2012:r2", "cpe:/o:microsoft:windows_10:1809", "cpe:/o:microsoft:windows_server_2019:-", "cpe:/o:microsoft:windows_10:21h1", "cpe:/o:microsoft:windows_rt_8.1:-", "cpe:/o:microsoft:windows_10:1607", "cpe:/o:microsoft:windows_10:20h2", "cpe:/o:microsoft:windows_10:-", "cpe:/o:microsoft:windows_server_2012:-", "cpe:/o:microsoft:windows_10:1909", "cpe:/o:microsoft:windows_8.1:-", "cpe:/o:microsoft:windows_server_2016:2004", "cpe:/o:microsoft:windows_server_2016:-"], "id": "CVE-2021-36933", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-36933", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}, "cpe23": ["cpe:2.3:o:microsoft:windows_10:20h2:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:20h2:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1909:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:2004:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:21h1:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2019:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_8.1:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1607:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:2004:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_rt_8.1:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1809:*:*:*:*:*:*:*"]}, {"lastseen": "2023-05-23T15:35:37", "description": "Windows Services for NFS ONCRPC XDR Driver Information Disclosure Vulnerability This CVE ID is unique from CVE-2021-26433, CVE-2021-36926, CVE-2021-36933.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2021-08-12T18:15:00", "type": "cve", "title": "CVE-2021-36932", "cwe": ["NVD-CWE-noinfo"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-26433", "CVE-2021-36926", "CVE-2021-36932", "CVE-2021-36933"], "modified": "2021-08-20T19:05:00", "cpe": ["cpe:/o:microsoft:windows_10:2004", "cpe:/o:microsoft:windows_server_2016:20h2", "cpe:/o:microsoft:windows_server_2012:r2", "cpe:/o:microsoft:windows_10:1809", "cpe:/o:microsoft:windows_server_2019:-", "cpe:/o:microsoft:windows_10:21h1", "cpe:/o:microsoft:windows_10:1607", "cpe:/o:microsoft:windows_server_2008:r2", "cpe:/o:microsoft:windows_rt_8.1:-", "cpe:/o:microsoft:windows_10:-", "cpe:/o:microsoft:windows_10:20h2", "cpe:/o:microsoft:windows_server_2008:-", "cpe:/o:microsoft:windows_server_2012:-", "cpe:/o:microsoft:windows_7:-", "cpe:/o:microsoft:windows_10:1909", "cpe:/o:microsoft:windows_8.1:-", "cpe:/o:microsoft:windows_server_2016:2004", "cpe:/o:microsoft:windows_server_2016:-"], "id": "CVE-2021-36932", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-36932", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}, "cpe23": ["cpe:2.3:o:microsoft:windows_10:20h2:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:20h2:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1909:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:2004:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:21h1:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_7:-:sp1:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2019:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_8.1:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1607:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:2004:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_rt_8.1:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_10:1809:*:*:*:*:*:*:*"]}, {"lastseen": "2023-05-27T14:31:48", "description": "Windows Services for NFS ONCRPC XDR Driver Information Disclosure Vulnerability This CVE ID is unique from CVE-2021-36926, CVE-2021-36932, CVE-2021-36933.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2021-08-12T18:15:00", "type": "cve", "title": "CVE-2021-26433", "cwe": ["NVD-CWE-noinfo"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-26433", "CVE-2021-36926", "CVE-2021-36932", "CVE-2021-36933"], "modified": "2021-08-18T16:56:00", "cpe": ["cpe:/o:microsoft:windows_server_2019:-", "cpe:/o:microsoft:windows_server_2016:-", "cpe:/o:microsoft:windows_10:1607", "cpe:/o:microsoft:windows_10:20h2", "cpe:/o:microsoft:windows_10:1809", "cpe:/o:microsoft:windows_8.1:-", "cpe:/o:microsoft:windows_10:-", "cpe:/o:microsoft:windows_server_2016:20h2", "cpe:/o:microsoft:windows_server_2012:-", "cpe:/o:microsoft:windows_10:2004", "cpe:/o:microsoft:windows_10:1909", "cpe:/o:microsoft:windows_server_2016:2004", "cpe:/o:microsoft:windows_rt_8.1:-", "cpe:/o:microsoft:windows_10:21h1", "cpe:/o:microsoft:windows_server_2012:r2"], "id": "CVE-2021-26433", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-26433", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}, "cpe23": ["cpe:2.3:o:microsoft:windows_10:20h2:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:2004:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2019:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1607:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1809:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:2004:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1909:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_rt_8.1:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:20h2:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:21h1:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_8.1:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*"]}, {"lastseen": "2023-05-23T15:35:36", "description": "Windows Services for NFS ONCRPC XDR Driver Information Disclosure Vulnerability This CVE ID is unique from CVE-2021-26433, CVE-2021-36932, CVE-2021-36933.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2021-08-12T18:15:00", "type": "cve", "title": "CVE-2021-36926", "cwe": ["NVD-CWE-noinfo"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-26433", "CVE-2021-36926", "CVE-2021-36932", "CVE-2021-36933"], "modified": "2021-08-20T18:56:00", "cpe": ["cpe:/o:microsoft:windows_10:2004", "cpe:/o:microsoft:windows_server_2016:20h2", "cpe:/o:microsoft:windows_server_2012:r2", "cpe:/o:microsoft:windows_10:1809", "cpe:/o:microsoft:windows_server_2019:-", "cpe:/o:microsoft:windows_10:21h1", "cpe:/o:microsoft:windows_rt_8.1:-", "cpe:/o:microsoft:windows_10:1607", "cpe:/o:microsoft:windows_10:20h2", "cpe:/o:microsoft:windows_10:-", "cpe:/o:microsoft:windows_server_2012:-", "cpe:/o:microsoft:windows_10:1909", "cpe:/o:microsoft:windows_8.1:-", "cpe:/o:microsoft:windows_server_2016:2004", "cpe:/o:microsoft:windows_server_2016:-"], "id": "CVE-2021-36926", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-36926", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}, "cpe23": ["cpe:2.3:o:microsoft:windows_10:20h2:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:20h2:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1909:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:2004:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:21h1:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2019:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_8.1:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1607:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:2004:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_rt_8.1:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1809:*:*:*:*:*:*:*"]}, {"lastseen": "2023-05-23T15:30:33", "description": "Windows Event Tracing Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2021-26425, CVE-2021-34486.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-08-12T18:15:00", "type": "cve", "title": "CVE-2021-34487", "cwe": ["CWE-269"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 4.6, "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-26425", "CVE-2021-34486", "CVE-2021-34487"], "modified": "2021-08-23T20:37:00", "cpe": ["cpe:/o:microsoft:windows_10:2004", "cpe:/o:microsoft:windows_10:1809", "cpe:/o:microsoft:windows_server_2019:-", "cpe:/o:microsoft:windows_10:21h1", "cpe:/o:microsoft:windows_10:1607", "cpe:/o:microsoft:windows_10:20h2", "cpe:/o:microsoft:windows_10:1909", "cpe:/o:microsoft:windows_server_2016:20h2", "cpe:/o:microsoft:windows_server_2016:2004", "cpe:/o:microsoft:windows_server_2016:-"], "id": "CVE-2021-34487", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-34487", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:o:microsoft:windows_10:20h2:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:20h2:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1909:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:2004:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:21h1:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2019:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1607:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:2004:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1809:*:*:*:*:*:*:*"]}, {"lastseen": "2023-05-27T14:31:46", "description": "Windows Event Tracing Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2021-34486, CVE-2021-34487.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-08-12T18:15:00", "type": "cve", "title": "CVE-2021-26425", "cwe": ["CWE-59"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 4.6, "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-26425", "CVE-2021-34486", "CVE-2021-34487"], "modified": "2022-05-03T16:04:00", "cpe": ["cpe:/o:microsoft:windows_server_2019:-", "cpe:/o:microsoft:windows_server_2016:-", "cpe:/o:microsoft:windows_10:1607", "cpe:/o:microsoft:windows_10:20h2", "cpe:/o:microsoft:windows_server_2008:r2", "cpe:/o:microsoft:windows_10:1809", "cpe:/o:microsoft:windows_8.1:-", "cpe:/o:microsoft:windows_server_2008:-", "cpe:/o:microsoft:windows_10:-", "cpe:/o:microsoft:windows_server_2016:20h2", "cpe:/o:microsoft:windows_server_2012:-", "cpe:/o:microsoft:windows_7:-", "cpe:/o:microsoft:windows_10:2004", "cpe:/o:microsoft:windows_10:1909", "cpe:/o:microsoft:windows_server_2016:2004", "cpe:/o:microsoft:windows_rt_8.1:-", "cpe:/o:microsoft:windows_10:21h1", "cpe:/o:microsoft:windows_server_2012:r2"], "id": "CVE-2021-26425", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-26425", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:o:microsoft:windows_10:20h2:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_7:-:sp1:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:2004:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2019:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1607:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1809:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:2004:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1909:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_rt_8.1:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:20h2:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_10:21h1:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_8.1:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*"]}, {"lastseen": "2023-05-23T15:30:33", "description": "Windows Event Tracing Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2021-26425, CVE-2021-34487.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-08-12T18:15:00", "type": "cve", "title": "CVE-2021-34486", "cwe": ["CWE-269"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 4.6, "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-26425", "CVE-2021-34486", "CVE-2021-34487"], "modified": "2021-08-23T20:38:00", "cpe": ["cpe:/o:microsoft:windows_10:2004", "cpe:/o:microsoft:windows_10:1809", "cpe:/o:microsoft:windows_server_2019:-", "cpe:/o:microsoft:windows_10:21h1", "cpe:/o:microsoft:windows_10:20h2", "cpe:/o:microsoft:windows_10:1909", "cpe:/o:microsoft:windows_server_2016:20h2", "cpe:/o:microsoft:windows_server_2016:2004"], "id": "CVE-2021-34486", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-34486", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:o:microsoft:windows_10:20h2:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:20h2:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1909:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:2004:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:21h1:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2019:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:2004:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1809:*:*:*:*:*:*:*"]}, {"lastseen": "2023-05-23T15:35:40", "description": "Windows Print Spooler Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-36936, CVE-2021-36947.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2021-08-12T18:15:00", "type": "cve", "title": "CVE-2021-36958", "cwe": ["NVD-CWE-noinfo"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-36936", "CVE-2021-36947", "CVE-2021-36958"], "modified": "2021-08-24T15:32:00", "cpe": ["cpe:/o:microsoft:windows:-"], "id": "CVE-2021-36958", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-36958", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}, "cpe23": ["cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*"]}, {"lastseen": "2023-05-23T15:35:38", "description": "Windows Print Spooler Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-36947, CVE-2021-36958.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-08-12T18:15:00", "type": "cve", "title": "CVE-2021-36936", "cwe": ["NVD-CWE-noinfo"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-36936", "CVE-2021-36947", "CVE-2021-36958"], "modified": "2021-08-20T19:04:00", "cpe": ["cpe:/o:microsoft:windows_10:2004", "cpe:/o:microsoft:windows_server_2016:20h2", "cpe:/o:microsoft:windows_server_2012:r2", "cpe:/o:microsoft:windows_10:1809", "cpe:/o:microsoft:windows_server_2019:-", "cpe:/o:microsoft:windows_10:21h1", "cpe:/o:microsoft:windows_10:1607", "cpe:/o:microsoft:windows_server_2008:r2", "cpe:/o:microsoft:windows_rt_8.1:-", "cpe:/o:microsoft:windows_10:-", "cpe:/o:microsoft:windows_10:20h2", "cpe:/o:microsoft:windows_server_2008:-", "cpe:/o:microsoft:windows_server_2012:-", "cpe:/o:microsoft:windows_7:-", "cpe:/o:microsoft:windows_10:1909", "cpe:/o:microsoft:windows_8.1:-", "cpe:/o:microsoft:windows_server_2016:2004", "cpe:/o:microsoft:windows_server_2016:-"], "id": "CVE-2021-36936", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-36936", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:o:microsoft:windows_10:20h2:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:20h2:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1909:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:2004:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:21h1:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_7:-:sp1:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2019:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_8.1:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1607:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:2004:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_rt_8.1:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_10:1809:*:*:*:*:*:*:*"]}, {"lastseen": "2023-05-23T15:35:39", "description": "Windows Print Spooler Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-36936, CVE-2021-36958.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-08-12T18:15:00", "type": "cve", "title": "CVE-2021-36947", "cwe": ["NVD-CWE-noinfo"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.5, "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-36936", "CVE-2021-36947", "CVE-2021-36958"], "modified": "2021-08-20T18:58:00", "cpe": ["cpe:/o:microsoft:windows_10:2004", "cpe:/o:microsoft:windows_server_2016:20h2", "cpe:/o:microsoft:windows_server_2012:r2", "cpe:/o:microsoft:windows_10:1809", "cpe:/o:microsoft:windows_server_2019:-", "cpe:/o:microsoft:windows_10:21h1", "cpe:/o:microsoft:windows_10:1607", "cpe:/o:microsoft:windows_server_2008:r2", "cpe:/o:microsoft:windows_rt_8.1:-", "cpe:/o:microsoft:windows_10:-", "cpe:/o:microsoft:windows_10:20h2", "cpe:/o:microsoft:windows_server_2008:-", "cpe:/o:microsoft:windows_server_2012:-", "cpe:/o:microsoft:windows_7:-", "cpe:/o:microsoft:windows_10:1909", "cpe:/o:microsoft:windows_8.1:-", "cpe:/o:microsoft:windows_server_2016:2004", "cpe:/o:microsoft:windows_server_2016:-"], "id": "CVE-2021-36947", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-36947", "cvss": {"score": 6.5, "vector": "AV:N/AC:L/Au:S/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:o:microsoft:windows_10:20h2:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:20h2:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1909:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:2004:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:21h1:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_7:-:sp1:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2019:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_8.1:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1607:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:2004:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_rt_8.1:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_10:1809:*:*:*:*:*:*:*"]}, {"lastseen": "2023-05-23T15:30:41", "description": "Windows MSHTML Platform Remote Code Execution Vulnerability", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2021-08-12T18:15:00", "type": "cve", "title": "CVE-2021-34534", "cwe": ["NVD-CWE-noinfo"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 4.9, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "HIGH", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 5.1, "vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-34534"], "modified": "2021-08-23T21:05:00", "cpe": ["cpe:/o:microsoft:windows_10:2004", "cpe:/o:microsoft:windows_10:1809", "cpe:/o:microsoft:windows_server_2019:-", "cpe:/o:microsoft:windows_10:21h1", "cpe:/o:microsoft:windows_10:1607", "cpe:/o:microsoft:windows_10:20h2", "cpe:/o:microsoft:windows_10:-", "cpe:/o:microsoft:windows_10:1909", "cpe:/o:microsoft:windows_server_2016:-"], "id": "CVE-2021-34534", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-34534", "cvss": {"score": 5.1, "vector": "AV:N/AC:H/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:o:microsoft:windows_10:20h2:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1909:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:2004:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2019:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1607:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:21h1:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1809:*:*:*:*:*:*:*"]}, {"lastseen": "2023-05-23T15:30:41", "description": "Windows Graphics Component Remote Code Execution Vulnerability", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2021-08-12T18:15:00", "type": "cve", "title": "CVE-2021-34530", "cwe": ["NVD-CWE-noinfo"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-34530"], "modified": "2021-08-23T20:47:00", "cpe": ["cpe:/o:microsoft:windows_10:2004", "cpe:/o:microsoft:windows_10:1809", "cpe:/o:microsoft:windows_server_2019:-", "cpe:/o:microsoft:windows_10:21h1", "cpe:/o:microsoft:windows_10:1607", "cpe:/o:microsoft:windows_10:20h2", "cpe:/o:microsoft:windows_10:-", "cpe:/o:microsoft:windows_10:1909", "cpe:/o:microsoft:windows_server_2016:20h2", "cpe:/o:microsoft:windows_server_2016:2004", "cpe:/o:microsoft:windows_server_2016:-"], "id": "CVE-2021-34530", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-34530", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:o:microsoft:windows_10:20h2:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:20h2:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1909:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:2004:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:21h1:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2019:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1607:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:2004:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1809:*:*:*:*:*:*:*"]}, {"lastseen": "2023-05-23T15:30:41", "description": "Storage Spaces Controller Elevation of Privilege Vulnerability", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-08-12T18:15:00", "type": "cve", "title": "CVE-2021-34536", "cwe": ["CWE-190"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 4.6, "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-34536"], "modified": "2022-07-12T17:42:00", "cpe": ["cpe:/o:microsoft:windows_10:2004", "cpe:/o:microsoft:windows_10:1809", "cpe:/o:microsoft:windows_server_2019:-", "cpe:/o:microsoft:windows_10:21h1", "cpe:/o:microsoft:windows_10:1607", "cpe:/o:microsoft:windows_10:20h2", "cpe:/o:microsoft:windows_10:-", "cpe:/o:microsoft:windows_10:1909", "cpe:/o:microsoft:windows_server_2016:20h2", "cpe:/o:microsoft:windows_server_2016:2004", "cpe:/o:microsoft:windows_server_2016:-"], "id": "CVE-2021-34536", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-34536", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:o:microsoft:windows_10:20h2:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:20h2:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1909:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:2004:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:21h1:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2019:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1607:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:2004:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1809:*:*:*:*:*:*:*"]}, {"lastseen": "2023-05-27T14:31:48", "description": "Windows Recovery Environment Agent Elevation of Privilege Vulnerability", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-08-12T18:15:00", "type": "cve", "title": "CVE-2021-26431", "cwe": ["NVD-CWE-Other"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 4.6, "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-26431"], "modified": "2022-05-03T16:04:00", "cpe": ["cpe:/o:microsoft:windows_10:20h2", "cpe:/o:microsoft:windows_server_2016:2004", "cpe:/o:microsoft:windows_10:2004", "cpe:/o:microsoft:windows_server_2016:20h2", "cpe:/o:microsoft:windows_10:21h1"], "id": "CVE-2021-26431", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-26431", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:o:microsoft:windows_10:20h2:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:2004:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:2004:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:21h1:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:20h2:*:*:*:*:*:*:*"]}, {"lastseen": "2023-05-23T15:30:43", "description": "Windows Bluetooth Driver Elevation of Privilege Vulnerability", "cvss3": {"exploitabilityScore": 2.1, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 8.0, "vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-08-12T18:15:00", "type": "cve", "title": "CVE-2021-34537", "cwe": ["CWE-269"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 5.1, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 5.2, "vectorString": "AV:A/AC:L/Au:S/C:P/I:P/A:P", "version": "2.0", "accessVector": "ADJACENT_NETWORK", "authentication": "SINGLE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-34537"], "modified": "2021-08-20T18:57:00", "cpe": ["cpe:/o:microsoft:windows_10:2004", "cpe:/o:microsoft:windows_server_2016:20h2", "cpe:/o:microsoft:windows_server_2012:r2", "cpe:/o:microsoft:windows_10:1809", "cpe:/o:microsoft:windows_server_2019:-", "cpe:/o:microsoft:windows_10:21h1", "cpe:/o:microsoft:windows_10:1607", "cpe:/o:microsoft:windows_server_2008:r2", "cpe:/o:microsoft:windows_rt_8.1:-", "cpe:/o:microsoft:windows_10:-", "cpe:/o:microsoft:windows_10:20h2", "cpe:/o:microsoft:windows_server_2012:-", "cpe:/o:microsoft:windows_7:-", "cpe:/o:microsoft:windows_10:1909", "cpe:/o:microsoft:windows_8.1:-", "cpe:/o:microsoft:windows_server_2016:2004", "cpe:/o:microsoft:windows_server_2016:-"], "id": "CVE-2021-34537", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-34537", "cvss": {"score": 5.2, "vector": "AV:A/AC:L/Au:S/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:o:microsoft:windows_10:20h2:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:20h2:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1909:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:2004:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:21h1:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_7:-:sp1:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2019:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_8.1:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1607:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:2004:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_rt_8.1:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_10:1809:*:*:*:*:*:*:*"]}, {"lastseen": "2023-05-23T15:30:42", "description": "Windows Graphics Component Font Parsing Remote Code Execution Vulnerability", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2021-08-12T18:15:00", "type": "cve", "title": "CVE-2021-34533", "cwe": ["NVD-CWE-noinfo"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-34533"], "modified": "2021-08-23T20:46:00", "cpe": ["cpe:/o:microsoft:windows_10:2004", "cpe:/o:microsoft:windows_server_2016:20h2", "cpe:/o:microsoft:windows_server_2012:r2", "cpe:/o:microsoft:windows_10:1809", "cpe:/o:microsoft:windows_server_2019:-", "cpe:/o:microsoft:windows_10:21h1", "cpe:/o:microsoft:windows_10:1607", "cpe:/o:microsoft:windows_server_2008:r2", "cpe:/o:microsoft:windows_rt_8.1:-", "cpe:/o:microsoft:windows_10:-", "cpe:/o:microsoft:windows_10:20h2", "cpe:/o:microsoft:windows_server_2008:-", "cpe:/o:microsoft:windows_server_2012:-", "cpe:/o:microsoft:windows_7:-", "cpe:/o:microsoft:windows_10:1909", "cpe:/o:microsoft:windows_8.1:-", "cpe:/o:microsoft:windows_server_2016:2004", "cpe:/o:microsoft:windows_server_2016:-"], "id": "CVE-2021-34533", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-34533", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:o:microsoft:windows_10:20h2:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:20h2:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1909:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:2004:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:21h1:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_7:-:sp1:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2019:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_8.1:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1607:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:2004:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_rt_8.1:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_10:1809:*:*:*:*:*:*:*"]}, {"lastseen": "2023-05-27T14:31:48", "description": "Windows Services for NFS ONCRPC XDR Driver Remote Code Execution Vulnerability", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-08-12T18:15:00", "type": "cve", "title": "CVE-2021-26432", "cwe": ["NVD-CWE-noinfo"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-26432"], "modified": "2021-08-23T11:59:00", "cpe": ["cpe:/o:microsoft:windows_server_2019:-", "cpe:/o:microsoft:windows_server_2016:-", "cpe:/o:microsoft:windows_10:1607", "cpe:/o:microsoft:windows_10:20h2", "cpe:/o:microsoft:windows_10:1809", "cpe:/o:microsoft:windows_8.1:-", "cpe:/o:microsoft:windows_10:-", "cpe:/o:microsoft:windows_server_2016:20h2", "cpe:/o:microsoft:windows_server_2012:-", "cpe:/o:microsoft:windows_10:2004", "cpe:/o:microsoft:windows_10:1909", "cpe:/o:microsoft:windows_server_2016:2004", "cpe:/o:microsoft:windows_rt_8.1:-", "cpe:/o:microsoft:windows_10:21h1", "cpe:/o:microsoft:windows_server_2012:r2"], "id": "CVE-2021-26432", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-26432", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:o:microsoft:windows_10:20h2:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:2004:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2019:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1607:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1809:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:2004:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1909:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_rt_8.1:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:20h2:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:21h1:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_8.1:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*"]}, {"lastseen": "2023-05-27T14:31:47", "description": "Windows User Account Profile Picture Elevation of Privilege Vulnerability", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-08-12T18:15:00", "type": "cve", "title": "CVE-2021-26426", "cwe": ["CWE-59"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 4.6, "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-26426"], "modified": "2022-05-03T16:04:00", "cpe": ["cpe:/o:microsoft:windows_server_2019:-", "cpe:/o:microsoft:windows_server_2016:-", "cpe:/o:microsoft:windows_10:1607", "cpe:/o:microsoft:windows_10:20h2", "cpe:/o:microsoft:windows_10:1809", "cpe:/o:microsoft:windows_8.1:-", "cpe:/o:microsoft:windows_10:-", "cpe:/o:microsoft:windows_server_2016:20h2", "cpe:/o:microsoft:windows_server_2012:-", "cpe:/o:microsoft:windows_7:-", "cpe:/o:microsoft:windows_10:2004", "cpe:/o:microsoft:windows_10:1909", "cpe:/o:microsoft:windows_server_2016:2004", "cpe:/o:microsoft:windows_rt_8.1:-", "cpe:/o:microsoft:windows_10:21h1", "cpe:/o:microsoft:windows_server_2012:r2"], "id": "CVE-2021-26426", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-26426", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:o:microsoft:windows_10:20h2:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_7:-:sp1:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:2004:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2019:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1607:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1809:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:2004:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1909:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_rt_8.1:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:20h2:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:21h1:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_8.1:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*"]}, {"lastseen": "2023-05-23T15:30:42", "description": "Remote Desktop Client Remote Code Execution Vulnerability", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2021-08-12T18:15:00", "type": "cve", "title": "CVE-2021-34535", "cwe": ["NVD-CWE-noinfo"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-34535"], "modified": "2021-08-23T20:57:00", "cpe": ["cpe:/o:microsoft:windows_10:2004", "cpe:/o:microsoft:windows_server_2012:r2", "cpe:/o:microsoft:windows_10:1809", "cpe:/o:microsoft:windows_server_2019:-", "cpe:/a:microsoft:remote_desktop:-", "cpe:/o:microsoft:windows_10:21h1", "cpe:/o:microsoft:windows_10:1607", "cpe:/o:microsoft:windows_server_2008:r2", "cpe:/o:microsoft:windows_rt_8.1:-", "cpe:/o:microsoft:windows_10:-", "cpe:/o:microsoft:windows_10:20h2", "cpe:/o:microsoft:windows_server_2012:-", "cpe:/o:microsoft:windows_7:-", "cpe:/o:microsoft:windows_10:1909", "cpe:/o:microsoft:windows_8.1:-", "cpe:/o:microsoft:windows_server_2016:-"], "id": "CVE-2021-34535", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-34535", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:o:microsoft:windows_10:20h2:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1909:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:2004:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*", "cpe:2.3:a:microsoft:remote_desktop:-:*:*:*:*:windows:*:*", "cpe:2.3:o:microsoft:windows_7:-:sp1:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2019:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_8.1:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1607:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:21h1:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_rt_8.1:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_10:1809:*:*:*:*:*:*:*"]}, {"lastseen": "2023-05-23T15:35:38", "description": "Windows Media MPEG-4 Video Decoder Remote Code Execution Vulnerability", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2021-08-12T18:15:00", "type": "cve", "title": "CVE-2021-36937", "cwe": ["NVD-CWE-noinfo"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-36937"], "modified": "2021-08-20T19:03:00", "cpe": ["cpe:/o:microsoft:windows_10:2004", "cpe:/o:microsoft:windows_server_2016:20h2", "cpe:/o:microsoft:windows_server_2012:r2", "cpe:/o:microsoft:windows_10:1809", "cpe:/o:microsoft:windows_server_2019:-", "cpe:/o:microsoft:windows_10:21h1", "cpe:/o:microsoft:windows_10:1607", "cpe:/o:microsoft:windows_server_2008:r2", "cpe:/o:microsoft:windows_rt_8.1:-", "cpe:/o:microsoft:windows_10:-", "cpe:/o:microsoft:windows_10:20h2", "cpe:/o:microsoft:windows_server_2008:-", "cpe:/o:microsoft:windows_server_2012:-", "cpe:/o:microsoft:windows_7:-", "cpe:/o:microsoft:windows_10:1909", "cpe:/o:microsoft:windows_8.1:-", "cpe:/o:microsoft:windows_server_2016:2004", "cpe:/o:microsoft:windows_server_2016:-"], "id": "CVE-2021-36937", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-36937", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:o:microsoft:windows_10:20h2:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:20h2:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1909:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:2004:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:21h1:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_7:-:sp1:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2019:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_8.1:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1607:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:2004:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_rt_8.1:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_10:1809:*:*:*:*:*:*:*"]}, {"lastseen": "2023-05-27T14:31:51", "description": "Windows TCP/IP Remote Code Execution Vulnerability", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-08-12T18:15:00", "type": "cve", "title": "CVE-2021-26424", "cwe": ["NVD-CWE-noinfo"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-26424"], "modified": "2021-08-20T13:45:00", "cpe": ["cpe:/o:microsoft:windows_server_2019:-", "cpe:/o:microsoft:windows_server_2016:-", "cpe:/o:microsoft:windows_10:1607", "cpe:/o:microsoft:windows_10:20h2", "cpe:/o:microsoft:windows_server_2008:r2", "cpe:/o:microsoft:windows_10:1809", "cpe:/o:microsoft:windows_8.1:-", "cpe:/o:microsoft:windows_server_2008:-", "cpe:/o:microsoft:windows_10:-", "cpe:/o:microsoft:windows_server_2016:20h2", "cpe:/o:microsoft:windows_server_2012:-", "cpe:/o:microsoft:windows_7:-", "cpe:/o:microsoft:windows_10:2004", "cpe:/o:microsoft:windows_10:1909", "cpe:/o:microsoft:windows_server_2016:2004", "cpe:/o:microsoft:windows_rt_8.1:-", "cpe:/o:microsoft:windows_10:21h1", "cpe:/o:microsoft:windows_server_2012:r2"], "id": "CVE-2021-26424", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-26424", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:o:microsoft:windows_10:20h2:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_7:-:sp1:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:2004:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2019:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1607:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1809:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:2004:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1909:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_rt_8.1:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:20h2:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_10:21h1:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_8.1:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*"]}, {"lastseen": "2023-05-23T15:35:39", "description": "Windows Update Medic Service Elevation of Privilege Vulnerability", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-08-12T18:15:00", "type": "cve", "title": "CVE-2021-36948", "cwe": ["CWE-269"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 4.6, "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-36948"], "modified": "2021-08-20T18:58:00", "cpe": ["cpe:/o:microsoft:windows_10:2004", "cpe:/o:microsoft:windows_10:1809", "cpe:/o:microsoft:windows_server_2019:-", "cpe:/o:microsoft:windows_10:21h1", "cpe:/o:microsoft:windows_10:20h2", "cpe:/o:microsoft:windows_10:1909", "cpe:/o:microsoft:windows_server_2016:20h2", "cpe:/o:microsoft:windows_server_2016:2004"], "id": "CVE-2021-36948", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-36948", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:o:microsoft:windows_10:20h2:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:20h2:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1909:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:2004:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:21h1:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2019:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:2004:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1809:*:*:*:*:*:*:*"]}, {"lastseen": "2023-05-23T15:30:35", "description": "Scripting Engine Memory Corruption Vulnerability", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2021-08-12T18:15:00", "type": "cve", "title": "CVE-2021-34480", "cwe": ["CWE-787"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-34480"], "modified": "2021-09-16T13:10:00", "cpe": ["cpe:/o:microsoft:windows_10:2004", "cpe:/o:microsoft:windows_server_2012:r2", "cpe:/o:microsoft:windows_10:1809", "cpe:/o:microsoft:windows_server_2019:-", "cpe:/o:microsoft:windows_10:21h1", "cpe:/o:microsoft:windows_10:1607", "cpe:/o:microsoft:windows_server_2008:r2", "cpe:/o:microsoft:windows_rt_8.1:-", "cpe:/o:microsoft:windows_10:-", "cpe:/o:microsoft:windows_10:20h2", "cpe:/o:microsoft:windows_server_2012:-", "cpe:/o:microsoft:windows_7:-", "cpe:/o:microsoft:windows_10:1909", "cpe:/o:microsoft:windows_8.1:-", "cpe:/o:microsoft:windows_server_2016:-"], "id": "CVE-2021-34480", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-34480", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:o:microsoft:windows_10:20h2:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1909:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:2004:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_7:-:sp1:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2019:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_8.1:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1607:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:21h1:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_rt_8.1:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_10:1809:*:*:*:*:*:*:*"]}, {"lastseen": "2023-05-23T15:30:33", "description": "Windows Print Spooler Elevation of Privilege Vulnerability", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-08-12T18:15:00", "type": "cve", "title": "CVE-2021-34483", "cwe": ["CWE-269"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 4.6, "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-34483"], "modified": "2021-08-23T12:09:00", "cpe": ["cpe:/o:microsoft:windows_10:2004", "cpe:/o:microsoft:windows_server_2016:20h2", "cpe:/o:microsoft:windows_server_2012:r2", "cpe:/o:microsoft:windows_10:1809", "cpe:/o:microsoft:windows_server_2019:-", "cpe:/o:microsoft:windows_10:21h1", "cpe:/o:microsoft:windows_10:1607", "cpe:/o:microsoft:windows_server_2008:r2", "cpe:/o:microsoft:windows_rt_8.1:-", "cpe:/o:microsoft:windows_10:-", "cpe:/o:microsoft:windows_10:20h2", "cpe:/o:microsoft:windows_server_2008:-", "cpe:/o:microsoft:windows_server_2012:-", "cpe:/o:microsoft:windows_7:-", "cpe:/o:microsoft:windows_10:1909", "cpe:/o:microsoft:windows_8.1:-", "cpe:/o:microsoft:windows_server_2016:2004", "cpe:/o:microsoft:windows_server_2016:-"], "id": "CVE-2021-34483", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-34483", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:o:microsoft:windows_10:20h2:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:20h2:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1909:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:2004:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:21h1:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_7:-:sp1:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2019:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_8.1:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1607:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:2004:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_rt_8.1:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_10:1809:*:*:*:*:*:*:*"]}, {"lastseen": "2023-05-23T15:30:33", "description": "Windows User Profile Service Elevation of Privilege Vulnerability", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-08-12T18:15:00", "type": "cve", "title": "CVE-2021-34484", "cwe": ["CWE-269"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 4.6, "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-34484"], "modified": "2021-08-23T20:25:00", "cpe": ["cpe:/o:microsoft:windows_10:2004", "cpe:/o:microsoft:windows_server_2016:20h2", "cpe:/o:microsoft:windows_server_2012:r2", "cpe:/o:microsoft:windows_10:1809", "cpe:/o:microsoft:windows_server_2019:-", "cpe:/o:microsoft:windows_10:21h1", "cpe:/o:microsoft:windows_10:1607", "cpe:/o:microsoft:windows_server_2008:r2", "cpe:/o:microsoft:windows_rt_8.1:-", "cpe:/o:microsoft:windows_10:-", "cpe:/o:microsoft:windows_10:20h2", "cpe:/o:microsoft:windows_server_2008:-", "cpe:/o:microsoft:windows_server_2012:-", "cpe:/o:microsoft:windows_7:-", "cpe:/o:microsoft:windows_10:1909", "cpe:/o:microsoft:windows_8.1:-", "cpe:/o:microsoft:windows_server_2016:2004", "cpe:/o:microsoft:windows_server_2016:-"], "id": "CVE-2021-34484", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-34484", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:o:microsoft:windows_10:20h2:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:20h2:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1909:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:2004:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:21h1:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_7:-:sp1:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2019:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_8.1:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1607:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:2004:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_rt_8.1:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_10:1809:*:*:*:*:*:*:*"]}], "mscve": [{"lastseen": "2023-05-23T16:35:51", "description": "Windows Services for NFS ONCRPC XDR Driver Information Disclosure Vulnerability This CVE ID is unique from CVE-2021-26433, CVE-2021-36926, CVE-2021-36932.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2021-08-10T07:00:00", "type": "mscve", "title": "Windows Services for NFS ONCRPC XDR Driver Information Disclosure Vulnerability", "bulletinFamily": "microsoft", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-26433", "CVE-2021-36926", "CVE-2021-36932", "CVE-2021-36933"], "modified": "2021-08-10T07:00:00", "id": "MS:CVE-2021-36933", "href": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-36933", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2023-05-23T16:35:51", "description": "Windows Services for NFS ONCRPC XDR Driver Information Disclosure Vulnerability This CVE ID is unique from CVE-2021-26433, CVE-2021-36926, CVE-2021-36933.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2021-08-10T07:00:00", "type": "mscve", "title": "Windows Services for NFS ONCRPC XDR Driver Information Disclosure Vulnerability", "bulletinFamily": "microsoft", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-26433", "CVE-2021-36926", "CVE-2021-36932", "CVE-2021-36933"], "modified": "2021-08-10T07:00:00", "id": "MS:CVE-2021-36932", "href": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-36932", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2023-05-23T16:35:52", "description": "Windows Services for NFS ONCRPC XDR Driver Information Disclosure Vulnerability This CVE ID is unique from CVE-2021-26433, CVE-2021-36932, CVE-2021-36933.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2021-08-10T07:00:00", "type": "mscve", "title": "Windows Services for NFS ONCRPC XDR Driver Information Disclosure Vulnerability", "bulletinFamily": "microsoft", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-26433", "CVE-2021-36926", "CVE-2021-36932", "CVE-2021-36933"], "modified": "2021-08-10T07:00:00", "id": "MS:CVE-2021-36926", "href": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-36926", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2023-05-27T14:46:35", "description": "Windows Services for NFS ONCRPC XDR Driver Information Disclosure Vulnerability This CVE ID is unique from CVE-2021-36926, CVE-2021-36932, CVE-2021-36933.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2021-08-10T07:00:00", "type": "mscve", "title": "Windows Services for NFS ONCRPC XDR Driver Information Disclosure Vulnerability", "bulletinFamily": "microsoft", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-26433", "CVE-2021-36926", "CVE-2021-36932", "CVE-2021-36933"], "modified": "2021-08-10T07:00:00", "id": "MS:CVE-2021-26433", "href": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-26433", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2023-05-23T16:35:56", "description": "Windows Event Tracing Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2021-26425, CVE-2021-34487.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-08-10T07:00:00", "type": "mscve", "title": "Windows Event Tracing Elevation of Privilege Vulnerability", "bulletinFamily": "microsoft", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 4.6, "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-26425", "CVE-2021-34486", "CVE-2021-34487"], "modified": "2021-08-12T07:00:00", "id": "MS:CVE-2021-34486", "href": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-34486", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-05-23T16:35:56", "description": "Windows Event Tracing Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2021-26425, CVE-2021-34486.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-08-10T07:00:00", "type": "mscve", "title": "Windows Event Tracing Elevation of Privilege Vulnerability", "bulletinFamily": "microsoft", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 4.6, "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-26425", "CVE-2021-34486", "CVE-2021-34487"], "modified": "2021-08-10T07:00:00", "id": "MS:CVE-2021-34487", "href": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-34487", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-05-27T14:46:39", "description": "Windows Event Tracing Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2021-34486, CVE-2021-34487.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-08-10T07:00:00", "type": "mscve", "title": "Windows Event Tracing Elevation of Privilege Vulnerability", "bulletinFamily": "microsoft", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 4.6, "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-26425", "CVE-2021-34486", "CVE-2021-34487"], "modified": "2021-08-10T07:00:00", "id": "MS:CVE-2021-26425", "href": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-26425", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-05-23T16:35:55", "description": "Windows Print Spooler Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-36947, CVE-2021-36958.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-08-10T07:00:00", "type": "mscve", "title": "Windows Print Spooler Remote Code Execution Vulnerability", "bulletinFamily": "microsoft", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-36936", "CVE-2021-36947", "CVE-2021-36958"], "modified": "2021-08-10T07:00:00", "id": "MS:CVE-2021-36936", "href": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-36936", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-05-23T16:35:54", "description": "Windows Print Spooler Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-36936, CVE-2021-36958.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-08-10T07:00:00", "type": "mscve", "title": "Windows Print Spooler Remote Code Execution Vulnerability", "bulletinFamily": "microsoft", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.5, "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-36936", "CVE-2021-36947", "CVE-2021-36958"], "modified": "2021-08-10T07:00:00", "id": "MS:CVE-2021-36947", "href": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-36947", "cvss": {"score": 6.5, "vector": "AV:N/AC:L/Au:S/C:P/I:P/A:P"}}, {"lastseen": "2023-05-23T16:35:57", "description": "Windows MSHTML Platform Remote Code Execution Vulnerability", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2021-08-10T07:00:00", "type": "mscve", "title": "Windows MSHTML Platform Remote Code Execution Vulnerability", "bulletinFamily": "microsoft", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 4.9, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "HIGH", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 5.1, "vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-34534"], "modified": "2021-08-10T07:00:00", "id": "MS:CVE-2021-34534", "href": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-34534", "cvss": {"score": 5.1, "vector": "AV:N/AC:H/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-05-23T16:35:54", "description": "Windows Graphics Component Remote Code Execution Vulnerability", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2021-08-10T07:00:00", "type": "mscve", "title": "Windows Graphics Component Remote Code Execution Vulnerability", "bulletinFamily": "microsoft", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-34530"], "modified": "2021-08-10T07:00:00", "id": "MS:CVE-2021-34530", "href": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-34530", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-05-23T16:35:56", "description": "Storage Spaces Controller Elevation of Privilege Vulnerability", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-08-10T07:00:00", "type": "mscve", "title": "Storage Spaces Controller Elevation of Privilege Vulnerability", "bulletinFamily": "microsoft", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 4.6, "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-34536"], "modified": "2021-08-10T07:00:00", "id": "MS:CVE-2021-34536", "href": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-34536", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-05-27T14:46:35", "description": "Windows Recovery Environment Agent Elevation of Privilege Vulnerability", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-08-10T07:00:00", "type": "mscve", "title": "Windows Recovery Environment Agent Elevation of Privilege Vulnerability", "bulletinFamily": "microsoft", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 4.6, "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-26431"], "modified": "2021-08-10T07:00:00", "id": "MS:CVE-2021-26431", "href": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-26431", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-05-23T16:35:56", "description": "Windows Bluetooth Driver Elevation of Privilege Vulnerability", "cvss3": {"exploitabilityScore": 2.1, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 8.0, "vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-08-10T07:00:00", "type": "mscve", "title": "Windows Bluetooth Driver Elevation of Privilege Vulnerability", "bulletinFamily": "microsoft", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 5.1, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 5.2, "vectorString": "AV:A/AC:L/Au:S/C:P/I:P/A:P", "version": "2.0", "accessVector": "ADJACENT_NETWORK", "authentication": "SINGLE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-34537"], "modified": "2021-08-10T07:00:00", "id": "MS:CVE-2021-34537", "href": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-34537", "cvss": {"score": 5.2, "vector": "AV:A/AC:L/Au:S/C:P/I:P/A:P"}}, {"lastseen": "2023-05-23T16:35:53", "description": "Windows Graphics Component Font Parsing Remote Code Execution Vulnerability", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2021-08-10T07:00:00", "type": "mscve", "title": "Windows Graphics Component Font Parsing Remote Code Execution Vulnerability", "bulletinFamily": "microsoft", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-34533"], "modified": "2021-08-10T07:00:00", "id": "MS:CVE-2021-34533", "href": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-34533", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-05-27T14:46:38", "description": "Windows User Account Profile Picture Elevation of Privilege Vulnerability", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-08-10T07:00:00", "type": "mscve", "title": "Windows User Account Profile Picture Elevation of Privilege Vulnerability", "bulletinFamily": "microsoft", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 4.6, "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-26426"], "modified": "2021-08-10T07:00:00", "id": "MS:CVE-2021-26426", "href": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-26426", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-05-27T14:46:35", "description": "Windows Services for NFS ONCRPC XDR Driver Remote Code Execution Vulnerability", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-08-10T07:00:00", "type": "mscve", "title": "Windows Services for NFS ONCRPC XDR Driver Remote Code Execution Vulnerability", "bulletinFamily": "microsoft", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-26432"], "modified": "2021-08-12T07:00:00", "id": "MS:CVE-2021-26432", "href": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-26432", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-05-23T16:35:53", "description": "Remote Desktop Client Remote Code Execution Vulnerability", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2021-08-10T07:00:00", "type": "mscve", "title": "Remote Desktop Client Remote Code Execution Vulnerability", "bulletinFamily": "microsoft", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-34535"], "modified": "2021-08-10T07:00:00", "id": "MS:CVE-2021-34535", "href": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-34535", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-05-23T16:35:55", "description": "Windows Media MPEG-4 Video Decoder Remote Code Execution Vulnerability", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2021-08-10T07:00:00", "type": "mscve", "title": "Windows Media MPEG-4 Video Decoder Remote Code Execution Vulnerability", "bulletinFamily": "microsoft", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-36937"], "modified": "2021-08-10T07:00:00", "id": "MS:CVE-2021-36937", "href": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-36937", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-05-27T14:46:39", "description": "Windows TCP/IP Remote Code Execution Vulnerability", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-08-10T07:00:00", "type": "mscve", "title": "Windows TCP/IP Remote Code Execution Vulnerability", "bulletinFamily": "microsoft", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-26424"], "modified": "2021-08-17T07:00:00", "id": "MS:CVE-2021-26424", "href": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-26424", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-05-23T16:35:54", "description": "Windows Update Medic Service Elevation of Privilege Vulnerability", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-08-10T07:00:00", "type": "mscve", "title": "Windows Update Medic Service Elevation of Privilege Vulnerability", "bulletinFamily": "microsoft", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 4.6, "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-36948"], "modified": "2021-08-10T07:00:00", "id": "MS:CVE-2021-36948", "href": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-36948", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-05-23T16:35:57", "description": "Scripting Engine Memory Corruption Vulnerability", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2021-08-10T07:00:00", "type": "mscve", "title": "Scripting Engine Memory Corruption Vulnerability", "bulletinFamily": "microsoft", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-34480"], "modified": "2021-08-10T07:00:00", "id": "MS:CVE-2021-34480", "href": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-34480", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-05-23T16:35:53", "description": "Windows Print Spooler Elevation of Privilege Vulnerability", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-08-10T07:00:00", "type": "mscve", "title": "Windows Print Spooler Elevation of Privilege Vulnerability", "bulletinFamily": "microsoft", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 4.6, "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-34483"], "modified": "2021-08-10T07:00:00", "id": "MS:CVE-2021-34483", "href": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-34483", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-05-23T16:35:53", "description": "Windows User Profile Service Elevation of Privilege Vulnerability", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-08-10T07:00:00", "type": "mscve", "title": "Windows User Profile Service Elevation of Privilege Vulnerability", "bulletinFamily": "microsoft", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 4.6, "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-34484"], "modified": "2021-08-10T07:00:00", "id": "MS:CVE-2021-34484", "href": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-34484", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}}], "qualysblog": [{"lastseen": "2021-08-21T10:10:11", "description": "### Microsoft Patch Tuesday \u2013 August 2021\n\nMicrosoft patched 51 vulnerabilities in their August 2021 Patch Tuesday release, and 7 of them are rated as critical severity. Three 0-day vulnerability patches were included in the release.\n\n#### Critical Microsoft Vulnerabilities Patched\n\n[CVE-2021-36942](<https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-36942>) - Windows LSA Spoofing Vulnerability\n\nAn unauthenticated attacker could call a method on the LSARPC interface and coerce the domain controller to authenticate against another server using NTLM. A malicious user can use this attack to take complete control over windows domain Per Microsoft, this vulnerability affects all servers, but domain controllers should be prioritized in terms of applying security updates.\n\n[CVE-2021-34481](<https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-34481>) \u2013 Windows Print Spooler Remote Code Execution Vulnerability\n\nA remote code execution vulnerability exists when the Windows Print Spooler service improperly performs privileged file operations. An attacker who successfully exploited this vulnerability could run arbitrary code with SYSTEM privileges. This Patch Tuesday Microsoft released security updates to address this vulnerability and should be prioritized.\n\n#### Three 0-Day Vulnerabilities Patched\n\n * [CVE-2021-36936](<https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-36936>) - Windows Print Spooler Remote Code Execution Vulnerability\n * [CVE-2021-36942](<https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-36942>) - Windows LSA Spoofing Vulnerability\n * [CVE-2021-36948](<https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-36948>) - Windows Update Medic Service Elevation of Privilege Vulnerability - This has been actively exploited, per Microsoft.\n\n#### Qualys QIDs Providing Coverage\n\n**QID**| **Title**| **Severity**| **CVE ID** \n---|---|---|--- \n110388| Microsoft SharePoint Enterprise Server Multiple Vulnerabilities August 2021| Medium| [_CVE-2021-36940_](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-36940>) \n110389| Microsoft Office and Microsoft Office Services and Web Apps Security Update August 2021 | High| [_CVE-2021-34478_](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-34478>), [_CVE-2021-36941_](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-36941>) \n375798| Microsoft Azure CycleCloud Elevation of Privilege Vulnerability August 2021 | Medium| [_CVE-2021-33762_](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-33762>), [_CVE-2021-36943_](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-36943>), [_KB3142345_](<https://www.microsoft.com/en-us/download/details.aspx?id=103313>) \n91801| Microsoft Dynamics Business Central Cross-Site (XSS) Scripting Vulnerability August 2021 | Medium | [_CVE-2021-36946_](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-36946>) \n91802| Microsoft Windows Security Update for August 2021 \n \n | High| CVE-2021-26424, [_CVE-2021-26425_](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-26425>), [_CVE-2021-26426_](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-26426>), [_CVE-2021-26431_](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-26431>), [_CVE-2021-26432_](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-26432>), [_CVE-2021-26433_](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-26433>), [_CVE-2021-34480_](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-34480>), [_CVE-2021-34483_](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-34483>), [_CVE-2021-34484_](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-34484>), [_CVE-2021-34486_](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-34486>), [_CVE-2021-34487_](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-34487>), [_CVE-2021-34530_](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-34530>), [_CVE-2021-34533_](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-34533>), [_CVE-2021-34534_](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-34534>), [_CVE-2021-34535_](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-34535>), [_CVE-2021-34536_](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-34536>), [_CVE-2021-34537_](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-34537>), [_CVE-2021-36926_](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-36926>), [_CVE-2021-36927_](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-36927>), [_CVE-2021-36932_](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-36932>), [_CVE-2021-36933_](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-36933>), [_CVE-2021-36936_](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-36936>), [_CVE-2021-36937_](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-36937>), [_CVE-2021-36938_](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-36938>), [_CVE-2021-36947_](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-36947>), [_CVE-2021-36948_](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-36948>) \n91803| Microsoft Windows Local Security Authority (LSA) Spoofing Vulnerability August 2021 | High| [_CVE-2021-36942_](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-36942>) \n91804| Microsoft Windows Defender Elevation of Privilege Vulnerability August 2021 | Medium| [_CVE-2021-34471_](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-34471>) \n91805| Microsoft Windows 10 Update Assistant Elevation of Privilege Vulnerability August 2021 | Medium | [_CVE-2021-36945_](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-36945>) \n91806| Microsoft Azure Active Directory Connect Authentication Bypass Vulnerability August 2021 | Medium| [_CVE-2021-36949_](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-36949>) \n91774| Microsoft .NET Core and ASP.NET Core Security Update for August 2021 | High| [_CVE-2021-26423_](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-26423>), [_CVE-2021-34485_](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-34485>), [_CVE-2021-34532_](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-34532>) \n91809| Microsoft Visual Studio Security Update for August 2021 | Medium| [_CVE-2021-26423_](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-26423>), [_CVE-2021-34485_](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-34485>), [_CVE-2021-34532_](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-34532>) \n \n### Adobe Patch Tuesday \u2013 August 2021\n\nAdobe addressed 29 CVEs this Patch Tuesday impacting Adobe Connect and Magento product. The patches for Magento are labeled as [Priority 2](<https://helpx.adobe.com/security/severity-ratings.html>), while the remaining patches are set to [Priority 3](<https://helpx.adobe.com/security/severity-ratings.html>).\n\n**Adobe Security Bulletin**| **QID**| **Severity**| **CVE ID** \n---|---|---|--- \nAdobe Connect Multiple Vulnerabilities (APSB21-66) | 730152| Medium| [CVE-2021-36061](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-36061>), [CVE-2021-36062](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-36062>), [CVE-2021-36063](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-36063>) \n \n### Discover Patch Tuesday Vulnerabilities in VMDR\n\nQualys VMDR automatically detects new Patch Tuesday vulnerabilities using continuous updates to its Knowledge Base (KB).\n\nYou can see all your impacted hosts by these vulnerabilities using the following QQL query:\n\n`vulnerabilities.vulnerability:(qid:`91774` OR qid:`91801` OR qid:`91802` OR qid:`91803` OR qid:`91804` OR qid:`91805` OR qid:`91806` OR qid:`91809` OR qid:`375798` OR qid:`110389` OR qid:`110388` OR qid:`730152`)`\n\n![](https://blog.qualys.com/wp-content/uploads/2021/08/Picture1-1070x618.png)\n\n### Respond by Patching\n\nVMDR rapidly remediates Windows hosts by deploying the most relevant and applicable per-technology version patches. You can simply select respective QIDs in the Patch Catalog and filter on the \u201cMissing\u201d patches to identify and deploy the applicable, available patches in one go.\n\nThe following QQL will return the missing patches pertaining to this Patch Tuesday.\n\n`(qid:`91774` OR qid:`91801` OR qid:`91802` OR qid:`91803` OR qid:`91804` OR qid:`91805` OR qid:`91806` OR qid:`91809` OR qid:`375798` OR qid:`110389` OR qid:`110388` OR qid:`730152`)`\n\n![](https://blog.qualys.com/wp-content/uploads/2021/08/Picture2-1070x585.png)\n\n### Patch Tuesday Dashboard\n\nThe current updated Patch Tuesday dashboards are available in [Dashboard Toolbox: 2021 Patch Tuesday Dashboard](<https://success.qualys.com/discussions/s/article/000006505>).\n\n### Webinar Series: This Month in Vulnerabilities and Patches\n\nTo help customers leverage the seamless integration between Qualys VMDR and Patch Management and reduce the median time to remediate critical vulnerabilities, the Qualys Research team is hosting a monthly webinar series [_This Month in Vulnerabilities and Patches_](<https://www.brighttalk.com/webcast/11673/502309>).\n\nWe discuss some of the key vulnerabilities disclosed in the past month and how to patch them:\n\n * Microsoft Patch Tuesday, August 2021\n * Adobe Patch Tuesday, August 2021\n\n[Join us live or watch on demand!](<https://www.brighttalk.com/webcast/11673/502309>)\n\n![](https://blog.qualys.com/wp-content/uploads/2021/07/This-Month-in-Vulnerabilities-and-Patches-Webinar-Desktop-1070x465.png)[Webinar August 12, 2021 or on demand](<https://www.brighttalk.com/webcast/11673/502309>).\n\n### About Patch Tuesday\n\nPatch Tuesday QIDs are published at [Security Alerts](<https://www.qualys.com/research/security-alerts/>), typically late in the evening of [Patch Tuesday](<https://blog.qualys.com/tag/patch-tuesday>), followed shortly after by [PT dashboards](<https://qualys-secure.force.com/discussions/s/article/000006505>).", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 7.8, "privilegesRequired": "LOW", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 5.9}, "published": "2021-08-10T19:58:49", "type": "qualysblog", "title": "Microsoft and Adobe Patch Tuesday (August 2021) \u2013 Microsoft 51 Vulnerabilities with 7 Critical, Adobe 29 Vulnerabilities", "bulletinFamily": "blog", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 4.6, "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-26423", "CVE-2021-26424", "CVE-2021-26425", "CVE-2021-26426", "CVE-2021-26431", "CVE-2021-26432", "CVE-2021-26433", "CVE-2021-33762", "CVE-2021-34471", "CVE-2021-34478", "CVE-2021-34480", "CVE-2021-34481", "CVE-2021-34483", "CVE-2021-34484", "CVE-2021-34485", "CVE-2021-34486", "CVE-2021-34487", "CVE-2021-34530", "CVE-2021-34532", "CVE-2021-34533", "CVE-2021-34534", "CVE-2021-34535", "CVE-2021-34536", "CVE-2021-34537", "CVE-2021-36061", "CVE-2021-36062", "CVE-2021-36063", "CVE-2021-36926", "CVE-2021-36927", "CVE-2021-36932", "CVE-2021-36933", "CVE-2021-36936", "CVE-2021-36937", "CVE-2021-36938", "CVE-2021-36940", "CVE-2021-36941", "CVE-2021-36942", "CVE-2021-36943", "CVE-2021-36945", "CVE-2021-36946", "CVE-2021-36947", "CVE-2021-36948", "CVE-2021-36949"], "modified": "2021-08-10T19:58:49", "id": "QUALYSBLOG:0F0ACCA731E84F3B1067935E483FC950", "href": "https://blog.qualys.com/category/vulnerabilities-threat-research", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-11-09T06:36:02", "description": "[Start your VMDR 30-day, no-cost trial today](<https://www.qualys.com/forms/vmdr/>)\n\n## Overview\n\nOn November 3, 2021, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) released a [Binding Operational Directive 22-01](<https://cyber.dhs.gov/bod/22-01/>), "Reducing the Significant Risk of Known Exploited Vulnerabilities." [This directive](<https://www.cisa.gov/news/2021/11/03/cisa-releases-directive-reducing-significant-risk-known-exploited-vulnerabilities>) recommends urgent and prioritized remediation of the vulnerabilities that adversaries are actively exploiting. It establishes a CISA-managed catalog of known exploited vulnerabilities that carry significant risk to the federal government and establishes requirements for agencies to remediate these vulnerabilities.\n\nThis directive requires agencies to review and update agency internal vulnerability management procedures within 60 days according to this directive and remediate each vulnerability according to the timelines outlined in 'CISA's vulnerability catalog.\n\nQualys helps customers to identify and assess risk to organizations' digital infrastructure and automate remediation. Qualys' guidance for rapid response to Operational Directive is below.\n\n## Directive Scope\n\nThis directive applies to all software and hardware found on federal information systems managed on agency premises or hosted by third parties on an agency's behalf.\n\nHowever, CISA strongly recommends that private businesses and state, local, tribal, and territorial (SLTT) governments prioritize the mitigation of vulnerabilities listed in CISA's public catalog.\n\n## CISA Catalog of Known Exploited Vulnerabilities\n\nIn total, CISA posted a list of [291 Common Vulnerabilities and Exposures (CVEs)](<https://www.cisa.gov/known-exploited-vulnerabilities-catalog>) that pose the highest risk to federal agencies. The Qualys Research team has mapped all these CVEs to applicable QIDs. You can view the complete list of CVEs and the corresponding QIDs [here](<https://success.qualys.com/discussions/s/article/000006791>).\n\n### Not all vulnerabilities are created equal\n\nOur quick review of the 291 CVEs posted by CISA suggests that not all vulnerabilities hold the same priority. CISA has ordered U.S. federal enterprises to apply patches as soon as possible. The remediation guidance can be grouped into three distinct categories:\n\n#### Category 1 \u2013 Past Due\n\nRemediation of 15 CVEs (~5%) are already past due. These vulnerabilities include some of the most significant exploits in the recent past, including PrintNightmare, SigRed, ZeroLogon, and vulnerabilities in CryptoAPI, Pulse Secure, and more. Qualys Patch Management can help you remediate most of these vulnerabilities.\n\n#### Category 2 \u2013 Patch in less than two weeks\n\n100 (34%) Vulnerabilities need to be patched in the next two weeks, or by **November 17, 2022**.\n\n#### Category 3 \u2013 Patch within six months\n\nThe remaining 176 vulnerabilities (60%) must be patched within the next six months or by **May 3, 2022**.\n\n## Detect CISA's Vulnerabilities Using Qualys VMDR\n\nThe Qualys Research team has released several remote and authenticated detections (QIDs) for the vulnerabilities. Since the directive includes 291 CVEs, we recommend executing your search based on vulnerability criticality, release date, or other categories.\n\nFor example, to detect critical CVEs released in 2021:\n\n_vulnerabilities.vulnerability.criticality:CRITICAL and vulnerabilities.vulnerability.cveIds:[ `CVE-2021-1497`,`CVE-2021-1498`,`CVE-2021-1647`,`CVE-2021-1675`,`CVE-2021-1732`,`CVE-2021-1782`,`CVE-2021-1870`,`CVE-2021-1871`,`CVE-2021-1879`,`CVE-2021-1905`,`CVE-2021-1906`,`CVE-2021-20016`,`CVE-2021-21017`,`CVE-2021-21148`,`CVE-2021-21166`,`CVE-2021-21193`,`CVE-2021-21206`,`CVE-2021-21220`,`CVE-2021-21224`,`CVE-2021-21972`,`CVE-2021-21985`,`CVE-2021-22005`,`CVE-2021-22205`,`CVE-2021-22502`,`CVE-2021-22893`,`CVE-2021-22894`,`CVE-2021-22899`,`CVE-2021-22900`,`CVE-2021-22986`,`CVE-2021-26084`,`CVE-2021-26411`,`CVE-2021-26855`,`CVE-2021-26857`,`CVE-2021-26858`,`CVE-2021-27059`,`CVE-2021-27065`,`CVE-2021-27085`,`CVE-2021-27101`,`CVE-2021-27102`,`CVE-2021-27103`,`CVE-2021-27104`,`CVE-2021-28310`,`CVE-2021-28550`,`CVE-2021-28663`,`CVE-2021-28664`,`CVE-2021-30116`,`CVE-2021-30551`,`CVE-2021-30554`,`CVE-2021-30563`,`CVE-2021-30632`,`CVE-2021-30633`,`CVE-2021-30657`,`CVE-2021-30661`,`CVE-2021-30663`,`CVE-2021-30665`,`CVE-2021-30666`,`CVE-2021-30713`,`CVE-2021-30761`,`CVE-2021-30762`,`CVE-2021-30807`,`CVE-2021-30858`,`CVE-2021-30860`,`CVE-2021-30860`,`CVE-2021-30869`,`CVE-2021-31199`,`CVE-2021-31201`,`CVE-2021-31207`,`CVE-2021-31955`,`CVE-2021-31956`,`CVE-2021-31979`,`CVE-2021-33739`,`CVE-2021-33742`,`CVE-2021-33771`,`CVE-2021-34448`,`CVE-2021-34473`,`CVE-2021-34523`,`CVE-2021-34527`,`CVE-2021-35211`,`CVE-2021-36741`,`CVE-2021-36742`,`CVE-2021-36942`,`CVE-2021-36948`,`CVE-2021-36955`,`CVE-2021-37973`,`CVE-2021-37975`,`CVE-2021-37976`,`CVE-2021-38000`,`CVE-2021-38003`,`CVE-2021-38645`,`CVE-2021-38647`,`CVE-2021-38647`,`CVE-2021-38648`,`CVE-2021-38649`,`CVE-2021-40444`,`CVE-2021-40539`,`CVE-2021-41773`,`CVE-2021-42013`,`CVE-2021-42258` ]_\n\n![](https://blog.qualys.com/wp-content/uploads/2021/11/Picture1.jpg)\n\nUsing [Qualys VMDR](<https://www.qualys.com/subscriptions/vmdr/>), you can effectively prioritize those vulnerabilities using the VMDR Prioritization report.\n\n![](https://blog.qualys.com/wp-content/uploads/2021/11/Picture2.jpg)\n\nIn addition, you can locate a vulnerable host through Qualys Threat Protection by simply clicking on the impacted hosts to effectively identify and track this vulnerability.\n\n![](https://blog.qualys.com/wp-content/uploads/2021/11/Picture3.png)\n\nWith Qualys Unified Dashboard, you can track your exposure to the CISA Known Exploited Vulnerabilities and gather your status and overall management in real-time. With trending enabled for dashboard widgets, you can keep track of the status of the vulnerabilities in your environment using the ["CISA 2010-21| KNOWN EXPLOITED VULNERABILITIES"](<https://success.qualys.com/support/s/article/000006791>) Dashboard.\n\n### Detailed Operational Dashboard:\n\n![](https://blog.qualys.com/wp-content/uploads/2021/11/Picture4.png)\n\n### Summary Dashboard High Level Structured by Vendor:\n\n![](https://blog.qualys.com/wp-content/uploads/2021/11/Picture5.png)\n\n## Remediation\n\nTo comply with this directive, federal agencies must remediate most "Category 2" vulnerabilities by **November 17, 2021**, and "Category 3" by May 3, 2021. Qualys Patch Management can help streamline the remediation of many of these vulnerabilities.\n\nCustomers can copy the following query into the Patch Management app to help customers comply with the directive's aggressive remediation date of November 17, 2021. Running this query will find all required patches and allow quick and efficient deployment of those missing patches to all assets directly from within the Qualys Cloud Platform.\n\ncve:[`CVE-2021-1497`,`CVE-2021-1498`,`CVE-2021-1647`,`CVE-2021-1675`,`CVE-2021-1732`,`CVE-2021-1782`,`CVE-2021-1870`,`CVE-2021-1871`,`CVE-2021-1879`,`CVE-2021-1905`,`CVE-2021-1906`,`CVE-2021-20016`,`CVE-2021-21017`,`CVE-2021-21148`,`CVE-2021-21166`,`CVE-2021-21193`,`CVE-2021-21206`,`CVE-2021-21220`,`CVE-2021-21224`,`CVE-2021-21972`,`CVE-2021-21985`,`CVE-2021-22005`,`CVE-2021-22205`,`CVE-2021-22502`,`CVE-2021-22893`,`CVE-2021-22894`,`CVE-2021-22899`,`CVE-2021-22900`,`CVE-2021-22986`,`CVE-2021-26084`,`CVE-2021-26411`,`CVE-2021-26855`,`CVE-2021-26857`,`CVE-2021-26858`,`CVE-2021-27059`,`CVE-2021-27065`,`CVE-2021-27085`,`CVE-2021-27101`,`CVE-2021-27102`,`CVE-2021-27103`,`CVE-2021-27104`,`CVE-2021-28310`,`CVE-2021-28550`,`CVE-2021-28663`,`CVE-2021-28664`,`CVE-2021-30116`,`CVE-2021-30551`,`CVE-2021-30554`,`CVE-2021-30563`,`CVE-2021-30632`,`CVE-2021-30633`,`CVE-2021-30657`,`CVE-2021-30661`,`CVE-2021-30663`,`CVE-2021-30665`,`CVE-2021-30666`,`CVE-2021-30713`,`CVE-2021-30761`,`CVE-2021-30762`,`CVE-2021-30807`,`CVE-2021-30858`,`CVE-2021-30860`,`CVE-2021-30860`,`CVE-2021-30869`,`CVE-2021-31199`,`CVE-2021-31201`,`CVE-2021-31207`,`CVE-2021-31955`,`CVE-2021-31956`,`CVE-2021-31979`,`CVE-2021-33739`,`CVE-2021-33742`,`CVE-2021-33771`,`CVE-2021-34448`,`CVE-2021-34473`,`CVE-2021-34523`,`CVE-2021-34527`,`CVE-2021-35211`,`CVE-2021-36741`,`CVE-2021-36742`,`CVE-2021-36942`,`CVE-2021-36948`,`CVE-2021-36955`,`CVE-2021-37973`,`CVE-2021-37975`,`CVE-2021-37976`,`CVE-2021-38000`,`CVE-2021-38003`,`CVE-2021-38645`,`CVE-2021-38647`,`CVE-2021-38647`,`CVE-2021-38648`,`CVE-2021-38649`,`CVE-2021-40444`,`CVE-2021-40539`,`CVE-2021-41773`,`CVE-2021-42013`,`CVE-2021-42258` ]\n\n![](https://blog.qualys.com/wp-content/uploads/2021/11/Picture6.jpg)\n\nQualys patch content covers many Microsoft, Linux, and third-party applications; however, some of the vulnerabilities introduced by CISA are not currently supported out-of-the-box by Qualys. To remediate those vulnerabilities, Qualys provides the ability to deploy custom patches. The flexibility to customize patch deployment allows customers to patch the remaining CVEs in this list.\n\nNote that the due date for \u201cCategory 1\u201d patches has already passed. To find missing patches in your environment for \u201cCategory 1\u201d past due CVEs, copy the following query into the Patch Management app:\n\ncve:['CVE-2021-1732\u2032,'CVE-2020-1350\u2032,'CVE-2020-1472\u2032,'CVE-2021-26855\u2032,'CVE-2021-26858\u2032,'CVE-2021-27065\u2032,'CVE-2020-0601\u2032,'CVE-2021-26857\u2032,'CVE-2021-22893\u2032,'CVE-2020-8243\u2032,'CVE-2021-22900\u2032,'CVE-2021-22894\u2032,'CVE-2020-8260\u2032,'CVE-2021-22899\u2032,'CVE-2019-11510']\n\n![](https://blog.qualys.com/wp-content/uploads/2021/11/Picture7.jpg)\n\n## Federal Enterprises and Agencies Can Act Now\n\nFor federal enterprises and agencies, it's a race against time to remediate these vulnerabilities across their respective environments and achieve compliance with this binding directive. Qualys solutions can help achieve compliance with this binding directive. Qualys Cloud Platform is FedRAMP authorized, with [107 FedRAMP authorizations](<https://marketplace.fedramp.gov/#!/product/qualys-cloud-platform?sort=-authorizations>).\n\nHere are a few steps Federal enterprises can take immediately:\n\n * Run vulnerability assessments against all your assets by leveraging various sensors such as Qualys agent, scanners, and more\n * Prioritize remediation by due dates\n * Identify all vulnerable assets automatically mapped into the threat feed\n * Use Patch Management to apply patches and other configurations changes\n * Track remediation progress through Unified Dashboards\n\n## Summary\n\nUnderstanding vulnerabilities is a critical but partial part of threat mitigation. Qualys VMDR helps customers discover, assess threats, assign risk, and remediate threats in one solution. Qualys customers rely on the accuracy of Qualys' threat intelligence to protect their digital environments and stay current with patch guidance. Using Qualys VMDR can help any organization efficiently respond to the CISA directive.\n\n## Getting Started\n\nLearn how [Qualys VMDR](<https://www.qualys.com/subscriptions/vmdr/>) provides actionable vulnerability guidance and automates remediation in one solution. Ready to get started? Sign up for a 30-day, no-cost [VMDR trial](<https://www.qualys.com/forms/vmdr/>).", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 10.0, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 6.0}, "published": "2021-11-09T06:15:01", "type": "qualysblog", "title": "Qualys Response to CISA Alert: Binding Operational Directive 22-01", "bulletinFamily": "blog", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-11510", "CVE-2020-0601", "CVE-2020-1350", "CVE-2020-1472", "CVE-2020-8243", "CVE-2020-8260", "CVE-2021-1497", "CVE-2021-1498", "CVE-2021-1647", "CVE-2021-1675", "CVE-2021-1732", "CVE-2021-1782", "CVE-2021-1870", "CVE-2021-1871", "CVE-2021-1879", "CVE-2021-1905", "CVE-2021-1906", "CVE-2021-20016", "CVE-2021-21017", "CVE-2021-21148", "CVE-2021-21166", "CVE-2021-21193", "CVE-2021-21206", "CVE-2021-21220", "CVE-2021-21224", "CVE-2021-21972", "CVE-2021-21985", "CVE-2021-22005", "CVE-2021-22205", "CVE-2021-22502", "CVE-2021-22893", "CVE-2021-22894", "CVE-2021-22899", "CVE-2021-22900", "CVE-2021-22986", "CVE-2021-26084", "CVE-2021-26411", "CVE-2021-26855", "CVE-2021-26857", "CVE-2021-26858", "CVE-2021-27059", "CVE-2021-27065", "CVE-2021-27085", "CVE-2021-27101", "CVE-2021-27102", "CVE-2021-27103", "CVE-2021-27104", "CVE-2021-28310", "CVE-2021-28550", "CVE-2021-28663", "CVE-2021-28664", "CVE-2021-30116", "CVE-2021-30551", "CVE-2021-30554", "CVE-2021-30563", "CVE-2021-30632", "CVE-2021-30633", "CVE-2021-30657", "CVE-2021-30661", "CVE-2021-30663", "CVE-2021-30665", "CVE-2021-30666", "CVE-2021-30713", "CVE-2021-30761", "CVE-2021-30762", "CVE-2021-30807", "CVE-2021-30858", "CVE-2021-30860", "CVE-2021-30869", "CVE-2021-31199", "CVE-2021-31201", "CVE-2021-31207", "CVE-2021-31955", "CVE-2021-31956", "CVE-2021-31979", "CVE-2021-33739", "CVE-2021-33742", "CVE-2021-33771", "CVE-2021-34448", "CVE-2021-34473", "CVE-2021-34523", "CVE-2021-34527", "CVE-2021-35211", "CVE-2021-36741", "CVE-2021-36742", "CVE-2021-36942", "CVE-2021-36948", "CVE-2021-36955", "CVE-2021-37973", "CVE-2021-37975", "CVE-2021-37976", "CVE-2021-38000", "CVE-2021-38003", "CVE-2021-38645", "CVE-2021-38647", "CVE-2021-38648", "CVE-2021-38649", "CVE-2021-40444", "CVE-2021-40539", "CVE-2021-41773", "CVE-2021-42013", "CVE-2021-42258"], "modified": "2021-11-09T06:15:01", "id": "QUALYSBLOG:BC22CE22A3E70823D5F0E944CBD5CE4A", "href": "https://blog.qualys.com/category/vulnerabilities-threat-research", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-02-25T19:27:09", "description": "_CISA released a directive in November 2021, recommending urgent and prioritized remediation of actively exploited vulnerabilities. Both government agencies and corporations should heed this advice. This blog outlines how Qualys Vulnerability Management, Detection & Response can be used by any organization to respond to this directive efficiently and effectively._\n\n### Situation\n\nLast November 2021, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) released a [Binding Operational Directive 22-01](<https://cyber.dhs.gov/bod/22-01/>) called \u201cReducing the Significant Risk of Known Exploited Vulnerabilities.\u201d [This directive](<https://www.cisa.gov/news/2021/11/03/cisa-releases-directive-reducing-significant-risk-known-exploited-vulnerabilities>) recommends urgent and prioritized remediation of the vulnerabilities that adversaries are actively exploiting. It establishes a CISA-managed catalog of Known Exploited Vulnerabilities that carry significant risk to the federal government and sets requirements for agencies to remediate these vulnerabilities.\n\nThis directive requires federal agencies to review and update internal vulnerability management procedures to remediate each vulnerability according to the timelines outlined in CISA\u2019s vulnerability catalog.\n\n### Directive Scope\n\nThis CISA directive applies to all software and hardware found on federal information systems managed on agency premises or hosted by third parties on an agency\u2019s behalf.\n\nHowever, CISA strongly recommends that public and private businesses as well as state, local, tribal, and territorial (SLTT) governments prioritize the mitigation of vulnerabilities listed in CISA\u2019s public catalog. This is truly vulnerability management guidance for all organizations to heed.\n\n### CISA Catalog of Known Exploited Vulnerabilities\n\nIn total, CISA posted a list of [379 Common Vulnerabilities and Exposures (CVEs)](<https://www.cisa.gov/known-exploited-vulnerabilities-catalog>) that pose the highest risk to federal agencies. CISA\u2019s most recent update was issued on February 22, 2022.\n\nThe Qualys Research team is continuously updating CVEs to available QIDs (Qualys vulnerability identifiers) in the Qualys Knowledgebase, with the RTI field \u201cCISA Exploited\u201d and this is going to be a continuous approach, as CISA frequently amends with the latest CVE as part of their regular feeds.\n\nOut of these vulnerabilities, Directive 22-01 urges all organizations to reduce their exposure to cyberattacks by effectively prioritizing the remediation of the identified Vulnerabilities.\n\nCISA has ordered U.S. federal agencies to apply patches as soon as possible. The remediation guidance is grouped into multiple categories by CISA based on attack surface severity and time-to-remediate. The timelines are available in the [Catalog](<https://www.cisa.gov/known-exploited-vulnerabilities-catalog>) for each of the CVEs.\n\n### Detect CISA Vulnerabilities Using Qualys VMDR\n\nQualys helps customers to identify and assess the risk to their organizations\u2019 digital infrastructure, and then to automate remediation. Qualys\u2019 guidance for rapid response to Directive 22-01 follows.\n\nThe Qualys Research team has released multiple remote and authenticated detections (QIDs) for these vulnerabilities. Since the directive includes 379 CVEs (as of February 22, 2022) we recommend executing your search based on QQL (Qualys Query Language), as shown here for released QIDs by Qualys **_vulnerabilities.vulnerability.threatIntel.cisaKnownExploitedVulns:"true"_**\n\n![](https://blog.qualys.com/wp-content/uploads/2022/02/CISA-Actual-1.jpg)\n\n### CISA Exploited RTI\n\nUsing [Qualys VMDR](<https://www.qualys.com/subscriptions/vmdr/>), you can effectively prioritize those vulnerabilities using VMDR Prioritization. Qualys has introduced an **RTI Category, CISA Exploited**.\n\nThis RTI indicates that the vulnerabilities are associated with the CISA catalog.\n\n![](https://blog.qualys.com/wp-content/uploads/2022/02/CISA-2.jpg)\n\nIn addition, you can locate a vulnerable host through Qualys Threat Protection by simply clicking on the impacted hosts to effectively identify and track this vulnerability.\n\n![](https://blog.qualys.com/wp-content/uploads/2022/02/CISA-3.jpg)\n\nWith Qualys Unified Dashboard, you can track your exposure to CISA Known Exploited Vulnerabilities and track your status and overall management in real-time. With dashboard widgets, you can keep track of the status of vulnerabilities in your environment using the [\u201cCISA 2010-21| KNOWN EXPLOITED VULNERABILITIES\u201d](<https://success.qualys.com/support/s/article/000006791>) Dashboard.\n\n### Detailed Operational Dashboard\n\n![](https://blog.qualys.com/wp-content/uploads/2022/02/CISA-4-scaled.jpg)\n\n### Remediation\n\nTo comply with this directive, federal agencies need to remediate all vulnerabilities as per the remediation timelines suggested in [CISA Catalog](<https://www.cisa.gov/known-exploited-vulnerabilities-catalog>)**.**\n\nQualys patch content covers many Microsoft, Linux, and third-party applications. However, some of the vulnerabilities introduced by CISA are not currently supported out-of-the-box by Qualys. To remediate those vulnerabilities, Qualys provides the ability to deploy custom patches. The flexibility to customize patch deployment allows customers to patch all the remaining CVEs in their list.\n\nCustomers can copy the following query into the Patch Management app to help customers comply with the directive\u2019s aggressive remediation timelines set by CISA. Running this query for specific CVEs will find required patches and allow quick and efficient deployment of those missing patches to all assets directly from within Qualys Cloud Platform.\n \n \n cve:[`CVE-2010-5326`,`CVE-2012-0158`,`CVE-2012-0391`,`CVE-2012-3152`,`CVE-2013-3900`,`CVE-2013-3906`,`CVE-2014-1761`,`CVE-2014-1776`,`CVE-2014-1812`,`CVE-2015-1635`,`CVE-2015-1641`,`CVE-2015-4852`,`CVE-2016-0167`,`CVE-2016-0185`,`CVE-2016-3088`,`CVE-2016-3235`,`CVE-2016-3643`,`CVE-2016-3976`,`CVE-2016-7255`,`CVE-2016-9563`,`CVE-2017-0143`,`CVE-2017-0144`,`CVE-2017-0145`,`CVE-2017-0199`,`CVE-2017-0262`,`CVE-2017-0263`,`CVE-2017-10271`,`CVE-2017-11774`,`CVE-2017-11882`,`CVE-2017-5638`,`CVE-2017-5689`,`CVE-2017-6327`,`CVE-2017-7269`,`CVE-2017-8464`,`CVE-2017-8759`,`CVE-2017-9791`,`CVE-2017-9805`,`CVE-2017-9841`,`CVE-2018-0798`,`CVE-2018-0802`,`CVE-2018-1000861`,`CVE-2018-11776`,`CVE-2018-15961`,`CVE-2018-15982`,`CVE-2018-2380`,`CVE-2018-4878`,`CVE-2018-4939`,`CVE-2018-6789`,`CVE-2018-7600`,`CVE-2018-8174`,`CVE-2018-8453`,`CVE-2018-8653`,`CVE-2019-0193`,`CVE-2019-0211`,`CVE-2019-0541`,`CVE-2019-0604`,`CVE-2019-0708`,`CVE-2019-0752`,`CVE-2019-0797`,`CVE-2019-0803`,`CVE-2019-0808`,`CVE-2019-0859`,`CVE-2019-0863`,`CVE-2019-10149`,`CVE-2019-10758`,`CVE-2019-11510`,`CVE-2019-11539`,`CVE-2019-1214`,`CVE-2019-1215`,`CVE-2019-1367`,`CVE-2019-1429`,`CVE-2019-1458`,`CVE-2019-16759`,`CVE-2019-17026`,`CVE-2019-17558`,`CVE-2019-18187`,`CVE-2019-18988`,`CVE-2019-2725`,`CVE-2019-8394`,`CVE-2019-9978`,`CVE-2020-0601`,`CVE-2020-0646`,`CVE-2020-0674`,`CVE-2020-0683`,`CVE-2020-0688`,`CVE-2020-0787`,`CVE-2020-0796`,`CVE-2020-0878`,`CVE-2020-0938`,`CVE-2020-0968`,`CVE-2020-0986`,`CVE-2020-10148`,`CVE-2020-10189`,`CVE-2020-1020`,`CVE-2020-1040`,`CVE-2020-1054`,`CVE-2020-1147`,`CVE-2020-11738`,`CVE-2020-11978`,`CVE-2020-1350`,`CVE-2020-13671`,`CVE-2020-1380`,`CVE-2020-13927`,`CVE-2020-1464`,`CVE-2020-1472`,`CVE-2020-14750`,`CVE-2020-14871`,`CVE-2020-14882`,`CVE-2020-14883`,`CVE-2020-15505`,`CVE-2020-15999`,`CVE-2020-16009`,`CVE-2020-16010`,`CVE-2020-16013`,`CVE-2020-16017`,`CVE-2020-17087`,`CVE-2020-17144`,`CVE-2020-17496`,`CVE-2020-17530`,`CVE-2020-24557`,`CVE-2020-25213`,`CVE-2020-2555`,`CVE-2020-6207`,`CVE-2020-6287`,`CVE-2020-6418`,`CVE-2020-6572`,`CVE-2020-6819`,`CVE-2020-6820`,`CVE-2020-8243`,`CVE-2020-8260`,`CVE-2020-8467`,`CVE-2020-8468`,`CVE-2020-8599`,`CVE-2021-1647`,`CVE-2021-1675`,`CVE-2021-1732`,`CVE-2021-21017`,`CVE-2021-21148`,`CVE-2021-21166`,`CVE-2021-21193`,`CVE-2021-21206`,`CVE-2021-21220`,`CVE-2021-21224`,`CVE-2021-22204`,`CVE-2021-22893`,`CVE-2021-22894`,`CVE-2021-22899`,`CVE-2021-22900`,`CVE-2021-26411`,`CVE-2021-26855`,`CVE-2021-26857`,`CVE-2021-26858`,`CVE-2021-27059`,`CVE-2021-27065`,`CVE-2021-27085`,`CVE-2021-28310`,`CVE-2021-28550`,`CVE-2021-30116`,`CVE-2021-30551`,`CVE-2021-30554`,`CVE-2021-30563`,`CVE-2021-30632`,`CVE-2021-30633`,`CVE-2021-31199`,`CVE-2021-31201`,`CVE-2021-31207`,`CVE-2021-31955`,`CVE-2021-31956`,`CVE-2021-31979`,`CVE-2021-33739`,`CVE-2021-33742`,`CVE-2021-33766`,`CVE-2021-33771`,`CVE-2021-34448`,`CVE-2021-34473`,`CVE-2021-34523`,`CVE-2021-34527`,`CVE-2021-35211`,`CVE-2021-35247`,`CVE-2021-36741`,`CVE-2021-36742`,`CVE-2021-36934`,`CVE-2021-36942`,`CVE-2021-36948`,`CVE-2021-36955`,`CVE-2021-37415`,`CVE-2021-37973`,`CVE-2021-37975`,`CVE-2021-37976`,`CVE-2021-38000`,`CVE-2021-38003`,`CVE-2021-38645`,`CVE-2021-38647`,`CVE-2021-38648`,`CVE-2021-38649`,`CVE-2021-40438`,`CVE-2021-40444`,`CVE-2021-40449`,`CVE-2021-40539`,`CVE-2021-4102`,`CVE-2021-41773`,`CVE-2021-42013`,`CVE-2021-42292`,`CVE-2021-42321`,`CVE-2021-43890`,`CVE-2021-44077`,`CVE-2021-44228`,`CVE-2021-44515`,`CVE-2022-0609`,`CVE-2022-21882`,`CVE-2022-24086`,`CVE-2010-1871`,`CVE-2017-12149`,`CVE-2019-13272` ]\n\n![](https://blog.qualys.com/wp-content/uploads/2022/02/patch-mgmt-windows2.jpg)\n\nVulnerabilities can be validated through VMDR and a Patch Job can be configured for vulnerable assets.\n\n![](https://blog.qualys.com/wp-content/uploads/2022/02/CISA-6.jpg)\n\n### Federal Enterprises and Agencies Can Act Now\n\nFor federal agencies and enterprises, it\u2019s a race against time to remediate these vulnerabilities across their respective environments and achieve compliance with this binding directive. Qualys solutions can help your organization to achieve compliance with this binding directive. Qualys Cloud Platform is FedRAMP authorized, with [107 FedRAMP authorizations](<https://marketplace.fedramp.gov/#!/product/qualys-cloud-platform?sort=-authorizations>) to our credit.\n\nHere are a few steps Federal entities can take immediately:\n\n * Run vulnerability assessments against all of your assets by leveraging our various sensors such as Qualys agent, scanners, and more\n * Prioritize remediation by due dates\n * Identify all vulnerable assets automatically mapped into the threat feed\n * Use Qualys Patch Management to apply patches and other configuration changes\n * Track remediation progress through our Unified Dashboards\n\n### Summary\n\nUnderstanding just which vulnerabilities exist in your environment is a critical but small part of threat mitigation. Qualys VMDR helps customers discover their exposure, assess threats, assign risk, and remediate threats \u2013 all in a single unified solution. Qualys customers rely on the accuracy of Qualys\u2019 threat intelligence to protect their digital environments and stay current with patch guidance. Using Qualys VMDR can help any size organization efficiently respond to CISA Binding Operational Directive 22-01.\n\n#### Getting Started\n\nLearn how [Qualys VMDR](<https://www.qualys.com/subscriptions/vmdr/>) provides actionable vulnerability guidance and automates remediation in one solution. Ready to get started? Sign up for a 30-day, no-cost [VMDR trial](<https://www.qualys.com/forms/vmdr/>).", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 10.0, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 6.0}, "published": "2022-02-23T05:39:00", "type": "qualysblog", "title": "Managing CISA Known Exploited Vulnerabilities with Qualys VMDR", "bulletinFamily": "blog", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": true, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2010-1871", "CVE-2010-5326", "CVE-2012-0158", "CVE-2012-0391", "CVE-2012-3152", "CVE-2013-3900", "CVE-2013-3906", "CVE-2014-1761", "CVE-2014-1776", "CVE-2014-1812", "CVE-2015-1635", "CVE-2015-1641", "CVE-2015-4852", "CVE-2016-0167", "CVE-2016-0185", "CVE-2016-3088", "CVE-2016-3235", "CVE-2016-3643", "CVE-2016-3976", "CVE-2016-7255", "CVE-2016-9563", "CVE-2017-0143", "CVE-2017-0144", "CVE-2017-0145", "CVE-2017-0199", "CVE-2017-0262", "CVE-2017-0263", "CVE-2017-10271", "CVE-2017-11774", "CVE-2017-11882", "CVE-2017-12149", "CVE-2017-5638", "CVE-2017-5689", "CVE-2017-6327", "CVE-2017-7269", "CVE-2017-8464", "CVE-2017-8759", "CVE-2017-9791", "CVE-2017-9805", "CVE-2017-9841", "CVE-2018-0798", "CVE-2018-0802", "CVE-2018-1000861", "CVE-2018-11776", "CVE-2018-15961", "CVE-2018-15982", "CVE-2018-2380", "CVE-2018-4878", "CVE-2018-4939", "CVE-2018-6789", "CVE-2018-7600", "CVE-2018-8174", "CVE-2018-8453", "CVE-2018-8653", "CVE-2019-0193", "CVE-2019-0211", "CVE-2019-0541", "CVE-2019-0604", "CVE-2019-0708", "CVE-2019-0752", "CVE-2019-0797", "CVE-2019-0803", "CVE-2019-0808", "CVE-2019-0859", "CVE-2019-0863", "CVE-2019-10149", "CVE-2019-10758", "CVE-2019-11510", "CVE-2019-11539", "CVE-2019-1214", "CVE-2019-1215", "CVE-2019-13272", "CVE-2019-1367", "CVE-2019-1429", "CVE-2019-1458", "CVE-2019-16759", "CVE-2019-17026", "CVE-2019-17558", "CVE-2019-18187", "CVE-2019-18988", "CVE-2019-2725", "CVE-2019-8394", "CVE-2019-9978", "CVE-2020-0601", "CVE-2020-0646", "CVE-2020-0674", "CVE-2020-0683", "CVE-2020-0688", "CVE-2020-0787", "CVE-2020-0796", "CVE-2020-0878", "CVE-2020-0938", "CVE-2020-0968", "CVE-2020-0986", "CVE-2020-10148", "CVE-2020-10189", "CVE-2020-1020", "CVE-2020-1040", "CVE-2020-1054", "CVE-2020-1147", "CVE-2020-11738", "CVE-2020-11978", "CVE-2020-1350", "CVE-2020-13671", "CVE-2020-1380", "CVE-2020-13927", "CVE-2020-1464", "CVE-2020-1472", "CVE-2020-14750", "CVE-2020-14871", "CVE-2020-14882", "CVE-2020-14883", "CVE-2020-15505", "CVE-2020-15999", "CVE-2020-16009", "CVE-2020-16010", "CVE-2020-16013", "CVE-2020-16017", "CVE-2020-17087", "CVE-2020-17144", "CVE-2020-17496", "CVE-2020-17530", "CVE-2020-24557", "CVE-2020-25213", "CVE-2020-2555", "CVE-2020-6207", "CVE-2020-6287", "CVE-2020-6418", "CVE-2020-6572", "CVE-2020-6819", "CVE-2020-6820", "CVE-2020-8243", "CVE-2020-8260", "CVE-2020-8467", "CVE-2020-8468", "CVE-2020-8599", "CVE-2021-1647", "CVE-2021-1675", "CVE-2021-1732", "CVE-2021-21017", "CVE-2021-21148", "CVE-2021-21166", "CVE-2021-21193", "CVE-2021-21206", "CVE-2021-21220", "CVE-2021-21224", "CVE-2021-22204", "CVE-2021-22893", "CVE-2021-22894", "CVE-2021-22899", "CVE-2021-22900", "CVE-2021-26411", "CVE-2021-26855", "CVE-2021-26857", "CVE-2021-26858", "CVE-2021-27059", "CVE-2021-27065", "CVE-2021-27085", "CVE-2021-28310", "CVE-2021-28550", "CVE-2021-30116", "CVE-2021-30551", "CVE-2021-30554", "CVE-2021-30563", "CVE-2021-30632", "CVE-2021-30633", "CVE-2021-31199", "CVE-2021-31201", "CVE-2021-31207", "CVE-2021-31955", "CVE-2021-31956", "CVE-2021-31979", "CVE-2021-33739", "CVE-2021-33742", "CVE-2021-33766", "CVE-2021-33771", "CVE-2021-34448", "CVE-2021-34473", "CVE-2021-34523", "CVE-2021-34527", "CVE-2021-35211", "CVE-2021-35247", "CVE-2021-36741", "CVE-2021-36742", "CVE-2021-36934", "CVE-2021-36942", "CVE-2021-36948", "CVE-2021-36955", "CVE-2021-37415", "CVE-2021-37973", "CVE-2021-37975", "CVE-2021-37976", "CVE-2021-38000", "CVE-2021-38003", "CVE-2021-38645", "CVE-2021-38647", "CVE-2021-38648", "CVE-2021-38649", "CVE-2021-40438", "CVE-2021-40444", "CVE-2021-40449", "CVE-2021-40539", "CVE-2021-4102", "CVE-2021-41773", "CVE-2021-42013", "CVE-2021-42292", "CVE-2021-42321", "CVE-2021-43890", "CVE-2021-44077", "CVE-2021-44228", "CVE-2021-44515", "CVE-2022-0609", "CVE-2022-21882", "CVE-2022-24086"], "modified": "2022-02-23T05:39:00", "id": "QUALYSBLOG:0082A77BD8EFFF48B406D107FEFD0DD3", "href": "https://blog.qualys.com/category/product-tech", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "krebs": [{"lastseen": "2021-08-21T10:08:03", "description": "**Microsoft** today released software updates to plug at least 44 security vulnerabilities in its **Windows** operating systems and related products. The software giant warned that attackers already are pouncing on one of the flaws, which ironically enough involves an easy-to-exploit bug in the software component responsible for patching **Windows 10** PCs and **Windows Server 2019** machines.\n\n![](https://krebsonsecurity.com/wp-content/uploads/2020/08/windowsec.png)\n\nMicrosoft said attackers have seized upon [CVE-2021-36948](<https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-36948>), which is a weakness in the **Windows Update Medic** service. Update Medic is a new service that lets users repair Windows Update components from a damaged state so that the device can continue to receive updates.\n\nRedmond says while CVE-2021-36948 is being actively exploited, it is not aware of exploit code publicly available. The flaw is an "elevation of privilege" vulnerability that affects Windows 10 and **Windows Server 2019**, meaning it can be leveraged in combination with another vulnerability to let attackers run code of their choice as administrator on a vulnerable system.\n\n"CVE-2021-36948 is a privilege escalation vulnerability - the cornerstone of modern intrusions as they allow attackers the level of access to do things like hide their tracks and create user accounts," said **Kevin Breen** of [Immersive Labs](<https://www.immersivelabs.com>). "In the case of ransomware attacks, they have also been used to ensure maximum damage."\n\nAccording to Microsoft, critical flaws are those that can be exploited remotely by malware or malcontents to take complete control over a vulnerable Windows computer -- and with little to no help from users. Top of the heap again this month: Microsoft also took another stab at fixing a broad class of weaknesses in its printing software.\n\nLast month, the company rushed out an emergency update to patch "[PrintNightmare](<https://krebsonsecurity.com/2021/07/microsoft-issues-emergency-patch-for-windows-flaw/>)" -- a critical hole in its Windows Print Spooler software that was being attacked in the wild. Since then, a number of researchers have discovered holes in that patch, allowing them to circumvent its protections.\n\nToday's Patch Tuesday fixes another critical Print Spooler flaw ([CVE-2021-36936](<https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-36936>)), but it's not clear if this bug is a variant of PrintNightmare or a unique vulnerability all on its own, said **Dustin Childs** at **Trend Micro's Zero Day Initiative**.\n\n"Microsoft does state low privileges are required, so that should put this in the non-wormable category, but you should still prioritize testing and deployment of this Critical-rated bug," Childs said.\n\nMicrosoft said the Print Spooler patch it is pushing today should address all publicly documented security problems with the service.\n\n"Today we are addressing this risk by changing the default Point and Print driver installation and update behavior to require administrator privileges," Microsoft said in a blog post. "This change may impact Windows print clients in scenarios where non-elevated users were previously able to add or update printers. However, we strongly believe that the security risk justifies the change. This change will take effect with the installation of the security updates released on August 10, 2021 for all versions of Windows, and is documented as [CVE-2021-34481](<https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-34481>)."\n\nAugust brings yet another critical patch ([CVE-2021-34535](<https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-34535>)) for the **Windows Remote Desktop** service, and this time the flaw is in the Remote Desktop client instead of the server.\n\n[CVE-2021-26424](<https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-26424>) -- a scary, critical bug in the **Windows TCP/IP** component -- earned a CVSS score of 9.9 (10 is the worst), and is present in **Windows 7** through **Windows 10**, and Windows Server 2008 through 2019 (Windows 7 is no longer being supported with security updates).\n\nMicrosoft said it was not aware of anyone exploiting this bug yet, although the company assigned it the label "exploitation more likely," meaning it may not be difficult for attackers to figure out. CVE-2021-26424 could be exploited by sending a single malicious data packet to a vulnerable system.\n\nFor a complete rundown of all patches released today and indexed by severity, check out the [always-useful Patch Tuesday roundup](<https://isc.sans.edu/forums/diary/Microsoft+August+2021+Patch+Tuesday/27736/>) from the **SANS Internet Storm Center**. And it's not a bad idea to hold off updating for a few days until Microsoft works out any kinks in the updates: [AskWoody.com](<https://www.askwoody.com/2021/defcon-2-august-updates-include-print-spooler-fixes/>) usually has the lowdown on any patches that are causing problems for Windows users.\n\nOn that note, before you update _please_ make sure you have backed up your system and/or important files. It\u2019s not uncommon for a Windows update package to hose one\u2019s system or prevent it from booting properly, and some updates have been known to erase or corrupt files.\n\nSo do yourself a favor and backup before installing any patches. Windows 10 even has some [built-in tools](<https://lifehacker.com/how-to-back-up-your-computer-automatically-with-windows-1762867473>) to help you do that, either on a per-file/folder basis or by making a complete and bootable copy of your hard drive all at once.\n\nAnd if you wish to ensure Windows has been set to pause updating so you can back up your files and/or system before the operating system decides to reboot and install patches on its own schedule, [see this guide](<https://www.computerworld.com/article/3543189/check-to-make-sure-you-have-windows-updates-paused.html>).\n\nIf you experience glitches or problems installing any of these patches this month, please consider leaving a comment about it below; there\u2019s a decent chance other readers have experienced the same and may chime in here with useful tips.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 7.8, "privilegesRequired": "LOW", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 5.9}, "published": "2021-08-10T21:12:58", "type": "krebs", "title": "Microsoft Patch Tuesday, August 2021 Edition", "bulletinFamily": "blog", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 4.6, "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-26424", "CVE-2021-34481", "CVE-2021-34535", "CVE-2021-36936", "CVE-2021-36948"], "modified": "2021-08-10T21:12:58", "id": "KREBS:AE87E964E683A56CFE4E51E96F3530AD", "href": "https://krebsonsecurity.com/2021/08/microsoft-patch-tuesday-august-2021-edition/", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "thn": [{"lastseen": "2022-05-09T12:39:15", "description": "[![](https://thehackernews.com/images/-KFVbzvrTdtw/YRNbSwawxnI/AAAAAAAADfg/bEuoCVHmHHw4ycTXfnhAqcyuUoWDf2W7gCLcBGAsYHQ/s0/windows-update-download.jpg)](<https://thehackernews.com/images/-KFVbzvrTdtw/YRNbSwawxnI/AAAAAAAADfg/bEuoCVHmHHw4ycTXfnhAqcyuUoWDf2W7gCLcBGAsYHQ/s0/windows-update-download.jpg>)\n\nMicrosoft on Tuesday rolled out [security updates](<https://msrc.microsoft.com/update-guide/releaseNote/2021-Aug>) to address a total of 44 security issues affecting its software products and services, one of which it says is an actively exploited zero-day in the wild.\n\nThe update, which is the smallest release since December 2019, squashes seven Critical and 37 Important bugs in Windows, .NET Core & Visual Studio, Azure, Microsoft Graphics Component, Microsoft Office, Microsoft Scripting Engine, Microsoft Windows Codecs Library, Remote Desktop Client, among others. This is in addition to [seven security flaws](<https://docs.microsoft.com/en-us/deployedge/microsoft-edge-relnotes-security>) it patched in the Microsoft Edge browser on August 5.\n\nChief among the patched issues is [CVE-2021-36948](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-36948>) (CVSS score: 7.8), an elevation of privilege flaw affecting Windows Update Medic Service \u2014 a service that enables remediation and protection of Windows Update components \u2014 which could be abused to run malicious programs with escalated permissions.\n\nMicrosoft's Threat Intelligence Center has been credited with reporting the flaw, although the company refrained from sharing additional specifics or detail on how widespread those attacks were in light of active exploitation attempts.\n\nTwo of the security vulnerabilities are publicly known at the time of release -\n\n * [CVE-2021-36942](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-36942>) (CVSS score: 9.8) - Windows LSA Spoofing Vulnerability\n * [CVE-2021-36936](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-36936>) (CVSS score: 8.8) - Windows Print Spooler Remote Code Execution Vulnerability\n\nWhile CVE-2021-36942 contains fixes to secure systems against NTLM relay attacks like [PetitPotam](<https://thehackernews.com/2021/07/new-petitpotam-ntlm-relay-attack-lets.html>) by blocking the LSARPC interface, CVE-2021-36936 resolves yet another remote code execution flaw in the Windows Print Spooler component.\n\n\"An unauthenticated attacker could call a method on the LSARPC interface and coerce the domain controller to authenticate against another server using NTLM,\" Microsoft said in its advisory for CVE-2021-36942; adding the \"security update blocks the affected API calls OpenEncryptedFileRawA and OpenEncryptedFileRawW through LSARPC interface.\"\n\nCVE-2021-36936 is also one among the three flaws in the Print Spooler service that Microsoft has fixed this month, with the two other vulnerabilities being [CVE-2021-36947](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-36947>) and (CVSS score: 8.2) and [CVE-2021-34483](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-34483>) (CVSS score: 7.8), the latter of which concerns an elevation of privilege vulnerability.\n\nIn addition, Microsoft has released [security updates](<https://support.microsoft.com/en-us/topic/kb5005652-manage-new-point-and-print-default-driver-installation-behavior-cve-2021-34481-873642bf-2634-49c5-a23b-6d8e9a302872>) to resolve a previously disclosed remote code execution in the Print Spooler service tracked as [CVE-2021-34481](<https://thehackernews.com/2021/07/microsoft-warns-of-new-unpatched.html>) (CVSS score: 8.8). This changes the default behavior of the \"[Point and Print](<https://docs.microsoft.com/en-us/windows-hardware/drivers/print/introduction-to-point-and-print>)\" feature, effectively preventing non-administrator users from installing or updating new and existing printer drivers using drivers from a remote computer or server without first elevating themselves to an administrator.\n\nAnother critical flaw remediated as part of Patch Tuesday updates is [CVE-2021-26424](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-26424>) (CVSS score: 9.9), a remote code execution vulnerability in Windows TCP/IP, which Microsoft notes \"is remotely triggerable by a malicious Hyper-V guest sending an ipv6 ping to the Hyper-V host. An attacker could send a specially crafted TCP/IP packet to its host utilizing the TCP/IP Protocol Stack (tcpip.sys) to process packets.\"\n\nTo install the latest security updates, Windows users can head to Start > Settings > Update & Security > Windows Update or by selecting Check for Windows updates.\n\n### Software Patches From Other Vendors\n\nBesides Microsoft, patches have also been released by a number of other vendors to address several vulnerabilities, including -\n\n * [Adobe](<https://helpx.adobe.com/security.html/security/security-bulletin.ug.html>)\n * [Android](<https://source.android.com/security/bulletin/2021-08-01>)\n * [Cisco](<https://tools.cisco.com/security/center/publicationListing.x>)\n * [Citrix](<https://support.citrix.com/search/#/All%20Products?ct=Software%20Updates,Security%20Bulletins&searchText=&sortBy=Modified%20date&pageIndex=1>)\n * [Juniper Networks](<https://kb.juniper.net/InfoCenter/index?page=content&channel=SECURITY_ADVISORIES>)\n * Linux distributions [SUSE](<https://lists.suse.com/pipermail/sle-security-updates/2021-August/thread.html>), [Oracle Linux](<https://linux.oracle.com/ords/f?p=105:21>), and [Red Hat](<https://access.redhat.com/security/security-updates/#/security-advisories?q=&p=2&sort=portal_publication_date%20desc&rows=10&portal_advisory_type=Security%20Advisory&documentKind=Errata>)\n * [SAP](<https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=582222806>)\n * [Schneider Electric](<https://www.se.com/ww/en/work/support/cybersecurity/overview.jsp>)\n * [Siemens](<https://new.siemens.com/global/en/products/services/cert.html#SecurityPublications>), and\n * [VMware](<https://www.vmware.com/security/advisories.html>)\n \n\n\nFound this article interesting? Follow THN on [Facebook](<https://www.facebook.com/thehackernews>), [Twitter _\uf099_](<https://twitter.com/thehackersnews>) and [LinkedIn](<https://www.linkedin.com/company/thehackernews/>) to read more exclusive content we post.\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-08-11T05:31:00", "type": "thn", "title": "Microsoft Releases Windows Updates to Patch Actively Exploited Vulnerability", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-26424", "CVE-2021-34481", "CVE-2021-34483", "CVE-2021-36936", "CVE-2021-36942", "CVE-2021-36947", "CVE-2021-36948"], "modified": "2021-08-11T05:31:39", "id": "THN:F601EBBE359B3547B8E79F0217562FEF", "href": "https://thehackernews.com/2021/08/microsoft-releases-windows-updates-to.html", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-05-09T12:39:14", "description": "[![](https://thehackernews.com/images/-YB6xMmNkBp0/YRYuIvxMidI/AAAAAAAADhg/a2Ee5QkoQZw6JlnYhCIdg3Nk-HM2yu2wwCLcBGAsYHQ/s0/ransomware.jpg)](<https://thehackernews.com/images/-YB6xMmNkBp0/YRYuIvxMidI/AAAAAAAADhg/a2Ee5QkoQZw6JlnYhCIdg3Nk-HM2yu2wwCLcBGAsYHQ/s0/ransomware.jpg>)\n\nRansomware operators such as Magniber and Vice Society are actively exploiting vulnerabilities in Windows Print Spooler to compromise victims and spread laterally across a victim's network to deploy file-encrypting payloads on targeted systems.\n\n\"Multiple, distinct threat actors view this vulnerability as attractive to use during their attacks and may indicate that this vulnerability will continue to see more widespread adoption and incorporation by various adversaries moving forward,\" Cisco Talos [said](<https://blog.talosintelligence.com/2021/08/vice-society-ransomware-printnightmare.html>) in a report published Thursday, corroborating an [independent analysis](<https://www.crowdstrike.com/blog/magniber-ransomware-caught-using-printnightmare-vulnerability/>) from CrowdStrike, which observed instances of Magniber ransomware infections targeting entities in South Korea.\n\nWhile Magniber ransomware was first spotted in late 2017 singling out victims in South Korea through malvertising campaigns, Vice Society is a new entrant that emerged on the ransomware landscape in mid-2021, primarily targeting public school districts and other educational institutions. The attacks are said to have taken place since at least July 13.\n\nSince June, a series of \"PrintNightmare\" issues affecting the Windows print spooler service has come to light that could enable remote code execution when the component performs privileged file operations -\n\n * [**CVE-2021-1675**](<https://thehackernews.com/2021/06/researchers-leak-poc-exploit-for.html>) \\- Windows Print Spooler Remote Code Execution Vulnerability (Patched on June 8)\n * [**CVE-2021-34527**](<https://thehackernews.com/2021/07/microsofts-emergency-patch-fails-to.html>) \\- Windows Print Spooler Remote Code Execution Vulnerability (Patched on July 6-7)\n * [**CVE-2021-34481**](<https://thehackernews.com/2021/07/microsoft-warns-of-new-unpatched.html>) \\- Windows Print Spooler Remote Code Execution Vulnerability (Patched on August 10)\n * [**CVE-2021-36936**](<https://thehackernews.com/2021/08/microsoft-releases-windows-updates-to.html>) \\- Windows Print Spooler Remote Code Execution Vulnerability (Patched on August 10) \n * [**CVE-2021-36947**](<https://thehackernews.com/2021/08/microsoft-releases-windows-updates-to.html>) \\- Windows Print Spooler Remote Code Execution Vulnerability (Patched on August 10)\n * [**CVE-2021-34483**](<https://thehackernews.com/2021/08/microsoft-releases-windows-updates-to.html>) \\- Windows Print Spooler Elevation of Privilege Vulnerability (Patched on August 10)\n * [**CVE-2021-36958**](<https://thehackernews.com/2021/08/microsoft-security-bulletin-warns-of.html>) \\- Windows Print Spooler Remote Code Execution Vulnerability (Unpatched)\n\nCrowdStrike noted it was able to successfully prevent attempts made by the Magniber ransomware gang at exploiting the PrintNightmare vulnerability.\n\nVice Society, on the other hand, leveraged a variety of techniques to conduct post-compromise discovery and reconnaissance prior to bypassing native Windows protections for credential theft and privilege escalation.\n\n[![Ransomware](https://thehackernews.com/images/-JlsTWIHVgX4/YRYltMOGBKI/AAAAAAAADhQ/pzUFIcW6y0ABjOe3PuUQE5cPSnEOvGP9ACLcBGAsYHQ/s728-e1000/ransomware.jpg)](<https://thehackernews.com/images/-JlsTWIHVgX4/YRYltMOGBKI/AAAAAAAADhQ/pzUFIcW6y0ABjOe3PuUQE5cPSnEOvGP9ACLcBGAsYHQ/s0/ransomware.jpg>)\n\nSpecifically, the attacker is believed to have used a malicious library associated with the PrintNightmare flaw (CVE-2021-34527) to pivot to multiple systems across the environment and extract credentials from the victim.\n\n\"Adversaries are constantly refining their approach to the ransomware attack lifecycle as they strive to operate more effectively, efficiently, and evasively,\" the researchers said. \"The use of the vulnerability known as PrintNightmare shows that adversaries are paying close attention and will quickly incorporate new tools that they find useful for various purposes during their attacks.\"\n\n \n\n\nFound this article interesting? Follow THN on [Facebook](<https://www.facebook.com/thehackernews>), [Twitter _\uf099_](<https://twitter.com/thehackersnews>) and [LinkedIn](<https://www.linkedin.com/company/thehackernews/>) to read more exclusive content we post.\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-08-13T08:29:00", "type": "thn", "title": "Ransomware Gangs Exploiting Windows Print Spooler Vulnerabilities", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-1675", "CVE-2021-34481", "CVE-2021-34483", "CVE-2021-34527", "CVE-2021-36936", "CVE-2021-36947", "CVE-2021-36958"], "modified": "2021-08-13T08:32:51", "id": "THN:6428957E9DED493169A2E63839F98667", "href": "https://thehackernews.com/2021/08/ransomware-gangs-exploiting-windows.html", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-05-09T12:37:52", "description": "[![Microsoft Windows 10](https://thehackernews.com/new-images/img/a/AVvXsEiL_ZBAXmRadIpTCtIL6ko2RhRBQ3M8KOXg7jLdsxCjWl-V2Hk47PVfsYkcW-ZGiMl6CyhTYXcxIFCB3jWTn6ByqP9laZRQ3JiUFSBvb-fc_RWVEwQdJNgKNOxDwYPGv55yleW0ySMgaRuaksIn50zw3gG563opnN_wxTB8iSMcvhUeQ17KH-AY68rs=s728-e1000)](<https://thehackernews.com/new-images/img/a/AVvXsEiL_ZBAXmRadIpTCtIL6ko2RhRBQ3M8KOXg7jLdsxCjWl-V2Hk47PVfsYkcW-ZGiMl6CyhTYXcxIFCB3jWTn6ByqP9laZRQ3JiUFSBvb-fc_RWVEwQdJNgKNOxDwYPGv55yleW0ySMgaRuaksIn50zw3gG563opnN_wxTB8iSMcvhUeQ17KH-AY68rs>)\n\nUnofficial patches have been issued to remediate an improperly patched Windows security vulnerability that could allow information disclosure and local privilege escalation (LPE) on vulnerable systems.\n\nTracked as [CVE-2021-24084](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-24084>) (CVSS score: 5.5), the flaw concerns an information disclosure vulnerability in the Windows Mobile Device Management component that could enable an attacker to gain unauthorized file system access and read arbitrary files.\n\nSecurity researcher Abdelhamid Naceri was credited with discovering and reporting the bug in October 2020, prompting Microsoft to address the issue as part of its February 2021 Patch Tuesday updates.\n\nBut as [observed](<https://halove23.blogspot.com/2021/06/CVE-2021-24084-Unpatched-ID.html>) by Naceri in June 2021, not only could the patch be bypassed to achieve the same objective, the researcher this month found that the incompletely patched vulnerability could also be [exploited](<https://twitter.com/KLINIX5/status/1455500874596356098>) to gain administrator privileges and run malicious code on Windows 10 machines running the [latest security updates](<https://thehackernews.com/2021/11/microsoft-issues-patches-for-actively.html>).\n\n[![Microsoft Windows 10](https://thehackernews.com/new-images/img/a/AVvXsEgMZQpplV3ZiAcHEwmMtQcHAz3YyxyHAiW5jeWeu9T3hsQp50k-M3uoVMRHw8T9mtaGFHLoV6lAfluit3rHY6ojhU5kaukhNj_aHGxKMo2fteTd2XFcRIglOh3Ge34soXm23wwNDq0H_DeD786rYBCsEqBbia1jy1cBQSY3C7lv4NT8Ms-LiBp5S_UP=s728-e1000)](<https://thehackernews.com/new-images/img/a/AVvXsEgMZQpplV3ZiAcHEwmMtQcHAz3YyxyHAiW5jeWeu9T3hsQp50k-M3uoVMRHw8T9mtaGFHLoV6lAfluit3rHY6ojhU5kaukhNj_aHGxKMo2fteTd2XFcRIglOh3Ge34soXm23wwNDq0H_DeD786rYBCsEqBbia1jy1cBQSY3C7lv4NT8Ms-LiBp5S_UP>)\n\n\"Namely, as [HiveNightmare/SeriousSAM](<https://thehackernews.com/2021/07/new-windows-and-linux-flaws-give.html>) has taught us, an arbitrary file disclosure can be upgraded to local privilege escalation if you know which files to take and what to do with them,\" 0patch co-founder Mitja Kolsek [said](<https://blog.0patch.com/2021/11/micropatching-unpatched-local-privilege.html>) in a post last week.\n\nHowever, it's worth noting that the vulnerability can be exploited to accomplish privilege escalation only under specific circumstances, namely when the system protection feature is enabled on C: Drive and at least one local administrator account is set up on the computer.\n\nNeither Windows Servers nor systems running Windows 11 are affected by the vulnerability, but the following Windows 10 versions are impacted \u2014\n\n * Windows 10 v21H1 (32 & 64 bit) updated with November 2021 Updates\n * Windows 10 v20H2 (32 & 64 bit) updated with November 2021 Updates\n * Windows 10 v2004 (32 & 64 bit) updated with November 2021 Updates\n * Windows 10 v1909 (32 & 64 bit) updated with November 2021 Updates\n * Windows 10 v1903 (32 & 64 bit) updated with November 2021 Updates\n * Windows 10 v1809 (32 & 64 bit) updated with May 2021 Updates\n\nCVE-2021-24084 is also the third zero-day Windows vulnerability to rear its head again as a consequence of an incomplete patch issued by Microsoft. Earlier this month, 0patch [shipped](<https://blog.0patch.com/2021/11/micropatching-incompletely-patched.html>) unofficial fixes for a local privilege escalation vulnerability ([CVE-2021-34484](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-34484>)) in the Windows User Profile Service that enables attackers to gain SYSTEM privileges.\n\nThen last week, Naceri disclosed details of another zero-day flaw in the Microsoft Windows Installer service ([CVE-2021-41379](<https://thehackernews.com/2021/11/warning-hackers-exploiting-new-windows.html>)) that could be bypassed to achieve elevated privileges on devices running the latest Windows versions, including Windows 10, Windows 11, and Windows Server 2022.\n\n \n\n\nFound this article interesting? Follow THN on [Facebook](<https://www.facebook.com/thehackernews>), [Twitter _\uf099_](<https://twitter.com/thehackersnews>) and [LinkedIn](<https://www.linkedin.com/company/thehackernews/>) to read more exclusive content we post.\n", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-11-30T09:11:00", "type": "thn", "title": "Unpatched Unauthorized File Read Vulnerability Affects Microsoft Windows OS", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 4.9, "vectorString": "AV:L/AC:L/Au:N/C:C/I:N/A:N", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 6.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-24084", "CVE-2021-34484", "CVE-2021-41379"], "modified": "2021-12-03T03:42:06", "id": "THN:BABD510622DAA320F3F1F55EEDD7549A", "href": "https://thehackernews.com/2021/11/unpatched-unauthorized-file-read.html", "cvss": {"score": 4.9, "vector": "AV:L/AC:L/Au:N/C:C/I:N/A:N"}}, {"lastseen": "2022-07-29T03:59:29", "description": "[![Windows and Adobe Zero-Days](https://thehackernews.com/new-images/img/b/R29vZ2xl/AVvXsEjRrnxKtJzXQbaLrPRY2GEIij8so07HImMs9wbPTTP-j92ED6wxTFv-NdQyw_Z0JBlqIYh-H3g2WKAcIkt70zKcB5AxP9KcQgCqChBwNsYPu9CQ_Xp6uBmkhxyoNZpHZIIQrV5TkreAFNBg-kFpOzjxBYxhl5bZqKZH6j9zgyd3itncGVyM5L09fy-c/s728-e1000/windows-hacker.jpg)](<https://thehackernews.com/new-images/img/b/R29vZ2xl/AVvXsEjRrnxKtJzXQbaLrPRY2GEIij8so07HImMs9wbPTTP-j92ED6wxTFv-NdQyw_Z0JBlqIYh-H3g2WKAcIkt70zKcB5AxP9KcQgCqChBwNsYPu9CQ_Xp6uBmkhxyoNZpHZIIQrV5TkreAFNBg-kFpOzjxBYxhl5bZqKZH6j9zgyd3itncGVyM5L09fy-c/s728-e100/windows-hacker.jpg>)\n\nA cyber mercenary that \"ostensibly sells general security and information analysis services to commercial customers\" used several Windows and Adobe zero-day exploits in limited and highly-targeted attacks against European and Central American entities.\n\nThe company, which Microsoft describes as a private-sector offensive actor (PSOA), is an Austria-based outfit called [DSIRF](<https://web.archive.org/web/20220713203741/https:/dsirf.eu/about/>) that's linked to the development and attempted sale of a piece of cyberweapon referred to as **Subzero**, which can be used to hack targets' phones, computers, and internet-connected devices.\n\n\"Observed victims to date include law firms, banks, and strategic consultancies in countries such as Austria, the United Kingdom, and Panama,\" the tech giant's cybersecurity teams [said](<https://www.microsoft.com/security/blog/2022/07/27/untangling-knotweed-european-private-sector-offensive-actor-using-0-day-exploits/>) in a Wednesday report.\n\nMicrosoft is [tracking](<https://blogs.microsoft.com/on-the-issues/2022/07/27/private-sector-cyberweapons-psoas-knotweed/>) the actor under the moniker KNOTWEED, continuing its trend of terming PSOAs using names given to trees and shrubs. The company previously designated the name [SOURGUM](<https://thehackernews.com/2021/07/israeli-firm-helped-governments-target.html>) to Israeli spyware vendor Candiru.\n\nKNOTWEED is known to dabble in both access-as-a-service and [hack-for-hire](<https://thehackernews.com/2022/06/google-blocks-dozens-of-malicious.html>) operations, offering its toolset to third parties as well as directly associating itself in certain attacks.\n\nWhile the former entails the sales of end-to-end hacking tools that can be used by the purchaser in their own operations without the involvement of the offensive actor, hack-for-hire groups run the targeted operations on behalf of their clients.\n\nThe deployment of Subzero is said to have transpired through the exploitation of numerous issues, including an attack chain that abused an unknown Adobe Reader remote code execution (RCE) flaw and a zero-day privilege escalation bug ([CVE-2022-22047](<https://thehackernews.com/2022/07/microsoft-releases-fix-for-zero-day.html>)), the latter of which was addressed by Microsoft as part of its July Patch Tuesday updates.\n\n\"The exploits were packaged into a PDF document that was sent to the victim via email,\" Microsoft explained. \"CVE-2022-22047 was used in KNOTWEED related attacks for privilege escalation. The vulnerability also provided the ability to escape sandboxes and achieve system-level code execution.\"\n\nSimilar attack chains observed in 2021 leveraged a combination of two Windows privilege escalation exploits (CVE-2021-31199 and CVE-2021-31201) in conjunction with an Adobe reader flaw (CVE-2021-28550). The three vulnerabilities were [resolved](<https://thehackernews.com/2021/06/update-your-windows-computers-to-patch.html>) in June 2021.\n\nThe deployment of Subzero subsequently occurred through a fourth exploit, this time taking advantage of a privilege escalation vulnerability in the Windows Update Medic Service ([CVE-2021-36948](<https://thehackernews.com/2021/08/microsoft-releases-windows-updates-to.html>)), which was closed by Microsoft in August 2021.\n\nBeyond these exploit chains, Excel files masquerading as real estate documents have been used as a conduit to deliver the malware, with the files containing [Excel 4.0 macros](<https://thehackernews.com/2022/01/emotet-now-using-unconventional-ip.html>) designed to kick-start the infection process.\n\nRegardless of the method employed, the intrusions culminate in the execution of shellcode, which is used to retrieve a second-stage payload called Corelump from a remote server in the form of a JPEG image that also embeds a loader named Jumplump that, in turn, loads Corelump into memory.\n\nThe evasive implant comes with a wide range of capabilities, including keylogging, capturing screenshots, exfiltrating files, running a remote shell, and running arbitrary plugins downloaded from the remote server.\n\nAlso deployed during the attacks were bespoke utilities like Mex, a command-line tool to run open source security software like Chisel, and PassLib, a tool to dump credentials from web browsers, email clients, and the Windows credential manager.\n\nMicrosoft said it uncovered KNOTWEED actively serving malware since February 2020 through infrastructure hosted on DigitalOcean and Choopa, alongside identifying subdomains that are used for malware development, debugging Mex, and staging the Subzero payload.\n\nMultiple links have also been unearthed between DSIRF and the malicious tools used in KNOTWEED's attacks.\n\n\"These include command-and-control infrastructure used by the malware directly linking to DSIRF, a DSIRF-associated GitHub account being used in one attack, a code signing certificate issued to DSIRF being used to sign an exploit, and other open-source news reports attributing Subzero to DSIRF,\" Redmond noted.\n\nSubzero is no different from off-the-shelf malware such as [Pegasus](<https://thehackernews.com/2022/07/pegasus-spyware-used-to-hack-devices-of.html>), [Predator](<https://thehackernews.com/2022/05/cytroxs-predator-spyware-target-android.html>), [Hermit](<https://thehackernews.com/2022/06/google-says-isps-helped-attackers.html>), and [DevilsTongue](<https://thehackernews.com/2022/07/candiru-spyware-caught-exploiting.html>), which are capable of infiltrating phones and Windows machines to remotely control the devices and siphon off data, sometimes without requiring the user to click on a malicious link.\n\nIf anything, the latest findings highlight a burgeoning international market for such sophisticated surveillance technologies to carry out targeted attacks aimed at members of civil society.\n\nAlthough companies that sell commercial spyware advertise their wares as a means to tackle serious crimes, evidence gathered so far has found [several instances](<https://thehackernews.com/2022/06/nso-confirms-pegasus-spyware-used-by-at.html>) of these tools being misused by authoritarian governments and private organizations to snoop on human rights advocates, journalists, dissidents, and politicians.\n\nGoogle's Threat Analysis Group (TAG), which is tracking over 30 vendors that hawk exploits or surveillance capabilities to state-sponsored actors, said the booming ecosystem underscores \"the extent to which commercial surveillance vendors have proliferated capabilities historically only used by governments.\"\n\n\"These vendors operate with deep technical expertise to develop and operationalize exploits,\" TAG's Shane Huntley [said](<https://blog.google/threat-analysis-group/googles-efforts-to-identify-and-counter-spyware/>) in a testimony to the U.S. House Intelligence Committee on Wednesday, adding, \"its use is growing, fueled by demand from governments.\"\n\n \n\n\nFound this article interesting? Follow THN on [Facebook](<https://www.facebook.com/thehackernews>), [Twitter _\uf099_](<https://twitter.com/thehackersnews>) and [LinkedIn](<https://www.linkedin.com/company/thehackernews/>) to read more exclusive content we post.\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2022-07-28T11:18:00", "type": "thn", "title": "Microsoft Uncovers Austrian Company Exploiting Windows and Adobe Zero-Day Exploits", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-28550", "CVE-2021-31199", "CVE-2021-31201", "CVE-2021-36948", "CVE-2022-22047"], "modified": "2022-07-29T02:58:07", "id": "THN:DFA2CC41C78DFA4BED87B1410C21CE2A", "href": "https://thehackernews.com/2022/07/microsoft-uncover-austrian-company.html", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}], "attackerkb": [{"lastseen": "2023-05-30T15:37:45", "description": "Windows Event Tracing Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2021-26425, CVE-2021-34486.\n\n \n**Recent assessments:** \n \nAssessed Attacker Value: 0 \nAssessed Attacker Value: 0Assessed Attacker Value: 0\n", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-08-12T00:00:00", "type": "attackerkb", "title": "CVE-2021-34487", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 4.6, "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-26425", "CVE-2021-34486", "CVE-2021-34487"], "modified": "2021-08-24T00:00:00", "id": "AKB:20A31239-28EC-43E3-854A-6CA8B1F44AB8", "href": "https://attackerkb.com/topics/1vFJjaxNUo/cve-2021-34487", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-05-27T14:35:36", "description": "Windows Event Tracing Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2021-26425, CVE-2021-34487.\n\n \n**Recent assessments:** \n \nAssessed Attacker Value: 0 \nAssessed Attacker Value: 0Assessed Attacker Value: 0\n", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-08-12T00:00:00", "type": "attackerkb", "title": "CVE-2021-34486", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 4.6, "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-26425", "CVE-2021-34486", "CVE-2021-34487"], "modified": "2021-08-24T00:00:00", "id": "AKB:008B7980-D9F8-4D56-A194-F83ACBEEC5D4", "href": "https://attackerkb.com/topics/vYxZAvfLJA/cve-2021-34486", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-05-23T17:21:14", "description": "Windows Update Medic Service Elevation of Privilege Vulnerability\n\n \n**Recent assessments:** \n \nAssessed Attacker Value: 0 \nAssessed Attacker Value: 0Assessed Attacker Value: 0\n", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-08-12T00:00:00", "type": "attackerkb", "title": "CVE-2021-36948", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 4.6, "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-36948"], "modified": "2021-08-21T00:00:00", "id": "AKB:D92D1688-7724-40C4-AD86-DF44F4611D40", "href": "https://attackerkb.com/topics/aTP6m1u6PE/cve-2021-36948", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-05-29T17:17:09", "description": "Windows User Profile Service Elevation of Privilege Vulnerability\n\n \n**Recent assessments:** \n \n**ccondon-r7** at March 29, 2022 12:10pm UTC reported:\n\nThis bug was evidently [used by LAPSUS$](<https://twitter.com/billdemirkapi/status/1508527492285575172>) in the wild as part of the attack on Okta.\n\n**gwillcox-r7** at March 30, 2022 4:21pm UTC reported:\n\nThis bug was evidently [used by LAPSUS$](<https://twitter.com/billdemirkapi/status/1508527492285575172>) in the wild as part of the attack on Okta.\n\nAssessed Attacker Value: 0 \nAssessed Attacker Value: 0Assessed Attacker Value: 0\n", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-08-12T00:00:00", "type": "attackerkb", "title": "CVE-2021-34484", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.4, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 6.9, "vectorString": "AV:L/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-34484", "CVE-2022-21919", "CVE-2022-26904"], "modified": "2021-08-24T00:00:00", "id": "AKB:2A1BFBBE-FD48-497E-8F3E-BB65670A94FA", "href": "https://attackerkb.com/topics/qo2zIGKm9O/cve-2021-34484", "cvss": {"score": 6.9, "vector": "AV:L/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-05-29T17:16:43", "description": "Windows User Profile Service Elevation of Privilege Vulnerability.\n\n \n**Recent assessments:** \n \n**gwillcox-r7** at March 30, 2022 4:52pm UTC reported:\n\nThis is a bypass for [CVE-2022-21919](<https://attackerkb.com/topics/2sQXBnLJYq/cve-2022-21919>) which is in turn a bypass for [CVE-2021-34484](<https://attackerkb.com/topics/qo2zIGKm9O/cve-2021-34484?referrer=search>). As noted at <https://twitter.com/billdemirkapi/status/1508527492285575172>, CVE-2022-21919 was already being exploited in the wild by using the binary from <https://github.com/klinix5/ProfSvcLPE/blob/main/DoubleJunctionEoP/Release/UserProfileSvcEoP.exe>.\n\nThe vulnerability, near as I can tell, occurs due to the `CreateDirectoryJunction()` function inside `profext.dll` not appropriately validating things before creating a directory junction between two directories. This can allow an attacker to create a directory junction between a directory they have access to and another directory that they should not have access to, thereby granting them the ability to plant files in sensitive locations and or read sensitive files.\n\nThe exploit code for this, which was originally at <https://github.com/klinix5/SuperProfile> but which got taken down, is now available at <https://github.com/rmusser01/SuperProfile> and its associated forks. I have taken this code and updated it and touched it up a bit into a Metasploit exploit module that is now available at <https://github.com/rapid7/metasploit-framework/pull/16382>.\n\nThis exploit code utilizes this vulnerability to plant a malicious `comctl32.dll` binary in a location that the `Narrator.exe` program will try to load the DLL from when it starts. By utilizing the `ShellExecute` command with the `runas` option, we can force a UAC prompt to come up that will run the `consent.exe` program to run. If the `PromptOnSecureDesktop` setting is set to `1` which is the default, this will result in `consent.exe` running as `SYSTEM` on the secure desktop, and a new `narrator.exe` instance will also spawn as `SYSTEM` on the secure desktop, which will then load the malicious `comctl32.dll` DLL and allow us to execute our code as `SYSTEM`.\n\nNote that if `PromptOnSecureDesktop` is set to 0 under the key `HKLM\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\System`, then this LPE will not be possible as the UAC prompt will spawn as the current user vs as `SYSTEM` on the restricted desktop, and therefore we will not achieve privilege elevation, so this is a workaround for the vulnerability whilst it is not patched.\n\nIt should be noted that as this stands the current exploit requires valid credentials for another user on the system who is a non-admin user and who has permissions to log into the target computer. They must also have a profile under `C:\\Users` for the exploit to function in its current state. There has been some rumors that it might be possible to do this without a secondary login, however nothing concrete has been found so far, so we are considering this a prerequisite for exploitation for the time being.\n\nWe, aka Rapid7, have reported this vulnerability to Microsoft and have given KLINIX5, who originally found this vulnerability and wrote the original exploit code, full credit for the discovery, however Microsoft have only given us this CVE number and have not provided a timeline on when they expect a fix for this vulnerability at this time. It is therefore recommended to use the mitigation above until an appropriate fix is developed.\n\nAssessed Attacker Value: 4 \nAssessed Attacker Value: 4Assessed Attacker Value: 3\n", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-04-15T00:00:00", "type": "attackerkb", "title": "CVE-2022-26904", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.4, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 6.9, "vectorString": "AV:L/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-34484", "CVE-2022-21919", "CVE-2022-26904"], "modified": "2022-04-15T00:00:00", "id": "AKB:5ABBD3E2-AA30-41CB-96DA-34B5E76D030C", "href": "https://attackerkb.com/topics/RHSMbN1NQY/cve-2022-26904", "cvss": {"score": 6.9, "vector": "AV:L/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-05-29T17:17:12", "description": "Windows User Profile Service Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-21895.\n\n \n**Recent assessments:** \n \n**gwillcox-r7** at January 12, 2022 12:07am UTC reported:\n\nUpdate: As predicted there is a patch bypass for this, now labled as [CVE-2022-26904](<https://attackerkb.com/topics/RHSMbN1NQY/cve-2022-26904>)\n\nAccording to <https://twitter.com/KLINIX5/status/1480996599165763587> this appears to be a patch for the code blogged about at <https://halove23.blogspot.com/2021/10/windows-user-profile-service-0day.html>. The details on this bug can be found at <https://github.com/klinix5/ProfSvcLPE/blob/main/write-up.docx> but I\u2019ll summarize them here for brevity.\n\nThe original incomplete patch, aka [CVE-2021-34484](<https://attackerkb.com/topics/qo2zIGKm9O/cve-2021-34484>) is explained best by Mitja Kolsek at <https://blog.0patch.com/2021/11/micropatching-incompletely-patched.html> where he notes that bug was originally considered to be an arbitrary directory deletion bug that allowed a logged on user to delete a folder on the computer.\n\nHowever upon reviewing the fix KLINUX5 found that it was possible to not only bypass the fix, but also make the vulnerability more impactful.\n\nSpecifically by abusing the User Profile Service\u2019s code which creates a temporary user profile folder (to protect against the original user profile folder being damaged etc), and then copies folders and files from the original profile folder to the backup, one can instead place a symbolic link. When this symbolic link is followed, it can allow the attacker to create attacker-writeable folders in a protected location and then perform a DLL hijacking attack against high privileged system processes.\n\nUnfortunately when patching this bug, Microsoft correctly assumed that one should check that the temporary user folder (aka `C:\\Users\\TEMP`), is not a symbolic link, but didn\u2019t check to see if any of the folders under `C:\\Users\\TEMP` contains a symbolic link.\n\nNote that as noted in <https://blog.0patch.com/2021/11/micropatching-incompletely-patched.html> this bug does require winning a race condition so exploitation is 100% reliable however there are ways to win the race condition as was shown in the code for the patch bypass published at <https://github.com/klinix5/ProfSvcLPE/tree/main/DoubleJunctionEoP>.\n\nI\u2019d keep an eye on this one as KLINIX5 has a habit of finding patch bypasses for his bugs and if he says Microsoft has messed things up again, more than likely there will be another patch bypass for this bug. I\u2019m still looking into exactly what was patched here though.\n\nAssessed Attacker Value: 4 \nAssessed Attacker Value: 4Assessed Attacker Value: 3\n", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-02-08T00:00:00", "type": "attackerkb", "title": "CVE-2022-21919", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-34484", "CVE-2022-21895", "CVE-2022-21919", "CVE-2022-26904"], "modified": "2022-02-08T00:00:00", "id": "AKB:C32E9872-B8A4-43F3-A8CC-05532AA65E51", "href": "https://attackerkb.com/topics/2sQXBnLJYq/cve-2022-21919", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}], "rapid7blog": [{"lastseen": "2021-08-21T10:49:33", "description": "![Patch Tuesday - August 2021](https://blog.rapid7.com/content/images/2021/08/patches-2.jpg)\n\nHot off the press, it\u2019s another issue of the Patch Tuesday blog! While the number of vulnerabilities is low this month, there are a number of high risk items administrators will want to patch right away including a few that will require additional remediation steps. This Patch Tuesday also includes updates for three vulnerabilities that were publicly disclosed earlier this month. Let\u2019s jump in.\n\n## Windows Elevation of Privilege Vulnerability aka HiveNightmare/SeriousSAM\n\n<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-36934> \nWith a public proof-of-concept having been available for some time, administrators should prioritize taking action on CVE-2021-36934. Remediation for this vulnerability requires volume shadow copies for system files to be deleted. This is due to the nature of the vulnerability, as the files with the vulnerable permissions could be restored from a backup and accessed even after the patch is installed. Microsoft indicates they took caution not to delete users' backups, but the trade-off is that customers will need to do the chore themselves. We've updated [our blog post](<https://www.rapid7.com/blog/post/2021/07/21/microsoft-sam-file-readability-cve-2021-36934-what-you-need-to-know/>) with this additional information.\n\n## Windows LSA Spoofing Vulnerability aka ADV210003\n\n<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-36942> \nAnother high priority action for patching teams is CVE-2021-36942. This update patches one of the vectors used in the PetitPotam attack. After applying this update there are additional configurations required in order to protect systems from other attack vectors using registry keys. The InsightVM team has included detection for the registry keys needed to enable EPA and SMB Signing in addition to the normal update. Please see [our blog post](<https://www.rapid7.com/blog/post/2021/08/03/petitpotam-novel-attack-chain-can-fully-compromise-windows-domains-running-ad-cs/>) for more information.\n\n## Windows Services for NFS ONCRPC XDR Driver Remote Code Execution Vulnerability\n\n<https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-26432> \nWhile Microsoft has not offered up any details for this vulnerability we can glean some info from the CVSS information. This remote code execution vulnerability is reachable from the network service with no authentication or user action required. There may not be an exploit available for this yet, but Microsoft indicates that \u201cExploitation [is] more likely\u201d. Put this update near the top of your TODO list.\n\n## Windows TCP/IP Remote Code Execution Vulnerability\n\n<https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-26424> \nLast on our list is a vulnerability that can result in remote execution on a Hyper-V host via the IPv6 networking stack. If Hyper-V is used in your environment this should be first on your list this month. \n\n## Summary Graphs\n\n![Patch Tuesday - August 2021](https://blog.rapid7.com/content/images/2021/08/output_26_1.png)![Patch Tuesday - August 2021](https://blog.rapid7.com/content/images/2021/08/output_25_1.png)![Patch Tuesday - August 2021](https://blog.rapid7.com/content/images/2021/08/output_20_2.png)![Patch Tuesday - August 2021](https://blog.rapid7.com/content/images/2021/08/output_18_2.png)\n\n## Summary Tables\n\n## Azure Vulnerabilities\n\nCVE | Title | Exploited | Disclosed | CVSS3 | FAQ \n---|---|---|---|---|--- \n[CVE-2021-36949](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-36949>) | Microsoft Azure Active Directory Connect Authentication Bypass Vulnerability | No | No | 7.1 | Yes \n[CVE-2021-26428](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-26428>) | Azure Sphere Information Disclosure Vulnerability | No | No | 4.4 | Yes \n[CVE-2021-26429](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-26429>) | Azure Sphere Elevation of Privilege Vulnerability | No | No | 7.7 | Yes \n[CVE-2021-26430](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-26430>) | Azure Sphere Denial of Service Vulnerability | No | No | 6 | Yes \n[CVE-2021-33762](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-33762>) | Azure CycleCloud Elevation of Privilege Vulnerability | No | No | 7 | No \n[CVE-2021-36943](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-36943>) | Azure CycleCloud Elevation of Privilege Vulnerability | No | No | 4 | No \n \n## Browser Vulnerabilities\n\nCVE | Title | Exploited | Disclosed | CVSS3 | FAQ \n---|---|---|---|---|--- \n[CVE-2021-30597](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-30597>) | Chromium: CVE-2021-30597 Use after free in Browser UI | No | No | | Yes \n[CVE-2021-30596](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-30596>) | Chromium: CVE-2021-30596 Incorrect security UI in Navigation | No | No | | Yes \n[CVE-2021-30594](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-30594>) | Chromium: CVE-2021-30594 Use after free in Page Info UI | No | No | | Yes \n[CVE-2021-30593](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-30593>) | Chromium: CVE-2021-30593 Out of bounds read in Tab Strip | No | No | | Yes \n[CVE-2021-30592](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-30592>) | Chromium: CVE-2021-30592 Out of bounds write in Tab Groups | No | No | | Yes \n[CVE-2021-30591](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-30591>) | Chromium: CVE-2021-30591 Use after free in File System API | No | No | | Yes \n[CVE-2021-30590](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-30590>) | Chromium: CVE-2021-30590 Heap buffer overflow in Bookmarks | No | No | | Yes \n \n## Developer Tools Vulnerabilities\n\nCVE | Title | Exploited | Disclosed | CVSS3 | FAQ \n---|---|---|---|---|--- \n[CVE-2021-34532](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-34532>) | ASP.NET Core and Visual Studio Information Disclosure Vulnerability | No | No | 5.5 | Yes \n[CVE-2021-34485](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-34485>) | .NET Core and Visual Studio Information Disclosure Vulnerability | No | No | 5 | Yes \n[CVE-2021-26423](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-26423>) | .NET Core and Visual Studio Denial of Service Vulnerability | No | No | 7.5 | No \n \n## Microsoft Dynamics Vulnerabilities\n\nCVE | Title | Exploited | Disclosed | CVSS3 | FAQ \n---|---|---|---|---|--- \n[CVE-2021-36946](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-36946>) | Microsoft Dynamics Business Central Cross-site Scripting Vulnerability | No | No | 5.4 | No \n[CVE-2021-34524](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-34524>) | Microsoft Dynamics 365 (on-premises) Remote Code Execution Vulnerability | No | No | 8.1 | No \n[CVE-2021-36950](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-36950>) | Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability | No | No | 5.4 | No \n \n## Microsoft Office Vulnerabilities\n\nCVE | Title | Exploited | Disclosed | CVSS3 | FAQ \n---|---|---|---|---|--- \n[CVE-2021-36941](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-36941>) | Microsoft Word Remote Code Execution Vulnerability | No | No | 7.8 | Yes \n[CVE-2021-36940](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-36940>) | Microsoft SharePoint Server Spoofing Vulnerability | No | No | 7.6 | No \n[CVE-2021-34478](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-34478>) | Microsoft Office Remote Code Execution Vulnerability | No | No | 7.8 | Yes \n \n## System Center Vulnerabilities\n\nCVE | Title | Exploited | Disclosed | CVSS3 | FAQ \n---|---|---|---|---|--- \n[CVE-2021-34471](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-34471>) | Microsoft Windows Defender Elevation of Privilege Vulnerability | No | No | 7.8 | Yes \n \n## Windows Vulnerabilities\n\nCVE | Title | Exploited | Disclosed | CVSS3 | FAQ \n---|---|---|---|---|--- \n[CVE-2021-26426](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-26426>) | Windows User Account Profile Picture Elevation of Privilege Vulnerability | No | No | 7 | No \n[CVE-2021-36948](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-36948>) | Windows Update Medic Service Elevation of Privilege Vulnerability | Yes | No | 7.8 | No \n[CVE-2021-26432](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-26432>) | Windows Services for NFS ONCRPC XDR Driver Remote Code Execution Vulnerability | No | No | 9.8 | No \n[CVE-2021-26433](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-26433>) | Windows Services for NFS ONCRPC XDR Driver Information Disclosure Vulnerability | No | No | 7.5 | Yes \n[CVE-2021-36926](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-36926>) | Windows Services for NFS ONCRPC XDR Driver Information Disclosure Vulnerability | No | No | 7.5 | Yes \n[CVE-2021-36932](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-36932>) | Windows Services for NFS ONCRPC XDR Driver Information Disclosure Vulnerability | No | No | 7.5 | Yes \n[CVE-2021-36933](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-36933>) | Windows Services for NFS ONCRPC XDR Driver Information Disclosure Vulnerability | No | No | 7.5 | Yes \n[CVE-2021-26431](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-26431>) | Windows Recovery Environment Agent Elevation of Privilege Vulnerability | No | No | 7.8 | No \n[CVE-2021-34534](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-34534>) | Windows MSHTML Platform Remote Code Execution Vulnerability | No | No | 6.8 | Yes \n[CVE-2021-34530](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-34530>) | Windows Graphics Component Remote Code Execution Vulnerability | No | No | 7.8 | No \n[CVE-2021-34486](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-34486>) | Windows Event Tracing Elevation of Privilege Vulnerability | No | No | 7.8 | No \n[CVE-2021-34487](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-34487>) | Windows Event Tracing Elevation of Privilege Vulnerability | No | No | 7 | No \n[CVE-2021-36938](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-36938>) | Windows Cryptographic Primitives Library Information Disclosure Vulnerability | No | No | 5.5 | No \n[CVE-2021-36945](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-36945>) | Windows 10 Update Assistant Elevation of Privilege Vulnerability | No | No | 7.3 | No \n[CVE-2021-34536](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-34536>) | Storage Spaces Controller Elevation of Privilege Vulnerability | No | No | 7.8 | No \n \n## Windows ESU Vulnerabilities\n\nCVE | Title | Exploited | Disclosed | CVSS3 | FAQ \n---|---|---|---|---|--- \n[CVE-2021-34484](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-34484>) | Windows User Profile Service Elevation of Privilege Vulnerability | No | No | 7.8 | No \n[CVE-2021-26424](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-26424>) | Windows TCP/IP Remote Code Execution Vulnerability | No | No | 9.9 | Yes \n[CVE-2021-36936](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-36936>) | Windows Print Spooler Remote Code Execution Vulnerability | No | Yes | 8.8 | No \n[CVE-2021-36947](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-36947>) | Windows Print Spooler Remote Code Execution Vulnerability | No | No | 8.8 | No \n[CVE-2021-34483](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-34483>) | Windows Print Spooler Elevation of Privilege Vulnerability | No | No | 7.8 | No \n[CVE-2021-36937](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-36937>) | Windows Media MPEG-4 Video Decoder Remote Code Execution Vulnerability | No | No | 7.8 | No \n[CVE-2021-36942](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-36942>) | Windows LSA Spoofing Vulnerability | No | Yes | 7.5 | Yes \n[CVE-2021-34533](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-34533>) | Windows Graphics Component Font Parsing Remote Code Execution Vulnerability | No | No | 7.8 | No \n[CVE-2021-26425](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-26425>) | Windows Event Tracing Elevation of Privilege Vulnerability | No | No | 7.8 | No \n[CVE-2021-36927](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-36927>) | Windows Digital TV Tuner device registration application Elevation of Privilege Vulnerability | No | No | 7.8 | No \n[CVE-2021-34537](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-34537>) | Windows Bluetooth Driver Elevation of Privilege Vulnerability | No | No | 7.8 | Yes \n[CVE-2021-34480](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-34480>) | Scripting Engine Memory Corruption Vulnerability | No | No | 6.8 | Yes \n[CVE-2021-34535](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-34535>) | Remote Desktop Client Remote Code Execution Vulnerability | No | No | 8.8 | Yes", "cvss3": {}, "published": "2021-08-11T03:19:33", "type": "rapid7blog", "title": "Patch Tuesday - August 2021", "bulletinFamily": "info", "cvss2": {}, "cvelist": ["CVE-2021-26423", "CVE-2021-26424", "CVE-2021-26425", "CVE-2021-26426", "CVE-2021-26428", "CVE-2021-26429", "CVE-2021-26430", "CVE-2021-26431", "CVE-2021-26432", "CVE-2021-26433", "CVE-2021-30590", "CVE-2021-30591", "CVE-2021-30592", "CVE-2021-30593", "CVE-2021-30594", "CVE-2021-30596", "CVE-2021-30597", "CVE-2021-33762", "CVE-2021-34471", "CVE-2021-34478", "CVE-2021-34480", "CVE-2021-34483", "CVE-2021-34484", "CVE-2021-34485", "CVE-2021-34486", "CVE-2021-34487", "CVE-2021-34524", "CVE-2021-34530", "CVE-2021-34532", "CVE-2021-34533", "CVE-2021-34534", "CVE-2021-34535", "CVE-2021-34536", "CVE-2021-34537", "CVE-2021-36926", "CVE-2021-36927", "CVE-2021-36932", "CVE-2021-36933", "CVE-2021-36934", "CVE-2021-36936", "CVE-2021-36937", "CVE-2021-36938", "CVE-2021-36940", "CVE-2021-36941", "CVE-2021-36942", "CVE-2021-36943", "CVE-2021-36945", "CVE-2021-36946", "CVE-2021-36947", "CVE-2021-36948", "CVE-2021-36949", "CVE-2021-36950"], "modified": "2021-08-11T03:19:33", "id": "RAPID7BLOG:DE426F8A59CA497BB6C0B90C0F1849CD", "href": "https://blog.rapid7.com/2021/08/11/patch-tuesday-august-2021/", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "malwarebytes": [{"lastseen": "2021-08-11T14:38:54", "description": "The sheer number of patches (44 security vulnerabilities) should be enough to scare us, but unfortunately we have gotten used to those numbers. In fact, 44 is a low number compared to what we have seen on recent Patch Tuesdays. So what are the most notable vulnerabilities that were patched.\n\n * One actively exploited vulnerability\n * One vulnerability that has a CVSS score of 9.9 out of 10\n * And yet another attempt to fix PrintNightmare\n\nLet\u2019s go over these worst cases to get an idea of what we are up against.\n\n### CVEs\n\nPublicly disclosed computer security flaws are listed in the Common Vulnerabilities and Exposures (CVE) database. Its goal is to make it easier to share data across separate vulnerability capabilities (tools, databases, and services).\n\n### Actively exploited\n\n[CVE-2021-36948](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-36948>) is an [elevation of privilege (EoP)](<https://blog.malwarebytes.com/glossary/privilege-escalation/>) vulnerability in the Windows Update Medic Service. The Windows Update Medic Service is a background service that was introduced with Windows 10 and handles the updating process. Its only purpose is to repair the Windows Update service so that your PC can continue to receive updates unhindered. Besides on Windows 10 it also runs on Windows Server 2019. According to Microsoft CVE-2021-36948 is being actively exploited, but it is not aware of exploit code publicly available. [Reportedly](<https://blog.automox.com/automox-experts-weigh-in-august-patch-tuesday-2021>), the exploit is both low complexity and can be exploited without user interaction, making this an easy vulnerability to include in an adversaries toolbox. The bug is only locally exploitable, but local elevation of privilege is exactly what ransomware gangs will be looking to do after breaching a network, for example.\n\n### 9.9 out of 10\n\n[CVE-2021-34535](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-34535>) is a [Remote Code Execution (RCE)](<https://blog.malwarebytes.com/glossary/remote-code-execution-rce-attack/>) vulnerability in Windows TCP/IP. This is remotely exploitable by a malicious Hyper-V guest sending an ipv6 ping to the Hyper-V host. An attacker could send a specially crafted TCPIP packet to its host. This vulnerability exists in the TCP/IP protocol stack identified in Windows 7 and newer Microsoft operating systems, including servers.\n\nThis vulnerability received a CVSS score of 9.9 out of 10. The CVSS standards are used to help security researchers, software users, and vulnerability tracking organizations measure and report on the severity of vulnerabilities. CVSS can also help security teams and developers prioritize threats and allocate resources effectively.\n\n### 9.8 out of 10\n\nAnother high scorer is [CVE-2021-26432](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-26432>), an RCE in the Windows Services for NFS ONCRPC XDR Driver. Open Network Computing (ONC) Remote Procedure Call (RPC) is a remote procedure call system. ONC was originally developed by Sun Microsystems. The NFS protocol is independent of the type of operating system, network architecture, and transport protocols. The Windows service for the driver makes sure that Windows computers can use this protocol. This vulnerability got a high score because it is known to be easy to exploit and can be initiated remotely.\n\n### More RDP\n\n[CVE-2021-34535](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-34535>) is an RCE in the Remote Desktop Client. Microsoft lists two exploit scenarios for this vulnerability:\n\n * In the case of a Remote Desktop connection, an attacker with control of a Remote Desktop Server could trigger a remote code execution (RCE) on the machine when a victim connects to the attacking server with the vulnerable Remote Desktop Client.\n * In the case of Hyper-V, a malicious program running in a guest VM could trigger guest-to-host RCE by exploiting this vulnerability in the Hyper-V Viewer when a victim running on the host connects to the attacking Hyper-V guest.\n\nSince this is a client-side vulnerability, an attacker would have to convince a user to authenticate to a malicious RDP server, where the server could then trigger the bug on the client side. Combined with other RDP weaknesses however, this vulnerability would be easy to chain into a full system take-over.\n\n### Never-ending nightmare of PrintNightmare\n\nThe Print Spooler service was subject to yet more patching. The researchers behind PrintNightmare predicted that it would be a fertile ground for further discoveries, and they seem to be right. I\u2019d be tempted to advise Microsoft to start from scratch instead of patching patches on a very old chunk of code.\n\n[CVE-2021-36936](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-36936>) an RCE vulnerability in Windows Print Spooler. A vulnerability that was publicly disclosed, which may be related to several bugs in Print Spooler that were identified by researchers over the past few months (presumably PrintNightmare).\n\n[CVE-2021-34481](<https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-34481>) and [CVE-2021-34527](<https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-34527>) are RCE vulnerabilities that could allow attackers to run arbitrary code with SYSTEM privileges.\n\nMicrosoft said the Print Spooler patch it pushed this time should address all publicly documented security problems with the service. In an unusual step, it has made a breaking change: \u201cToday we are addressing this risk by changing the default Point and Print driver installation and update behavior to require administrator privileges.\u201d\n\nTo be continued, we suspect.\n\nThe post [PrintNightmare and RDP RCE among major issues tackled by Patch Tuesday](<https://blog.malwarebytes.com/exploits-and-vulnerabilities/2021/08/printnightmare-and-rdp-rce-among-major-issues-tackled-by-patch-tuesday/>) appeared first on [Malwarebytes Labs](<https://blog.malwarebytes.com>).", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 8.8, "privilegesRequired": "LOW", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 5.9}, "published": "2021-08-11T12:16:17", "type": "malwarebytes", "title": "PrintNightmare and RDP RCE among major issues tackled by Patch Tuesday", "bulletinFamily": "blog", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.0, "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "acInsufInfo": false, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-26432", "CVE-2021-34481", "CVE-2021-34527", "CVE-2021-34535", "CVE-2021-36936", "CVE-2021-36948"], "modified": "2021-08-11T12:16:17", "id": "MALWAREBYTES:9F3181D8BD5EF0E44A305AF69898B9E0", "href": "https://blog.malwarebytes.com/exploits-and-vulnerabilities/2021/08/printnightmare-and-rdp-rce-among-major-issues-tackled-by-patch-tuesday/", "cvss": {"score": 9.0, "vector": "AV:N/AC:L/Au:S/C:C/I:C/A:C"}}], "zdi": [{"lastseen": "2023-05-23T15:49:07", "description": "This vulnerability allows local attackers to escalate privileges on affected installations of Microsoft Windows. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the storport.sys driver. The issue results from the lack of proper validation of user-supplied data, which can result in an integer overflow before allocating a buffer. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-08-11T00:00:00", "type": "zdi", "title": "Microsoft Windows storport Integer Overflow Privilege Escalation Vulnerability", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 4.6, "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-34536"], "modified": "2021-08-11T00:00:00", "id": "ZDI-21-967", "href": "https://www.zerodayinitiative.com/advisories/ZDI-21-967/", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-05-27T15:46:55", "description": "This vulnerability allows local attackers to escalate privileges on affected installations of Microsoft Windows. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the Windows Update service. The issue results from incorrect permissions set on a directory. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-08-11T00:00:00", "type": "zdi", "title": "Microsoft Windows Update Service Incorrect Permission Assignment Privilege Escalation Vulnerability", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 4.6, "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-26431"], "modified": "2021-08-11T00:00:00", "id": "ZDI-21-963", "href": "https://www.zerodayinitiative.com/advisories/ZDI-21-963/", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-05-27T15:46:20", "description": "This vulnerability allows physically present attackers to bypass authentication on affected installations of Microsoft Windows. Authentication is not required to exploit this vulnerability. The specific flaw exists within the lock screen. The issue results from the lack of proper access control prior to authentication. An attacker can leverage this vulnerability to bypass authentication on the system.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-09-02T00:00:00", "type": "zdi", "title": "Microsoft Windows Lock Screen Improper Access Control Authentication Bypass Vulnerability", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 4.6, "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-26431"], "modified": "2021-09-02T00:00:00", "id": "ZDI-21-1053", "href": "https://www.zerodayinitiative.com/advisories/ZDI-21-1053/", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-05-27T15:46:53", "description": "This vulnerability allows local attackers to escalate privileges on affected installations of Microsoft Windows. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the User Profile Service. By creating a directory junction, an attacker can abuse the service to delete a file. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-08-11T00:00:00", "type": "zdi", "title": "Microsoft Windows User Profile Service Directory Junction Privilege Escalation Vulnerability", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 4.6, "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-26426"], "modified": "2021-08-11T00:00:00", "id": "ZDI-21-965", "href": "https://www.zerodayinitiative.com/advisories/ZDI-21-965/", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-05-27T15:46:54", "description": "This vulnerability allows local attackers to create a denial-of-service condition on affected installations of Microsoft Windows. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the implementation of Event Tracing for Windows. By creating a directory junction, an attacker can abuse Event Tracing to overwrite a file. An attacker can leverage this vulnerability to create a denial-of-service condition on the system.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-08-11T00:00:00", "type": "zdi", "title": "Microsoft Windows Event Tracing Directory Junction Denial-of-Service Vulnerability", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 4.6, "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-26425"], "modified": "2021-08-11T00:00:00", "id": "ZDI-21-964", "href": "https://www.zerodayinitiative.com/advisories/ZDI-21-964/", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-05-23T15:49:08", "description": "This vulnerability allows local attackers to escalate privileges on affected installations of Microsoft Windows. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the User Profile Service. By creating a directory junction, an attacker can abuse the service to delete a directory. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-08-11T00:00:00", "type": "zdi", "title": "Microsoft Windows User Profile Service Directory Junction Privilege Escalation Vulnerability", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 4.6, "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-34484"], "modified": "2021-08-11T00:00:00", "id": "ZDI-21-966", "href": "https://www.zerodayinitiative.com/advisories/ZDI-21-966/", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}}], "checkpoint_advisories": [{"lastseen": "2022-02-16T19:38:12", "description": "A remote code execution vulnerability exists in Microsoft Windows. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 5.9}, "published": "2021-08-10T00:00:00", "type": "checkpoint_advisories", "title": "Microsoft Windows Services for NFS ONCRPC XDR Driver Remote Code Execution (CVE-2021-26432)", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-26432"], "modified": "2021-08-10T00:00:00", "id": "CPAI-2021-0493", "href": "", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-02-16T19:38:09", "description": "A remote code execution vulnerability exists in Microsoft Windows. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 8.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.1"}, "impactScore": 5.9}, "published": "2021-08-10T00:00:00", "type": "checkpoint_advisories", "title": "Microsoft Remote Desktop Client Remote Code Execution (CVE-2021-34535)", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-34535"], "modified": "2021-08-10T00:00:00", "id": "CPAI-2021-0491", "href": "", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-02-16T19:38:06", "description": "An elevation of privilege vulnerability exists in Microsoft Windows. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 7.8, "privilegesRequired": "LOW", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 5.9}, "published": "2021-08-12T00:00:00", "type": "checkpoint_advisories", "title": "Microsoft Windows Update Medic Service Privilege Escalation (CVE-2021-36948)", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 4.6, "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-36948"], "modified": "2021-08-12T00:00:00", "id": "CPAI-2021-0508", "href": "", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-02-16T19:38:09", "description": "A memory corruption vulnerability exists in Microsoft Windows. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 8.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.1"}, "impactScore": 5.9}, "published": "2021-08-10T00:00:00", "type": "checkpoint_advisories", "title": "Microsoft Scripting Engine Memory Corruption (CVE-2021-34480)", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-34480"], "modified": "2021-08-10T00:00:00", "id": "CPAI-2021-0490", "href": "", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "githubexploit": [{"lastseen": "2023-05-23T17:38:43", "description": "# CVE-2021-34486\n Windows Etw LPE\n \nolny tested on windwos 20H2 ...", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-10-12T03:50:44", "type": "githubexploit", "title": "Exploit for Improper Privilege Management in Microsoft", "bulletinFamily": "exploit", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 4.6, "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-34486"], "modified": "2023-03-12T15:03:23", "id": "C9364BDE-48F8-5D2B-8852-D23E7FB2CDDC", "href": "", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}, "privateArea": 1}], "cisa_kev": [{"lastseen": "2023-05-23T17:17:33", "description": "Microsoft Windows Event Tracing contains an unspecified vulnerability which can allow for privilege escalation.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-03-28T00:00:00", "type": "cisa_kev", "title": "Microsoft Windows Event Tracing Privilege Escalation Vulnerability", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 4.6, "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-34486"], "modified": "2022-03-28T00:00:00", "id": "CISA-KEV-CVE-2021-34486", "href": "", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-05-25T15:17:44", "description": "Microsoft Windows Update Medic Service contains an unspecified vulnerability that allows for privilege escalation.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-11-03T00:00:00", "type": "cisa_kev", "title": "Microsoft Windows Update Medic Service Privilege Escalation Vulnerability", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 4.6, "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-36948"], "modified": "2021-11-03T00:00:00", "id": "CISA-KEV-CVE-2021-36948", "href": "", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-05-23T17:17:33", "description": "Microsoft Windows User Profile Service contains an unspecified vulnerability which allows for privilege escalation.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-03-31T00:00:00", "type": "cisa_kev", "title": "Microsoft Windows User Profile Service Privilege Escalation Vulnerability", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 4.6, "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-34484"], "modified": "2022-03-31T00:00:00", "id": "CISA-KEV-CVE-2021-34484", "href": "", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}}], "cnvd": [{"lastseen": "2022-08-27T05:12:02", "description": "Microsoft Windows Print Spooler is a print backend processor component of Microsoft Corporation (USA).A remote code execution vulnerability exists in Microsoft Windows Print Spooler, which can be exploited by attackers to run malicious code on the system.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-08-12T00:00:00", "type": "cnvd", "title": "Microsoft Windows Print Spooler Remote Code Execution Vulnerability (CNVD-2022-10025)", "bulletinFamily": "cnvd", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-36936"], "modified": "2022-02-14T00:00:00", "id": "CNVD-2022-10025", "href": "https://www.cnvd.org.cn/flaw/show/CNVD-2022-10025", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "mskb": [{"lastseen": "2023-05-19T10:52:17", "description": "None\nThis article applies to the following:\n\n * Internet Explorer 11 on Windows Server 2012 R2\n * Internet Explorer 11 on Windows 8.1\n * Internet Explorer 11 on Windows Server 2012\n * Internet Explorer 11 on Windows Server 2008 R2 SP1\n * Internet Explorer 11 on Windows 7 SP1\n * Internet Explorer 9 on Windows Server 2008 SP2\n\n**Important: **\n\n * As of February 11, 2020, Internet Explorer 10 is no longer in support. To get Internet Explorer 11 for Windows Server 2012 or Windows 8 Embedded Standard, see [KB4492872](<https://support.microsoft.com/help/4492872>). Install one of the following applicable updates to stay updated with the latest security fixes:\n * Cumulative Update for Internet Explorer 11 for Windows Server 2012.\n * Cumulative Update for Internet Explorer 11 for Windows 8 Embedded Standard.\n * The August 2021 Monthly Rollup.\n * Some customers using Windows Server 2008 R2 SP1 who activated their ESU multiple activation key (MAK) add-on before installing the January 14, 2020 updates might need to re-activate their key. Re-activation on affected devices should only be required once. For information on activation, see this [blog](<https://aka.ms/Windows7ESU>) post.\n * WSUS scan cab files will continue to be available for Windows 7 SP1 and Windows Server 2008 R2 SP1. If you have a subset of devices running these operating systems without ESU, they might show as non-compliant in your patch management and compliance toolsets.\n\n## **Summary**\n\nThis security update resolves vulnerabilities in Internet Explorer. To learn more about these vulnerabilities, see [Microsoft Common Vulnerabilities and Exposures](<https://portal.msrc.microsoft.com/en-us/security-guidance>).Additionally, see the following articles for more information about cumulative updates:\n\n * [Windows Server 2008 SP2 update history](<https://support.microsoft.com/help/4343218>)\n * [Windows 7 SP1 and Windows Server 2008 R2 SP1 update history](<https://support.microsoft.com/help/4009469>)\n * [Windows Server 2012 update history](<https://support.microsoft.com/help/4009471>)\n * [Windows 8.1 and Windows Server 2012 R2 update history](<https://support.microsoft.com/help/4009470>)\n\n**Important: **\n\n * The fixes that are included in this update are also included in the August 2021 Security Monthly Quality Rollup. Installing either this update or the Security Monthly Quality Rollup installs the same fixes.\n * This update is not applicable for installation on a device on which the Security Monthly Quality Rollup from August 2021 or a later month is already installed. This is because that update contains all the same fixes that are included in this update.\n * If you use update management processes other than Windows Update and you automatically approve all security update classifications for deployment, this update, the August 2021 Security-only Quality Update, and the August 2021 Security Monthly Quality Rollup are deployed. We recommend that you review your update deployment rules to make sure that the desired updates are deployed.\n * If you install a language pack after you install this update, you must reinstall this update. Therefore, we recommend that you install any language packs that you need before you install this update. For more information, see [Add language packs to Windows](<https://technet.microsoft.com/library/hh825699>).\n\n## **Known issues in this security update**\n\nWe are currently not aware of any issues in this update.\n\n## **How to get and install this update**\n\n**Before installing this update**To install Windows 7 SP1, Windows Server 2008 R2 SP1, or Windows Server 2008 SP2 updates released on or after July 2019, you must have the following required updates installed. If you use Windows Update, these required updates will be offered automatically as needed.\n\n * Install the SHA-2 code signing support updates: \n \nFor Windows 7 SP1, Windows Server 2008 R2, and Windows Server 2008 SP2, you must have the SHA-2 update ([KB4474419](<https://support.microsoft.com/help/4474419>)) that is dated September 23, 2019 or a later SHA-2 update installed and then restart your device before you apply this update. For more information about SHA-2 updates, see [2019 SHA-2 Code Signing Support requirement for Windows and WSUS](<https://support.microsoft.com/help/4472027>). \n \nFor Windows 7 SP1 and Windows Server 2008 R2 SP1, you must have installed the servicing stack update (SSU) ([KB4490628](<https://support.microsoft.com/help/4490628>)) that is dated March 12, 2019. After update [KB4490628](<https://support.microsoft.com/help/4490628>) is installed, we recommend that you install the July 13, 2021 SSU ([KB5004378](<https://support.microsoft.com/help/5004378>)) or a later SSU update. For more information about the latest SSU updates, see [ADV990001 | Latest Servicing Stack Updates](<https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/ADV990001>). \n \nFor Windows Server 2008 SP2, you must have installed the servicing stack update (SSU) ([KB4493730](<https://support.microsoft.com/help/4493730>)) that is dated April 9, 2019. After update [KB4493730](<https://support.microsoft.com/help/4493730>) is installed, we recommend that you install the October 13, 2020 SSU ([KB4580971](<https://support.microsoft.com/help/4580971>)) or a later SSU update. For more information about the latest SSU updates, see [ADV990001 | Latest Servicing Stack Updates](<https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/ADV990001>).\n * Install the Extended Security Update (ESU): \n \nFor Windows 7 SP1 and Windows Server 2008 R2 SP1, you must have installed the \"Extended Security Updates (ESU) Licensing Preparation Package\" ([KB4538483](<https://support.microsoft.com/en/help/4538483>)) or the \"Update for the Extended Security Updates (ESU) Licensing Preparation Package\" ([KB4575903](<https://support.microsoft.com/help/4575903>)). The ESU licensing preparation package will be offered to you from WSUS. To get the standalone package for ESU licensing preparation package, search for it in the [Microsoft Update Catalog](<http://www.catalog.update.microsoft.com/home.aspx>). \n \nFor Windows 7 SP1, Windows Server 2008 R2 SP1, and Windows Server 2008 SP2, you must have purchased the Extended Security Update (ESU) for on-premises versions of these operating systems and follow the procedures in [KB4522133](<https://support.microsoft.com/help/4522133>) to continue receiving security updates after extended support ends. Extended support ends as follows:\n * For Windows 7 SP1, Windows Server 2008 R2 SP1, and Windows Server 2008 SP2, extended support ends on January 14, 2020.\n * For Windows Embedded Standard 7, extended support ends on October 13, 2020.\nFor more information about ESU and which editions are supported, see [KB4497181](<https://support.microsoft.com/help/4497181>). \n \nFor Windows Embedded Standard 7, Windows Management Instrumentation (WMI) must be enabled to get updates from Windows Update or Windows Server Update Services. \n \nFor Windows Thin PC, you must have the August 11, 2020 SSU ([KB4570673](<https://support.microsoft.com/help/4570673>)) or a later SSU installed to make sure you continue to get the extended security updates starting with the October 13, 2020 updates.**Important **You must restart your device after you install these required updates.**Install this update**To install this update, use one of the following release channels.**Release Channel**| **Available**| **Next Step** \n---|---|--- \nWindows Update and Microsoft Update| No| See the other following options. \nWindows Update for Business| Yes| None. This update will be downloaded and installed automatically from Windows Update in accordance with configured policies. \nMicrosoft Update Catalog| Yes| To get the standalone package for this update, go to the [Microsoft Update Catalog](<https://www.catalog.update.microsoft.com/Search.aspx?q=KB5005036>) website. \nWindows Server Update Services (WSUS)| Yes| This update will automatically synchronize with WSUS if you configure **Products and Classifications** as follows:**Product**: Windows Server 2008 Service Pack 2, Windows 7 Service Pack 1, Windows Server 2008 R2 Service Pack 1, Windows Server 2012, Windows Embedded 8 Standard, Windows 8.1, Windows Server 2012 R2**Classification**: Security Updates \n \n## **File information**\n\nThe English (United States) version of this software update installs files that have the attributes that are listed in the following tables.**Note** The MANIFEST files (.manifest) and MUM files (.mum) that are installed are not listed.\n\n### Windows 8.1, Windows RT 8.1 and Windows Server 2012 R2\n\n### \n\n__\n\nInternet Explorer 11 on all supported x86-based versions\n\n**File name**| **File version**| **Date**| **Time**| **File size** \n---|---|---|---|--- \nactxprxy.dll| 6.3.9600.20045| 4-Jun-2021| 21:32| 1,049,600 \nhlink.dll| 6.3.9600.19101| 18-Jul-2018| 20:55| 99,328 \npngfilt.dll| 11.0.9600.19963| 12-Feb-2021| 18:49| 58,368 \nurlmon.dll| 11.0.9600.20091| 12-Jul-2021| 20:21| 1,342,976 \niexplore.exe| 11.0.9600.19036| 24-May-2018| 22:24| 817,296 \nWininetPlugin.dll| 6.3.9600.17416| 30-Oct-2014| 20:12| 35,328 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 13:31| 46,592 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 13:30| 52,736 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 13:30| 51,200 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 13:30| 51,200 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 13:30| 56,320 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 13:32| 57,856 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 13:32| 49,664 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 11:17| 49,664 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 13:32| 54,272 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 13:32| 47,616 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 13:32| 49,152 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 13:30| 55,296 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 13:32| 45,056 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 13:32| 51,712 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 13:32| 51,712 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 13:32| 53,248 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 13:32| 39,424 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 13:32| 35,840 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 13:31| 50,176 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 13:31| 51,200 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 13:31| 50,688 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 13:31| 52,736 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 13:31| 53,760 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 12:30| 54,272 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 12:29| 54,272 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 12:30| 52,736 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 12:29| 51,200 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 12:30| 53,248 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 12:30| 52,736 \nwininet.dll.mui| 11.0.9600.20091| 12-Jul-2021| 23:22| 51,712 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 12:30| 50,688 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 12:27| 50,688 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 12:28| 50,176 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 12:28| 50,176 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 12:28| 31,232 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 13:30| 31,232 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 13:30| 31,232 \nhtml.iec| 2019.0.0.18895| 1-Jan-2018| 20:51| 341,504 \ninetcpl.cpl| 11.0.9600.20045| 4-Jun-2021| 21:30| 2,058,752 \nmshtml.dll.mui| 11.0.9600.19404| 9-Jul-2019| 21:50| 307,200 \nmshtml.dll.mui| 11.0.9600.19404| 9-Jul-2019| 21:50| 293,888 \nmshtml.dll.mui| 11.0.9600.19404| 9-Jul-2019| 21:52| 290,304 \nmshtml.dll.mui| 11.0.9600.19404| 9-Jul-2019| 21:50| 289,280 \nmshtml.dll.mui| 11.0.9600.19404| 9-Jul-2019| 21:50| 299,008 \nmshtml.dll.mui| 11.0.9600.19404| 9-Jul-2019| 21:50| 303,104 \nmshtml.dll.mui| 11.0.9600.19404| 9-Jul-2019| 21:49| 282,112 \nmshtml.dll.mui| 11.0.9600.19404| 9-Jul-2019| 20:58| 282,112 \nmshtml.dll.mui| 11.0.9600.19404| 9-Jul-2019| 21:51| 296,960 \nmshtml.dll.mui| 11.0.9600.19404| 9-Jul-2019| 21:50| 283,648 \nmshtml.dll.mui| 11.0.9600.19404| 9-Jul-2019| 21:50| 291,840 \nmshtml.dll.mui| 11.0.9600.19404| 9-Jul-2019| 21:50| 299,520 \nmshtml.dll.mui| 11.0.9600.19404| 9-Jul-2019| 21:51| 275,968 \nmshtml.dll.mui| 11.0.9600.19404| 9-Jul-2019| 21:49| 290,816 \nmshtml.dll.mui| 11.0.9600.19404| 9-Jul-2019| 21:49| 293,376 \nmshtml.dll.mui| 11.0.9600.19404| 9-Jul-2019| 21:53| 296,960 \nmshtml.dll.mui| 11.0.9600.19404| 9-Jul-2019| 21:53| 258,048 \nmshtml.dll.mui| 11.0.9600.19404| 9-Jul-2019| 21:52| 256,512 \nmshtml.dll.mui| 11.0.9600.19404| 9-Jul-2019| 21:51| 289,280 \nmshtml.dll.mui| 11.0.9600.19404| 9-Jul-2019| 21:53| 288,256 \nmshtml.dll.mui| 11.0.9600.19404| 9-Jul-2019| 21:53| 285,184 \nmshtml.dll.mui| 11.0.9600.19404| 9-Jul-2019| 21:53| 295,424 \nmshtml.dll.mui| 11.0.9600.19404| 9-Jul-2019| 21:52| 297,472 \nmshtml.dll.mui| 11.0.9600.19404| 9-Jul-2019| 21:50| 292,864 \nmshtml.dll.mui| 11.0.9600.19404| 9-Jul-2019| 21:51| 295,424 \nmshtml.dll.mui| 11.0.9600.19404| 9-Jul-2019| 21:50| 294,400 \nmshtml.dll.mui| 11.0.9600.19404| 9-Jul-2019| 21:51| 294,400 \nmshtml.dll.mui| 11.0.9600.19404| 9-Jul-2019| 21:50| 292,864 \nmshtml.dll.mui| 11.0.9600.19404| 9-Jul-2019| 21:50| 290,816 \nmshtml.dll.mui| 11.0.9600.20091| 12-Jul-2021| 23:25| 290,816 \nmshtml.dll.mui| 11.0.9600.19404| 9-Jul-2019| 21:50| 286,208 \nmshtml.dll.mui| 11.0.9600.19404| 9-Jul-2019| 21:43| 281,600 \nmshtml.dll.mui| 11.0.9600.19404| 9-Jul-2019| 21:43| 286,720 \nmshtml.dll.mui| 11.0.9600.19404| 9-Jul-2019| 21:42| 292,352 \nmshtml.dll.mui| 11.0.9600.19404| 9-Jul-2019| 21:43| 242,176 \nmshtml.dll.mui| 11.0.9600.19404| 9-Jul-2019| 21:53| 243,200 \nmshtml.dll.mui| 11.0.9600.19404| 9-Jul-2019| 21:50| 243,200 \nF12Resources.dll.mui| 11.0.9600.17278| 16-Aug-2014| 1:34| 73,728 \nF12Resources.dll.mui| 11.0.9600.17278| 16-Aug-2014| 1:33| 67,584 \nF12Resources.dll.mui| 11.0.9600.17278| 16-Aug-2014| 1:34| 67,584 \nF12Resources.dll.mui| 11.0.9600.17278| 16-Aug-2014| 1:35| 74,240 \nF12Resources.dll.mui| 11.0.9600.17278| 16-Aug-2014| 1:33| 78,848 \nF12Resources.dll.mui| 11.0.9600.17278| 16-Aug-2014| 1:34| 61,440 \nF12Resources.dll.mui| 11.0.9600.17278| 15-Aug-2014| 19:47| 61,440 \nF12Resources.dll.mui| 11.0.9600.17278| 16-Aug-2014| 1:33| 74,752 \nF12Resources.dll.mui| 11.0.9600.17278| 16-Aug-2014| 1:32| 62,464 \nF12Resources.dll.mui| 11.0.9600.17278| 16-Aug-2014| 1:27| 68,096 \nF12Resources.dll.mui| 11.0.9600.17278| 16-Aug-2014| 1:27| 75,264 \nF12Resources.dll.mui| 11.0.9600.17278| 16-Aug-2014| 1:27| 68,608 \nF12Resources.dll.mui| 11.0.9600.17278| 16-Aug-2014| 1:29| 71,680 \nF12Resources.dll.mui| 11.0.9600.17278| 16-Aug-2014| 1:27| 73,216 \nF12Resources.dll.mui| 11.0.9600.17278| 16-Aug-2014| 1:30| 41,472 \nF12Resources.dll.mui| 11.0.9600.17278| 16-Aug-2014| 1:30| 37,888 \nF12Resources.dll.mui| 11.0.9600.17278| 16-Aug-2014| 1:30| 68,608 \nF12Resources.dll.mui| 11.0.9600.17278| 16-Aug-2014| 1:30| 67,584 \nF12Resources.dll.mui| 11.0.9600.17278| 16-Aug-2014| 1:30| 65,536 \nF12Resources.dll.mui| 11.0.9600.17278| 16-Aug-2014| 1:30| 74,240 \nF12Resources.dll.mui| 11.0.9600.17278| 16-Aug-2014| 1:30| 70,656 \nF12Resources.dll.mui| 11.0.9600.17278| 16-Aug-2014| 1:30| 71,168 \nF12Resources.dll.mui| 11.0.9600.17278| 16-Aug-2014| 1:30| 71,680 \nF12Resources.dll.mui| 11.0.9600.17278| 16-Aug-2014| 1:30| 71,168 \nF12Resources.dll.mui| 11.0.9600.17278| 16-Aug-2014| 1:38| 69,632 \nF12Resources.dll.mui| 11.0.9600.17278| 16-Aug-2014| 1:38| 68,096 \nF12Resources.dll.mui| 11.0.9600.17278| 16-Aug-2014| 1:39| 68,608 \nF12Resources.dll.mui| 11.0.9600.20091| 12-Jul-2021| 23:23| 68,096 \nF12Resources.dll.mui| 11.0.9600.17278| 16-Aug-2014| 1:38| 65,536 \nF12Resources.dll.mui| 11.0.9600.17278| 16-Aug-2014| 1:38| 59,904 \nF12Resources.dll.mui| 11.0.9600.17278| 16-Aug-2014| 1:38| 65,536 \nF12Resources.dll.mui| 11.0.9600.17278| 16-Aug-2014| 1:38| 69,120 \nF12Resources.dll.mui| 11.0.9600.17278| 16-Aug-2014| 1:39| 29,696 \nF12Resources.dll.mui| 11.0.9600.17278| 16-Aug-2014| 1:34| 30,720 \nF12Resources.dll.mui| 11.0.9600.17278| 16-Aug-2014| 1:33| 30,720 \nJavaScriptCollectionAgent.dll| 11.0.9600.19963| 12-Feb-2021| 18:25| 60,416 \nDiagnosticsHub.ScriptedSandboxPlugin.dll| 11.0.9600.19963| 12-Feb-2021| 18:26| 230,912 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 13:26| 46,080 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 13:24| 50,176 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 13:23| 48,640 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 13:24| 49,664 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 13:23| 51,712 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 12:12| 54,272 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 12:12| 48,128 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 11:10| 48,128 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 12:12| 50,176 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 12:12| 47,616 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 12:12| 49,152 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 13:24| 50,688 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 12:12| 45,056 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 12:12| 49,152 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 12:13| 49,152 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 12:07| 49,664 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 12:07| 39,936 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 12:07| 39,424 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 12:07| 47,616 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 12:07| 48,640 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 12:07| 51,200 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 12:07| 50,688 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 12:03| 49,152 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 12:04| 50,176 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 12:02| 49,152 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 12:03| 48,640 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 12:03| 49,664 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 12:03| 48,640 \nurlmon.dll.mui| 11.0.9600.20091| 12-Jul-2021| 23:24| 49,664 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 12:03| 48,640 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 12:04| 48,128 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 12:04| 49,152 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 12:05| 48,128 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 12:04| 35,328 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 13:23| 35,328 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 13:23| 35,328 \nwininet.dll| 11.0.9600.20091| 12-Jul-2021| 20:26| 4,387,840 \njsproxy.dll| 11.0.9600.17416| 30-Oct-2014| 20:16| 47,104 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 14:12| 114,176 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 14:09| 130,560 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 14:10| 124,928 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 14:12| 122,880 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 14:10| 130,048 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 14:12| 138,240 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 14:12| 114,688 \ninetcpl.cpl.mui| 11.0.9600.18666| 16-Apr-2017| 1:51| 114,688 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 14:12| 131,584 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 14:10| 117,760 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 14:12| 122,368 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 14:12| 134,144 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 14:13| 107,008 \ninetcpl.cpl.mui| 11.0.9600.18838| 14-Oct-2017| 1:46| 123,392 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 14:11| 127,488 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 14:11| 128,512 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 14:07| 88,064 \ninetcpl.cpl.mui| 11.0.9600.18838| 14-Oct-2017| 1:47| 82,944 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 14:07| 125,440 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 14:07| 123,392 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 14:10| 120,320 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 14:07| 130,560 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 14:07| 129,024 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 15:26| 125,952 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 15:26| 129,024 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 15:25| 128,000 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 15:26| 123,904 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 15:26| 129,024 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 15:25| 123,904 \ninetcpl.cpl.mui| 11.0.9600.20091| 12-Jul-2021| 23:25| 124,416 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 13:56| 121,856 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 14:03| 115,712 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 14:04| 123,904 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 14:04| 125,440 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 14:04| 74,752 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 14:09| 75,776 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 14:10| 75,776 \nieui.dll| 11.0.9600.18895| 1-Jan-2018| 20:44| 476,160 \niedkcs32.dll| 18.0.9600.20045| 4-Jun-2021| 21:34| 333,312 \ninstall.ins| Not versioned| 12-Jul-2021| 19:02| 464 \nieapfltr.dat| 10.0.9301.0| 23-Sep-2013| 19:20| 616,104 \nieapfltr.dll| 11.0.9600.20091| 12-Jul-2021| 20:18| 710,656 \niepeers.dll| 11.0.9600.19963| 12-Feb-2021| 18:20| 128,512 \nlicmgr10.dll| 11.0.9600.17416| 30-Oct-2014| 20:03| 27,136 \ntdc.ocx| 11.0.9600.19963| 12-Feb-2021| 18:24| 73,728 \nDiagnosticsHub.DataWarehouse.dll| 11.0.9600.18895| 1-Jan-2018| 20:55| 489,472 \niedvtool.dll| 11.0.9600.20045| 4-Jun-2021| 22:45| 772,608 \nDiagnosticsHub_is.dll| 11.0.9600.19963| 12-Feb-2021| 18:52| 38,912 \ndxtmsft.dll| 11.0.9600.19963| 12-Feb-2021| 18:29| 415,744 \ndxtrans.dll| 11.0.9600.19963| 12-Feb-2021| 18:20| 280,064 \nMicrosoft-Windows-IE-F12-Provider.ptxml| Not versioned| 15-Aug-2014| 15:51| 11,892 \nF12.dll.mui| 11.0.9600.17278| 16-Aug-2014| 1:34| 4,096 \nF12.dll.mui| 11.0.9600.17278| 16-Aug-2014| 1:35| 4,096 \nF12.dll.mui| 11.0.9600.17278| 16-Aug-2014| 1:36| 4,096 \nF12.dll.mui| 11.0.9600.17278| 16-Aug-2014| 1:33| 4,096 \nF12.dll.mui| 11.0.9600.17278| 16-Aug-2014| 1:34| 4,096 \nF12.dll.mui| 11.0.9600.17278| 16-Aug-2014| 1:33| 4,096 \nF12.dll.mui| 11.0.9600.17278| 15-Aug-2014| 19:47| 4,096 \nF12.dll.mui| 11.0.9600.17278| 16-Aug-2014| 1:32| 4,096 \nF12.dll.mui| 11.0.9600.17278| 16-Aug-2014| 1:32| 4,096 \nF12.dll.mui| 11.0.9600.17278| 16-Aug-2014| 1:26| 4,096 \nF12.dll.mui| 11.0.9600.17278| 16-Aug-2014| 1:27| 4,096 \nF12.dll.mui| 11.0.9600.17278| 16-Aug-2014| 1:27| 4,096 \nF12.dll.mui| 11.0.9600.17278| 16-Aug-2014| 1:27| 4,096 \nF12.dll.mui| 11.0.9600.17278| 16-Aug-2014| 1:26| 4,096 \nF12.dll.mui| 11.0.9600.17278| 16-Aug-2014| 1:30| 3,584 \nF12.dll.mui| 11.0.9600.17278| 16-Aug-2014| 1:30| 3,584 \nF12.dll.mui| 11.0.9600.17278| 16-Aug-2014| 1:29| 4,096 \nF12.dll.mui| 11.0.9600.17278| 16-Aug-2014| 1:29| 4,096 \nF12.dll.mui| 11.0.9600.17278| 16-Aug-2014| 1:30| 4,096 \nF12.dll.mui| 11.0.9600.17278| 16-Aug-2014| 1:30| 4,096 \nF12.dll.mui| 11.0.9600.17278| 16-Aug-2014| 1:30| 4,096 \nF12.dll.mui| 11.0.9600.17278| 16-Aug-2014| 1:31| 4,096 \nF12.dll.mui| 11.0.9600.17278| 16-Aug-2014| 1:30| 4,096 \nF12.dll.mui| 11.0.9600.17278| 16-Aug-2014| 1:37| 4,096 \nF12.dll.mui| 11.0.9600.17278| 16-Aug-2014| 1:37| 4,096 \nF12.dll.mui| 11.0.9600.17278| 16-Aug-2014| 1:38| 4,096 \nF12.dll.mui| 11.0.9600.20091| 12-Jul-2021| 23:23| 4,096 \nF12.dll.mui| 11.0.9600.17278| 16-Aug-2014| 1:39| 4,096 \nF12.dll.mui| 11.0.9600.17278| 16-Aug-2014| 1:37| 4,096 \nF12.dll.mui| 11.0.9600.17278| 16-Aug-2014| 1:37| 4,096 \nF12.dll.mui| 11.0.9600.17278| 16-Aug-2014| 1:38| 3,584 \nF12.dll.mui| 11.0.9600.17278| 16-Aug-2014| 1:32| 3,584 \nF12.dll.mui| 11.0.9600.17278| 16-Aug-2014| 1:34| 3,584 \nDiagnosticsTap.dll| 11.0.9600.19963| 12-Feb-2021| 18:28| 175,104 \nF12Resources.dll| 11.0.9600.18939| 10-Feb-2018| 9:17| 10,948,096 \nF12Tools.dll| 11.0.9600.19963| 12-Feb-2021| 18:27| 256,000 \nF12.dll| 11.0.9600.19963| 12-Feb-2021| 18:17| 1,207,808 \nmsfeeds.dll| 11.0.9600.20091| 12-Jul-2021| 20:37| 696,320 \nmsfeeds.mof| Not versioned| 5-Feb-2014| 21:53| 1,518 \nmsfeedsbs.mof| Not versioned| 21-Aug-2013| 16:49| 1,574 \nmsfeedsbs.dll| 11.0.9600.19650| 11-Feb-2020| 4:57| 52,736 \nmsfeedssync.exe| 11.0.9600.17416| 30-Oct-2014| 20:25| 11,264 \nmshta.exe| 11.0.9600.17416| 30-Oct-2014| 20:28| 12,800 \nmshtmled.dll| 11.0.9600.19963| 12-Feb-2021| 18:21| 76,800 \nmshtml.dll| 11.0.9600.20091| 12-Jul-2021| 21:35| 20,293,632 \nmshtml.tlb| 11.0.9600.16518| 6-Feb-2014| 2:20| 2,724,864 \nMicrosoft-Windows-IE-HTMLRendering.ptxml| Not versioned| 5-Feb-2014| 21:40| 3,228 \nIEAdvpack.dll| 11.0.9600.17416| 30-Oct-2014| 20:14| 112,128 \nieetwcollector.exe| 11.0.9600.18666| 16-Apr-2017| 0:47| 104,960 \nieetwproxystub.dll| 11.0.9600.17416| 30-Oct-2014| 20:23| 47,616 \nieetwcollectorres.dll| 11.0.9600.16518| 6-Feb-2014| 2:19| 4,096 \nielowutil.exe| 11.0.9600.19404| 9-Jul-2019| 20:06| 221,184 \nieproxy.dll| 11.0.9600.19963| 12-Feb-2021| 17:45| 310,784 \nIEShims.dll| 11.0.9600.20045| 4-Jun-2021| 21:12| 290,304 \niexpress.exe| 11.0.9600.17416| 30-Oct-2014| 20:27| 152,064 \nwextract.exe| 11.0.9600.17416| 30-Oct-2014| 20:28| 137,728 \nimgutil.dll| 11.0.9600.19963| 12-Feb-2021| 17:59| 40,448 \nExtExport.exe| 11.0.9600.17416| 30-Oct-2014| 20:20| 25,600 \nWindows Pop-up Blocked.wav| Not versioned| 23-Sep-2013| 19:58| 85,548 \nWindows Information Bar.wav| Not versioned| 23-Sep-2013| 19:58| 23,308 \nWindows Feed Discovered.wav| Not versioned| 23-Sep-2013| 19:58| 19,884 \nWindows Navigation Start.wav| Not versioned| 23-Sep-2013| 19:58| 11,340 \nbing.ico| Not versioned| 23-Sep-2013| 19:36| 5,430 \nieUnatt.exe| 11.0.9600.17416| 30-Oct-2014| 20:12| 115,712 \nMicrosoft-Windows-IE-InternetExplorer-ppdlic.xrm-ms| Not versioned| 12-Jul-2021| 22:32| 2,956 \njsdbgui.dll| 11.0.9600.19963| 12-Feb-2021| 18:22| 459,776 \njsprofilerui.dll| 11.0.9600.19963| 12-Feb-2021| 18:22| 579,584 \nMemoryAnalyzer.dll| 11.0.9600.20045| 4-Jun-2021| 21:48| 1,399,296 \nMshtmlDac.dll| 11.0.9600.19867| 12-Oct-2020| 21:43| 64,000 \nnetworkinspection.dll| 11.0.9600.19846| 23-Sep-2020| 20:28| 1,075,200 \noccache.dll| 11.0.9600.17416| 30-Oct-2014| 19:48| 130,048 \ndesktop.ini| Not versioned| 18-Jun-2013| 5:18| 65 \nwebcheck.dll| 11.0.9600.19963| 12-Feb-2021| 18:13| 230,400 \ndesktop.ini| Not versioned| 18-Jun-2013| 5:19| 65 \npdm.dll| 12.0.41202.0| 30-Sep-2014| 16:00| 442,992 \nmsdbg2.dll| 12.0.41202.0| 30-Sep-2014| 16:00| 315,008 \npdmproxy100.dll| 12.0.41202.0| 30-Sep-2014| 16:00| 99,984 \nmsrating.dll| 11.0.9600.19507| 5-Oct-2019| 19:57| 168,960 \nicrav03.rat| Not versioned| 23-Sep-2013| 19:25| 8,798 \nticrf.rat| Not versioned| 23-Sep-2013| 19:26| 1,988 \niertutil.dll| 11.0.9600.20064| 14-Jun-2021| 21:16| 2,308,608 \nie4uinit.exe| 11.0.9600.19963| 12-Feb-2021| 18:11| 692,224 \niernonce.dll| 11.0.9600.17416| 30-Oct-2014| 20:15| 30,720 \niesetup.dll| 11.0.9600.17416| 30-Oct-2014| 20:24| 62,464 \nieuinit.inf| Not versioned| 12-Mar-2015| 18:55| 16,303 \ninseng.dll| 11.0.9600.17416| 30-Oct-2014| 19:56| 91,136 \niesysprep.dll| 11.0.9600.17416| 30-Oct-2014| 19:56| 90,624 \nTimeline.dll| 11.0.9600.19963| 12-Feb-2021| 18:23| 154,112 \nTimeline_is.dll| 11.0.9600.19963| 12-Feb-2021| 18:40| 124,928 \nTimeline.cpu.xml| Not versioned| 24-Jul-2014| 12:11| 3,197 \nVGX.dll| 11.0.9600.19963| 12-Feb-2021| 18:21| 818,176 \nurl.dll| 11.0.9600.17416| 30-Oct-2014| 20:24| 235,520 \nieframe.dll.mui| 11.0.9600.19846| 23-Sep-2020| 22:27| 2,066,432 \nieframe.dll.mui| 11.0.9600.19846| 23-Sep-2020| 22:26| 2,121,216 \nieframe.dll.mui| 11.0.9600.19846| 23-Sep-2020| 22:26| 2,075,136 \nieframe.dll.mui| 11.0.9600.19846| 23-Sep-2020| 22:27| 2,063,872 \nieframe.dll.mui| 11.0.9600.19846| 23-Sep-2020| 22:26| 2,314,240 \nieframe.dll.mui| 11.0.9600.19846| 23-Sep-2020| 22:29| 2,390,528 \nieframe.dll.mui| 11.0.9600.19846| 23-Sep-2020| 22:29| 2,034,176 \nieframe.dll.mui| 11.0.9600.19846| 23-Sep-2020| 21:39| 2,033,152 \nieframe.dll.mui| 11.0.9600.19846| 23-Sep-2020| 22:29| 2,307,584 \nieframe.dll.mui| 11.0.9600.19846| 23-Sep-2020| 22:29| 2,255,872 \nieframe.dll.mui| 11.0.9600.19846| 23-Sep-2020| 22:30| 2,061,312 \nieframe.dll.mui| 11.0.9600.19846| 23-Sep-2020| 22:26| 2,326,016 \nieframe.dll.mui| 11.0.9600.19846| 23-Sep-2020| 22:29| 2,019,840 \nieframe.dll.mui| 11.0.9600.19846| 23-Sep-2020| 22:29| 2,071,040 \nieframe.dll.mui| 11.0.9600.19846| 23-Sep-2020| 22:29| 2,082,816 \nieframe.dll.mui| 11.0.9600.19846| 23-Sep-2020| 22:27| 2,307,584 \nieframe.dll.mui| 11.0.9600.19846| 23-Sep-2020| 22:26| 2,170,368 \nieframe.dll.mui| 11.0.9600.19846| 23-Sep-2020| 22:27| 2,153,984 \nieframe.dll.mui| 11.0.9600.19846| 23-Sep-2020| 22:26| 2,291,712 \nieframe.dll.mui| 11.0.9600.19846| 23-Sep-2020| 22:27| 2,283,520 \nieframe.dll.mui| 11.0.9600.19846| 23-Sep-2020| 22:26| 2,052,096 \nieframe.dll.mui| 11.0.9600.19846| 23-Sep-2020| 22:27| 2,301,952 \nieframe.dll.mui| 11.0.9600.19846| 23-Sep-2020| 22:27| 2,093,056 \nieframe.dll.mui| 11.0.9600.19846| 23-Sep-2020| 22:30| 2,075,648 \nieframe.dll.mui| 11.0.9600.19846| 23-Sep-2020| 22:30| 2,299,392 \nieframe.dll.mui| 11.0.9600.19846| 23-Sep-2020| 22:30| 2,094,592 \nieframe.dll.mui| 11.0.9600.19846| 23-Sep-2020| 22:30| 2,316,800 \nieframe.dll.mui| 11.0.9600.19846| 23-Sep-2020| 22:30| 2,305,536 \nieframe.dll.mui| 11.0.9600.19846| 23-Sep-2020| 22:30| 2,278,912 \nieframe.dll.mui| 11.0.9600.20091| 12-Jul-2021| 23:26| 2,286,080 \nieframe.dll.mui| 11.0.9600.19846| 23-Sep-2020| 22:30| 2,060,288 \nieframe.dll.mui| 11.0.9600.19846| 23-Sep-2020| 22:30| 2,315,776 \nieframe.dll.mui| 11.0.9600.19846| 23-Sep-2020| 22:30| 2,278,912 \nieframe.dll.mui| 11.0.9600.19846| 23-Sep-2020| 22:29| 2,324,992 \nieframe.dll.mui| 11.0.9600.19846| 23-Sep-2020| 22:30| 2,098,176 \nieframe.dll.mui| 11.0.9600.19846| 23-Sep-2020| 22:26| 1,890,304 \nieframe.dll.mui| 11.0.9600.19846| 23-Sep-2020| 22:26| 1,890,304 \nieframe.dll| 11.0.9600.20091| 12-Jul-2021| 20:43| 13,882,368 \nieframe.ptxml| Not versioned| 5-Feb-2014| 21:40| 24,486 \nieinstal.exe| 11.0.9600.18921| 9-Feb-2018| 21:35| 475,648 \nInetRes.adml| Not versioned| 12-Feb-2021| 20:30| 526,294 \nInetRes.adml| Not versioned| 12-Feb-2021| 20:29| 499,654 \nInetRes.adml| Not versioned| 12-Feb-2021| 20:29| 552,337 \nInetRes.adml| Not versioned| 12-Feb-2021| 20:31| 944,559 \nInetRes.adml| Not versioned| 12-Feb-2021| 19:38| 457,561 \nInetRes.adml| Not versioned| 12-Feb-2021| 20:31| 543,946 \nInetRes.adml| Not versioned| 12-Feb-2021| 20:31| 526,557 \nInetRes.adml| Not versioned| 12-Feb-2021| 20:29| 575,838 \nInetRes.adml| Not versioned| 12-Feb-2021| 20:30| 570,737 \nInetRes.adml| Not versioned| 12-Feb-2021| 20:29| 548,119 \nInetRes.adml| Not versioned| 12-Feb-2021| 20:31| 639,271 \nInetRes.adml| Not versioned| 12-Feb-2021| 20:29| 525,504 \nInetRes.adml| Not versioned| 12-Feb-2021| 20:29| 488,488 \nInetRes.adml| Not versioned| 12-Feb-2021| 20:29| 548,494 \nInetRes.adml| Not versioned| 12-Feb-2021| 20:29| 559,343 \nInetRes.adml| Not versioned| 12-Feb-2021| 20:31| 535,067 \nInetRes.adml| Not versioned| 12-Feb-2021| 20:31| 541,455 \nInetRes.adml| Not versioned| 12-Feb-2021| 20:31| 804,470 \nInetRes.adml| Not versioned| 12-Feb-2021| 20:31| 503,909 \nInetRes.adml| Not versioned| 12-Feb-2021| 20:29| 521,583 \nInetRes.adml| Not versioned| 12-Feb-2021| 20:29| 420,082 \nInetRes.adml| Not versioned| 12-Feb-2021| 20:28| 436,651 \nInetRes.adml| Not versioned| 12-Feb-2021| 20:28| 436,651 \ninetres.admx| Not versioned| 11-Jan-2021| 19:25| 1,678,023 \ninetcomm.dll| 6.3.9600.20091| 12-Jul-2021| 20:41| 880,640 \nINETRES.dll| 6.3.9600.16384| 21-Aug-2013| 21:14| 84,480 \njscript9.dll| 11.0.9600.20091| 12-Jul-2021| 20:46| 4,119,040 \njscript9diag.dll| 11.0.9600.19963| 12-Feb-2021| 18:37| 620,032 \njscript.dll| 5.8.9600.20091| 12-Jul-2021| 20:58| 653,824 \nvbscript.dll| 5.8.9600.20091| 12-Jul-2021| 21:07| 498,176 \n \n### \n\n__\n\nInternet Explorer 11 on all supported x64-based versions\n\n**File name**| **File version**| **Date**| **Time**| **File size** \n---|---|---|---|--- \nactxprxy.dll| 6.3.9600.20045| 4-Jun-2021| 21:30| 2,882,048 \nhlink.dll| 6.3.9600.19101| 18-Jul-2018| 21:22| 108,544 \npngfilt.dll| 11.0.9600.19963| 12-Feb-2021| 19:18| 65,024 \nurlmon.dll| 11.0.9600.20091| 12-Jul-2021| 20:48| 1,562,624 \niexplore.exe| 11.0.9600.19036| 24-May-2018| 23:30| 817,296 \nWininetPlugin.dll| 6.3.9600.17416| 30-Oct-2014| 21:51| 43,008 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 13:35| 46,592 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 13:34| 52,736 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 13:34| 51,200 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 13:34| 51,200 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 13:34| 56,320 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 16:01| 57,856 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 15:59| 49,664 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 12:20| 49,664 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 16:00| 54,272 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 15:59| 47,616 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 15:58| 49,152 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 13:34| 55,296 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 16:02| 45,056 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 15:57| 51,712 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 15:57| 51,712 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 13:38| 53,248 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 13:39| 39,424 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 13:38| 35,840 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 13:38| 50,176 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 13:38| 51,200 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 13:39| 50,688 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 13:38| 52,736 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 13:39| 53,760 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 13:38| 54,272 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 13:39| 54,272 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 13:38| 52,736 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 13:38| 51,200 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 13:37| 53,248 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 13:37| 52,736 \nwininet.dll.mui| 11.0.9600.20091| 12-Jul-2021| 23:39| 51,712 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 13:37| 50,688 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 13:27| 50,688 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 13:27| 50,176 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 13:27| 50,176 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 13:27| 31,232 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 13:34| 31,232 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 13:34| 31,232 \nhtml.iec| 2019.0.0.20045| 4-Jun-2021| 22:23| 417,280 \ninetcpl.cpl| 11.0.9600.20045| 4-Jun-2021| 21:42| 2,132,992 \nmshtml.dll.mui| 11.0.9600.19404| 9-Jul-2019| 22:16| 307,200 \nmshtml.dll.mui| 11.0.9600.19404| 9-Jul-2019| 22:16| 293,888 \nmshtml.dll.mui| 11.0.9600.19404| 9-Jul-2019| 22:16| 290,304 \nmshtml.dll.mui| 11.0.9600.19404| 9-Jul-2019| 22:17| 289,280 \nmshtml.dll.mui| 11.0.9600.19404| 9-Jul-2019| 22:18| 299,008 \nmshtml.dll.mui| 11.0.9600.19404| 9-Jul-2019| 22:15| 303,104 \nmshtml.dll.mui| 11.0.9600.19404| 9-Jul-2019| 22:15| 282,112 \nmshtml.dll.mui| 11.0.9600.19404| 9-Jul-2019| 21:33| 282,112 \nmshtml.dll.mui| 11.0.9600.19404| 9-Jul-2019| 22:15| 296,960 \nmshtml.dll.mui| 11.0.9600.19404| 9-Jul-2019| 22:15| 283,648 \nmshtml.dll.mui| 11.0.9600.19404| 9-Jul-2019| 22:16| 291,840 \nmshtml.dll.mui| 11.0.9600.19404| 9-Jul-2019| 22:18| 299,520 \nmshtml.dll.mui| 11.0.9600.19404| 9-Jul-2019| 22:15| 275,968 \nmshtml.dll.mui| 11.0.9600.19404| 9-Jul-2019| 22:12| 290,816 \nmshtml.dll.mui| 11.0.9600.19404| 9-Jul-2019| 22:12| 293,376 \nmshtml.dll.mui| 11.0.9600.19404| 10-Jul-2019| 0:26| 296,960 \nmshtml.dll.mui| 11.0.9600.19404| 10-Jul-2019| 0:26| 258,048 \nmshtml.dll.mui| 11.0.9600.19404| 10-Jul-2019| 0:25| 256,512 \nmshtml.dll.mui| 11.0.9600.19404| 10-Jul-2019| 0:25| 289,280 \nmshtml.dll.mui| 11.0.9600.19404| 10-Jul-2019| 0:25| 288,256 \nmshtml.dll.mui| 11.0.9600.19404| 10-Jul-2019| 0:25| 285,184 \nmshtml.dll.mui| 11.0.9600.19404| 10-Jul-2019| 0:26| 295,424 \nmshtml.dll.mui| 11.0.9600.19404| 10-Jul-2019| 0:25| 297,472 \nmshtml.dll.mui| 11.0.9600.19404| 9-Jul-2019| 22:12| 292,864 \nmshtml.dll.mui| 11.0.9600.19404| 9-Jul-2019| 22:13| 295,424 \nmshtml.dll.mui| 11.0.9600.19404| 9-Jul-2019| 22:12| 294,400 \nmshtml.dll.mui| 11.0.9600.19404| 9-Jul-2019| 22:12| 294,400 \nmshtml.dll.mui| 11.0.9600.19404| 9-Jul-2019| 22:12| 290,816 \nmshtml.dll.mui| 11.0.9600.20091| 12-Jul-2021| 23:43| 290,816 \nmshtml.dll.mui| 11.0.9600.19404| 9-Jul-2019| 22:13| 286,208 \nmshtml.dll.mui| 11.0.9600.19404| 9-Jul-2019| 22:06| 281,600 \nmshtml.dll.mui| 11.0.9600.19404| 9-Jul-2019| 22:04| 286,720 \nmshtml.dll.mui| 11.0.9600.19404| 9-Jul-2019| 22:04| 292,352 \nmshtml.dll.mui| 11.0.9600.19404| 9-Jul-2019| 22:04| 242,176 \nmshtml.dll.mui| 11.0.9600.19404| 9-Jul-2019| 22:16| 243,200 \nmshtml.dll.mui| 11.0.9600.19404| 9-Jul-2019| 22:17| 243,200 \nF12Resources.dll.mui| 11.0.9600.17278| 16-Aug-2014| 4:58| 73,728 \nF12Resources.dll.mui| 11.0.9600.17278| 16-Aug-2014| 4:59| 67,584 \nF12Resources.dll.mui| 11.0.9600.17278| 16-Aug-2014| 4:58| 67,584 \nF12Resources.dll.mui| 11.0.9600.17278| 16-Aug-2014| 5:00| 74,240 \nF12Resources.dll.mui| 11.0.9600.17278| 16-Aug-2014| 4:58| 78,848 \nF12Resources.dll.mui| 11.0.9600.17278| 16-Aug-2014| 4:59| 61,440 \nF12Resources.dll.mui| 11.0.9600.17278| 15-Aug-2014| 20:19| 61,440 \nF12Resources.dll.mui| 11.0.9600.17278| 16-Aug-2014| 5:00| 74,752 \nF12Resources.dll.mui| 11.0.9600.17278| 16-Aug-2014| 4:58| 62,464 \nF12Resources.dll.mui| 11.0.9600.17278| 16-Aug-2014| 5:04| 68,096 \nF12Resources.dll.mui| 11.0.9600.17278| 16-Aug-2014| 5:02| 75,264 \nF12Resources.dll.mui| 11.0.9600.17278| 16-Aug-2014| 5:01| 68,608 \nF12Resources.dll.mui| 11.0.9600.17278| 16-Aug-2014| 5:03| 71,680 \nF12Resources.dll.mui| 11.0.9600.17278| 16-Aug-2014| 5:03| 73,216 \nF12Resources.dll.mui| 11.0.9600.17278| 16-Aug-2014| 5:03| 41,472 \nF12Resources.dll.mui| 11.0.9600.17278| 16-Aug-2014| 5:03| 37,888 \nF12Resources.dll.mui| 11.0.9600.17278| 16-Aug-2014| 5:02| 68,608 \nF12Resources.dll.mui| 11.0.9600.17278| 16-Aug-2014| 5:01| 67,584 \nF12Resources.dll.mui| 11.0.9600.17278| 16-Aug-2014| 5:02| 65,536 \nF12Resources.dll.mui| 11.0.9600.17278| 16-Aug-2014| 5:03| 74,240 \nF12Resources.dll.mui| 11.0.9600.17278| 16-Aug-2014| 5:02| 70,656 \nF12Resources.dll.mui| 11.0.9600.17278| 16-Aug-2014| 5:02| 71,168 \nF12Resources.dll.mui| 11.0.9600.17278| 16-Aug-2014| 5:03| 71,680 \nF12Resources.dll.mui| 11.0.9600.17278| 16-Aug-2014| 5:02| 71,168 \nF12Resources.dll.mui| 11.0.9600.17278| 16-Aug-2014| 5:03| 69,632 \nF12Resources.dll.mui| 11.0.9600.17278| 16-Aug-2014| 5:03| 68,096 \nF12Resources.dll.mui| 11.0.9600.17278| 16-Aug-2014| 5:03| 68,608 \nF12Resources.dll.mui| 11.0.9600.20091| 12-Jul-2021| 23:40| 68,096 \nF12Resources.dll.mui| 11.0.9600.17278| 16-Aug-2014| 5:03| 65,536 \nF12Resources.dll.mui| 11.0.9600.17278| 16-Aug-2014| 5:03| 59,904 \nF12Resources.dll.mui| 11.0.9600.17278| 16-Aug-2014| 5:04| 65,536 \nF12Resources.dll.mui| 11.0.9600.17278| 16-Aug-2014| 5:03| 69,120 \nF12Resources.dll.mui| 11.0.9600.17278| 16-Aug-2014| 5:03| 29,696 \nF12Resources.dll.mui| 11.0.9600.17278| 16-Aug-2014| 4:58| 30,720 \nF12Resources.dll.mui| 11.0.9600.17278| 16-Aug-2014| 4:59| 30,720 \nJavaScriptCollectionAgent.dll| 11.0.9600.19963| 12-Feb-2021| 18:47| 77,824 \nDiagnosticsHub.ScriptedSandboxPlugin.dll| 11.0.9600.19963| 12-Feb-2021| 18:49| 276,480 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 13:20| 46,080 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 13:20| 50,176 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 13:20| 48,640 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 13:20| 49,664 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 13:20| 51,712 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 13:12| 54,272 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 13:12| 48,128 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 12:08| 48,128 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 13:12| 50,176 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 13:12| 47,616 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 13:12| 49,152 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 13:20| 50,688 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 13:12| 45,056 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 13:12| 49,152 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 13:12| 49,152 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 13:19| 49,664 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 13:19| 39,936 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 13:19| 39,424 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 13:19| 47,616 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 13:19| 47,616 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 13:20| 48,640 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 13:19| 51,200 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 13:19| 50,688 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 13:12| 49,152 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 13:12| 50,176 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 13:12| 49,152 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 13:12| 48,640 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 13:12| 49,664 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 13:12| 48,640 \nurlmon.dll.mui| 11.0.9600.20091| 12-Jul-2021| 23:41| 49,664 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 13:12| 48,640 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 13:14| 48,128 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 13:15| 49,152 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 13:15| 48,128 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 13:15| 35,328 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 13:20| 35,328 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 13:20| 35,328 \nwininet.dll| 11.0.9600.20091| 12-Jul-2021| 21:04| 4,858,880 \njsproxy.dll| 11.0.9600.17416| 30-Oct-2014| 21:57| 54,784 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 17:18| 114,176 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 17:16| 130,560 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 17:17| 124,928 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 17:17| 122,880 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 17:17| 130,048 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 17:39| 138,240 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 17:38| 114,688 \ninetcpl.cpl.mui| 11.0.9600.18666| 16-Apr-2017| 2:49| 114,688 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 17:38| 131,584 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 17:39| 117,760 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 17:40| 122,368 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 17:17| 134,144 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 17:40| 107,008 \ninetcpl.cpl.mui| 11.0.9600.18838| 14-Oct-2017| 2:53| 123,392 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 17:36| 127,488 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 17:21| 128,512 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 17:19| 88,064 \ninetcpl.cpl.mui| 11.0.9600.18838| 14-Oct-2017| 2:53| 82,944 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 17:18| 125,440 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 17:18| 123,392 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 17:21| 120,320 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 17:18| 130,560 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 17:19| 129,024 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 16:17| 125,952 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 16:17| 129,024 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 16:16| 128,000 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 16:17| 123,904 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 16:18| 129,024 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 16:16| 123,904 \ninetcpl.cpl.mui| 11.0.9600.20091| 12-Jul-2021| 23:40| 124,416 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 16:18| 121,856 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 16:13| 115,712 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 16:14| 123,904 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 16:13| 125,440 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 16:13| 74,752 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 17:16| 75,776 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 17:17| 75,776 \nieui.dll| 11.0.9600.20045| 4-Jun-2021| 22:15| 615,936 \niedkcs32.dll| 18.0.9600.20045| 4-Jun-2021| 21:45| 381,952 \ninstall.ins| Not versioned| 12-Jul-2021| 19:07| 464 \nieapfltr.dat| 10.0.9301.0| 23-Sep-2013| 19:22| 616,104 \nieapfltr.dll| 11.0.9600.20091| 12-Jul-2021| 20:29| 800,768 \niepeers.dll| 11.0.9600.19963| 12-Feb-2021| 18:41| 145,920 \nlicmgr10.dll| 11.0.9600.17416| 30-Oct-2014| 21:40| 33,280 \ntdc.ocx| 11.0.9600.19963| 12-Feb-2021| 18:47| 88,064 \nDiagnosticsHub.DataWarehouse.dll| 11.0.9600.18895| 1-Jan-2018| 21:32| 666,624 \niedvtool.dll| 11.0.9600.20045| 5-Jun-2021| 0:16| 950,784 \nDiagnosticsHub_is.dll| 11.0.9600.19963| 12-Feb-2021| 19:21| 50,176 \ndxtmsft.dll| 11.0.9600.19963| 12-Feb-2021| 18:53| 491,008 \ndxtrans.dll| 11.0.9600.19963| 12-Feb-2021| 18:40| 316,416 \nEscMigPlugin.dll| 11.0.9600.19963| 12-Feb-2021| 19:01| 124,416 \nescUnattend.exe| 11.0.9600.19326| 25-Mar-2019| 22:54| 87,040 \nMicrosoft-Windows-IE-F12-Provider.ptxml| Not versioned| 15-Aug-2014| 15:51| 11,892 \nF12.dll.mui| 11.0.9600.17278| 16-Aug-2014| 4:59| 4,096 \nF12.dll.mui| 11.0.9600.17278| 16-Aug-2014| 4:59| 4,096 \nF12.dll.mui| 11.0.9600.17278| 16-Aug-2014| 4:59| 4,096 \nF12.dll.mui| 11.0.9600.17278| 16-Aug-2014| 4:59| 4,096 \nF12.dll.mui| 11.0.9600.17278| 16-Aug-2014| 5:00| 4,096 \nF12.dll.mui| 11.0.9600.17278| 16-Aug-2014| 4:59| 4,096 \nF12.dll.mui| 11.0.9600.17278| 15-Aug-2014| 20:19| 4,096 \nF12.dll.mui| 11.0.9600.17278| 16-Aug-2014| 4:59| 4,096 \nF12.dll.mui| 11.0.9600.17278| 16-Aug-2014| 4:58| 4,096 \nF12.dll.mui| 11.0.9600.17278| 16-Aug-2014| 5:04| 4,096 \nF12.dll.mui| 11.0.9600.17278| 16-Aug-2014| 5:02| 4,096 \nF12.dll.mui| 11.0.9600.17278| 16-Aug-2014| 5:01| 4,096 \nF12.dll.mui| 11.0.9600.17278| 16-Aug-2014| 5:02| 4,096 \nF12.dll.mui| 11.0.9600.17278| 16-Aug-2014| 5:02| 4,096 \nF12.dll.mui| 11.0.9600.17278| 16-Aug-2014| 5:02| 3,584 \nF12.dll.mui| 11.0.9600.17278| 16-Aug-2014| 5:03| 3,584 \nF12.dll.mui| 11.0.9600.17278| 16-Aug-2014| 5:01| 4,096 \nF12.dll.mui| 11.0.9600.17278| 16-Aug-2014| 5:01| 4,096 \nF12.dll.mui| 11.0.9600.17278| 16-Aug-2014| 5:03| 4,096 \nF12.dll.mui| 11.0.9600.17278| 16-Aug-2014| 5:02| 4,096 \nF12.dll.mui| 11.0.9600.17278| 16-Aug-2014| 5:04| 4,096 \nF12.dll.mui| 11.0.9600.17278| 16-Aug-2014| 5:01| 4,096 \nF12.dll.mui| 11.0.9600.17278| 16-Aug-2014| 5:04| 4,096 \nF12.dll.mui| 11.0.9600.17278| 16-Aug-2014| 5:03| 4,096 \nF12.dll.mui| 11.0.9600.17278| 16-Aug-2014| 5:03| 4,096 \nF12.dll.mui| 11.0.9600.20091| 12-Jul-2021| 23:42| 4,096 \nF12.dll.mui| 11.0.9600.17278| 16-Aug-2014| 5:03| 4,096 \nF12.dll.mui| 11.0.9600.17278| 16-Aug-2014| 5:03| 4,096 \nF12.dll.mui| 11.0.9600.17278| 16-Aug-2014| 5:03| 3,584 \nF12.dll.mui| 11.0.9600.17278| 16-Aug-2014| 4:58| 3,584 \nF12.dll.mui| 11.0.9600.17278| 16-Aug-2014| 4:58| 3,584 \nDiagnosticsTap.dll| 11.0.9600.19963| 12-Feb-2021| 18:51| 245,248 \nF12Resources.dll| 11.0.9600.17496| 21-Nov-2014| 19:00| 10,949,120 \nF12Tools.dll| 11.0.9600.19963| 12-Feb-2021| 18:50| 372,224 \nF12.dll| 11.0.9600.20045| 4-Jun-2021| 21:50| 1,422,848 \nmsfeeds.dll| 11.0.9600.20091| 12-Jul-2021| 20:58| 809,472 \nmsfeeds.mof| Not versioned| 5-Feb-2014| 21:54| 1,518 \nmsfeedsbs.mof| Not versioned| 21-Aug-2013| 23:54| 1,574 \nmsfeedsbs.dll| 11.0.9600.19650| 11-Feb-2020| 5:16| 60,416 \nmsfeedssync.exe| 11.0.9600.17416| 30-Oct-2014| 22:08| 12,800 \nmshta.exe| 11.0.9600.17416| 30-Oct-2014| 22:12| 13,824 \nmshtmled.dll| 11.0.9600.20045| 4-Jun-2021| 21:55| 92,672 \nmshtml.dll| 11.0.9600.20091| 12-Jul-2021| 22:22| 25,757,696 \nmshtml.tlb| 11.0.9600.16518| 6-Feb-2014| 3:30| 2,724,864 \nMicrosoft-Windows-IE-HTMLRendering.ptxml| Not versioned| 5-Feb-2014| 21:41| 3,228 \nIEAdvpack.dll| 11.0.9600.17416| 30-Oct-2014| 21:54| 132,096 \nieetwcollector.exe| 11.0.9600.18895| 1-Jan-2018| 21:17| 116,224 \nieetwproxystub.dll| 11.0.9600.18895| 1-Jan-2018| 21:28| 48,640 \nieetwcollectorres.dll| 11.0.9600.16518| 6-Feb-2014| 3:30| 4,096 \nielowutil.exe| 11.0.9600.17416| 30-Oct-2014| 21:55| 222,720 \nieproxy.dll| 11.0.9600.20045| 4-Jun-2021| 21:13| 870,400 \nIEShims.dll| 11.0.9600.19650| 11-Feb-2020| 4:29| 387,072 \niexpress.exe| 11.0.9600.17416| 30-Oct-2014| 22:10| 167,424 \nwextract.exe| 11.0.9600.17416| 30-Oct-2014| 22:12| 143,872 \nimgutil.dll| 11.0.9600.19963| 12-Feb-2021| 18:08| 51,712 \nWindows Pop-up Blocked.wav| Not versioned| 23-Sep-2013| 20:25| 85,548 \nWindows Information Bar.wav| Not versioned| 23-Sep-2013| 20:25| 23,308 \nWindows Feed Discovered.wav| Not versioned| 23-Sep-2013| 20:25| 19,884 \nWindows Navigation Start.wav| Not versioned| 23-Sep-2013| 20:25| 11,340 \nbing.ico| Not versioned| 23-Sep-2013| 19:51| 5,430 \nieUnatt.exe| 11.0.9600.17416| 30-Oct-2014| 21:51| 144,384 \nMicrosoft-Windows-IE-InternetExplorer-ppdlic.xrm-ms| Not versioned| 12-Jul-2021| 22:53| 2,956 \njsdbgui.dll| 11.0.9600.19963| 12-Feb-2021| 18:43| 591,872 \njsprofilerui.dll| 11.0.9600.19963| 12-Feb-2021| 18:44| 628,736 \nMemoryAnalyzer.dll| 11.0.9600.19963| 12-Feb-2021| 19:01| 1,862,656 \nMshtmlDac.dll| 11.0.9600.19846| 23-Sep-2020| 21:25| 88,064 \nnetworkinspection.dll| 11.0.9600.19963| 12-Feb-2021| 18:38| 1,217,024 \noccache.dll| 11.0.9600.17416| 30-Oct-2014| 21:19| 152,064 \ndesktop.ini| Not versioned| 18-Jun-2013| 7:43| 65 \nwebcheck.dll| 11.0.9600.20045| 4-Jun-2021| 21:44| 262,144 \ndesktop.ini| Not versioned| 18-Jun-2013| 7:44| 65 \npdm.dll| 12.0.41202.0| 30-Sep-2014| 16:01| 579,192 \nmsdbg2.dll| 12.0.41202.0| 30-Sep-2014| 16:01| 403,592 \npdmproxy100.dll| 12.0.41202.0| 30-Sep-2014| 16:01| 107,152 \nmsrating.dll| 11.0.9600.18895| 1-Jan-2018| 20:56| 199,680 \nicrav03.rat| Not versioned| 23-Sep-2013| 19:32| 8,798 \nticrf.rat| Not versioned| 23-Sep-2013| 19:32| 1,988 \niertutil.dll| 11.0.9600.20064| 14-Jun-2021| 21:56| 2,916,864 \nie4uinit.exe| 11.0.9600.19963| 12-Feb-2021| 18:28| 728,064 \niernonce.dll| 11.0.9600.17416| 30-Oct-2014| 21:56| 34,304 \niesetup.dll| 11.0.9600.17416| 30-Oct-2014| 22:06| 66,560 \nieuinit.inf| Not versioned| 12-Mar-2015| 18:58| 16,303 \ninseng.dll| 11.0.9600.19101| 18-Jul-2018| 21:03| 107,520 \niesysprep.dll| 11.0.9600.17416| 30-Oct-2014| 21:29| 111,616 \nTimeline.dll| 11.0.9600.19963| 12-Feb-2021| 18:45| 219,648 \nTimeline_is.dll| 11.0.9600.19963| 12-Feb-2021| 19:07| 172,032 \nTimeline.cpu.xml| Not versioned| 24-Jul-2014| 11:58| 3,197 \nVGX.dll| 11.0.9600.19963| 12-Feb-2021| 18:43| 1,018,880 \nurl.dll| 11.0.9600.17416| 30-Oct-2014| 22:06| 237,568 \nieframe.dll.mui| 11.0.9600.19846| 24-Sep-2020| 0:14| 2,066,432 \nieframe.dll.mui| 11.0.9600.19846| 24-Sep-2020| 0:14| 2,121,216 \nieframe.dll.mui| 11.0.9600.19846| 24-Sep-2020| 0:14| 2,075,136 \nieframe.dll.mui| 11.0.9600.19846| 24-Sep-2020| 0:14| 2,063,872 \nieframe.dll.mui| 11.0.9600.19846| 24-Sep-2020| 0:14| 2,314,240 \nieframe.dll.mui| 11.0.9600.19846| 24-Sep-2020| 0:14| 2,390,528 \nieframe.dll.mui| 11.0.9600.19846| 24-Sep-2020| 0:14| 2,034,176 \nieframe.dll.mui| 11.0.9600.19846| 23-Sep-2020| 23:22| 2,033,152 \nieframe.dll.mui| 11.0.9600.19846| 24-Sep-2020| 0:13| 2,307,584 \nieframe.dll.mui| 11.0.9600.19846| 24-Sep-2020| 0:13| 2,255,872 \nieframe.dll.mui| 11.0.9600.19846| 24-Sep-2020| 0:14| 2,061,312 \nieframe.dll.mui| 11.0.9600.19846| 24-Sep-2020| 0:14| 2,326,016 \nieframe.dll.mui| 11.0.9600.19846| 24-Sep-2020| 0:14| 2,019,840 \nieframe.dll.mui| 11.0.9600.19846| 24-Sep-2020| 0:14| 2,071,040 \nieframe.dll.mui| 11.0.9600.19846| 24-Sep-2020| 0:14| 2,082,816 \nieframe.dll.mui| 11.0.9600.19846| 24-Sep-2020| 0:18| 2,307,584 \nieframe.dll.mui| 11.0.9600.19846| 24-Sep-2020| 0:17| 2,170,368 \nieframe.dll.mui| 11.0.9600.19846| 24-Sep-2020| 0:17| 2,153,984 \nieframe.dll.mui| 11.0.9600.19846| 24-Sep-2020| 0:15| 2,291,712 \nieframe.dll.mui| 11.0.9600.19846| 24-Sep-2020| 0:16| 2,283,520 \nieframe.dll.mui| 11.0.9600.19846| 24-Sep-2020| 0:17| 2,052,096 \nieframe.dll.mui| 11.0.9600.19846| 24-Sep-2020| 0:17| 2,301,952 \nieframe.dll.mui| 11.0.9600.19846| 24-Sep-2020| 0:18| 2,093,056 \nieframe.dll.mui| 11.0.9600.19846| 24-Sep-2020| 0:11| 2,075,648 \nieframe.dll.mui| 11.0.9600.19846| 24-Sep-2020| 0:10| 2,299,392 \nieframe.dll.mui| 11.0.9600.19846| 24-Sep-2020| 0:10| 2,094,592 \nieframe.dll.mui| 11.0.9600.19846| 24-Sep-2020| 0:12| 2,316,800 \nieframe.dll.mui| 11.0.9600.19846| 24-Sep-2020| 0:10| 2,305,536 \nieframe.dll.mui| 11.0.9600.19846| 24-Sep-2020| 0:11| 2,278,912 \nieframe.dll.mui| 11.0.9600.20091| 12-Jul-2021| 23:49| 2,286,080 \nieframe.dll.mui| 11.0.9600.19846| 24-Sep-2020| 0:11| 2,060,288 \nieframe.dll.mui| 11.0.9600.19846| 24-Sep-2020| 0:13| 2,315,776 \nieframe.dll.mui| 11.0.9600.19846| 24-Sep-2020| 0:13| 2,278,912 \nieframe.dll.mui| 11.0.9600.19846| 24-Sep-2020| 0:13| 2,324,992 \nieframe.dll.mui| 11.0.9600.19846| 24-Sep-2020| 0:13| 2,098,176 \nieframe.dll.mui| 11.0.9600.19846| 24-Sep-2020| 0:14| 1,890,304 \nieframe.dll.mui| 11.0.9600.19846| 24-Sep-2020| 0:14| 1,890,304 \nieframe.dll| 11.0.9600.20091| 12-Jul-2021| 21:26| 15,507,456 \nieframe.ptxml| Not versioned| 5-Feb-2014| 21:41| 24,486 \nieinstal.exe| 11.0.9600.18639| 25-Mar-2017| 10:20| 492,032 \nInetRes.adml| Not versioned| 12-Feb-2021| 22:00| 526,294 \nInetRes.adml| Not versioned| 12-Feb-2021| 22:00| 499,654 \nInetRes.adml| Not versioned| 12-Feb-2021| 21:59| 552,337 \nInetRes.adml| Not versioned| 12-Feb-2021| 22:01| 944,559 \nInetRes.adml| Not versioned| 12-Feb-2021| 21:14| 457,561 \nInetRes.adml| Not versioned| 12-Feb-2021| 22:00| 543,946 \nInetRes.adml| Not versioned| 12-Feb-2021| 22:01| 526,557 \nInetRes.adml| Not versioned| 12-Feb-2021| 21:59| 575,838 \nInetRes.adml| Not versioned| 12-Feb-2021| 22:01| 570,737 \nInetRes.adml| Not versioned| 12-Feb-2021| 21:56| 548,119 \nInetRes.adml| Not versioned| 12-Feb-2021| 21:56| 639,271 \nInetRes.adml| Not versioned| 12-Feb-2021| 21:57| 525,504 \nInetRes.adml| Not versioned| 12-Feb-2021| 21:56| 488,488 \nInetRes.adml| Not versioned| 12-Feb-2021| 21:56| 548,494 \nInetRes.adml| Not versioned| 12-Feb-2021| 21:56| 559,343 \nInetRes.adml| Not versioned| 12-Feb-2021| 22:02| 535,067 \nInetRes.adml| Not versioned| 12-Feb-2021| 22:02| 541,455 \nInetRes.adml| Not versioned| 12-Feb-2021| 22:03| 804,470 \nInetRes.adml| Not versioned| 12-Feb-2021| 22:00| 503,909 \nInetRes.adml| Not versioned| 12-Feb-2021| 22:02| 521,583 \nInetRes.adml| Not versioned| 12-Feb-2021| 22:02| 420,082 \nInetRes.adml| Not versioned| 12-Feb-2021| 21:59| 436,651 \nInetRes.adml| Not versioned| 12-Feb-2021| 21:59| 436,651 \ninetres.admx| Not versioned| 8-Feb-2021| 20:02| 1,678,023 \ninetcomm.dll| 6.3.9600.20091| 12-Jul-2021| 21:06| 1,033,216 \nINETRES.dll| 6.3.9600.16384| 22-Aug-2013| 4:43| 84,480 \njscript9.dll| 11.0.9600.20091| 12-Jul-2021| 22:01| 5,507,584 \njscript9diag.dll| 11.0.9600.19963| 12-Feb-2021| 19:03| 814,592 \njscript.dll| 5.8.9600.20091| 12-Jul-2021| 21:29| 785,408 \nvbscript.dll| 5.8.9600.20091| 12-Jul-2021| 21:39| 580,608 \niexplore.exe| 11.0.9600.19036| 24-May-2018| 22:24| 817,296 \nhtml.iec| 2019.0.0.18895| 1-Jan-2018| 20:51| 341,504 \nieui.dll| 11.0.9600.18895| 1-Jan-2018| 20:44| 476,160 \niepeers.dll| 11.0.9600.19963| 12-Feb-2021| 18:20| 128,512 \ntdc.ocx| 11.0.9600.19963| 12-Feb-2021| 18:24| 73,728 \ndxtmsft.dll| 11.0.9600.19963| 12-Feb-2021| 18:29| 415,744 \ndxtrans.dll| 11.0.9600.19963| 12-Feb-2021| 18:20| 280,064 \nmsfeeds.dll| 11.0.9600.20091| 12-Jul-2021| 20:37| 696,320 \nmsfeeds.mof| Not versioned| 5-Feb-2014| 21:53| 1,518 \nmshta.exe| 11.0.9600.17416| 30-Oct-2014| 20:28| 12,800 \nmshtmled.dll| 11.0.9600.19963| 12-Feb-2021| 18:21| 76,800 \nmshtml.dll| 11.0.9600.20091| 12-Jul-2021| 21:35| 20,293,632 \nmshtml.tlb| 11.0.9600.16518| 6-Feb-2014| 2:20| 2,724,864 \nwow64_Microsoft-Windows-IE-HTMLRendering.ptxml| Not versioned| 5-Feb-2014| 21:43| 3,228 \nieetwproxystub.dll| 11.0.9600.17416| 30-Oct-2014| 20:23| 47,616 \nieUnatt.exe| 11.0.9600.17416| 30-Oct-2014| 20:12| 115,712 \noccache.dll| 11.0.9600.17416| 30-Oct-2014| 19:48| 130,048 \nwebcheck.dll| 11.0.9600.19963| 12-Feb-2021| 18:13| 230,400 \niernonce.dll| 11.0.9600.17416| 30-Oct-2014| 20:15| 30,720 \niesetup.dll| 11.0.9600.17416| 30-Oct-2014| 20:24| 62,464 \nieuinit.inf| Not versioned| 12-Mar-2015| 18:55| 16,303 \niesysprep.dll| 11.0.9600.17416| 30-Oct-2014| 19:56| 90,624 \nieframe.dll| 11.0.9600.20091| 12-Jul-2021| 20:43| 13,882,368 \nie9props.propdesc| Not versioned| 23-Sep-2013| 19:34| 2,843 \nwow64_ieframe.ptxml| Not versioned| 5-Feb-2014| 21:43| 24,486 \njscript9.dll| 11.0.9600.20091| 12-Jul-2021| 20:46| 4,119,040 \njscript9diag.dll| 11.0.9600.19963| 12-Feb-2021| 18:37| 620,032 \njscript.dll| 5.8.9600.20091| 12-Jul-2021| 20:58| 653,824 \nvbscript.dll| 5.8.9600.20091| 12-Jul-2021| 21:07| 498,176 \nactxprxy.dll| 6.3.9600.20045| 4-Jun-2021| 21:32| 1,049,600 \nhlink.dll| 6.3.9600.19101| 18-Jul-2018| 20:55| 99,328 \npngfilt.dll| 11.0.9600.19963| 12-Feb-2021| 18:49| 58,368 \nurlmon.dll| 11.0.9600.20091| 12-Jul-2021| 20:21| 1,342,976 \nWininetPlugin.dll| 6.3.9600.17416| 30-Oct-2014| 20:12| 35,328 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 13:31| 46,592 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 13:30| 52,736 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 13:30| 51,200 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 13:30| 51,200 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 13:30| 56,320 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 13:32| 57,856 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 13:32| 49,664 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 11:17| 49,664 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 13:32| 54,272 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 13:32| 47,616 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 13:32| 49,152 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 13:30| 55,296 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 13:32| 45,056 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 13:32| 51,712 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 13:32| 51,712 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 13:32| 53,248 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 13:32| 39,424 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 13:32| 35,840 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 13:31| 50,176 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 13:31| 51,200 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 13:31| 50,688 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 13:31| 52,736 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 13:31| 53,760 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 12:30| 54,272 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 12:29| 54,272 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 12:30| 52,736 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 12:29| 51,200 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 12:30| 53,248 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 12:30| 52,736 \nwininet.dll.mui| 11.0.9600.20091| 12-Jul-2021| 23:22| 51,712 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 12:30| 50,688 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 12:27| 50,688 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 12:28| 50,176 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 12:28| 50,176 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 12:28| 31,232 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 13:30| 31,232 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 13:30| 31,232 \ninetcpl.cpl| 11.0.9600.20045| 4-Jun-2021| 21:30| 2,058,752 \nmshtml.dll.mui| 11.0.9600.19404| 9-Jul-2019| 21:50| 307,200 \nmshtml.dll.mui| 11.0.9600.19404| 9-Jul-2019| 21:50| 293,888 \nmshtml.dll.mui| 11.0.9600.19404| 9-Jul-2019| 21:52| 290,304 \nmshtml.dll.mui| 11.0.9600.19404| 9-Jul-2019| 21:50| 289,280 \nmshtml.dll.mui| 11.0.9600.19404| 9-Jul-2019| 21:50| 299,008 \nmshtml.dll.mui| 11.0.9600.19404| 9-Jul-2019| 21:50| 303,104 \nmshtml.dll.mui| 11.0.9600.19404| 9-Jul-2019| 21:49| 282,112 \nmshtml.dll.mui| 11.0.9600.19404| 9-Jul-2019| 20:58| 282,112 \nmshtml.dll.mui| 11.0.9600.19404| 9-Jul-2019| 21:51| 296,960 \nmshtml.dll.mui| 11.0.9600.19404| 9-Jul-2019| 21:50| 283,648 \nmshtml.dll.mui| 11.0.9600.19404| 9-Jul-2019| 21:50| 291,840 \nmshtml.dll.mui| 11.0.9600.19404| 9-Jul-2019| 21:50| 299,520 \nmshtml.dll.mui| 11.0.9600.19404| 9-Jul-2019| 21:51| 275,968 \nmshtml.dll.mui| 11.0.9600.19404| 9-Jul-2019| 21:49| 290,816 \nmshtml.dll.mui| 11.0.9600.19404| 9-Jul-2019| 21:49| 293,376 \nmshtml.dll.mui| 11.0.9600.19404| 9-Jul-2019| 21:53| 296,960 \nmshtml.dll.mui| 11.0.9600.19404| 9-Jul-2019| 21:53| 258,048 \nmshtml.dll.mui| 11.0.9600.19404| 9-Jul-2019| 21:52| 256,512 \nmshtml.dll.mui| 11.0.9600.19404| 9-Jul-2019| 21:51| 289,280 \nmshtml.dll.mui| 11.0.9600.19404| 9-Jul-2019| 21:53| 288,256 \nmshtml.dll.mui| 11.0.9600.19404| 9-Jul-2019| 21:53| 285,184 \nmshtml.dll.mui| 11.0.9600.19404| 9-Jul-2019| 21:53| 295,424 \nmshtml.dll.mui| 11.0.9600.19404| 9-Jul-2019| 21:52| 297,472 \nmshtml.dll.mui| 11.0.9600.19404| 9-Jul-2019| 21:50| 292,864 \nmshtml.dll.mui| 11.0.9600.19404| 9-Jul-2019| 21:51| 295,424 \nmshtml.dll.mui| 11.0.9600.19404| 9-Jul-2019| 21:50| 294,400 \nmshtml.dll.mui| 11.0.9600.19404| 9-Jul-2019| 21:51| 294,400 \nmshtml.dll.mui| 11.0.9600.19404| 9-Jul-2019| 21:50| 292,864 \nmshtml.dll.mui| 11.0.9600.19404| 9-Jul-2019| 21:50| 290,816 \nmshtml.dll.mui| 11.0.9600.20091| 12-Jul-2021| 23:25| 290,816 \nmshtml.dll.mui| 11.0.9600.19404| 9-Jul-2019| 21:50| 286,208 \nmshtml.dll.mui| 11.0.9600.19404| 9-Jul-2019| 21:43| 281,600 \nmshtml.dll.mui| 11.0.9600.19404| 9-Jul-2019| 21:43| 286,720 \nmshtml.dll.mui| 11.0.9600.19404| 9-Jul-2019| 21:42| 292,352 \nmshtml.dll.mui| 11.0.9600.19404| 9-Jul-2019| 21:43| 242,176 \nmshtml.dll.mui| 11.0.9600.19404| 9-Jul-2019| 21:53| 243,200 \nmshtml.dll.mui| 11.0.9600.19404| 9-Jul-2019| 21:50| 243,200 \nJavaScriptCollectionAgent.dll| 11.0.9600.19963| 12-Feb-2021| 18:25| 60,416 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 13:26| 46,080 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 13:24| 50,176 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 13:23| 48,640 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 13:24| 49,664 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 13:23| 51,712 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 12:12| 54,272 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 12:12| 48,128 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 11:10| 48,128 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 12:12| 50,176 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 12:12| 47,616 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 12:12| 49,152 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 13:24| 50,688 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 12:12| 45,056 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 12:12| 49,152 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 12:13| 49,152 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 12:07| 49,664 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 12:07| 39,936 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 12:07| 39,424 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 12:07| 47,616 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 12:07| 48,640 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 12:07| 51,200 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 12:07| 50,688 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 12:03| 49,152 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 12:04| 50,176 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 12:02| 49,152 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 12:03| 48,640 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 12:03| 49,664 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 12:03| 48,640 \nurlmon.dll.mui| 11.0.9600.20091| 12-Jul-2021| 23:24| 49,664 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 12:03| 48,640 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 12:04| 48,128 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 12:04| 49,152 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 12:05| 48,128 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 12:04| 35,328 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 13:23| 35,328 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 13:23| 35,328 \nwininet.dll| 11.0.9600.20091| 12-Jul-2021| 20:26| 4,387,840 \njsproxy.dll| 11.0.9600.17416| 30-Oct-2014| 20:16| 47,104 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 14:12| 114,176 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 14:09| 130,560 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 14:10| 124,928 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 14:12| 122,880 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 14:10| 130,048 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 14:12| 138,240 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 14:12| 114,688 \ninetcpl.cpl.mui| 11.0.9600.18666| 16-Apr-2017| 1:51| 114,688 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 14:12| 131,584 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 14:10| 117,760 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 14:12| 122,368 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 14:12| 134,144 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 14:13| 107,008 \ninetcpl.cpl.mui| 11.0.9600.18838| 14-Oct-2017| 1:46| 123,392 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 14:11| 127,488 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 14:11| 128,512 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 14:07| 88,064 \ninetcpl.cpl.mui| 11.0.9600.18838| 14-Oct-2017| 1:47| 82,944 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 14:07| 125,440 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 14:07| 123,392 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 14:10| 120,320 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 14:07| 130,560 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 14:07| 129,024 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 15:26| 125,952 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 15:26| 129,024 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 15:25| 128,000 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 15:26| 123,904 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 15:26| 129,024 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 15:25| 123,904 \ninetcpl.cpl.mui| 11.0.9600.20091| 12-Jul-2021| 23:25| 124,416 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 13:56| 121,856 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 14:03| 115,712 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 14:04| 123,904 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 14:04| 125,440 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 14:04| 74,752 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 14:09| 75,776 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 14:10| 75,776 \niedkcs32.dll| 18.0.9600.20045| 4-Jun-2021| 21:34| 333,312 \ninstall.ins| Not versioned| 12-Jul-2021| 19:02| 464 \nieapfltr.dat| 10.0.9301.0| 23-Sep-2013| 19:20| 616,104 \nieapfltr.dll| 11.0.9600.20091| 12-Jul-2021| 20:18| 710,656 \nlicmgr10.dll| 11.0.9600.17416| 30-Oct-2014| 20:03| 27,136 \niedvtool.dll| 11.0.9600.20045| 4-Jun-2021| 22:45| 772,608 \nDiagnosticsTap.dll| 11.0.9600.19963| 12-Feb-2021| 18:28| 175,104 \nF12Tools.dll| 11.0.9600.19963| 12-Feb-2021| 18:27| 256,000 \nmsfeedsbs.mof| Not versioned| 21-Aug-2013| 16:49| 1,574 \nmsfeedsbs.dll| 11.0.9600.19650| 11-Feb-2020| 4:57| 52,736 \nmsfeedssync.exe| 11.0.9600.17416| 30-Oct-2014| 20:25| 11,264 \nIEAdvpack.dll| 11.0.9600.17416| 30-Oct-2014| 20:14| 112,128 \nielowutil.exe| 11.0.9600.19404| 9-Jul-2019| 20:06| 221,184 \nieproxy.dll| 11.0.9600.19963| 12-Feb-2021| 17:45| 310,784 \nIEShims.dll| 11.0.9600.20045| 4-Jun-2021| 21:12| 290,304 \niexpress.exe| 11.0.9600.17416| 30-Oct-2014| 20:27| 152,064 \nwextract.exe| 11.0.9600.17416| 30-Oct-2014| 20:28| 137,728 \nimgutil.dll| 11.0.9600.19963| 12-Feb-2021| 17:59| 40,448 \nExtExport.exe| 11.0.9600.17416| 30-Oct-2014| 20:20| 25,600 \njsdbgui.dll| 11.0.9600.19963| 12-Feb-2021| 18:22| 459,776 \njsprofilerui.dll| 11.0.9600.19963| 12-Feb-2021| 18:22| 579,584 \nMshtmlDac.dll| 11.0.9600.19867| 12-Oct-2020| 21:43| 64,000 \nnetworkinspection.dll| 11.0.9600.19846| 23-Sep-2020| 20:28| 1,075,200 \npdm.dll| 12.0.41202.0| 30-Sep-2014| 16:00| 442,992 \nmsdbg2.dll| 12.0.41202.0| 30-Sep-2014| 16:00| 315,008 \npdmproxy100.dll| 12.0.41202.0| 30-Sep-2014| 16:00| 99,984 \nmsrating.dll| 11.0.9600.19507| 5-Oct-2019| 19:57| 168,960 \nicrav03.rat| Not versioned| 23-Sep-2013| 19:25| 8,798 \nticrf.rat| Not versioned| 23-Sep-2013| 19:26| 1,988 \niertutil.dll| 11.0.9600.20064| 14-Jun-2021| 21:16| 2,308,608 \ninseng.dll| 11.0.9600.17416| 30-Oct-2014| 19:56| 91,136 \nVGX.dll| 11.0.9600.19963| 12-Feb-2021| 18:21| 818,176 \nurl.dll| 11.0.9600.17416| 30-Oct-2014| 20:24| 235,520 \nieframe.dll.mui| 11.0.9600.19846| 23-Sep-2020| 22:27| 2,066,432 \nieframe.dll.mui| 11.0.9600.19846| 23-Sep-2020| 22:26| 2,121,216 \nieframe.dll.mui| 11.0.9600.19846| 23-Sep-2020| 22:26| 2,075,136 \nieframe.dll.mui| 11.0.9600.19846| 23-Sep-2020| 22:27| 2,063,872 \nieframe.dll.mui| 11.0.9600.19846| 23-Sep-2020| 22:26| 2,314,240 \nieframe.dll.mui| 11.0.9600.19846| 23-Sep-2020| 22:29| 2,390,528 \nieframe.dll.mui| 11.0.9600.19846| 23-Sep-2020| 22:29| 2,034,176 \nieframe.dll.mui| 11.0.9600.19846| 23-Sep-2020| 21:39| 2,033,152 \nieframe.dll.mui| 11.0.9600.19846| 23-Sep-2020| 22:29| 2,307,584 \nieframe.dll.mui| 11.0.9600.19846| 23-Sep-2020| 22:29| 2,255,872 \nieframe.dll.mui| 11.0.9600.19846| 23-Sep-2020| 22:30| 2,061,312 \nieframe.dll.mui| 11.0.9600.19846| 23-Sep-2020| 22:26| 2,326,016 \nieframe.dll.mui| 11.0.9600.19846| 23-Sep-2020| 22:29| 2,019,840 \nieframe.dll.mui| 11.0.9600.19846| 23-Sep-2020| 22:29| 2,071,040 \nieframe.dll.mui| 11.0.9600.19846| 23-Sep-2020| 22:29| 2,082,816 \nieframe.dll.mui| 11.0.9600.19846| 23-Sep-2020| 22:27| 2,307,584 \nieframe.dll.mui| 11.0.9600.19846| 23-Sep-2020| 22:26| 2,170,368 \nieframe.dll.mui| 11.0.9600.19846| 23-Sep-2020| 22:27| 2,153,984 \nieframe.dll.mui| 11.0.9600.19846| 23-Sep-2020| 22:26| 2,291,712 \nieframe.dll.mui| 11.0.9600.19846| 23-Sep-2020| 22:27| 2,283,520 \nieframe.dll.mui| 11.0.9600.19846| 23-Sep-2020| 22:26| 2,052,096 \nieframe.dll.mui| 11.0.9600.19846| 23-Sep-2020| 22:27| 2,301,952 \nieframe.dll.mui| 11.0.9600.19846| 23-Sep-2020| 22:27| 2,093,056 \nieframe.dll.mui| 11.0.9600.19846| 23-Sep-2020| 22:30| 2,075,648 \nieframe.dll.mui| 11.0.9600.19846| 23-Sep-2020| 22:30| 2,299,392 \nieframe.dll.mui| 11.0.9600.19846| 23-Sep-2020| 22:30| 2,094,592 \nieframe.dll.mui| 11.0.9600.19846| 23-Sep-2020| 22:30| 2,316,800 \nieframe.dll.mui| 11.0.9600.19846| 23-Sep-2020| 22:30| 2,305,536 \nieframe.dll.mui| 11.0.9600.19846| 23-Sep-2020| 22:30| 2,278,912 \nieframe.dll.mui| 11.0.9600.20091| 12-Jul-2021| 23:26| 2,286,080 \nieframe.dll.mui| 11.0.9600.19846| 23-Sep-2020| 22:30| 2,060,288 \nieframe.dll.mui| 11.0.9600.19846| 23-Sep-2020| 22:30| 2,315,776 \nieframe.dll.mui| 11.0.9600.19846| 23-Sep-2020| 22:30| 2,278,912 \nieframe.dll.mui| 11.0.9600.19846| 23-Sep-2020| 22:29| 2,324,992 \nieframe.dll.mui| 11.0.9600.19846| 23-Sep-2020| 22:30| 2,098,176 \nieframe.dll.mui| 11.0.9600.19846| 23-Sep-2020| 22:26| 1,890,304 \nieframe.dll.mui| 11.0.9600.19846| 23-Sep-2020| 22:26| 1,890,304 \nieinstal.exe| 11.0.9600.18921| 9-Feb-2018| 21:35| 475,648 \ninetcomm.dll| 6.3.9600.20091| 12-Jul-2021| 20:41| 880,640 \nINETRES.dll| 6.3.9600.16384| 21-Aug-2013| 21:14| 84,480 \n \n### \n\n__\n\nInternet Explorer 11 on all supported Arm-based versions\n\n**File name**| **File version**| **Date**| **Time**| **File size** \n---|---|---|---|--- \nactxprxy.dll| 6.3.9600.20045| 4-Jun-2021| 20:58| 1,064,960 \nhlink.dll| 6.3.9600.19101| 18-Jul-2018| 20:30| 68,608 \npngfilt.dll| 11.0.9600.19963| 12-Feb-2021| 18:21| 47,616 \nurlmon.dll| 11.0.9600.20091| 12-Jul-2021| 20:05| 1,035,264 \niexplore.exe| 11.0.9600.19867| 12-Oct-2020| 22:01| 807,816 \nWininetPlugin.dll| 6.3.9600.16384| 21-Aug-2013| 19:52| 33,792 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 13:08| 46,592 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 13:08| 52,736 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 13:08| 51,200 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 13:08| 51,200 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 13:08| 56,320 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 13:09| 57,856 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 13:09| 49,664 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 10:19| 49,664 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 13:09| 54,272 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 13:09| 47,616 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 13:09| 49,152 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 13:08| 55,296 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 13:09| 45,056 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 13:09| 51,712 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 13:09| 51,712 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 13:09| 53,248 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 13:09| 39,424 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 13:09| 35,840 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 13:09| 50,176 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 13:09| 51,200 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 13:09| 50,688 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 13:10| 52,736 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 13:09| 53,760 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 13:08| 54,272 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 13:07| 54,272 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 13:08| 52,736 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 13:08| 51,200 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 13:08| 53,248 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 13:08| 52,736 \nwininet.dll.mui| 11.0.9600.20091| 12-Jul-2021| 21:58| 51,712 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 13:07| 50,688 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 13:06| 50,688 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 13:06| 50,176 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 13:06| 50,176 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 13:06| 31,232 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 13:08| 31,232 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 13:08| 31,232 \nhtml.iec| 2019.0.0.20045| 4-Jun-2021| 21:28| 320,000 \ninetcpl.cpl| 11.0.9600.20045| 4-Jun-2021| 21:05| 2,007,040 \nmshtml.dll.mui| 11.0.9600.19507| 5-Oct-2019| 20:51| 307,200 \nmshtml.dll.mui| 11.0.9600.19507| 5-Oct-2019| 20:51| 293,888 \nmshtml.dll.mui| 11.0.9600.19507| 5-Oct-2019| 20:51| 290,304 \nmshtml.dll.mui| 11.0.9600.19507| 5-Oct-2019| 20:51| 289,280 \nmshtml.dll.mui| 11.0.9600.19507| 5-Oct-2019| 20:51| 299,008 \nmshtml.dll.mui| 11.0.9600.19507| 5-Oct-2019| 20:51| 303,104 \nmshtml.dll.mui| 11.0.9600.19507| 5-Oct-2019| 20:51| 282,112 \nmshtml.dll.mui| 11.0.9600.19507| 5-Oct-2019| 20:16| 282,112 \nmshtml.dll.mui| 11.0.9600.19507| 5-Oct-2019| 20:52| 296,960 \nmshtml.dll.mui| 11.0.9600.19507| 5-Oct-2019| 20:51| 283,648 \nmshtml.dll.mui| 11.0.9600.19507| 5-Oct-2019| 20:51| 291,840 \nmshtml.dll.mui| 11.0.9600.19507| 5-Oct-2019| 20:51| 299,520 \nmshtml.dll.mui| 11.0.9600.19507| 5-Oct-2019| 20:51| 275,968 \nmshtml.dll.mui| 11.0.9600.19507| 5-Oct-2019| 20:52| 290,816 \nmshtml.dll.mui| 11.0.9600.19507| 5-Oct-2019| 20:51| 293,376 \nmshtml.dll.mui| 11.0.9600.19507| 5-Oct-2019| 20:51| 296,960 \nmshtml.dll.mui| 11.0.9600.19507| 5-Oct-2019| 20:51| 258,048 \nmshtml.dll.mui| 11.0.9600.19507| 5-Oct-2019| 20:51| 256,512 \nmshtml.dll.mui| 11.0.9600.19507| 5-Oct-2019| 20:51| 289,280 \nmshtml.dll.mui| 11.0.9600.19507| 5-Oct-2019| 20:51| 288,256 \nmshtml.dll.mui| 11.0.9600.19507| 5-Oct-2019| 20:51| 285,184 \nmshtml.dll.mui| 11.0.9600.19507| 5-Oct-2019| 20:51| 295,424 \nmshtml.dll.mui| 11.0.9600.19507| 5-Oct-2019| 20:51| 297,472 \nmshtml.dll.mui| 11.0.9600.19507| 5-Oct-2019| 20:50| 292,864 \nmshtml.dll.mui| 11.0.9600.19507| 5-Oct-2019| 20:50| 295,424 \nmshtml.dll.mui| 11.0.9600.19507| 5-Oct-2019| 20:51| 294,400 \nmshtml.dll.mui| 11.0.9600.19507| 5-Oct-2019| 20:50| 294,400 \nmshtml.dll.mui| 11.0.9600.19507| 5-Oct-2019| 20:50| 292,864 \nmshtml.dll.mui| 11.0.9600.19507| 5-Oct-2019| 20:51| 290,816 \nmshtml.dll.mui| 11.0.9600.20091| 12-Jul-2021| 21:58| 290,816 \nmshtml.dll.mui| 11.0.9600.19507| 5-Oct-2019| 20:50| 286,208 \nmshtml.dll.mui| 11.0.9600.19507| 5-Oct-2019| 20:48| 281,600 \nmshtml.dll.mui| 11.0.9600.19507| 5-Oct-2019| 20:48| 286,720 \nmshtml.dll.mui| 11.0.9600.19507| 5-Oct-2019| 20:48| 292,352 \nmshtml.dll.mui| 11.0.9600.19507| 5-Oct-2019| 20:48| 242,176 \nmshtml.dll.mui| 11.0.9600.19507| 5-Oct-2019| 20:51| 243,200 \nmshtml.dll.mui| 11.0.9600.19507| 5-Oct-2019| 20:51| 243,200 \nF12Resources.dll.mui| 11.0.9600.17278| 16-Aug-2014| 4:19| 73,728 \nF12Resources.dll.mui| 11.0.9600.17278| 16-Aug-2014| 4:19| 67,584 \nF12Resources.dll.mui| 11.0.9600.17278| 16-Aug-2014| 4:19| 67,584 \nF12Resources.dll.mui| 11.0.9600.17278| 16-Aug-2014| 4:19| 74,240 \nF12Resources.dll.mui| 11.0.9600.17278| 16-Aug-2014| 4:19| 78,848 \nF12Resources.dll.mui| 11.0.9600.17278| 16-Aug-2014| 4:19| 61,440 \nF12Resources.dll.mui| 11.0.9600.17278| 15-Aug-2014| 18:39| 61,440 \nF12Resources.dll.mui| 11.0.9600.17278| 16-Aug-2014| 4:19| 74,752 \nF12Resources.dll.mui| 11.0.9600.17278| 16-Aug-2014| 4:19| 62,464 \nF12Resources.dll.mui| 11.0.9600.17278| 16-Aug-2014| 4:27| 68,096 \nF12Resources.dll.mui| 11.0.9600.17278| 16-Aug-2014| 4:27| 75,264 \nF12Resources.dll.mui| 11.0.9600.17278| 16-Aug-2014| 4:28| 68,608 \nF12Resources.dll.mui| 11.0.9600.17278| 16-Aug-2014| 4:27| 71,680 \nF12Resources.dll.mui| 11.0.9600.17278| 16-Aug-2014| 4:27| 73,216 \nF12Resources.dll.mui| 11.0.9600.17278| 16-Aug-2014| 4:18| 41,472 \nF12Resources.dll.mui| 11.0.9600.17278| 16-Aug-2014| 4:18| 37,888 \nF12Resources.dll.mui| 11.0.9600.17278| 16-Aug-2014| 4:18| 68,608 \nF12Resources.dll.mui| 11.0.9600.17278| 16-Aug-2014| 4:18| 67,584 \nF12Resources.dll.mui| 11.0.9600.17278| 16-Aug-2014| 4:18| 65,536 \nF12Resources.dll.mui| 11.0.9600.17278| 16-Aug-2014| 4:18| 74,240 \nF12Resources.dll.mui| 11.0.9600.17278| 16-Aug-2014| 4:18| 70,656 \nF12Resources.dll.mui| 11.0.9600.17278| 16-Aug-2014| 4:18| 71,168 \nF12Resources.dll.mui| 11.0.9600.17278| 16-Aug-2014| 4:18| 71,680 \nF12Resources.dll.mui| 11.0.9600.17278| 16-Aug-2014| 4:18| 71,168 \nF12Resources.dll.mui| 11.0.9600.17278| 16-Aug-2014| 4:27| 69,632 \nF12Resources.dll.mui| 11.0.9600.17278| 16-Aug-2014| 4:27| 68,096 \nF12Resources.dll.mui| 11.0.9600.17278| 16-Aug-2014| 4:26| 68,608 \nF12Resources.dll.mui| 11.0.9600.20091| 12-Jul-2021| 21:58| 68,096 \nF12Resources.dll.mui| 11.0.9600.17278| 16-Aug-2014| 4:27| 65,536 \nF12Resources.dll.mui| 11.0.9600.17278| 16-Aug-2014| 4:27| 59,904 \nF12Resources.dll.mui| 11.0.9600.17278| 16-Aug-2014| 4:27| 65,536 \nF12Resources.dll.mui| 11.0.9600.17278| 16-Aug-2014| 4:26| 69,120 \nF12Resources.dll.mui| 11.0.9600.17278| 16-Aug-2014| 4:27| 29,696 \nF12Resources.dll.mui| 11.0.9600.17278| 16-Aug-2014| 4:19| 30,720 \nF12Resources.dll.mui| 11.0.9600.17278| 16-Aug-2014| 4:18| 30,720 \nJavaScriptCollectionAgent.dll| 11.0.9600.19963| 12-Feb-2021| 18:03| 63,488 \nDiagnosticsHub.ScriptedSandboxPlugin.dll| 11.0.9600.19963| 12-Feb-2021| 18:04| 215,552 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 13:02| 46,080 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 13:02| 50,176 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 13:02| 48,640 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 13:02| 49,664 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 13:02| 51,712 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 13:03| 54,272 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 13:03| 48,128 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 10:09| 48,128 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 13:03| 50,176 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 13:03| 47,616 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 13:04| 49,152 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 13:02| 50,688 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 13:03| 45,056 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 13:03| 49,152 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 13:03| 49,152 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 12:54| 49,664 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 12:53| 39,936 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 12:53| 39,424 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 12:53| 47,616 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 12:53| 47,616 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 12:53| 48,640 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 12:53| 51,200 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 12:53| 50,688 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 13:03| 49,152 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 13:02| 50,176 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 13:02| 49,152 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 13:02| 48,640 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 13:02| 49,664 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 13:02| 48,640 \nurlmon.dll.mui| 11.0.9600.20091| 12-Jul-2021| 21:57| 49,664 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 13:02| 48,640 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 12:59| 48,128 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 12:58| 49,152 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 12:58| 48,128 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 12:58| 35,328 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 13:02| 35,328 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 13:02| 35,328 \nwininet.dll| 11.0.9600.20091| 12-Jul-2021| 20:04| 4,147,712 \njsproxy.dll| 11.0.9600.17416| 30-Oct-2014| 19:43| 39,936 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 15:24| 114,176 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 15:24| 130,560 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 15:24| 124,928 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 15:24| 122,880 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 15:24| 130,048 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 15:23| 138,240 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 15:23| 114,688 \ninetcpl.cpl.mui| 11.0.9600.18698| 14-May-2017| 12:41| 114,688 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 15:23| 131,584 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 15:23| 117,760 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 15:23| 122,368 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 15:24| 134,144 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 15:23| 107,008 \ninetcpl.cpl.mui| 11.0.9600.18838| 14-Oct-2017| 0:14| 123,392 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 15:24| 127,488 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 15:23| 128,512 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 15:23| 88,064 \ninetcpl.cpl.mui| 11.0.9600.18838| 14-Oct-2017| 0:14| 82,944 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 15:23| 125,440 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 15:23| 123,392 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 15:23| 120,320 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 15:24| 130,560 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 15:23| 129,024 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 15:24| 125,952 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 15:24| 129,024 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 15:24| 128,000 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 15:24| 123,904 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 15:24| 129,024 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 15:24| 123,904 \ninetcpl.cpl.mui| 11.0.9600.20091| 12-Jul-2021| 21:57| 124,416 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 15:24| 121,856 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 15:21| 115,712 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 15:21| 123,904 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 15:22| 125,440 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 15:21| 74,752 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 15:23| 75,776 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 15:24| 75,776 \nieui.dll| 11.0.9600.19650| 11-Feb-2020| 4:46| 427,520 \niedkcs32.dll| 18.0.9600.19963| 12-Feb-2021| 17:52| 292,864 \ninstall.ins| Not versioned| 12-Jul-2021| 19:01| 464 \nieapfltr.dat| 10.0.9301.0| 23-Sep-2013| 19:22| 616,104 \nieapfltr.dll| 11.0.9600.20091| 12-Jul-2021| 20:07| 548,864 \niepeers.dll| 11.0.9600.19963| 12-Feb-2021| 17:59| 107,008 \nlicmgr10.dll| 11.0.9600.17416| 30-Oct-2014| 19:34| 23,552 \ntdc.ocx| 11.0.9600.19963| 12-Feb-2021| 18:02| 62,464 \nDiagnosticsHub.DataWarehouse.dll| 11.0.9600.17416| 30-Oct-2014| 19:52| 495,616 \niedvtool.dll| 11.0.9600.20045| 4-Jun-2021| 21:19| 726,016 \nDiagnosticsHub_is.dll| 11.0.9600.19963| 12-Feb-2021| 18:22| 39,936 \ndxtmsft.dll| 11.0.9600.19963| 12-Feb-2021| 18:06| 364,032 \ndxtrans.dll| 11.0.9600.19963| 12-Feb-2021| 17:58| 221,696 \nMicrosoft-Windows-IE-F12-Provider.ptxml| Not versioned| 15-Aug-2014| 15:50| 11,892 \nF12.dll.mui| 11.0.9600.17278| 16-Aug-2014| 4:18| 4,096 \nF12.dll.mui| 11.0.9600.17278| 16-Aug-2014| 4:18| 4,096 \nF12.dll.mui| 11.0.9600.17278| 16-Aug-2014| 4:19| 4,096 \nF12.dll.mui| 11.0.9600.17278| 16-Aug-2014| 4:19| 4,096 \nF12.dll.mui| 11.0.9600.17278| 16-Aug-2014| 4:19| 4,096 \nF12.dll.mui| 11.0.9600.17278| 16-Aug-2014| 4:20| 4,096 \nF12.dll.mui| 11.0.9600.17278| 15-Aug-2014| 18:39| 4,096 \nF12.dll.mui| 11.0.9600.17278| 16-Aug-2014| 4:19| 4,096 \nF12.dll.mui| 11.0.9600.17278| 16-Aug-2014| 4:18| 4,096 \nF12.dll.mui| 11.0.9600.17278| 16-Aug-2014| 4:27| 4,096 \nF12.dll.mui| 11.0.9600.17278| 16-Aug-2014| 4:28| 4,096 \nF12.dll.mui| 11.0.9600.17278| 16-Aug-2014| 4:27| 4,096 \nF12.dll.mui| 11.0.9600.17278| 16-Aug-2014| 4:27| 4,096 \nF12.dll.mui| 11.0.9600.17278| 16-Aug-2014| 4:27| 4,096 \nF12.dll.mui| 11.0.9600.17278| 16-Aug-2014| 4:18| 3,584 \nF12.dll.mui| 11.0.9600.17278| 16-Aug-2014| 4:19| 3,584 \nF12.dll.mui| 11.0.9600.17278| 16-Aug-2014| 4:18| 4,096 \nF12.dll.mui| 11.0.9600.17278| 16-Aug-2014| 4:17| 4,096 \nF12.dll.mui| 11.0.9600.17278| 16-Aug-2014| 4:18| 4,096 \nF12.dll.mui| 11.0.9600.17278| 16-Aug-2014| 4:18| 4,096 \nF12.dll.mui| 11.0.9600.17278| 16-Aug-2014| 4:19| 4,096 \nF12.dll.mui| 11.0.9600.17278| 16-Aug-2014| 4:18| 4,096 \nF12.dll.mui| 11.0.9600.17278| 16-Aug-2014| 4:18| 4,096 \nF12.dll.mui| 11.0.9600.17278| 16-Aug-2014| 4:18| 4,096 \nF12.dll.mui| 11.0.9600.17278| 16-Aug-2014| 4:27| 4,096 \nF12.dll.mui| 11.0.9600.17278| 16-Aug-2014| 4:27| 4,096 \nF12.dll.mui| 11.0.9600.17278| 16-Aug-2014| 4:26| 4,096 \nF12.dll.mui| 11.0.9600.20091| 12-Jul-2021| 21:57| 4,096 \nF12.dll.mui| 11.0.9600.17278| 16-Aug-2014| 4:26| 4,096 \nF12.dll.mui| 11.0.9600.17278| 16-Aug-2014| 4:27| 4,096 \nF12.dll.mui| 11.0.9600.17278| 16-Aug-2014| 4:26| 4,096 \nF12.dll.mui| 11.0.9600.17278| 16-Aug-2014| 4:26| 4,096 \nF12.dll.mui| 11.0.9600.17278| 16-Aug-2014| 4:27| 3,584 \nF12.dll.mui| 11.0.9600.17278| 16-Aug-2014| 4:19| 3,584 \nF12.dll.mui| 11.0.9600.17278| 16-Aug-2014| 4:18| 3,584 \nDiagnosticsTap.dll| 11.0.9600.20045| 4-Jun-2021| 21:17| 175,616 \nF12Resources.dll| 11.0.9600.17496| 21-Nov-2014| 17:44| 10,948,608 \nF12Tools.dll| 11.0.9600.20045| 4-Jun-2021| 21:16| 263,680 \nF12.dll| 11.0.9600.20045| 4-Jun-2021| 21:08| 1,186,304 \nmsfeeds.dll| 11.0.9600.20091| 12-Jul-2021| 20:21| 587,776 \nmsfeeds.mof| Not versioned| 5-Feb-2014| 21:51| 1,518 \nmsfeedsbs.mof| Not versioned| 21-Aug-2013| 16:43| 1,574 \nmsfeedsbs.dll| 11.0.9600.19650| 11-Feb-2020| 4:34| 43,520 \nmsfeedssync.exe| 11.0.9600.16384| 21-Aug-2013| 20:05| 11,776 \nmshtmled.dll| 11.0.9600.19963| 12-Feb-2021| 18:00| 73,216 \nmshtml.dll| 11.0.9600.20091| 12-Jul-2021| 20:22| 16,228,864 \nmshtml.tlb| 11.0.9600.16518| 6-Feb-2014| 1:36| 2,724,864 \nMicrosoft-Windows-IE-HTMLRendering.ptxml| Not versioned| 5-Feb-2014| 21:39| 3,228 \nIEAdvpack.dll| 11.0.9600.16384| 21-Aug-2013| 19:54| 98,816 \nieetwcollector.exe| 11.0.9600.18658| 5-Apr-2017| 10:29| 98,816 \nieetwproxystub.dll| 11.0.9600.16518| 6-Feb-2014| 1:23| 43,008 \nieetwcollectorres.dll| 11.0.9600.16518| 6-Feb-2014| 1:36| 4,096 \nielowutil.exe| 11.0.9600.17031| 22-Feb-2014| 1:32| 222,208 \nieproxy.dll| 11.0.9600.19963| 12-Feb-2021| 17:33| 308,224 \nIEShims.dll| 11.0.9600.19650| 11-Feb-2020| 4:11| 268,800 \nimgutil.dll| 11.0.9600.19963| 12-Feb-2021| 17:43| 34,816 \nWindows Pop-up Blocked.wav| Not versioned| 23-Sep-2013| 20:25| 85,548 \nWindows Information Bar.wav| Not versioned| 23-Sep-2013| 20:25| 23,308 \nWindows Feed Discovered.wav| Not versioned| 23-Sep-2013| 20:25| 19,884 \nWindows Navigation Start.wav| Not versioned| 23-Sep-2013| 20:25| 11,340 \nbing.ico| Not versioned| 23-Sep-2013| 19:51| 5,430 \nieUnatt.exe| 11.0.9600.16518| 6-Feb-2014| 1:12| 112,128 \nMicrosoft-Windows-IE-InternetExplorer-ppdlic.xrm-ms| Not versioned| 12-Jul-2021| 21:21| 2,956 \njsdbgui.dll| 11.0.9600.19963| 12-Feb-2021| 18:01| 457,216 \njsprofilerui.dll| 11.0.9600.19963| 12-Feb-2021| 18:01| 574,976 \nMemoryAnalyzer.dll| 11.0.9600.19963| 12-Feb-2021| 18:12| 1,935,360 \nMshtmlDac.dll| 11.0.9600.19867| 12-Oct-2020| 21:22| 60,928 \nnetworkinspection.dll| 11.0.9600.19963| 12-Feb-2021| 17:57| 1,105,408 \noccache.dll| 11.0.9600.19867| 12-Oct-2020| 21:01| 121,856 \ndesktop.ini| Not versioned| 18-Jun-2013| 7:46| 65 \nwebcheck.dll| 11.0.9600.19867| 12-Oct-2020| 20:57| 201,216 \ndesktop.ini| Not versioned| 18-Jun-2013| 7:46| 65 \npdm.dll| 12.0.20712.1| 26-Jul-2013| 10:03| 420,752 \nmsdbg2.dll| 12.0.20712.1| 26-Jul-2013| 10:03| 295,320 \npdmproxy100.dll| 12.0.20712.1| 26-Jul-2013| 10:03| 76,712 \nmsrating.dll| 11.0.9600.17905| 15-Jun-2015| 12:46| 157,184 \nicrav03.rat| Not versioned| 23-Sep-2013| 19:32| 8,798 \nticrf.rat| Not versioned| 23-Sep-2013| 19:32| 1,988 \niertutil.dll| 11.0.9600.20064| 14-Jun-2021| 20:45| 2,186,240 \nie4uinit.exe| 11.0.9600.19963| 12-Feb-2021| 17:52| 678,400 \niernonce.dll| 11.0.9600.16518| 6-Feb-2014| 1:15| 28,160 \niesetup.dll| 11.0.9600.16518| 6-Feb-2014| 1:23| 59,904 \nieuinit.inf| Not versioned| 12-Mar-2015| 18:46| 16,303 \ninseng.dll| 11.0.9600.16384| 21-Aug-2013| 19:35| 77,312 \niesysprep.dll| 11.0.9600.17416| 30-Oct-2014| 19:28| 87,552 \nTimeline.dll| 11.0.9600.19963| 12-Feb-2021| 18:02| 155,648 \nTimeline_is.dll| 11.0.9600.19963| 12-Feb-2021| 18:14| 130,048 \nTimeline.cpu.xml| Not versioned| 24-Jul-2014| 12:09| 3,197 \nVGX.dll| 11.0.9600.19963| 12-Feb-2021| 18:00| 734,720 \nurl.dll| 11.0.9600.17416| 30-Oct-2014| 19:49| 236,032 \nieframe.dll.mui| 11.0.9600.19846| 23-Sep-2020| 21:51| 2,066,432 \nieframe.dll.mui| 11.0.9600.19846| 23-Sep-2020| 21:51| 2,121,216 \nieframe.dll.mui| 11.0.9600.19846| 23-Sep-2020| 21:51| 2,075,136 \nieframe.dll.mui| 11.0.9600.19846| 23-Sep-2020| 21:51| 2,063,872 \nieframe.dll.mui| 11.0.9600.19846| 23-Sep-2020| 21:51| 2,314,240 \nieframe.dll.mui| 11.0.9600.19846| 23-Sep-2020| 21:54| 2,390,528 \nieframe.dll.mui| 11.0.9600.19846| 23-Sep-2020| 21:53| 2,034,176 \nieframe.dll.mui| 11.0.9600.19846| 23-Sep-2020| 21:03| 2,033,152 \nieframe.dll.mui| 11.0.9600.19846| 23-Sep-2020| 21:53| 2,307,584 \nieframe.dll.mui| 11.0.9600.19846| 23-Sep-2020| 21:54| 2,255,872 \nieframe.dll.mui| 11.0.9600.19846| 23-Sep-2020| 21:53| 2,061,312 \nieframe.dll.mui| 11.0.9600.19846| 23-Sep-2020| 21:51| 2,326,016 \nieframe.dll.mui| 11.0.9600.19846| 23-Sep-2020| 21:54| 2,019,840 \nieframe.dll.mui| 11.0.9600.19846| 23-Sep-2020| 21:53| 2,071,040 \nieframe.dll.mui| 11.0.9600.19846| 23-Sep-2020| 21:53| 2,082,816 \nieframe.dll.mui| 11.0.9600.19846| 23-Sep-2020| 21:52| 2,307,584 \nieframe.dll.mui| 11.0.9600.19846| 23-Sep-2020| 21:53| 2,170,368 \nieframe.dll.mui| 11.0.9600.19846| 23-Sep-2020| 21:53| 2,153,984 \nieframe.dll.mui| 11.0.9600.19846| 23-Sep-2020| 21:52| 2,291,712 \nieframe.dll.mui| 11.0.9600.19846| 23-Sep-2020| 21:52| 2,283,520 \nieframe.dll.mui| 11.0.9600.19846| 23-Sep-2020| 21:52| 2,052,096 \nieframe.dll.mui| 11.0.9600.19846| 23-Sep-2020| 21:52| 2,301,952 \nieframe.dll.mui| 11.0.9600.19846| 23-Sep-2020| 21:52| 2,093,056 \nieframe.dll.mui| 11.0.9600.19846| 23-Sep-2020| 21:53| 2,075,648 \nieframe.dll.mui| 11.0.9600.19846| 23-Sep-2020| 21:52| 2,299,392 \nieframe.dll.mui| 11.0.9600.19846| 23-Sep-2020| 21:52| 2,094,592 \nieframe.dll.mui| 11.0.9600.19846| 23-Sep-2020| 21:52| 2,316,800 \nieframe.dll.mui| 11.0.9600.19846| 23-Sep-2020| 21:52| 2,305,536 \nieframe.dll.mui| 11.0.9600.19846| 23-Sep-2020| 21:52| 2,278,912 \nieframe.dll.mui| 11.0.9600.20091| 12-Jul-2021| 22:01| 2,286,080 \nieframe.dll.mui| 11.0.9600.19846| 23-Sep-2020| 21:52| 2,060,288 \nieframe.dll.mui| 11.0.9600.19846| 23-Sep-2020| 21:49| 2,315,776 \nieframe.dll.mui| 11.0.9600.19846| 23-Sep-2020| 21:49| 2,278,912 \nieframe.dll.mui| 11.0.9600.19846| 23-Sep-2020| 21:48| 2,324,992 \nieframe.dll.mui| 11.0.9600.19846| 23-Sep-2020| 21:49| 2,098,176 \nieframe.dll.mui| 11.0.9600.19846| 23-Sep-2020| 21:51| 1,890,304 \nieframe.dll.mui| 11.0.9600.19846| 23-Sep-2020| 21:50| 1,890,304 \nieframe.dll| 11.0.9600.20091| 12-Jul-2021| 20:09| 12,314,624 \nieframe.ptxml| Not versioned| 5-Feb-2014| 21:38| 24,486 \nInetRes.adml| Not versioned| 12-Feb-2021| 19:34| 526,294 \nInetRes.adml| Not versioned| 12-Feb-2021| 19:34| 499,654 \nInetRes.adml| Not versioned| 12-Feb-2021| 19:34| 552,337 \nInetRes.adml| Not versioned| 12-Feb-2021| 19:32| 944,559 \nInetRes.adml| Not versioned| 12-Feb-2021| 18:45| 457,561 \nInetRes.adml| Not versioned| 12-Feb-2021| 19:32| 543,946 \nInetRes.adml| Not versioned| 12-Feb-2021| 19:32| 526,557 \nInetRes.adml| Not versioned| 12-Feb-2021| 19:33| 575,838 \nInetRes.adml| Not versioned| 12-Feb-2021| 19:32| 570,737 \nInetRes.adml| Not versioned| 12-Feb-2021| 19:31| 548,119 \nInetRes.adml| Not versioned| 12-Feb-2021| 19:31| 639,271 \nInetRes.adml| Not versioned| 12-Feb-2021| 19:31| 525,504 \nInetRes.adml| Not versioned| 12-Feb-2021| 19:31| 488,488 \nInetRes.adml| Not versioned| 12-Feb-2021| 19:31| 548,494 \nInetRes.adml| Not versioned| 12-Feb-2021| 19:30| 559,343 \nInetRes.adml| Not versioned| 12-Feb-2021| 19:30| 535,067 \nInetRes.adml| Not versioned| 12-Feb-2021| 19:30| 541,455 \nInetRes.adml| Not versioned| 12-Feb-2021| 19:30| 804,470 \nInetRes.adml| Not versioned| 12-Feb-2021| 19:30| 503,909 \nInetRes.adml| Not versioned| 12-Feb-2021| 19:30| 521,583 \nInetRes.adml| Not versioned| 12-Feb-2021| 19:30| 420,082 \nInetRes.adml| Not versioned| 12-Feb-2021| 19:33| 436,651 \nInetRes.adml| Not versioned| 12-Feb-2021| 19:33| 436,651 \ninetres.admx| Not versioned| 11-Jan-2021| 19:24| 1,678,023 \ninetcomm.dll| 6.3.9600.20091| 12-Jul-2021| 20:24| 675,328 \nINETRES.dll| 6.3.9600.16384| 21-Aug-2013| 20:15| 84,480 \njscript9.dll| 11.0.9600.20091| 12-Jul-2021| 20:14| 3,571,712 \njscript9diag.dll| 11.0.9600.20045| 4-Jun-2021| 21:23| 557,568 \njscript.dll| 5.8.9600.20091| 12-Jul-2021| 20:39| 516,096 \nvbscript.dll| 5.8.9600.20091| 12-Jul-2021| 20:43| 403,968 \n \n### Windows Server 2012\n\n### \n\n__\n\nInternet Explorer 11 on all supported x86-based versions\n\n**File name**| **File version**| **Date**| **Time**| **File size** \n---|---|---|---|--- \nFileinfo.xml| Not versioned| 17-Jul-21| 1:30| 589,338 \nIe11-windows6.2-kb5005036-x86-express.cab| Not versioned| 17-Jul-21| 0:12| 729,960 \nIe11-windows6.2-kb5005036-x86.msu| Not versioned| 16-Jul-21| 23:39| 27,620,947 \nIe11-windows6.2-kb5005036-x86.psf| Not versioned| 16-Jul-21| 23:56| 184,407,260 \nPackageinfo.xml| Not versioned| 17-Jul-21| 1:30| 1,133 \nPackagestructure.xml| Not versioned| 17-Jul-21| 1:30| 149,422 \nPrebvtpackageinfo.xml| Not versioned| 17-Jul-21| 1:30| 573 \nIe11-windows6.2-kb5005036-x86.cab| Not versioned| 16-Jul-21| 23:23| 27,491,828 \nIe11-windows6.2-kb5005036-x86.xml| Not versioned| 16-Jul-21| 23:31| 450 \nWsusscan.cab| Not versioned| 16-Jul-21| 23:33| 173,630 \nUrlmon.dll| 11.0.9600.20091| 13-Jul-21| 3:21| 1,342,976 \nIexplore.exe| 11.0.9600.20091| 16-Jul-21| 18:01| 810,384 \nWininet.dll.mui| 11.0.9600.20091| 16-Jul-21| 18:01| 46,592 \nWininet.dll.mui| 11.0.9600.20091| 16-Jul-21| 18:02| 52,736 \nWininet.dll.mui| 11.0.9600.20091| 16-Jul-21| 18:03| 51,200 \nWininet.dll.mui| 11.0.9600.20091| 16-Jul-21| 18:04| 51,200 \nWininet.dll.mui| 11.0.9600.20091| 16-Jul-21| 18:04| 56,320 \nWininet.dll.mui| 11.0.9600.20091| 16-Jul-21| 18:04| 57,856 \nWininet.dll.mui| 11.0.9600.20091| 16-Jul-21| 18:05| 54,272 \nWininet.dll.mui| 11.0.9600.20091| 16-Jul-21| 18:06| 47,616 \nWininet.dll.mui| 11.0.9600.20091| 16-Jul-21| 18:06| 49,152 \nWininet.dll.mui| 11.0.9600.20091| 16-Jul-21| 18:07| 55,296 \nWininet.dll.mui| 11.0.9600.20091| 16-Jul-21| 18:08| 45,056 \nWininet.dll.mui| 11.0.9600.20091| 16-Jul-21| 18:08| 51,712 \nWininet.dll.mui| 11.0.9600.20091| 16-Jul-21| 18:09| 51,712 \nWininet.dll.mui| 11.0.9600.20091| 16-Jul-21| 18:10| 53,248 \nWininet.dll.mui| 11.0.9600.20091| 16-Jul-21| 18:10| 39,424 \nWininet.dll.mui| 11.0.9600.20091| 16-Jul-21| 18:11| 35,840 \nWininet.dll.mui| 11.0.9600.20091| 16-Jul-21| 18:12| 50,176 \nWininet.dll.mui| 11.0.9600.20091| 16-Jul-21| 18:12| 51,200 \nWininet.dll.mui| 11.0.9600.20091| 16-Jul-21| 18:13| 50,688 \nWininet.dll.mui| 11.0.9600.20091| 16-Jul-21| 18:13| 52,736 \nWininet.dll.mui| 11.0.9600.20091| 16-Jul-21| 18:14| 53,760 \nWininet.dll.mui| 11.0.9600.20091| 16-Jul-21| 18:15| 54,272 \nWininet.dll.mui| 11.0.9600.20091| 16-Jul-21| 18:15| 54,272 \nWininet.dll.mui| 11.0.9600.20091| 16-Jul-21| 18:16| 52,736 \nWininet.dll.mui| 11.0.9600.20091| 16-Jul-21| 18:16| 51,200 \nWininet.dll.mui| 11.0.9600.20091| 16-Jul-21| 18:17| 53,248 \nWininet.dll.mui| 11.0.9600.20091| 16-Jul-21| 18:18| 52,736 \nWininet.dll.mui| 11.0.9600.20091| 16-Jul-21| 18:18| 51,712 \nWininet.dll.mui| 11.0.9600.20091| 16-Jul-21| 18:19| 50,688 \nWininet.dll.mui| 11.0.9600.20091| 16-Jul-21| 18:19| 50,688 \nWininet.dll.mui| 11.0.9600.20091| 16-Jul-21| 18:20| 50,176 \nWininet.dll.mui| 11.0.9600.20091| 16-Jul-21| 18:21| 50,176 \nWininet.dll.mui| 11.0.9600.20091| 16-Jul-21| 18:21| 30,720 \nWininet.dll.mui| 11.0.9600.20091| 16-Jul-21| 18:22| 30,720 \nWininet.dll.mui| 11.0.9600.20091| 16-Jul-21| 18:22| 30,720 \nInetcpl.cpl| 11.0.9600.20091| 13-Jul-21| 3:37| 2,058,752 \nMshtml.dll.mui| 11.0.9600.20091| 16-Jul-21| 18:01| 307,200 \nMshtml.dll.mui| 11.0.9600.20091| 16-Jul-21| 18:02| 293,888 \nMshtml.dll.mui| 11.0.9600.20091| 16-Jul-21| 18:03| 290,304 \nMshtml.dll.mui| 11.0.9600.20091| 16-Jul-21| 18:03| 289,280 \nMshtml.dll.mui| 11.0.9600.20091| 16-Jul-21| 18:04| 299,008 \nMshtml.dll.mui| 11.0.9600.20091| 16-Jul-21| 18:04| 303,104 \nMshtml.dll.mui| 11.0.9600.20091| 16-Jul-21| 18:38| 282,112 \nMshtml.dll.mui| 11.0.9600.20091| 16-Jul-21| 18:05| 296,960 \nMshtml.dll.mui| 11.0.9600.20091| 16-Jul-21| 18:06| 283,648 \nMshtml.dll.mui| 11.0.9600.20091| 16-Jul-21| 18:07| 291,840 \nMshtml.dll.mui| 11.0.9600.20091| 16-Jul-21| 18:07| 299,520 \nMshtml.dll.mui| 11.0.9600.20091| 16-Jul-21| 18:08| 275,968 \nMshtml.dll.mui| 11.0.9600.20091| 16-Jul-21| 18:08| 290,816 \nMshtml.dll.mui| 11.0.9600.20091| 16-Jul-21| 18:09| 293,376 \nMshtml.dll.mui| 11.0.9600.20091| 16-Jul-21| 18:10| 296,960 \nMshtml.dll.mui| 11.0.9600.20091| 16-Jul-21| 18:10| 258,048 \nMshtml.dll.mui| 11.0.9600.20091| 16-Jul-21| 18:11| 256,512 \nMshtml.dll.mui| 11.0.9600.20091| 16-Jul-21| 18:12| 289,280 \nMshtml.dll.mui| 11.0.9600.20091| 16-Jul-21| 18:12| 288,256 \nMshtml.dll.mui| 11.0.9600.20091| 16-Jul-21| 18:13| 285,184 \nMshtml.dll.mui| 11.0.9600.20091| 16-Jul-21| 18:13| 295,424 \nMshtml.dll.mui| 11.0.9600.20091| 16-Jul-21| 18:14| 297,472 \nMshtml.dll.mui| 11.0.9600.20091| 16-Jul-21| 18:15| 292,864 \nMshtml.dll.mui| 11.0.9600.20091| 16-Jul-21| 18:15| 295,424 \nMshtml.dll.mui| 11.0.9600.20091| 16-Jul-21| 18:16| 294,400 \nMshtml.dll.mui| 11.0.9600.20091| 16-Jul-21| 18:17| 294,400 \nMshtml.dll.mui| 11.0.9600.20091| 16-Jul-21| 18:17| 292,864 \nMshtml.dll.mui| 11.0.9600.20091| 16-Jul-21| 18:18| 290,816 \nMshtml.dll.mui| 11.0.9600.20091| 16-Jul-21| 18:18| 288,768 \nMshtml.dll.mui| 11.0.9600.20091| 16-Jul-21| 18:19| 286,208 \nMshtml.dll.mui| 11.0.9600.20091| 16-Jul-21| 18:20| 281,600 \nMshtml.dll.mui| 11.0.9600.20091| 16-Jul-21| 18:20| 286,720 \nMshtml.dll.mui| 11.0.9600.20091| 16-Jul-21| 18:21| 292,352 \nMshtml.dll.mui| 11.0.9600.20091| 16-Jul-21| 18:21| 242,176 \nMshtml.dll.mui| 11.0.9600.20091| 16-Jul-21| 18:22| 243,200 \nMshtml.dll.mui| 11.0.9600.20091| 16-Jul-21| 18:23| 243,200 \nUrlmon.dll.mui| 11.0.9600.20091| 16-Jul-21| 18:01| 46,080 \nUrlmon.dll.mui| 11.0.9600.20091| 16-Jul-21| 18:02| 50,176 \nUrlmon.dll.mui| 11.0.9600.20091| 16-Jul-21| 18:03| 48,640 \nUrlmon.dll.mui| 11.0.9600.20091| 16-Jul-21| 18:03| 49,664 \nUrlmon.dll.mui| 11.0.9600.20091| 16-Jul-21| 18:04| 51,712 \nUrlmon.dll.mui| 11.0.9600.20091| 16-Jul-21| 18:05| 54,272 \nUrlmon.dll.mui| 11.0.9600.20091| 16-Jul-21| 18:05| 50,176 \nUrlmon.dll.mui| 11.0.9600.20091| 16-Jul-21| 18:06| 47,616 \nUrlmon.dll.mui| 11.0.9600.20091| 16-Jul-21| 18:06| 49,152 \nUrlmon.dll.mui| 11.0.9600.20091| 16-Jul-21| 18:07| 50,688 \nUrlmon.dll.mui| 11.0.9600.20091| 16-Jul-21| 18:08| 45,056 \nUrlmon.dll.mui| 11.0.9600.20091| 16-Jul-21| 18:08| 49,152 \nUrlmon.dll.mui| 11.0.9600.20091| 16-Jul-21| 18:09| 49,152 \nUrlmon.dll.mui| 11.0.9600.20091| 16-Jul-21| 18:10| 49,664 \nUrlmon.dll.mui| 11.0.9600.20091| 16-Jul-21| 18:10| 39,936 \nUrlmon.dll.mui| 11.0.9600.20091| 16-Jul-21| 18:11| 39,424 \nUrlmon.dll.mui| 11.0.9600.20091| 16-Jul-21| 18:12| 47,616 \nUrlmon.dll.mui| 11.0.9600.20091| 16-Jul-21| 18:12| 47,616 \nUrlmon.dll.mui| 11.0.9600.20091| 16-Jul-21| 18:13| 48,640 \nUrlmon.dll.mui| 11.0.9600.20091| 16-Jul-21| 18:13| 51,200 \nUrlmon.dll.mui| 11.0.9600.20091| 16-Jul-21| 18:14| 50,688 \nUrlmon.dll.mui| 11.0.9600.20091| 16-Jul-21| 18:15| 49,664 \nUrlmon.dll.mui| 11.0.9600.20091| 16-Jul-21| 18:15| 50,176 \nUrlmon.dll.mui| 11.0.9600.20091| 16-Jul-21| 18:16| 49,152 \nUrlmon.dll.mui| 11.0.9600.20091| 16-Jul-21| 18:16| 48,640 \nUrlmon.dll.mui| 11.0.9600.20091| 16-Jul-21| 18:17| 50,176 \nUrlmon.dll.mui| 11.0.9600.20091| 16-Jul-21| 18:18| 48,640 \nUrlmon.dll.mui| 11.0.9600.20091| 16-Jul-21| 18:18| 49,664 \nUrlmon.dll.mui| 11.0.9600.20091| 16-Jul-21| 18:19| 48,640 \nUrlmon.dll.mui| 11.0.9600.20091| 16-Jul-21| 18:19| 48,128 \nUrlmon.dll.mui| 11.0.9600.20091| 16-Jul-21| 18:20| 49,152 \nUrlmon.dll.mui| 11.0.9600.20091| 16-Jul-21| 18:21| 48,128 \nUrlmon.dll.mui| 11.0.9600.20091| 16-Jul-21| 18:22| 35,328 \nUrlmon.dll.mui| 11.0.9600.20091| 16-Jul-21| 18:22| 35,328 \nUrlmon.dll.mui| 11.0.9600.20091| 16-Jul-21| 18:22| 35,328 \nJsproxy.dll| 11.0.9600.20091| 13-Jul-21| 4:01| 47,104 \nWininet.dll| 11.0.9600.20091| 13-Jul-21| 3:26| 4,387,840 \nInetcpl.cpl.mui| 11.0.9600.20091| 16-Jul-21| 18:01| 114,176 \nInetcpl.cpl.mui| 11.0.9600.20091| 16-Jul-21| 18:02| 130,560 \nInetcpl.cpl.mui| 11.0.9600.20091| 16-Jul-21| 18:03| 124,928 \nInetcpl.cpl.mui| 11.0.9600.20091| 16-Jul-21| 18:04| 122,880 \nInetcpl.cpl.mui| 11.0.9600.20091| 16-Jul-21| 18:04| 130,048 \nInetcpl.cpl.mui| 11.0.9600.20091| 16-Jul-21| 18:05| 138,240 \nInetcpl.cpl.mui| 11.0.9600.20091| 16-Jul-21| 18:38| 114,688 \nInetcpl.cpl.mui| 11.0.9600.20091| 16-Jul-21| 18:05| 131,584 \nInetcpl.cpl.mui| 11.0.9600.20091| 16-Jul-21| 18:06| 117,760 \nInetcpl.cpl.mui| 11.0.9600.20091| 16-Jul-21| 18:06| 122,368 \nInetcpl.cpl.mui| 11.0.9600.20091| 16-Jul-21| 18:07| 134,144 \nInetcpl.cpl.mui| 11.0.9600.20091| 16-Jul-21| 18:08| 107,008 \nInetcpl.cpl.mui| 11.0.9600.20091| 16-Jul-21| 18:08| 123,392 \nInetcpl.cpl.mui| 11.0.9600.20091| 16-Jul-21| 18:09| 127,488 \nInetcpl.cpl.mui| 11.0.9600.20091| 16-Jul-21| 18:09| 128,512 \nInetcpl.cpl.mui| 11.0.9600.20091| 16-Jul-21| 18:10| 88,576 \nInetcpl.cpl.mui| 11.0.9600.20091| 16-Jul-21| 18:11| 82,944 \nInetcpl.cpl.mui| 11.0.9600.20091| 16-Jul-21| 18:11| 125,440 \nInetcpl.cpl.mui| 11.0.9600.20091| 16-Jul-21| 18:12| 123,392 \nInetcpl.cpl.mui| 11.0.9600.20091| 16-Jul-21| 18:13| 120,320 \nInetcpl.cpl.mui| 11.0.9600.20091| 16-Jul-21| 18:13| 130,560 \nInetcpl.cpl.mui| 11.0.9600.20091| 16-Jul-21| 18:14| 129,024 \nInetcpl.cpl.mui| 11.0.9600.20091| 16-Jul-21| 18:15| 125,952 \nInetcpl.cpl.mui| 11.0.9600.20091| 16-Jul-21| 18:15| 129,024 \nInetcpl.cpl.mui| 11.0.9600.20091| 16-Jul-21| 18:16| 128,000 \nInetcpl.cpl.mui| 11.0.9600.20091| 16-Jul-21| 18:16| 123,904 \nInetcpl.cpl.mui| 11.0.9600.20091| 16-Jul-21| 18:17| 129,024 \nInetcpl.cpl.mui| 11.0.9600.20091| 16-Jul-21| 18:18| 123,904 \nInetcpl.cpl.mui| 11.0.9600.20091| 16-Jul-21| 18:18| 124,416 \nInetcpl.cpl.mui| 11.0.9600.20091| 16-Jul-21| 18:19| 121,856 \nInetcpl.cpl.mui| 11.0.9600.20091| 16-Jul-21| 18:19| 115,712 \nInetcpl.cpl.mui| 11.0.9600.20091| 16-Jul-21| 18:20| 123,904 \nInetcpl.cpl.mui| 11.0.9600.20091| 16-Jul-21| 18:21| 125,440 \nInetcpl.cpl.mui| 11.0.9600.20091| 16-Jul-21| 18:21| 72,704 \nInetcpl.cpl.mui| 11.0.9600.20091| 16-Jul-21| 18:22| 73,728 \nInetcpl.cpl.mui| 11.0.9600.20091| 16-Jul-21| 18:23| 73,728 \nMsfeedsbs.dll| 11.0.9600.20091| 13-Jul-21| 3:45| 52,736 \nMsfeedsbs.mof| Not versioned| 13-Jul-21| 2:13| 1,574 \nMsfeedssync.exe| 11.0.9600.20091| 13-Jul-21| 4:07| 11,776 \nMicrosoft-windows-ie-htmlrendering.ptxml| Not versioned| 13-Jul-21| 2:01| 3,228 \nMshtml.dll| 11.0.9600.20091| 13-Jul-21| 4:35| 20,293,632 \nMshtml.tlb| 11.0.9600.20091| 13-Jul-21| 4:16| 2,724,864 \nIeproxy.dll| 11.0.9600.20091| 13-Jul-21| 3:16| 310,784 \nIeshims.dll| 11.0.9600.20091| 13-Jul-21| 3:20| 290,304 \nIertutil.dll| 11.0.9600.20091| 13-Jul-21| 4:06| 2,308,608 \nSqmapi.dll| 6.2.9200.16384| 16-Jul-21| 18:01| 228,240 \nIeframe.dll.mui| 11.0.9600.20091| 16-Jul-21| 18:02| 2,066,432 \nIeframe.dll.mui| 11.0.9600.20091| 16-Jul-21| 18:02| 2,121,216 \nIeframe.dll.mui| 11.0.9600.20091| 16-Jul-21| 18:03| 2,075,648 \nIeframe.dll.mui| 11.0.9600.20091| 16-Jul-21| 18:03| 2,063,872 \nIeframe.dll.mui| 11.0.9600.20091| 16-Jul-21| 18:04| 2,314,240 \nIeframe.dll.mui| 11.0.9600.20091| 16-Jul-21| 18:05| 2,390,528 \nIeframe.dll.mui| 11.0.9600.20091| 16-Jul-21| 18:38| 2,033,152 \nIeframe.dll.mui| 11.0.9600.20091| 16-Jul-21| 18:05| 2,307,584 \nIeframe.dll.mui| 11.0.9600.20091| 16-Jul-21| 18:06| 2,255,872 \nIeframe.dll.mui| 11.0.9600.20091| 16-Jul-21| 18:07| 2,061,312 \nIeframe.dll.mui| 11.0.9600.20091| 16-Jul-21| 18:07| 2,326,016 \nIeframe.dll.mui| 11.0.9600.20091| 16-Jul-21| 18:08| 2,019,840 \nIeframe.dll.mui| 11.0.9600.20091| 16-Jul-21| 18:09| 2,071,040 \nIeframe.dll.mui| 11.0.9600.20091| 16-Jul-21| 18:09| 2,082,816 \nIeframe.dll.mui| 11.0.9600.20091| 16-Jul-21| 18:10| 2,307,584 \nIeframe.dll.mui| 11.0.9600.20091| 16-Jul-21| 18:11| 2,170,368 \nIeframe.dll.mui| 11.0.9600.20091| 16-Jul-21| 18:11| 2,153,984 \nIeframe.dll.mui| 11.0.9600.20091| 16-Jul-21| 18:12| 2,291,712 \nIeframe.dll.mui| 11.0.9600.20091| 16-Jul-21| 18:12| 2,283,520 \nIeframe.dll.mui| 11.0.9600.20091| 16-Jul-21| 18:13| 2,052,096 \nIeframe.dll.mui| 11.0.9600.20091| 16-Jul-21| 18:14| 2,301,952 \nIeframe.dll.mui| 11.0.9600.20091| 16-Jul-21| 18:14| 2,093,056 \nIeframe.dll.mui| 11.0.9600.20091| 16-Jul-21| 18:15| 2,075,648 \nIeframe.dll.mui| 11.0.9600.20091| 16-Jul-21| 18:16| 2,299,392 \nIeframe.dll.mui| 11.0.9600.20091| 16-Jul-21| 18:16| 2,094,592 \nIeframe.dll.mui| 11.0.9600.20091| 16-Jul-21| 18:17| 2,316,800 \nIeframe.dll.mui| 11.0.9600.20091| 16-Jul-21| 18:17| 2,305,536 \nIeframe.dll.mui| 11.0.9600.20091| 16-Jul-21| 18:18| 2,278,912 \nIeframe.dll.mui| 11.0.9600.20091| 16-Jul-21| 18:19| 2,285,568 \nIeframe.dll.mui| 11.0.9600.20091| 16-Jul-21| 18:19| 2,060,288 \nIeframe.dll.mui| 11.0.9600.20091| 16-Jul-21| 18:20| 2,315,776 \nIeframe.dll.mui| 11.0.9600.20091| 16-Jul-21| 18:20| 2,279,424 \nIeframe.dll.mui| 11.0.9600.20091| 16-Jul-21| 18:21| 2,324,992 \nIeframe.dll.mui| 11.0.9600.20091| 16-Jul-21| 18:22| 2,098,176 \nIeframe.dll.mui| 11.0.9600.20091| 16-Jul-21| 18:22| 1,890,304 \nIeframe.dll.mui| 11.0.9600.20091| 16-Jul-21| 18:23| 1,890,304 \nIeframe.dll| 11.0.9600.20091| 13-Jul-21| 3:43| 13,882,368 \nIeframe.ptxml| Not versioned| 13-Jul-21| 2:01| 24,486 \nInetres.adml| Not versioned| 16-Jul-21| 18:01| 463,373 \nInetres.adml| Not versioned| 16-Jul-21| 18:02| 751,382 \nInetres.adml| Not versioned| 16-Jul-21| 18:03| 526,344 \nInetres.adml| Not versioned| 16-Jul-21| 18:03| 499,706 \nInetres.adml| Not versioned| 16-Jul-21| 18:04| 552,386 \nInetres.adml| Not versioned| 16-Jul-21| 18:05| 944,609 \nInetres.adml| Not versioned| 16-Jul-21| 18:38| 457,561 \nInetres.adml| Not versioned| 16-Jul-21| 18:05| 543,997 \nInetres.adml| Not versioned| 16-Jul-21| 18:06| 751,359 \nInetres.adml| Not versioned| 16-Jul-21| 18:06| 526,606 \nInetres.adml| Not versioned| 16-Jul-21| 18:07| 575,887 \nInetres.adml| Not versioned| 16-Jul-21| 18:08| 463,373 \nInetres.adml| Not versioned| 16-Jul-21| 18:08| 751,329 \nInetres.adml| Not versioned| 16-Jul-21| 18:09| 570,784 \nInetres.adml| Not versioned| 16-Jul-21| 18:09| 548,169 \nInetres.adml| Not versioned| 16-Jul-21| 18:10| 639,283 \nInetres.adml| Not versioned| 16-Jul-21| 18:11| 525,516 \nInetres.adml| Not versioned| 16-Jul-21| 18:11| 751,351 \nInetres.adml| Not versioned| 16-Jul-21| 18:12| 751,299 \nInetres.adml| Not versioned| 16-Jul-21| 18:13| 488,536 \nInetres.adml| Not versioned| 16-Jul-21| 18:13| 548,544 \nInetres.adml| Not versioned| 16-Jul-21| 18:14| 559,395 \nInetres.adml| Not versioned| 16-Jul-21| 18:15| 535,117 \nInetres.adml| Not versioned| 16-Jul-21| 18:15| 541,506 \nInetres.adml| Not versioned| 16-Jul-21| 18:16| 751,421 \nInetres.adml| Not versioned| 16-Jul-21| 18:16| 804,520 \nInetres.adml| Not versioned| 16-Jul-21| 18:17| 751,266 \nInetres.adml| Not versioned| 16-Jul-21| 18:18| 751,330 \nInetres.adml| Not versioned| 16-Jul-21| 18:18| 751,274 \nInetres.adml| Not versioned| 16-Jul-21| 18:19| 503,958 \nInetres.adml| Not versioned| 16-Jul-21| 18:19| 751,272 \nInetres.adml| Not versioned| 16-Jul-21| 18:20| 521,633 \nInetres.adml| Not versioned| 16-Jul-21| 18:21| 751,313 \nInetres.adml| Not versioned| 16-Jul-21| 18:21| 420,094 \nInetres.adml| Not versioned| 16-Jul-21| 18:22| 436,663 \nInetres.adml| Not versioned| 16-Jul-21| 18:23| 436,663 \nInetres.admx| Not versioned| 4-Mar-21| 22:09| 1,678,023 \nJscript9.dll.mui| 11.0.9600.20091| 16-Jul-21| 18:01| 29,184 \nJscript9.dll.mui| 11.0.9600.20091| 16-Jul-21| 18:02| 29,696 \nJscript9.dll.mui| 11.0.9600.20091| 16-Jul-21| 18:03| 32,768 \nJscript9.dll.mui| 11.0.9600.20091| 16-Jul-21| 18:03| 33,280 \nJscript9.dll.mui| 11.0.9600.20091| 16-Jul-21| 18:04| 35,328 \nJscript9.dll.mui| 11.0.9600.20091| 16-Jul-21| 18:05| 37,888 \nJscript9.dll.mui| 11.0.9600.20091| 16-Jul-21| 18:38| 29,696 \nJscript9.dll.mui| 11.0.9600.20091| 16-Jul-21| 18:05| 34,304 \nJscript9.dll.mui| 11.0.9600.20091| 16-Jul-21| 18:06| 29,696 \nJscript9.dll.mui| 11.0.9600.20091| 16-Jul-21| 18:06| 33,280 \nJscript9.dll.mui| 11.0.9600.20091| 16-Jul-21| 18:07| 34,304 \nJscript9.dll.mui| 11.0.9600.20091| 16-Jul-21| 18:08| 27,648 \nJscript9.dll.mui| 11.0.9600.20091| 16-Jul-21| 18:08| 29,696 \nJscript9.dll.mui| 11.0.9600.20091| 16-Jul-21| 18:09| 34,304 \nJscript9.dll.mui| 11.0.9600.20091| 16-Jul-21| 18:10| 33,792 \nJscript9.dll.mui| 11.0.9600.20091| 16-Jul-21| 18:10| 23,040 \nJscript9.dll.mui| 11.0.9600.20091| 16-Jul-21| 18:11| 22,016 \nJscript9.dll.mui| 11.0.9600.20091| 16-Jul-21| 18:11| 29,696 \nJscript9.dll.mui| 11.0.9600.20091| 16-Jul-21| 18:12| 29,696 \nJscript9.dll.mui| 11.0.9600.20091| 16-Jul-21| 18:13| 31,232 \nJscript9.dll.mui| 11.0.9600.20091| 16-Jul-21| 18:13| 34,304 \nJscript9.dll.mui| 11.0.9600.20091| 16-Jul-21| 18:14| 35,840 \nJscript9.dll.mui| 11.0.9600.20091| 16-Jul-21| 18:15| 32,768 \nJscript9.dll.mui| 11.0.9600.20091| 16-Jul-21| 18:15| 33,280 \nJscript9.dll.mui| 11.0.9600.20091| 16-Jul-21| 18:16| 29,696 \nJscript9.dll.mui| 11.0.9600.20091| 16-Jul-21| 18:16| 34,816 \nJscript9.dll.mui| 11.0.9600.20091| 16-Jul-21| 18:17| 33,280 \nJscript9.dll.mui| 11.0.9600.20091| 16-Jul-21| 18:18| 32,256 \nJscript9.dll.mui| 11.0.9600.20091| 16-Jul-21| 18:18| 29,696 \nJscript9.dll.mui| 11.0.9600.20091| 16-Jul-21| 18:19| 32,768 \nJscript9.dll.mui| 11.0.9600.20091| 16-Jul-21| 18:20| 29,696 \nJscript9.dll.mui| 11.0.9600.20091| 16-Jul-21| 18:20| 30,720 \nJscript9.dll.mui| 11.0.9600.20091| 16-Jul-21| 18:21| 29,696 \nJscript9.dll.mui| 11.0.9600.20091| 16-Jul-21| 18:21| 16,384 \nJscript9.dll.mui| 11.0.9600.20091| 16-Jul-21| 18:22| 16,896 \nJscript9.dll.mui| 11.0.9600.20091| 16-Jul-21| 18:23| 16,896 \nJscript9.dll| 11.0.9600.20091| 13-Jul-21| 3:46| 4,119,040 \nJscript9diag.dll| 11.0.9600.20091| 13-Jul-21| 3:58| 620,032 \nJscript.dll| 5.8.9600.20091| 13-Jul-21| 3:58| 653,824 \nVbscript.dll| 5.8.9600.20091| 13-Jul-21| 4:07| 498,176 \nPackage.cab| Not versioned| 16-Jul-21| 23:31| 300,465 \n \n### \n\n__\n\nInternet Explorer 11 on all supported x64-based versions\n\n**File name**| **File version**| **File size**| **Date**| **Time** \n---|---|---|---|--- \nFileinfo.xml| Not versioned| 916,366| 17-Jul-21| 1:59 \nIe11-windows6.2-kb5005036-x64-express.cab| Not versioned| 1,226,553| 17-Jul-21| 0:15 \nIe11-windows6.2-kb5005036-x64.msu| Not versioned| 48,197,090| 16-Jul-21| 23:42 \nIe11-windows6.2-kb5005036-x64.psf| Not versioned| 282,907,689| 17-Jul-21| 0:02 \nPackageinfo.xml| Not versioned| 1,228| 17-Jul-21| 1:59 \nPackagestructure.xml| Not versioned| 239,770| 17-Jul-21| 1:59 \nPrebvtpackageinfo.xml| Not versioned| 652| 17-Jul-21| 1:59 \nIe11-windows6.2-kb5005036-x64.cab| Not versioned| 48,101,609| 16-Jul-21| 23:31 \nIe11-windows6.2-kb5005036-x64.xml| Not versioned| 452| 16-Jul-21| 23:31 \nWsusscan.cab| Not versioned| 172,370| 16-Jul-21| 23:36 \nUrlmon.dll| 11.0.9600.20091| 1,562,624| 13-Jul-21| 3:48 \nIexplore.exe| 11.0.9600.20091| 810,400| 16-Jul-21| 21:10 \nWininet.dll.mui| 11.0.9600.20091| 46,592| 16-Jul-21| 21:11 \nWininet.dll.mui| 11.0.9600.20091| 52,736| 16-Jul-21| 21:12 \nWininet.dll.mui| 11.0.9600.20091| 51,200| 16-Jul-21| 21:12 \nWininet.dll.mui| 11.0.9600.20091| 51,200| 16-Jul-21| 21:13 \nWininet.dll.mui| 11.0.9600.20091| 56,320| 16-Jul-21| 21:14 \nWininet.dll.mui| 11.0.9600.20091| 57,856| 16-Jul-21| 21:14 \nWininet.dll.mui| 11.0.9600.20091| 49,664| 16-Jul-21| 22:13 \nWininet.dll.mui| 11.0.9600.20091| 54,272| 16-Jul-21| 21:15 \nWininet.dll.mui| 11.0.9600.20091| 47,616| 16-Jul-21| 21:15 \nWininet.dll.mui| 11.0.9600.20091| 49,152| 16-Jul-21| 21:16 \nWininet.dll.mui| 11.0.9600.20091| 55,296| 16-Jul-21| 21:17 \nWininet.dll.mui| 11.0.9600.20091| 45,056| 16-Jul-21| 21:17 \nWininet.dll.mui| 11.0.9600.20091| 51,712| 16-Jul-21| 21:18 \nWininet.dll.mui| 11.0.9600.20091| 51,712| 16-Jul-21| 21:19 \nWininet.dll.mui| 11.0.9600.20091| 53,248| 16-Jul-21| 21:19 \nWininet.dll.mui| 11.0.9600.20091| 39,424| 16-Jul-21| 21:20 \nWininet.dll.mui| 11.0.9600.20091| 35,840| 16-Jul-21| 21:20 \nWininet.dll.mui| 11.0.9600.20091| 50,176| 16-Jul-21| 21:21 \nWininet.dll.mui| 11.0.9600.20091| 51,200| 16-Jul-21| 21:21 \nWininet.dll.mui| 11.0.9600.20091| 50,688| 16-Jul-21| 21:22 \nWininet.dll.mui| 11.0.9600.20091| 52,736| 16-Jul-21| 21:23 \nWininet.dll.mui| 11.0.9600.20091| 53,760| 16-Jul-21| 21:23 \nWininet.dll.mui| 11.0.9600.20091| 54,272| 16-Jul-21| 21:24 \nWininet.dll.mui| 11.0.9600.20091| 54,272| 16-Jul-21| 21:24 \nWininet.dll.mui| 11.0.9600.20091| 52,736| 16-Jul-21| 21:25 \nWininet.dll.mui| 11.0.9600.20091| 51,200| 16-Jul-21| 21:26 \nWininet.dll.mui| 11.0.9600.20091| 53,248| 16-Jul-21| 21:27 \nWininet.dll.mui| 11.0.9600.20091| 52,736| 16-Jul-21| 21:27 \nWininet.dll.mui| 11.0.9600.20091| 51,712| 16-Jul-21| 21:27 \nWininet.dll.mui| 11.0.9600.20091| 50,688| 16-Jul-21| 21:28 \nWininet.dll.mui| 11.0.9600.20091| 50,688| 16-Jul-21| 21:29 \nWininet.dll.mui| 11.0.9600.20091| 50,176| 16-Jul-21| 21:29 \nWininet.dll.mui| 11.0.9600.20091| 50,176| 16-Jul-21| 21:30 \nWininet.dll.mui| 11.0.9600.20091| 30,720| 16-Jul-21| 21:30 \nWininet.dll.mui| 11.0.9600.20091| 30,720| 16-Jul-21| 21:31 \nWininet.dll.mui| 11.0.9600.20091| 30,720| 16-Jul-21| 21:32 \nInetcpl.cpl| 11.0.9600.20091| 2,132,992| 13-Jul-21| 3:57 \nMshtml.dll.mui| 11.0.9600.20091| 307,200| 16-Jul-21| 21:11 \nMshtml.dll.mui| 11.0.9600.20091| 293,888| 16-Jul-21| 21:12 \nMshtml.dll.mui| 11.0.9600.20091| 290,304| 16-Jul-21| 21:12 \nMshtml.dll.mui| 11.0.9600.20091| 289,280| 16-Jul-21| 21:13 \nMshtml.dll.mui| 11.0.9600.20091| 299,008| 16-Jul-21| 21:14 \nMshtml.dll.mui| 11.0.9600.20091| 303,104| 16-Jul-21| 21:14 \nMshtml.dll.mui| 11.0.9600.20091| 282,112| 16-Jul-21| 22:13 \nMshtml.dll.mui| 11.0.9600.20091| 296,960| 16-Jul-21| 21:15 \nMshtml.dll.mui| 11.0.9600.20091| 283,648| 16-Jul-21| 21:16 \nMshtml.dll.mui| 11.0.9600.20091| 291,840| 16-Jul-21| 21:16 \nMshtml.dll.mui| 11.0.9600.20091| 299,520| 16-Jul-21| 21:17 \nMshtml.dll.mui| 11.0.9600.20091| 275,968| 16-Jul-21| 21:17 \nMshtml.dll.mui| 11.0.9600.20091| 290,816| 16-Jul-21| 21:18 \nMshtml.dll.mui| 11.0.9600.20091| 293,376| 16-Jul-21| 21:18 \nMshtml.dll.mui| 11.0.9600.20091| 296,960| 16-Jul-21| 21:19 \nMshtml.dll.mui| 11.0.9600.20091| 258,048| 16-Jul-21| 21:20 \nMshtml.dll.mui| 11.0.9600.20091| 256,512| 16-Jul-21| 21:20 \nMshtml.dll.mui| 11.0.9600.20091| 289,280| 16-Jul-21| 21:21 \nMshtml.dll.mui| 11.0.9600.20091| 288,256| 16-Jul-21| 21:21 \nMshtml.dll.mui| 11.0.9600.20091| 285,184| 16-Jul-21| 21:22 \nMshtml.dll.mui| 11.0.9600.20091| 295,424| 16-Jul-21| 21:23 \nMshtml.dll.mui| 11.0.9600.20091| 297,472| 16-Jul-21| 21:23 \nMshtml.dll.mui| 11.0.9600.20091| 292,864| 16-Jul-21| 21:24 \nMshtml.dll.mui| 11.0.9600.20091| 295,424| 16-Jul-21| 21:25 \nMshtml.dll.mui| 11.0.9600.20091| 294,400| 16-Jul-21| 21:25 \nMshtml.dll.mui| 11.0.9600.20091| 294,400| 16-Jul-21| 21:26 \nMshtml.dll.mui| 11.0.9600.20091| 292,864| 16-Jul-21| 21:26 \nMshtml.dll.mui| 11.0.9600.20091| 290,816| 16-Jul-21| 21:27 \nMshtml.dll.mui| 11.0.9600.20091| 288,768| 16-Jul-21| 21:27 \nMshtml.dll.mui| 11.0.9600.20091| 286,208| 16-Jul-21| 21:28 \nMshtml.dll.mui| 11.0.9600.20091| 281,600| 16-Jul-21| 21:29 \nMshtml.dll.mui| 11.0.9600.20091| 286,720| 16-Jul-21| 21:29 \nMshtml.dll.mui| 11.0.9600.20091| 292,352| 16-Jul-21| 21:30 \nMshtml.dll.mui| 11.0.9600.20091| 242,176| 16-Jul-21| 21:30 \nMshtml.dll.mui| 11.0.9600.20091| 243,200| 16-Jul-21| 21:31 \nMshtml.dll.mui| 11.0.9600.20091| 243,200| 16-Jul-21| 21:32 \nUrlmon.dll.mui| 11.0.9600.20091| 46,080| 16-Jul-21| 21:11 \nUrlmon.dll.mui| 11.0.9600.20091| 50,176| 16-Jul-21| 21:12 \nUrlmon.dll.mui| 11.0.9600.20091| 48,640| 16-Jul-21| 21:12 \nUrlmon.dll.mui| 11.0.9600.20091| 49,664| 16-Jul-21| 21:13 \nUrlmon.dll.mui| 11.0.9600.20091| 51,712| 16-Jul-21| 21:14 \nUrlmon.dll.mui| 11.0.9600.20091| 54,272| 16-Jul-21| 21:15 \nUrlmon.dll.mui| 11.0.9600.20091| 48,128| 16-Jul-21| 22:13 \nUrlmon.dll.mui| 11.0.9600.20091| 50,176| 16-Jul-21| 21:15 \nUrlmon.dll.mui| 11.0.9600.20091| 47,616| 16-Jul-21| 21:15 \nUrlmon.dll.mui| 11.0.9600.20091| 49,152| 16-Jul-21| 21:16 \nUrlmon.dll.mui| 11.0.9600.20091| 50,688| 16-Jul-21| 21:17 \nUrlmon.dll.mui| 11.0.9600.20091| 45,056| 16-Jul-21| 21:17 \nUrlmon.dll.mui| 11.0.9600.20091| 49,152| 16-Jul-21| 21:18 \nUrlmon.dll.mui| 11.0.9600.20091| 49,152| 16-Jul-21| 21:18 \nUrlmon.dll.mui| 11.0.9600.20091| 49,664| 16-Jul-21| 21:19 \nUrlmon.dll.mui| 11.0.9600.20091| 39,936| 16-Jul-21| 21:20 \nUrlmon.dll.mui| 11.0.9600.20091| 39,424| 16-Jul-21| 21:21 \nUrlmon.dll.mui| 11.0.9600.20091| 47,616| 16-Jul-21| 21:21 \nUrlmon.dll.mui| 11.0.9600.20091| 47,616| 16-Jul-21| 21:21 \nUrlmon.dll.mui| 11.0.9600.20091| 48,640| 16-Jul-21| 21:22 \nUrlmon.dll.mui| 11.0.9600.20091| 51,200| 16-Jul-21| 21:23 \nUrlmon.dll.mui| 11.0.9600.20091| 50,688| 16-Jul-21| 21:23 \nUrlmon.dll.mui| 11.0.9600.20091| 49,664| 16-Jul-21| 21:24 \nUrlmon.dll.mui| 11.0.9600.20091| 50,176| 16-Jul-21| 21:24 \nUrlmon.dll.mui| 11.0.9600.20091| 49,152| 16-Jul-21| 21:25 \nUrlmon.dll.mui| 11.0.9600.20091| 48,640| 16-Jul-21| 21:26 \nUrlmon.dll.mui| 11.0.9600.20091| 50,176| 16-Jul-21| 21:26 \nUrlmon.dll.mui| 11.0.9600.20091| 48,640| 16-Jul-21| 21:27 \nUrlmon.dll.mui| 11.0.9600.20091| 49,664| 16-Jul-21| 21:27 \nUrlmon.dll.mui| 11.0.9600.20091| 48,640| 16-Jul-21| 21:28 \nUrlmon.dll.mui| 11.0.9600.20091| 48,128| 16-Jul-21| 21:29 \nUrlmon.dll.mui| 11.0.9600.20091| 49,152| 16-Jul-21| 21:29 \nUrlmon.dll.mui| 11.0.9600.20091| 48,128| 16-Jul-21| 21:30 \nUrlmon.dll.mui| 11.0.9600.20091| 35,328| 16-Jul-21| 21:30 \nUrlmon.dll.mui| 11.0.9600.20091| 35,328| 16-Jul-21| 21:31 \nUrlmon.dll.mui| 11.0.9600.20091| 35,328| 16-Jul-21| 21:32 \nJsproxy.dll| 11.0.9600.20091| 54,784| 13-Jul-21| 4:32 \nWininet.dll| 11.0.9600.20091| 4,858,880| 13-Jul-21| 4:04 \nInetcpl.cpl.mui| 11.0.9600.20091| 114,176| 16-Jul-21| 21:11 \nInetcpl.cpl.mui| 11.0.9600.20091| 130,560| 16-Jul-21| 21:12 \nInetcpl.cpl.mui| 11.0.9600.20091| 124,928| 16-Jul-21| 21:12 \nInetcpl.cpl.mui| 11.0.9600.20091| 122,880| 16-Jul-21| 21:13 \nInetcpl.cpl.mui| 11.0.9600.20091| 130,048| 16-Jul-21| 21:14 \nInetcpl.cpl.mui| 11.0.9600.20091| 138,240| 16-Jul-21| 21:15 \nInetcpl.cpl.mui| 11.0.9600.20091| 114,688| 16-Jul-21| 22:13 \nInetcpl.cpl.mui| 11.0.9600.20091| 131,584| 16-Jul-21| 21:15 \nInetcpl.cpl.mui| 11.0.9600.20091| 117,760| 16-Jul-21| 21:15 \nInetcpl.cpl.mui| 11.0.9600.20091| 122,368| 16-Jul-21| 21:16 \nInetcpl.cpl.mui| 11.0.9600.20091| 134,144| 16-Jul-21| 21:17 \nInetcpl.cpl.mui| 11.0.9600.20091| 107,008| 16-Jul-21| 21:17 \nInetcpl.cpl.mui| 11.0.9600.20091| 123,392| 16-Jul-21| 21:18 \nInetcpl.cpl.mui| 11.0.9600.20091| 127,488| 16-Jul-21| 21:19 \nInetcpl.cpl.mui| 11.0.9600.20091| 128,512| 16-Jul-21| 21:19 \nInetcpl.cpl.mui| 11.0.9600.20091| 88,576| 16-Jul-21| 21:20 \nInetcpl.cpl.mui| 11.0.9600.20091| 82,944| 16-Jul-21| 21:20 \nInetcpl.cpl.mui| 11.0.9600.20091| 125,440| 16-Jul-21| 21:21 \nInetcpl.cpl.mui| 11.0.9600.20091| 123,392| 16-Jul-21| 21:21 \nInetcpl.cpl.mui| 11.0.9600.20091| 120,320| 16-Jul-21| 21:22 \nInetcpl.cpl.mui| 11.0.9600.20091| 130,560| 16-Jul-21| 21:23 \nInetcpl.cpl.mui| 11.0.9600.20091| 129,024| 16-Jul-21| 21:23 \nInetcpl.cpl.mui| 11.0.9600.20091| 125,952| 16-Jul-21| 21:24 \nInetcpl.cpl.mui| 11.0.9600.20091| 129,024| 16-Jul-21| 21:24 \nInetcpl.cpl.mui| 11.0.9600.20091| 128,000| 16-Jul-21| 21:25 \nInetcpl.cpl.mui| 11.0.9600.20091| 123,904| 16-Jul-21| 21:26 \nInetcpl.cpl.mui| 11.0.9600.20091| 129,024| 16-Jul-21| 21:26 \nInetcpl.cpl.mui| 11.0.9600.20091| 123,904| 16-Jul-21| 21:27 \nInetcpl.cpl.mui| 11.0.9600.20091| 124,416| 16-Jul-21| 21:27 \nInetcpl.cpl.mui| 11.0.9600.20091| 121,856| 16-Jul-21| 21:28 \nInetcpl.cpl.mui| 11.0.9600.20091| 115,712| 16-Jul-21| 21:29 \nInetcpl.cpl.mui| 11.0.9600.20091| 123,904| 16-Jul-21| 21:29 \nInetcpl.cpl.mui| 11.0.9600.20091| 125,440| 16-Jul-21| 21:30 \nInetcpl.cpl.mui| 11.0.9600.20091| 72,704| 16-Jul-21| 21:30 \nInetcpl.cpl.mui| 11.0.9600.20091| 73,728| 16-Jul-21| 21:31 \nInetcpl.cpl.mui| 11.0.9600.20091| 73,728| 16-Jul-21| 21:32 \nMsfeedsbs.dll| 11.0.9600.20091| 60,416| 13-Jul-21| 4:11 \nMsfeedsbs.mof| Not versioned| 1,574| 13-Jul-21| 2:21 \nMsfeedssync.exe| 11.0.9600.20091| 13,312| 13-Jul-21| 4:39 \nMicrosoft-windows-ie-htmlrendering.ptxml| Not versioned| 3,228| 13-Jul-21| 2:13 \nMshtml.dll| 11.0.9600.20091| 25,757,696| 13-Jul-21| 5:22 \nMshtml.tlb| 11.0.9600.20091| 2,724,864| 13-Jul-21| 4:50 \nIeproxy.dll| 11.0.9600.20091| 870,400| 13-Jul-21| 3:29 \nIeshims.dll| 11.0.9600.20091| 387,072| 13-Jul-21| 3:34 \nIertutil.dll| 11.0.9600.20091| 2,916,864| 13-Jul-21| 4:48 \nSqmapi.dll| 6.2.9200.16384| 286,112| 16-Jul-21| 21:10 \nIeframe.dll.mui| 11.0.9600.20091| 2,066,432| 16-Jul-21| 21:11 \nIeframe.dll.mui| 11.0.9600.20091| 2,121,216| 16-Jul-21| 21:12 \nIeframe.dll.mui| 11.0.9600.20091| 2,075,648| 16-Jul-21| 21:13 \nIeframe.dll.mui| 11.0.9600.20091| 2,063,872| 16-Jul-21| 21:13 \nIeframe.dll.mui| 11.0.9600.20091| 2,314,240| 16-Jul-21| 21:14 \nIeframe.dll.mui| 11.0.9600.20091| 2,390,528| 16-Jul-21| 21:15 \nIeframe.dll.mui| 11.0.9600.20091| 2,033,152| 16-Jul-21| 22:13 \nIeframe.dll.mui| 11.0.9600.20091| 2,307,584| 16-Jul-21| 21:15 \nIeframe.dll.mui| 11.0.9600.20091| 2,255,872| 16-Jul-21| 21:16 \nIeframe.dll.mui| 11.0.9600.20091| 2,061,312| 16-Jul-21| 21:16 \nIeframe.dll.mui| 11.0.9600.20091| 2,326,016| 16-Jul-21| 21:17 \nIeframe.dll.mui| 11.0.9600.20091| 2,019,840| 16-Jul-21| 21:18 \nIeframe.dll.mui| 11.0.9600.20091| 2,071,040| 16-Jul-21| 21:18 \nIeframe.dll.mui| 11.0.9600.20091| 2,082,816| 16-Jul-21| 21:19 \nIeframe.dll.mui| 11.0.9600.20091| 2,307,584| 16-Jul-21| 21:19 \nIeframe.dll.mui| 11.0.9600.20091| 2,170,368| 16-Jul-21| 21:20 \nIeframe.dll.mui| 11.0.9600.20091| 2,153,984| 16-Jul-21| 21:21 \nIeframe.dll.mui| 11.0.9600.20091| 2,291,712| 16-Jul-21| 21:21 \nIeframe.dll.mui| 11.0.9600.20091| 2,283,520| 16-Jul-21| 21:22 \nIeframe.dll.mui| 11.0.9600.20091| 2,052,096| 16-Jul-21| 21:22 \nIeframe.dll.mui| 11.0.9600.20091| 2,301,952| 16-Jul-21| 21:23 \nIeframe.dll.mui| 11.0.9600.20091| 2,093,056| 16-Jul-21| 21:24 \nIeframe.dll.mui| 11.0.9600.20091| 2,075,648| 16-Jul-21| 21:24 \nIeframe.dll.mui| 11.0.9600.20091| 2,299,392| 16-Jul-21| 21:25 \nIeframe.dll.mui| 11.0.9600.20091| 2,094,592| 16-Jul-21| 21:25 \nIeframe.dll.mui| 11.0.9600.20091| 2,316,800| 16-Jul-21| 21:26 \nIeframe.dll.mui| 11.0.9600.20091| 2,305,536| 16-Jul-21| 21:27 \nIeframe.dll.mui| 11.0.9600.20091| 2,278,912| 16-Jul-21| 21:27 \nIeframe.dll.mui| 11.0.9600.20091| 2,285,568| 16-Jul-21| 21:28 \nIeframe.dll.mui| 11.0.9600.20091| 2,060,288| 16-Jul-21| 21:28 \nIeframe.dll.mui| 11.0.9600.20091| 2,315,776| 16-Jul-21| 21:29 \nIeframe.dll.mui| 11.0.9600.20091| 2,279,424| 16-Jul-21| 21:29 \nIeframe.dll.mui| 11.0.9600.20091| 2,324,992| 16-Jul-21| 21:30 \nIeframe.dll.mui| 11.0.9600.20091| 2,098,176| 16-Jul-21| 21:31 \nIeframe.dll.mui| 11.0.9600.20091| 1,890,304| 16-Jul-21| 21:31 \nIeframe.dll.mui| 11.0.9600.20091| 1,890,304| 16-Jul-21| 21:32 \nIeframe.dll| 11.0.9600.20091| 15,507,456| 13-Jul-21| 4:26 \nIeframe.ptxml| Not versioned| 24,486| 13-Jul-21| 2:13 \nInetres.adml| Not versioned| 463,373| 16-Jul-21| 21:11 \nInetres.adml| Not versioned| 751,257| 16-Jul-21| 21:12 \nInetres.adml| Not versioned| 526,342| 16-Jul-21| 21:12 \nInetres.adml| Not versioned| 499,704| 16-Jul-21| 21:13 \nInetres.adml| Not versioned| 552,388| 16-Jul-21| 21:14 \nInetres.adml| Not versioned| 944,608| 16-Jul-21| 21:14 \nInetres.adml| Not versioned| 457,561| 16-Jul-21| 22:13 \nInetres.adml| Not versioned| 543,997| 16-Jul-21| 21:15 \nInetres.adml| Not versioned| 751,275| 16-Jul-21| 21:15 \nInetres.adml| Not versioned| 526,606| 16-Jul-21| 21:16 \nInetres.adml| Not versioned| 575,891| 16-Jul-21| 21:17 \nInetres.adml| Not versioned| 463,373| 16-Jul-21| 21:17 \nInetres.adml| Not versioned| 751,582| 16-Jul-21| 21:18 \nInetres.adml| Not versioned| 570,785| 16-Jul-21| 21:19 \nInetres.adml| Not versioned| 548,170| 16-Jul-21| 21:19 \nInetres.adml| Not versioned| 639,283| 16-Jul-21| 21:20 \nInetres.adml| Not versioned| 525,516| 16-Jul-21| 21:20 \nInetres.adml| Not versioned| 751,408| 16-Jul-21| 21:21 \nInetres.adml| Not versioned| 751,457| 16-Jul-21| 21:21 \nInetres.adml| Not versioned| 488,537| 16-Jul-21| 21:22 \nInetres.adml| Not versioned| 548,544| 16-Jul-21| 21:23 \nInetres.adml| Not versioned| 559,394| 16-Jul-21| 21:23 \nInetres.adml| Not versioned| 535,117| 16-Jul-21| 21:24 \nInetres.adml| Not versioned| 541,505| 16-Jul-21| 21:24 \nInetres.adml| Not versioned| 751,347| 16-Jul-21| 21:25 \nInetres.adml| Not versioned| 804,520| 16-Jul-21| 21:26 \nInetres.adml| Not versioned| 751,166| 16-Jul-21| 21:26 \nInetres.adml| Not versioned| 751,517| 16-Jul-21| 21:27 \nInetres.adml| Not versioned| 751,324| 16-Jul-21| 21:27 \nInetres.adml| Not versioned| 503,958| 16-Jul-21| 21:28 \nInetres.adml| Not versioned| 751,319| 16-Jul-21| 21:29 \nInetres.adml| Not versioned| 521,634| 16-Jul-21| 21:29 \nInetres.adml| Not versioned| 751,381| 16-Jul-21| 21:30 \nInetres.adml| Not versioned| 420,094| 16-Jul-21| 21:30 \nInetres.adml| Not versioned| 436,663| 16-Jul-21| 21:31 \nInetres.adml| Not versioned| 436,663| 16-Jul-21| 21:32 \nInetres.admx| Not versioned| 1,678,023| 13-Apr-21| 5:59 \nJscript9.dll.mui| 11.0.9600.20091| 29,184| 16-Jul-21| 21:11 \nJscript9.dll.mui| 11.0.9600.20091| 29,696| 16-Jul-21| 21:12 \nJscript9.dll.mui| 11.0.9600.20091| 32,768| 16-Jul-21| 21:12 \nJscript9.dll.mui| 11.0.9600.20091| 33,280| 16-Jul-21| 21:13 \nJscript9.dll.mui| 11.0.9600.20091| 35,328| 16-Jul-21| 21:14 \nJscript9.dll.mui| 11.0.9600.20091| 37,888| 16-Jul-21| 21:14 \nJscript9.dll.mui| 11.0.9600.20091| 29,696| 16-Jul-21| 22:13 \nJscript9.dll.mui| 11.0.9600.20091| 34,304| 16-Jul-21| 21:15 \nJscript9.dll.mui| 11.0.9600.20091| 29,696| 16-Jul-21| 21:15 \nJscript9.dll.mui| 11.0.9600.20091| 33,280| 16-Jul-21| 21:16 \nJscript9.dll.mui| 11.0.9600.20091| 34,304| 16-Jul-21| 21:17 \nJscript9.dll.mui| 11.0.9600.20091| 27,648| 16-Jul-21| 21:17 \nJscript9.dll.mui| 11.0.9600.20091| 29,696| 16-Jul-21| 21:18 \nJscript9.dll.mui| 11.0.9600.20091| 34,304| 16-Jul-21| 21:18 \nJscript9.dll.mui| 11.0.9600.20091| 33,792| 16-Jul-21| 21:19 \nJscript9.dll.mui| 11.0.9600.20091| 23,040| 16-Jul-21| 21:20 \nJscript9.dll.mui| 11.0.9600.20091| 22,016| 16-Jul-21| 21:20 \nJscript9.dll.mui| 11.0.9600.20091| 29,696| 16-Jul-21| 21:21 \nJscript9.dll.mui| 11.0.9600.20091| 29,696| 16-Jul-21| 21:21 \nJscript9.dll.mui| 11.0.9600.20091| 31,232| 16-Jul-21| 21:22 \nJscript9.dll.mui| 11.0.9600.20091| 34,304| 16-Jul-21| 21:23 \nJscript9.dll.mui| 11.0.9600.20091| 35,840| 16-Jul-21| 21:23 \nJscript9.dll.mui| 11.0.9600.20091| 32,768| 16-Jul-21| 21:24 \nJscript9.dll.mui| 11.0.9600.20091| 33,280| 16-Jul-21| 21:24 \nJscript9.dll.mui| 11.0.9600.20091| 29,696| 16-Jul-21| 21:25 \nJscript9.dll.mui| 11.0.9600.20091| 34,816| 16-Jul-21| 21:26 \nJscript9.dll.mui| 11.0.9600.20091| 33,280| 16-Jul-21| 21:26 \nJscript9.dll.mui| 11.0.9600.20091| 32,256| 16-Jul-21| 21:27 \nJscript9.dll.mui| 11.0.9600.20091| 29,696| 16-Jul-21| 21:27 \nJscript9.dll.mui| 11.0.9600.20091| 32,768| 16-Jul-21| 21:28 \nJscript9.dll.mui| 11.0.9600.20091| 29,696| 16-Jul-21| 21:29 \nJscript9.dll.mui| 11.0.9600.20091| 30,720| 16-Jul-21| 21:29 \nJscript9.dll.mui| 11.0.9600.20091| 29,696| 16-Jul-21| 21:30 \nJscript9.dll.mui| 11.0.9600.20091| 16,384| 16-Jul-21| 21:30 \nJscript9.dll.mui| 11.0.9600.20091| 16,896| 16-Jul-21| 21:31 \nJscript9.dll.mui| 11.0.9600.20091| 16,896| 16-Jul-21| 21:32 \nJscript9.dll| 11.0.9600.20091| 5,507,584| 13-Jul-21| 5:01 \nJscript9diag.dll| 11.0.9600.20091| 814,592| 13-Jul-21| 4:28 \nJscript.dll| 5.8.9600.20091| 785,408| 13-Jul-21| 4:29 \nVbscript.dll| 5.8.9600.20091| 580,608| 13-Jul-21| 4:39 \nIexplore.exe| 11.0.9600.20091| 810,384| 16-Jul-21| 18:01 \nMshtml.dll| 11.0.9600.20091| 20,293,632| 13-Jul-21| 4:35 \nMshtml.tlb| 11.0.9600.20091| 2,724,864| 13-Jul-21| 4:16 \nWow64_microsoft-windows-ie-htmlrendering.ptxml| Not versioned| 3,228| 13-Jul-21| 2:04 \nIe9props.propdesc| Not versioned| 2,843| 4-Mar-21| 21:47 \nIeframe.dll| 11.0.9600.20091| 13,882,368| 13-Jul-21| 3:43 \nWow64_ieframe.ptxml| Not versioned| 24,486| 13-Jul-21| 2:04 \nJscript9.dll| 11.0.9600.20091| 4,119,040| 13-Jul-21| 3:46 \nJscript9diag.dll| 11.0.9600.20091| 620,032| 13-Jul-21| 3:58 \nJscript.dll| 5.8.9600.20091| 653,824| 13-Jul-21| 3:58 \nVbscript.dll| 5.8.9600.20091| 498,176| 13-Jul-21| 4:07 \nUrlmon.dll| 11.0.9600.20091| 1,342,976| 13-Jul-21| 3:21 \nWininet.dll.mui| 11.0.9600.20091| 46,592| 16-Jul-21| 18:01 \nWininet.dll.mui| 11.0.9600.20091| 52,736| 16-Jul-21| 18:02 \nWininet.dll.mui| 11.0.9600.20091| 51,200| 16-Jul-21| 18:03 \nWininet.dll.mui| 11.0.9600.20091| 51,200| 16-Jul-21| 18:04 \nWininet.dll.mui| 11.0.9600.20091| 56,320| 16-Jul-21| 18:04 \nWininet.dll.mui| 11.0.9600.20091| 57,856| 16-Jul-21| 18:04 \nWininet.dll.mui| 11.0.9600.20091| 49,664| 16-Jul-21| 18:38 \nWininet.dll.mui| 11.0.9600.20091| 54,272| 16-Jul-21| 18:05 \nWininet.dll.mui| 11.0.9600.20091| 47,616| 16-Jul-21| 18:06 \nWininet.dll.mui| 11.0.9600.20091| 49,152| 16-Jul-21| 18:06 \nWininet.dll.mui| 11.0.9600.20091| 55,296| 16-Jul-21| 18:07 \nWininet.dll.mui| 11.0.9600.20091| 45,056| 16-Jul-21| 18:08 \nWininet.dll.mui| 11.0.9600.20091| 51,712| 16-Jul-21| 18:08 \nWininet.dll.mui| 11.0.9600.20091| 51,712| 16-Jul-21| 18:09 \nWininet.dll.mui| 11.0.9600.20091| 53,248| 16-Jul-21| 18:10 \nWininet.dll.mui| 11.0.9600.20091| 39,424| 16-Jul-21| 18:10 \nWininet.dll.mui| 11.0.9600.20091| 35,840| 16-Jul-21| 18:11 \nWininet.dll.mui| 11.0.9600.20091| 50,176| 16-Jul-21| 18:12 \nWininet.dll.mui| 11.0.9600.20091| 51,200| 16-Jul-21| 18:12 \nWininet.dll.mui| 11.0.9600.20091| 50,688| 16-Jul-21| 18:13 \nWininet.dll.mui| 11.0.9600.20091| 52,736| 16-Jul-21| 18:13 \nWininet.dll.mui| 11.0.9600.20091| 53,760| 16-Jul-21| 18:14 \nWininet.dll.mui| 11.0.9600.20091| 54,272| 16-Jul-21| 18:15 \nWininet.dll.mui| 11.0.9600.20091| 54,272| 16-Jul-21| 18:15 \nWininet.dll.mui| 11.0.9600.20091| 52,736| 16-Jul-21| 18:16 \nWininet.dll.mui| 11.0.9600.20091| 51,200| 16-Jul-21| 18:16 \nWininet.dll.mui| 11.0.9600.20091| 53,248| 16-Jul-21| 18:17 \nWininet.dll.mui| 11.0.9600.20091| 52,736| 16-Jul-21| 18:18 \nWininet.dll.mui| 11.0.9600.20091| 51,712| 16-Jul-21| 18:18 \nWininet.dll.mui| 11.0.9600.20091| 50,688| 16-Jul-21| 18:19 \nWininet.dll.mui| 11.0.9600.20091| 50,688| 16-Jul-21| 18:19 \nWininet.dll.mui| 11.0.9600.20091| 50,176| 16-Jul-21| 18:20 \nWininet.dll.mui| 11.0.9600.20091| 50,176| 16-Jul-21| 18:21 \nWininet.dll.mui| 11.0.9600.20091| 30,720| 16-Jul-21| 18:21 \nWininet.dll.mui| 11.0.9600.20091| 30,720| 16-Jul-21| 18:22 \nWininet.dll.mui| 11.0.9600.20091| 30,720| 16-Jul-21| 18:22 \nInetcpl.cpl| 11.0.9600.20091| 2,058,752| 13-Jul-21| 3:37 \nMshtml.dll.mui| 11.0.9600.20091| 307,200| 16-Jul-21| 18:01 \nMshtml.dll.mui| 11.0.9600.20091| 293,888| 16-Jul-21| 18:02 \nMshtml.dll.mui| 11.0.9600.20091| 290,304| 16-Jul-21| 18:03 \nMshtml.dll.mui| 11.0.9600.20091| 289,280| 16-Jul-21| 18:03 \nMshtml.dll.mui| 11.0.9600.20091| 299,008| 16-Jul-21| 18:04 \nMshtml.dll.mui| 11.0.9600.20091| 303,104| 16-Jul-21| 18:04 \nMshtml.dll.mui| 11.0.9600.20091| 282,112| 16-Jul-21| 18:38 \nMshtml.dll.mui| 11.0.9600.20091| 296,960| 16-Jul-21| 18:05 \nMshtml.dll.mui| 11.0.9600.20091| 283,648| 16-Jul-21| 18:06 \nMshtml.dll.mui| 11.0.9600.20091| 291,840| 16-Jul-21| 18:07 \nMshtml.dll.mui| 11.0.9600.20091| 299,520| 16-Jul-21| 18:07 \nMshtml.dll.mui| 11.0.9600.20091| 275,968| 16-Jul-21| 18:08 \nMshtml.dll.mui| 11.0.9600.20091| 290,816| 16-Jul-21| 18:08 \nMshtml.dll.mui| 11.0.9600.20091| 293,376| 16-Jul-21| 18:09 \nMshtml.dll.mui| 11.0.9600.20091| 296,960| 16-Jul-21| 18:10 \nMshtml.dll.mui| 11.0.9600.20091| 258,048| 16-Jul-21| 18:10 \nMshtml.dll.mui| 11.0.9600.20091| 256,512| 16-Jul-21| 18:11 \nMshtml.dll.mui| 11.0.9600.20091| 289,280| 16-Jul-21| 18:12 \nMshtml.dll.mui| 11.0.9600.20091| 288,256| 16-Jul-21| 18:12 \nMshtml.dll.mui| 11.0.9600.20091| 285,184| 16-Jul-21| 18:13 \nMshtml.dll.mui| 11.0.9600.20091| 295,424| 16-Jul-21| 18:13 \nMshtml.dll.mui| 11.0.9600.20091| 297,472| 16-Jul-21| 18:14 \nMshtml.dll.mui| 11.0.9600.20091| 292,864| 16-Jul-21| 18:15 \nMshtml.dll.mui| 11.0.9600.20091| 295,424| 16-Jul-21| 18:15 \nMshtml.dll.mui| 11.0.9600.20091| 294,400| 16-Jul-21| 18:16 \nMshtml.dll.mui| 11.0.9600.20091| 294,400| 16-Jul-21| 18:17 \nMshtml.dll.mui| 11.0.9600.20091| 292,864| 16-Jul-21| 18:17 \nMshtml.dll.mui| 11.0.9600.20091| 290,816| 16-Jul-21| 18:18 \nMshtml.dll.mui| 11.0.9600.20091| 288,768| 16-Jul-21| 18:18 \nMshtml.dll.mui| 11.0.9600.20091| 286,208| 16-Jul-21| 18:19 \nMshtml.dll.mui| 11.0.9600.20091| 281,600| 16-Jul-21| 18:20 \nMshtml.dll.mui| 11.0.9600.20091| 286,720| 16-Jul-21| 18:20 \nMshtml.dll.mui| 11.0.9600.20091| 292,352| 16-Jul-21| 18:21 \nMshtml.dll.mui| 11.0.9600.20091| 242,176| 16-Jul-21| 18:21 \nMshtml.dll.mui| 11.0.9600.20091| 243,200| 16-Jul-21| 18:22 \nMshtml.dll.mui| 11.0.9600.20091| 243,200| 16-Jul-21| 18:23 \nUrlmon.dll.mui| 11.0.9600.20091| 46,080| 16-Jul-21| 18:01 \nUrlmon.dll.mui| 11.0.9600.20091| 50,176| 16-Jul-21| 18:02 \nUrlmon.dll.mui| 11.0.9600.20091| 48,640| 16-Jul-21| 18:03 \nUrlmon.dll.mui| 11.0.9600.20091| 49,664| 16-Jul-21| 18:03 \nUrlmon.dll.mui| 11.0.9600.20091| 51,712| 16-Jul-21| 18:04 \nUrlmon.dll.mui| 11.0.9600.20091| 54,272| 16-Jul-21| 18:05 \nUrlmon.dll.mui| 11.0.9600.20091| 48,128| 16-Jul-21| 18:38 \nUrlmon.dll.mui| 11.0.9600.20091| 50,176| 16-Jul-21| 18:05 \nUrlmon.dll.mui| 11.0.9600.20091| 47,616| 16-Jul-21| 18:06 \nUrlmon.dll.mui| 11.0.9600.20091| 49,152| 16-Jul-21| 18:06 \nUrlmon.dll.mui| 11.0.9600.20091| 50,688| 16-Jul-21| 18:07 \nUrlmon.dll.mui| 11.0.9600.20091| 45,056| 16-Jul-21| 18:08 \nUrlmon.dll.mui| 11.0.9600.20091| 49,152| 16-Jul-21| 18:08 \nUrlmon.dll.mui| 11.0.9600.20091| 49,152| 16-Jul-21| 18:09 \nUrlmon.dll.mui| 11.0.9600.20091| 49,664| 16-Jul-21| 18:10 \nUrlmon.dll.mui| 11.0.9600.20091| 39,936| 16-Jul-21| 18:10 \nUrlmon.dll.mui| 11.0.9600.20091| 39,424| 16-Jul-21| 18:11 \nUrlmon.dll.mui| 11.0.9600.20091| 47,616| 16-Jul-21| 18:12 \nUrlmon.dll.mui| 11.0.9600.20091| 47,616| 16-Jul-21| 18:12 \nUrlmon.dll.mui| 11.0.9600.20091| 48,640| 16-Jul-21| 18:13 \nUrlmon.dll.mui| 11.0.9600.20091| 51,200| 16-Jul-21| 18:13 \nUrlmon.dll.mui| 11.0.9600.20091| 50,688| 16-Jul-21| 18:14 \nUrlmon.dll.mui| 11.0.9600.20091| 49,664| 16-Jul-21| 18:15 \nUrlmon.dll.mui| 11.0.9600.20091| 50,176| 16-Jul-21| 18:15 \nUrlmon.dll.mui| 11.0.9600.20091| 49,152| 16-Jul-21| 18:16 \nUrlmon.dll.mui| 11.0.9600.20091| 48,640| 16-Jul-21| 18:16 \nUrlmon.dll.mui| 11.0.9600.20091| 50,176| 16-Jul-21| 18:17 \nUrlmon.dll.mui| 11.0.9600.20091| 48,640| 16-Jul-21| 18:18 \nUrlmon.dll.mui| 11.0.9600.20091| 49,664| 16-Jul-21| 18:18 \nUrlmon.dll.mui| 11.0.9600.20091| 48,640| 16-Jul-21| 18:19 \nUrlmon.dll.mui| 11.0.9600.20091| 48,128| 16-Jul-21| 18:19 \nUrlmon.dll.mui| 11.0.9600.20091| 49,152| 16-Jul-21| 18:20 \nUrlmon.dll.mui| 11.0.9600.20091| 48,128| 16-Jul-21| 18:21 \nUrlmon.dll.mui| 11.0.9600.20091| 35,328| 16-Jul-21| 18:22 \nUrlmon.dll.mui| 11.0.9600.20091| 35,328| 16-Jul-21| 18:22 \nUrlmon.dll.mui| 11.0.9600.20091| 35,328| 16-Jul-21| 18:22 \nJsproxy.dll| 11.0.9600.20091| 47,104| 13-Jul-21| 4:01 \nWininet.dll| 11.0.9600.20091| 4,387,840| 13-Jul-21| 3:26 \nInetcpl.cpl.mui| 11.0.9600.20091| 114,176| 16-Jul-21| 18:01 \nInetcpl.cpl.mui| 11.0.9600.20091| 130,560| 16-Jul-21| 18:02 \nInetcpl.cpl.mui| 11.0.9600.20091| 124,928| 16-Jul-21| 18:03 \nInetcpl.cpl.mui| 11.0.9600.20091| 122,880| 16-Jul-21| 18:04 \nInetcpl.cpl.mui| 11.0.9600.20091| 130,048| 16-Jul-21| 18:04 \nInetcpl.cpl.mui| 11.0.9600.20091| 138,240| 16-Jul-21| 18:05 \nInetcpl.cpl.mui| 11.0.9600.20091| 114,688| 16-Jul-21| 18:38 \nInetcpl.cpl.mui| 11.0.9600.20091| 131,584| 16-Jul-21| 18:05 \nInetcpl.cpl.mui| 11.0.9600.20091| 117,760| 16-Jul-21| 18:06 \nInetcpl.cpl.mui| 11.0.9600.20091| 122,368| 16-Jul-21| 18:06 \nInetcpl.cpl.mui| 11.0.9600.20091| 134,144| 16-Jul-21| 18:07 \nInetcpl.cpl.mui| 11.0.9600.20091| 107,008| 16-Jul-21| 18:08 \nInetcpl.cpl.mui| 11.0.9600.20091| 123,392| 16-Jul-21| 18:08 \nInetcpl.cpl.mui| 11.0.9600.20091| 127,488| 16-Jul-21| 18:09 \nInetcpl.cpl.mui| 11.0.9600.20091| 128,512| 16-Jul-21| 18:09 \nInetcpl.cpl.mui| 11.0.9600.20091| 88,576| 16-Jul-21| 18:10 \nInetcpl.cpl.mui| 11.0.9600.20091| 82,944| 16-Jul-21| 18:11 \nInetcpl.cpl.mui| 11.0.9600.20091| 125,440| 16-Jul-21| 18:11 \nInetcpl.cpl.mui| 11.0.9600.20091| 123,392| 16-Jul-21| 18:12 \nInetcpl.cpl.mui| 11.0.9600.20091| 120,320| 16-Jul-21| 18:13 \nInetcpl.cpl.mui| 11.0.9600.20091| 130,560| 16-Jul-21| 18:13 \nInetcpl.cpl.mui| 11.0.9600.20091| 129,024| 16-Jul-21| 18:14 \nInetcpl.cpl.mui| 11.0.9600.20091| 125,952| 16-Jul-21| 18:15 \nInetcpl.cpl.mui| 11.0.9600.20091| 129,024| 16-Jul-21| 18:15 \nInetcpl.cpl.mui| 11.0.9600.20091| 128,000| 16-Jul-21| 18:16 \nInetcpl.cpl.mui| 11.0.9600.20091| 123,904| 16-Jul-21| 18:16 \nInetcpl.cpl.mui| 11.0.9600.20091| 129,024| 16-Jul-21| 18:17 \nInetcpl.cpl.mui| 11.0.9600.20091| 123,904| 16-Jul-21| 18:18 \nInetcpl.cpl.mui| 11.0.9600.20091| 124,416| 16-Jul-21| 18:18 \nInetcpl.cpl.mui| 11.0.9600.20091| 121,856| 16-Jul-21| 18:19 \nInetcpl.cpl.mui| 11.0.9600.20091| 115,712| 16-Jul-21| 18:19 \nInetcpl.cpl.mui| 11.0.9600.20091| 123,904| 16-Jul-21| 18:20 \nInetcpl.cpl.mui| 11.0.9600.20091| 125,440| 16-Jul-21| 18:21 \nInetcpl.cpl.mui| 11.0.9600.20091| 72,704| 16-Jul-21| 18:21 \nInetcpl.cpl.mui| 11.0.9600.20091| 73,728| 16-Jul-21| 18:22 \nInetcpl.cpl.mui| 11.0.9600.20091| 73,728| 16-Jul-21| 18:23 \nMsfeedsbs.dll| 11.0.9600.20091| 52,736| 13-Jul-21| 3:45 \nMsfeedsbs.mof| Not versioned| 1,574| 13-Jul-21| 2:13 \nMsfeedssync.exe| 11.0.9600.20091| 11,776| 13-Jul-21| 4:07 \nIeproxy.dll| 11.0.9600.20091| 310,784| 13-Jul-21| 3:16 \nIeshims.dll| 11.0.9600.20091| 290,304| 13-Jul-21| 3:20 \nIertutil.dll| 11.0.9600.20091| 2,308,608| 13-Jul-21| 4:06 \nSqmapi.dll| 6.2.9200.16384| 228,240| 16-Jul-21| 18:01 \nIeframe.dll.mui| 11.0.9600.20091| 2,066,432| 16-Jul-21| 18:02 \nIeframe.dll.mui| 11.0.9600.20091| 2,121,216| 16-Jul-21| 18:02 \nIeframe.dll.mui| 11.0.9600.20091| 2,075,648| 16-Jul-21| 18:03 \nIeframe.dll.mui| 11.0.9600.20091| 2,063,872| 16-Jul-21| 18:03 \nIeframe.dll.mui| 11.0.9600.20091| 2,314,240| 16-Jul-21| 18:04 \nIeframe.dll.mui| 11.0.9600.20091| 2,390,528| 16-Jul-21| 18:05 \nIeframe.dll.mui| 11.0.9600.20091| 2,033,152| 16-Jul-21| 18:38 \nIeframe.dll.mui| 11.0.9600.20091| 2,307,584| 16-Jul-21| 18:05 \nIeframe.dll.mui| 11.0.9600.20091| 2,255,872| 16-Jul-21| 18:06 \nIeframe.dll.mui| 11.0.9600.20091| 2,061,312| 16-Jul-21| 18:07 \nIeframe.dll.mui| 11.0.9600.20091| 2,326,016| 16-Jul-21| 18:07 \nIeframe.dll.mui| 11.0.9600.20091| 2,019,840| 16-Jul-21| 18:08 \nIeframe.dll.mui| 11.0.9600.20091| 2,071,040| 16-Jul-21| 18:09 \nIeframe.dll.mui| 11.0.9600.20091| 2,082,816| 16-Jul-21| 18:09 \nIeframe.dll.mui| 11.0.9600.20091| 2,307,584| 16-Jul-21| 18:10 \nIeframe.dll.mui| 11.0.9600.20091| 2,170,368| 16-Jul-21| 18:11 \nIeframe.dll.mui| 11.0.9600.20091| 2,153,984| 16-Jul-21| 18:11 \nIeframe.dll.mui| 11.0.9600.20091| 2,291,712| 16-Jul-21| 18:12 \nIeframe.dll.mui| 11.0.9600.20091| 2,283,520| 16-Jul-21| 18:12 \nIeframe.dll.mui| 11.0.9600.20091| 2,052,096| 16-Jul-21| 18:13 \nIeframe.dll.mui| 11.0.9600.20091| 2,301,952| 16-Jul-21| 18:14 \nIeframe.dll.mui| 11.0.9600.20091| 2,093,056| 16-Jul-21| 18:14 \nIeframe.dll.mui| 11.0.9600.20091| 2,075,648| 16-Jul-21| 18:15 \nIeframe.dll.mui| 11.0.9600.20091| 2,299,392| 16-Jul-21| 18:16 \nIeframe.dll.mui| 11.0.9600.20091| 2,094,592| 16-Jul-21| 18:16 \nIeframe.dll.mui| 11.0.9600.20091| 2,316,800| 16-Jul-21| 18:17 \nIeframe.dll.mui| 11.0.9600.20091| 2,305,536| 16-Jul-21| 18:17 \nIeframe.dll.mui| 11.0.9600.20091| 2,278,912| 16-Jul-21| 18:18 \nIeframe.dll.mui| 11.0.9600.20091| 2,285,568| 16-Jul-21| 18:19 \nIeframe.dll.mui| 11.0.9600.20091| 2,060,288| 16-Jul-21| 18:19 \nIeframe.dll.mui| 11.0.9600.20091| 2,315,776| 16-Jul-21| 18:20 \nIeframe.dll.mui| 11.0.9600.20091| 2,279,424| 16-Jul-21| 18:20 \nIeframe.dll.mui| 11.0.9600.20091| 2,324,992| 16-Jul-21| 18:21 \nIeframe.dll.mui| 11.0.9600.20091| 2,098,176| 16-Jul-21| 18:22 \nIeframe.dll.mui| 11.0.9600.20091| 1,890,304| 16-Jul-21| 18:22 \nIeframe.dll.mui| 11.0.9600.20091| 1,890,304| 16-Jul-21| 18:23 \nJscript9.dll.mui| 11.0.9600.20091| 29,184| 16-Jul-21| 18:01 \nJscript9.dll.mui| 11.0.9600.20091| 29,696| 16-Jul-21| 18:02 \nJscript9.dll.mui| 11.0.9600.20091| 32,768| 16-Jul-21| 18:03 \nJscript9.dll.mui| 11.0.9600.20091| 33,280| 16-Jul-21| 18:03 \nJscript9.dll.mui| 11.0.9600.20091| 35,328| 16-Jul-21| 18:04 \nJscript9.dll.mui| 11.0.9600.20091| 37,888| 16-Jul-21| 18:05 \nJscript9.dll.mui| 11.0.9600.20091| 29,696| 16-Jul-21| 18:38 \nJscript9.dll.mui| 11.0.9600.20091| 34,304| 16-Jul-21| 18:05 \nJscript9.dll.mui| 11.0.9600.20091| 29,696| 16-Jul-21| 18:06 \nJscript9.dll.mui| 11.0.9600.20091| 33,280| 16-Jul-21| 18:06 \nJscript9.dll.mui| 11.0.9600.20091| 34,304| 16-Jul-21| 18:07 \nJscript9.dll.mui| 11.0.9600.20091| 27,648| 16-Jul-21| 18:08 \nJscript9.dll.mui| 11.0.9600.20091| 29,696| 16-Jul-21| 18:08 \nJscript9.dll.mui| 11.0.9600.20091| 34,304| 16-Jul-21| 18:09 \nJscript9.dll.mui| 11.0.9600.20091| 33,792| 16-Jul-21| 18:10 \nJscript9.dll.mui| 11.0.9600.20091| 23,040| 16-Jul-21| 18:10 \nJscript9.dll.mui| 11.0.9600.20091| 22,016| 16-Jul-21| 18:11 \nJscript9.dll.mui| 11.0.9600.20091| 29,696| 16-Jul-21| 18:11 \nJscript9.dll.mui| 11.0.9600.20091| 29,696| 16-Jul-21| 18:12 \nJscript9.dll.mui| 11.0.9600.20091| 31,232| 16-Jul-21| 18:13 \nJscript9.dll.mui| 11.0.9600.20091| 34,304| 16-Jul-21| 18:13 \nJscript9.dll.mui| 11.0.9600.20091| 35,840| 16-Jul-21| 18:14 \nJscript9.dll.mui| 11.0.9600.20091| 32,768| 16-Jul-21| 18:15 \nJscript9.dll.mui| 11.0.9600.20091| 33,280| 16-Jul-21| 18:15 \nJscript9.dll.mui| 11.0.9600.20091| 29,696| 16-Jul-21| 18:16 \nJscript9.dll.mui| 11.0.9600.20091| 34,816| 16-Jul-21| 18:16 \nJscript9.dll.mui| 11.0.9600.20091| 33,280| 16-Jul-21| 18:17 \nJscript9.dll.mui| 11.0.9600.20091| 32,256| 16-Jul-21| 18:18 \nJscript9.dll.mui| 11.0.9600.20091| 29,696| 16-Jul-21| 18:18 \nJscript9.dll.mui| 11.0.9600.20091| 32,768| 16-Jul-21| 18:19 \nJscript9.dll.mui| 11.0.9600.20091| 29,696| 16-Jul-21| 18:20 \nJscript9.dll.mui| 11.0.9600.20091| 30,720| 16-Jul-21| 18:20 \nJscript9.dll.mui| 11.0.9600.20091| 29,696| 16-Jul-21| 18:21 \nJscript9.dll.mui| 11.0.9600.20091| 16,384| 16-Jul-21| 18:21 \nJscript9.dll.mui| 11.0.9600.20091| 16,896| 16-Jul-21| 18:22 \nJscript9.dll.mui| 11.0.9600.20091| 16,896| 16-Jul-21| 18:23 \nPackage.cab| Not versioned| 302,207| 16-Jul-21| 23:31 \n \n### Windows 7 and Windows Server 2008 R2\n\n### \n\n__\n\nInternet Explorer 11 on all supported x86-based versions\n\n**File name**| **File version**| **Date**| **Time**| **File size** \n---|---|---|---|--- \nurlmon.dll| 11.0.9600.20091| 12-Jul-2021| 20:21| 1,342,976 \niexplore.exe| 11.0.9600.20091| 13-Jul-2021| 12:28| 810,400 \nwebcheck.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:29| 31,744 \nwebcheck.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:30| 36,352 \nwebcheck.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:31| 35,328 \nwebcheck.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:31| 34,816 \nwebcheck.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:32| 36,864 \nwebcheck.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:32| 39,424 \nwebcheck.dll.mui| 11.0.9600.20091| 13-Jul-2021| 13:07| 32,768 \nwebcheck.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:33| 37,376 \nwebcheck.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:34| 33,280 \nwebcheck.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:34| 34,816 \nwebcheck.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:35| 38,400 \nwebcheck.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:35| 30,720 \nwebcheck.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:36| 34,816 \nwebcheck.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:37| 35,328 \nwebcheck.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:37| 36,864 \nwebcheck.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:38| 25,600 \nwebcheck.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:39| 24,576 \nwebcheck.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:39| 35,840 \nwebcheck.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:40| 34,304 \nwebcheck.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:41| 34,304 \nwebcheck.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:41| 36,352 \nwebcheck.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:42| 35,840 \nwebcheck.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:42| 34,816 \nwebcheck.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:43| 35,840 \nwebcheck.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:44| 35,840 \nwebcheck.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:44| 34,304 \nwebcheck.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:45| 35,840 \nwebcheck.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:45| 34,816 \nwebcheck.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:46| 34,816 \nwebcheck.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:46| 34,816 \nwebcheck.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:47| 33,280 \nwebcheck.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:48| 34,304 \nwebcheck.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:48| 34,304 \nwebcheck.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:49| 20,992 \nwebcheck.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:50| 21,504 \nwebcheck.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:50| 21,504 \nwininet.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:29| 46,592 \nwininet.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:30| 52,736 \nwininet.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:30| 51,200 \nwininet.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:31| 51,200 \nwininet.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:32| 56,320 \nwininet.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:33| 57,856 \nwininet.dll.mui| 11.0.9600.20091| 13-Jul-2021| 13:06| 49,664 \nwininet.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:33| 54,272 \nwininet.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:34| 47,616 \nwininet.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:34| 49,152 \nwininet.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:35| 55,296 \nwininet.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:36| 45,056 \nwininet.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:36| 51,712 \nwininet.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:37| 51,712 \nwininet.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:37| 53,248 \nwininet.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:38| 39,424 \nwininet.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:39| 35,840 \nwininet.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:39| 50,176 \nwininet.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:40| 51,200 \nwininet.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:40| 50,688 \nwininet.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:41| 52,736 \nwininet.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:42| 53,760 \nwininet.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:42| 54,272 \nwininet.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:43| 54,272 \nwininet.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:44| 52,736 \nwininet.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:44| 51,200 \nwininet.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:45| 53,248 \nwininet.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:46| 52,736 \nwininet.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:46| 51,712 \nwininet.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:46| 50,688 \nwininet.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:47| 50,688 \nwininet.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:48| 50,176 \nwininet.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:48| 50,176 \nwininet.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:49| 30,720 \nwininet.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:50| 30,720 \nwininet.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:50| 30,720 \ninetcpl.cpl| 11.0.9600.20091| 12-Jul-2021| 20:37| 2,058,752 \nDiagnosticsTap.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:29| 10,752 \nDiagnosticsTap.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:30| 10,752 \nDiagnosticsTap.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:31| 10,752 \nDiagnosticsTap.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:31| 10,752 \nDiagnosticsTap.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:32| 10,752 \nDiagnosticsTap.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:33| 10,752 \nDiagnosticsTap.dll.mui| 11.0.9600.20091| 13-Jul-2021| 13:07| 10,752 \nDiagnosticsTap.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:33| 10,752 \nDiagnosticsTap.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:34| 10,752 \nDiagnosticsTap.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:34| 10,752 \nDiagnosticsTap.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:35| 10,752 \nDiagnosticsTap.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:36| 10,752 \nDiagnosticsTap.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:36| 10,752 \nDiagnosticsTap.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:37| 10,752 \nDiagnosticsTap.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:37| 10,752 \nDiagnosticsTap.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:38| 10,752 \nDiagnosticsTap.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:39| 10,752 \nDiagnosticsTap.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:39| 10,752 \nDiagnosticsTap.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:40| 10,752 \nDiagnosticsTap.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:41| 10,752 \nDiagnosticsTap.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:41| 10,752 \nDiagnosticsTap.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:42| 10,752 \nDiagnosticsTap.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:43| 10,752 \nDiagnosticsTap.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:43| 10,752 \nDiagnosticsTap.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:44| 10,752 \nDiagnosticsTap.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:44| 10,752 \nDiagnosticsTap.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:45| 10,752 \nDiagnosticsTap.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:45| 10,752 \nDiagnosticsTap.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:46| 10,752 \nDiagnosticsTap.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:46| 10,752 \nDiagnosticsTap.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:47| 10,752 \nDiagnosticsTap.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:48| 10,752 \nDiagnosticsTap.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:48| 10,752 \nDiagnosticsTap.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:49| 10,752 \nDiagnosticsTap.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:50| 10,752 \nDiagnosticsTap.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:50| 10,752 \nmshtml.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:29| 307,200 \nmshtml.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:30| 293,888 \nmshtml.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:31| 290,304 \nmshtml.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:31| 289,280 \nmshtml.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:32| 299,008 \nmshtml.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:33| 303,104 \nmshtml.dll.mui| 11.0.9600.20091| 13-Jul-2021| 13:07| 282,112 \nmshtml.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:33| 296,960 \nmshtml.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:34| 283,648 \nmshtml.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:34| 291,840 \nmshtml.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:35| 299,520 \nmshtml.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:36| 275,968 \nmshtml.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:36| 290,816 \nmshtml.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:37| 293,376 \nmshtml.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:37| 296,960 \nmshtml.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:38| 258,048 \nmshtml.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:39| 256,512 \nmshtml.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:39| 289,280 \nmshtml.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:40| 288,256 \nmshtml.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:41| 285,184 \nmshtml.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:42| 295,424 \nmshtml.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:42| 297,472 \nmshtml.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:42| 292,864 \nmshtml.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:43| 295,424 \nmshtml.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:44| 294,400 \nmshtml.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:44| 294,400 \nmshtml.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:45| 292,864 \nmshtml.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:45| 290,816 \nmshtml.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:46| 288,768 \nmshtml.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:47| 286,208 \nmshtml.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:47| 281,600 \nmshtml.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:48| 286,720 \nmshtml.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:48| 292,352 \nmshtml.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:49| 242,176 \nmshtml.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:50| 243,200 \nmshtml.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:51| 243,200 \nF12Resources.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:29| 65,536 \nF12Resources.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:30| 73,728 \nF12Resources.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:30| 67,584 \nF12Resources.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:31| 67,584 \nF12Resources.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:32| 74,240 \nF12Resources.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:33| 78,848 \nF12Resources.dll.mui| 11.0.9600.20091| 13-Jul-2021| 13:06| 61,440 \nF12Resources.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:33| 74,752 \nF12Resources.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:34| 62,464 \nF12Resources.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:34| 68,096 \nF12Resources.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:35| 75,264 \nF12Resources.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:35| 65,536 \nF12Resources.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:36| 68,608 \nF12Resources.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:37| 72,192 \nF12Resources.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:37| 73,216 \nF12Resources.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:38| 41,472 \nF12Resources.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:39| 37,888 \nF12Resources.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:39| 68,608 \nF12Resources.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:40| 67,584 \nF12Resources.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:41| 65,536 \nF12Resources.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:42| 74,240 \nF12Resources.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:42| 70,656 \nF12Resources.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:42| 71,168 \nF12Resources.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:43| 71,680 \nF12Resources.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:44| 71,168 \nF12Resources.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:44| 69,632 \nF12Resources.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:45| 68,096 \nF12Resources.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:45| 68,608 \nF12Resources.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:46| 68,096 \nF12Resources.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:47| 65,536 \nF12Resources.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:47| 59,904 \nF12Resources.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:48| 65,536 \nF12Resources.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:48| 69,120 \nF12Resources.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:49| 29,696 \nF12Resources.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:50| 30,720 \nF12Resources.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:50| 30,720 \nJavaScriptCollectionAgent.dll| 11.0.9600.20091| 12-Jul-2021| 20:47| 60,416 \nDiagnosticsHub.ScriptedSandboxPlugin.dll| 11.0.9600.20091| 12-Jul-2021| 20:49| 230,912 \nurlmon.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:29| 46,080 \nurlmon.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:30| 50,176 \nurlmon.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:30| 48,640 \nurlmon.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:32| 49,664 \nurlmon.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:32| 51,712 \nurlmon.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:32| 54,272 \nurlmon.dll.mui| 11.0.9600.20091| 13-Jul-2021| 13:07| 48,128 \nurlmon.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:33| 50,176 \nurlmon.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:34| 47,616 \nurlmon.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:34| 49,152 \nurlmon.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:35| 50,688 \nurlmon.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:35| 45,056 \nurlmon.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:36| 49,152 \nurlmon.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:37| 49,152 \nurlmon.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:37| 49,664 \nurlmon.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:38| 39,936 \nurlmon.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:39| 39,424 \nurlmon.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:39| 47,616 \nurlmon.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:40| 47,616 \nurlmon.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:41| 48,640 \nurlmon.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:41| 51,200 \nurlmon.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:42| 50,688 \nurlmon.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:42| 49,664 \nurlmon.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:43| 50,176 \nurlmon.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:44| 49,152 \nurlmon.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:44| 48,640 \nurlmon.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:45| 50,176 \nurlmon.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:45| 48,640 \nurlmon.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:46| 49,664 \nurlmon.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:46| 48,640 \nurlmon.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:47| 48,128 \nurlmon.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:48| 49,152 \nurlmon.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:48| 48,128 \nurlmon.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:49| 35,328 \nurlmon.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:50| 35,328 \nurlmon.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:50| 35,328 \noccache.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:29| 9,728 \noccache.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:30| 10,752 \noccache.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:31| 10,240 \noccache.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:31| 9,728 \noccache.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:32| 10,752 \noccache.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:33| 11,264 \noccache.dll.mui| 11.0.9600.20091| 13-Jul-2021| 13:07| 9,728 \noccache.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:33| 10,752 \noccache.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:34| 10,240 \noccache.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:34| 10,240 \noccache.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:35| 10,752 \noccache.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:35| 9,216 \noccache.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:36| 10,240 \noccache.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:37| 10,240 \noccache.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:37| 10,752 \noccache.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:38| 7,680 \noccache.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:39| 7,680 \noccache.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:39| 10,240 \noccache.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:40| 10,240 \noccache.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:40| 9,728 \noccache.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:41| 10,240 \noccache.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:42| 10,240 \noccache.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:42| 10,752 \noccache.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:43| 10,752 \noccache.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:44| 10,240 \noccache.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:45| 10,240 \noccache.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:45| 10,752 \noccache.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:45| 10,240 \noccache.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:46| 10,240 \noccache.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:46| 9,728 \noccache.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:47| 9,728 \noccache.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:48| 10,240 \noccache.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:48| 10,240 \noccache.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:49| 6,656 \noccache.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:50| 6,656 \noccache.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:51| 6,656 \nwininet.dll| 11.0.9600.20091| 12-Jul-2021| 20:26| 4,387,840 \njsproxy.dll| 11.0.9600.20091| 12-Jul-2021| 21:01| 47,104 \ninetcpl.cpl.mui| 11.0.9600.20091| 13-Jul-2021| 12:29| 114,176 \ninetcpl.cpl.mui| 11.0.9600.20091| 13-Jul-2021| 12:30| 130,560 \ninetcpl.cpl.mui| 11.0.9600.20091| 13-Jul-2021| 12:31| 124,928 \ninetcpl.cpl.mui| 11.0.9600.20091| 13-Jul-2021| 12:31| 122,880 \ninetcpl.cpl.mui| 11.0.9600.20091| 13-Jul-2021| 12:32| 130,048 \ninetcpl.cpl.mui| 11.0.9600.20091| 13-Jul-2021| 12:33| 138,240 \ninetcpl.cpl.mui| 11.0.9600.20091| 13-Jul-2021| 13:06| 114,688 \ninetcpl.cpl.mui| 11.0.9600.20091| 13-Jul-2021| 12:33| 131,584 \ninetcpl.cpl.mui| 11.0.9600.20091| 13-Jul-2021| 12:34| 117,760 \ninetcpl.cpl.mui| 11.0.9600.20091| 13-Jul-2021| 12:34| 122,368 \ninetcpl.cpl.mui| 11.0.9600.20091| 13-Jul-2021| 12:35| 134,144 \ninetcpl.cpl.mui| 11.0.9600.20091| 13-Jul-2021| 12:36| 107,008 \ninetcpl.cpl.mui| 11.0.9600.20091| 13-Jul-2021| 12:36| 123,392 \ninetcpl.cpl.mui| 11.0.9600.20091| 13-Jul-2021| 12:37| 127,488 \ninetcpl.cpl.mui| 11.0.9600.20091| 13-Jul-2021| 12:37| 128,512 \ninetcpl.cpl.mui| 11.0.9600.20091| 13-Jul-2021| 12:38| 88,576 \ninetcpl.cpl.mui| 11.0.9600.20091| 13-Jul-2021| 12:39| 82,944 \ninetcpl.cpl.mui| 11.0.9600.20091| 13-Jul-2021| 12:39| 125,440 \ninetcpl.cpl.mui| 11.0.9600.20091| 13-Jul-2021| 12:40| 123,392 \ninetcpl.cpl.mui| 11.0.9600.20091| 13-Jul-2021| 12:40| 120,320 \ninetcpl.cpl.mui| 11.0.9600.20091| 13-Jul-2021| 12:41| 130,560 \ninetcpl.cpl.mui| 11.0.9600.20091| 13-Jul-2021| 12:42| 129,024 \ninetcpl.cpl.mui| 11.0.9600.20091| 13-Jul-2021| 12:42| 125,952 \ninetcpl.cpl.mui| 11.0.9600.20091| 13-Jul-2021| 12:43| 129,024 \ninetcpl.cpl.mui| 11.0.9600.20091| 13-Jul-2021| 12:44| 128,000 \ninetcpl.cpl.mui| 11.0.9600.20091| 13-Jul-2021| 12:44| 123,904 \ninetcpl.cpl.mui| 11.0.9600.20091| 13-Jul-2021| 12:45| 129,024 \ninetcpl.cpl.mui| 11.0.9600.20091| 13-Jul-2021| 12:45| 123,904 \ninetcpl.cpl.mui| 11.0.9600.20091| 13-Jul-2021| 12:46| 124,416 \ninetcpl.cpl.mui| 11.0.9600.20091| 13-Jul-2021| 12:46| 121,856 \ninetcpl.cpl.mui| 11.0.9600.20091| 13-Jul-2021| 12:47| 115,712 \ninetcpl.cpl.mui| 11.0.9600.20091| 13-Jul-2021| 12:48| 123,904 \ninetcpl.cpl.mui| 11.0.9600.20091| 13-Jul-2021| 12:48| 125,440 \ninetcpl.cpl.mui| 11.0.9600.20091| 13-Jul-2021| 12:49| 72,704 \ninetcpl.cpl.mui| 11.0.9600.20091| 13-Jul-2021| 12:50| 73,728 \ninetcpl.cpl.mui| 11.0.9600.20091| 13-Jul-2021| 12:50| 73,728 \niedkcs32.dll| 18.0.9600.20091| 13-Jul-2021| 12:28| 341,920 \ninstall.ins| Not versioned| 12-Jul-2021| 19:02| 464 \nieapfltr.dat| 10.0.9301.0| 4-Mar-2021| 13:41| 616,104 \nieapfltr.dll| 11.0.9600.20091| 12-Jul-2021| 20:18| 710,656 \ntdc.ocx| 11.0.9600.20091| 12-Jul-2021| 20:47| 73,728 \nDiagnosticsHub.DataWarehouse.dll| 11.0.9600.20091| 12-Jul-2021| 21:09| 489,472 \niedvtool.dll| 11.0.9600.20091| 12-Jul-2021| 21:35| 772,608 \nDiagnosticsHub_is.dll| 11.0.9600.20091| 12-Jul-2021| 21:10| 38,912 \ndxtmsft.dll| 11.0.9600.20091| 12-Jul-2021| 20:51| 415,744 \ndxtrans.dll| 11.0.9600.20091| 12-Jul-2021| 20:43| 280,064 \nMicrosoft-Windows-IE-F12-Provider.ptxml| Not versioned| 12-Jul-2021| 19:01| 11,892 \nF12.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:29| 4,096 \nF12.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:30| 4,096 \nF12.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:30| 4,096 \nF12.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:31| 4,096 \nF12.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:32| 4,096 \nF12.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:32| 4,096 \nF12.dll.mui| 11.0.9600.20091| 13-Jul-2021| 13:06| 4,096 \nF12.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:33| 4,096 \nF12.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:34| 4,096 \nF12.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:34| 4,096 \nF12.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:35| 4,096 \nF12.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:35| 4,096 \nF12.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:36| 4,096 \nF12.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:37| 4,096 \nF12.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:37| 4,096 \nF12.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:38| 3,584 \nF12.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:39| 3,584 \nF12.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:39| 4,096 \nF12.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:40| 4,096 \nF12.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:41| 4,096 \nF12.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:41| 4,096 \nF12.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:42| 4,096 \nF12.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:42| 4,096 \nF12.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:43| 4,096 \nF12.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:44| 4,096 \nF12.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:44| 4,096 \nF12.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:45| 4,096 \nF12.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:45| 4,096 \nF12.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:46| 4,096 \nF12.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:47| 4,096 \nF12.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:47| 4,096 \nF12.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:48| 4,096 \nF12.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:48| 4,096 \nF12.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:49| 3,584 \nF12.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:50| 3,584 \nF12.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:50| 3,584 \nDiagnosticsTap.dll| 11.0.9600.20091| 12-Jul-2021| 20:50| 175,104 \nF12Resources.dll| 11.0.9600.20091| 12-Jul-2021| 21:12| 10,948,096 \nF12Tools.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:29| 2,048 \nF12Tools.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:30| 2,048 \nF12Tools.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:31| 2,048 \nF12Tools.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:32| 2,048 \nF12Tools.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:32| 2,048 \nF12Tools.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:33| 2,048 \nF12Tools.dll.mui| 11.0.9600.20091| 13-Jul-2021| 13:07| 2,048 \nF12Tools.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:33| 2,048 \nF12Tools.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:34| 2,048 \nF12Tools.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:35| 2,048 \nF12Tools.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:35| 2,048 \nF12Tools.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:35| 2,048 \nF12Tools.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:36| 2,048 \nF12Tools.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:37| 2,048 \nF12Tools.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:37| 2,048 \nF12Tools.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:38| 2,048 \nF12Tools.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:39| 2,048 \nF12Tools.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:39| 2,048 \nF12Tools.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:40| 2,048 \nF12Tools.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:41| 2,048 \nF12Tools.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:42| 2,048 \nF12Tools.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:42| 2,048 \nF12Tools.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:42| 2,048 \nF12Tools.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:43| 2,048 \nF12Tools.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:44| 2,048 \nF12Tools.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:45| 2,048 \nF12Tools.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:45| 2,048 \nF12Tools.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:45| 2,048 \nF12Tools.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:46| 2,048 \nF12Tools.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:46| 2,048 \nF12Tools.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:47| 2,048 \nF12Tools.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:48| 2,048 \nF12Tools.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:48| 2,048 \nF12Tools.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:49| 2,048 \nF12Tools.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:50| 2,048 \nF12Tools.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:50| 2,048 \nF12Tools.dll| 11.0.9600.20091| 12-Jul-2021| 20:49| 256,000 \nF12.dll| 11.0.9600.20091| 12-Jul-2021| 20:41| 1,207,808 \nmsfeeds.dll| 11.0.9600.20091| 12-Jul-2021| 20:37| 696,320 \nmsfeeds.mof| Not versioned| 12-Jul-2021| 19:13| 1,518 \nmsfeedsbs.mof| Not versioned| 12-Jul-2021| 19:13| 1,574 \nmsfeedsbs.dll| 11.0.9600.20091| 12-Jul-2021| 20:45| 52,736 \nmsfeedssync.exe| 11.0.9600.20091| 12-Jul-2021| 21:07| 11,776 \nhtml.iec| 2019.0.0.20091| 12-Jul-2021| 21:06| 341,504 \nmshtmled.dll| 11.0.9600.20091| 12-Jul-2021| 20:44| 76,800 \nmshtmlmedia.dll| 11.0.9600.20091| 12-Jul-2021| 20:36| 1,155,584 \nmshtml.dll| 11.0.9600.20091| 12-Jul-2021| 21:35| 20,293,632 \nmshtml.tlb| 11.0.9600.20091| 12-Jul-2021| 21:16| 2,724,864 \nMicrosoft-Windows-IE-HTMLRendering.ptxml| Not versioned| 12-Jul-2021| 19:01| 3,228 \nieetwcollector.exe| 11.0.9600.20091| 12-Jul-2021| 20:58| 104,960 \nieetwproxystub.dll| 11.0.9600.20091| 12-Jul-2021| 21:06| 47,616 \nieetwcollectorres.dll| 11.0.9600.20091| 12-Jul-2021| 21:16| 4,096 \nielowutil.exe| 11.0.9600.20091| 12-Jul-2021| 21:00| 221,184 \nieproxy.dll| 11.0.9600.20091| 12-Jul-2021| 20:16| 310,784 \nIEShims.dll| 11.0.9600.20091| 12-Jul-2021| 20:20| 290,304 \nWindows Pop-up Blocked.wav| Not versioned| 4-Mar-2021| 13:55| 85,548 \nWindows Information Bar.wav| Not versioned| 4-Mar-2021| 13:55| 23,308 \nWindows Feed Discovered.wav| Not versioned| 4-Mar-2021| 13:55| 19,884 \nWindows Navigation Start.wav| Not versioned| 4-Mar-2021| 13:55| 11,340 \nbing.ico| Not versioned| 4-Mar-2021| 13:48| 5,430 \nieUnatt.exe| 11.0.9600.20091| 12-Jul-2021| 20:58| 115,712 \nMicrosoft-Windows-IE-InternetExplorer-ppdlic.xrm-ms| Not versioned| 14-Jul-2021| 11:52| 2,956 \njsprofilerui.dll| 11.0.9600.20091| 12-Jul-2021| 20:46| 579,584 \nMemoryAnalyzer.dll| 11.0.9600.20091| 12-Jul-2021| 20:56| 1,399,296 \nMshtmlDac.dll| 11.0.9600.20091| 12-Jul-2021| 21:05| 64,000 \nnetworkinspection.dll| 11.0.9600.20091| 12-Jul-2021| 20:42| 1,075,200 \noccache.dll| 11.0.9600.20091| 12-Jul-2021| 20:42| 130,048 \ndesktop.ini| Not versioned| 4-Mar-2021| 13:44| 65 \nwebcheck.dll| 11.0.9600.20091| 12-Jul-2021| 20:37| 230,400 \ndesktop.ini| Not versioned| 4-Mar-2021| 13:44| 65 \nmsrating.dll| 11.0.9600.20091| 12-Jul-2021| 20:45| 168,960 \nicrav03.rat| Not versioned| 4-Mar-2021| 13:44| 8,798 \nticrf.rat| Not versioned| 4-Mar-2021| 13:44| 1,988 \niertutil.dll| 11.0.9600.20091| 12-Jul-2021| 21:06| 2,308,608 \nsqmapi.dll| 6.2.9200.16384| 13-Jul-2021| 12:28| 228,256 \nie4uinit.exe| 11.0.9600.20091| 12-Jul-2021| 20:36| 692,224 \niernonce.dll| 11.0.9600.20091| 12-Jul-2021| 21:00| 30,720 \niesetup.dll| 11.0.9600.20091| 12-Jul-2021| 21:06| 62,464 \nieuinit.inf| Not versioned| 12-Jul-2021| 20:01| 16,303 \ninseng.dll| 11.0.9600.20091| 12-Jul-2021| 20:47| 91,136 \nTimeline.dll| 11.0.9600.20091| 12-Jul-2021| 20:46| 154,112 \nTimeline_is.dll| 11.0.9600.20091| 12-Jul-2021| 21:00| 124,928 \nTimeline.cpu.xml| Not versioned| 4-Mar-2021| 13:43| 3,197 \nVGX.dll| 11.0.9600.20091| 12-Jul-2021| 20:44| 818,176 \nieframe.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:30| 2,066,432 \nieui.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:29| 3,072 \nieframe.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:30| 2,121,216 \nieui.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:30| 3,072 \nieframe.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:31| 2,075,648 \nieui.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:31| 3,072 \nieframe.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:31| 2,063,872 \nieui.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:31| 3,072 \nieframe.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:32| 2,314,240 \nieui.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:32| 3,072 \nieframe.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:33| 2,390,528 \nieui.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:32| 3,584 \nieframe.dll.mui| 11.0.9600.20091| 13-Jul-2021| 13:07| 2,033,152 \nieui.dll.mui| 11.0.9600.20091| 13-Jul-2021| 13:06| 3,072 \nieframe.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:33| 2,307,584 \nieui.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:33| 3,072 \nieframe.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:34| 2,255,872 \nieui.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:34| 3,072 \nieframe.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:35| 2,061,312 \nieui.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:35| 3,072 \nieframe.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:35| 2,326,016 \nieui.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:35| 3,584 \nieframe.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:36| 2,019,840 \nieui.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:35| 3,072 \nieframe.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:36| 2,071,040 \nieui.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:36| 3,072 \nieframe.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:37| 2,082,816 \nieui.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:37| 3,584 \nieframe.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:38| 2,307,584 \nieui.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:37| 3,072 \nieframe.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:38| 2,170,368 \nieui.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:38| 3,072 \nieframe.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:39| 2,153,984 \nieui.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:39| 3,072 \nieframe.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:40| 2,291,712 \nieui.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:39| 3,072 \nieframe.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:40| 2,283,520 \nieui.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:40| 3,072 \nieframe.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:41| 2,052,096 \nieui.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:41| 3,072 \nieframe.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:41| 2,301,952 \nieui.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:41| 3,584 \nieframe.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:42| 2,093,056 \nieui.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:42| 3,072 \nieframe.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:43| 2,075,648 \nieui.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:42| 3,072 \nieframe.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:43| 2,299,392 \nieui.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:43| 3,072 \nieframe.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:44| 2,094,592 \nieui.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:44| 3,072 \nieframe.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:44| 2,316,800 \nieui.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:44| 3,584 \nieframe.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:45| 2,305,536 \nieui.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:45| 3,072 \nieframe.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:46| 2,278,912 \nieui.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:46| 3,072 \nieframe.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:46| 2,285,568 \nieui.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:46| 3,584 \nieframe.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:47| 2,060,288 \nieui.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:46| 3,072 \nieframe.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:48| 2,315,776 \nieui.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:47| 3,072 \nieframe.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:48| 2,279,424 \nieui.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:48| 3,072 \nieframe.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:49| 2,324,992 \nieui.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:48| 3,072 \nieframe.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:49| 2,098,176 \nieui.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:49| 3,072 \nieframe.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:50| 1,890,304 \nieui.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:50| 3,072 \nieframe.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:51| 1,890,304 \nieui.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:50| 3,072 \nieframe.dll| 11.0.9600.20091| 12-Jul-2021| 20:43| 13,882,368 \nieui.dll| 11.0.9600.20091| 12-Jul-2021| 20:59| 476,160 \nieframe.ptxml| Not versioned| 12-Jul-2021| 19:01| 24,486 \nieinstal.exe| 11.0.9600.20091| 12-Jul-2021| 20:43| 475,648 \nInetRes.adml| Not versioned| 13-Jul-2021| 12:29| 463,373 \nInetRes.adml| Not versioned| 13-Jul-2021| 12:30| 751,414 \nInetRes.adml| Not versioned| 13-Jul-2021| 12:31| 526,343 \nInetRes.adml| Not versioned| 13-Jul-2021| 12:31| 499,703 \nInetRes.adml| Not versioned| 13-Jul-2021| 12:32| 552,389 \nInetRes.adml| Not versioned| 13-Jul-2021| 12:32| 944,609 \nInetRes.adml| Not versioned| 13-Jul-2021| 13:07| 457,561 \nInetRes.adml| Not versioned| 13-Jul-2021| 12:33| 543,995 \nInetRes.adml| Not versioned| 13-Jul-2021| 12:34| 751,408 \nInetRes.adml| Not versioned| 13-Jul-2021| 12:34| 526,606 \nInetRes.adml| Not versioned| 13-Jul-2021| 12:35| 575,889 \nInetRes.adml| Not versioned| 13-Jul-2021| 12:36| 463,373 \nInetRes.adml| Not versioned| 13-Jul-2021| 12:36| 751,197 \nInetRes.adml| Not versioned| 13-Jul-2021| 12:37| 570,785 \nInetRes.adml| Not versioned| 13-Jul-2021| 12:37| 548,169 \nInetRes.adml| Not versioned| 13-Jul-2021| 12:38| 639,283 \nInetRes.adml| Not versioned| 13-Jul-2021| 12:39| 525,516 \nInetRes.adml| Not versioned| 13-Jul-2021| 12:39| 751,384 \nInetRes.adml| Not versioned| 13-Jul-2021| 12:40| 751,453 \nInetRes.adml| Not versioned| 13-Jul-2021| 12:41| 488,537 \nInetRes.adml| Not versioned| 13-Jul-2021| 12:41| 548,546 \nInetRes.adml| Not versioned| 13-Jul-2021| 12:42| 559,393 \nInetRes.adml| Not versioned| 13-Jul-2021| 12:42| 535,116 \nInetRes.adml| Not versioned| 13-Jul-2021| 12:43| 541,504 \nInetRes.adml| Not versioned| 13-Jul-2021| 12:44| 751,242 \nInetRes.adml| Not versioned| 13-Jul-2021| 12:44| 804,523 \nInetRes.adml| Not versioned| 13-Jul-2021| 12:45| 751,465 \nInetRes.adml| Not versioned| 13-Jul-2021| 12:45| 751,357 \nInetRes.adml| Not versioned| 13-Jul-2021| 12:46| 751,445 \nInetRes.adml| Not versioned| 13-Jul-2021| 12:46| 503,958 \nInetRes.adml| Not versioned| 13-Jul-2021| 12:47| 751,357 \nInetRes.adml| Not versioned| 13-Jul-2021| 12:48| 521,632 \nInetRes.adml| Not versioned| 13-Jul-2021| 12:48| 751,465 \nInetRes.adml| Not versioned| 13-Jul-2021| 12:49| 420,094 \nInetRes.adml| Not versioned| 13-Jul-2021| 12:50| 436,663 \nInetRes.adml| Not versioned| 13-Jul-2021| 12:50| 436,663 \ninetres.admx| Not versioned| 4-Mar-2021| 14:09| 1,678,023 \nMsSpellCheckingFacility.exe| 6.3.9600.20091| 12-Jul-2021| 20:53| 668,672 \njscript9.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:29| 29,184 \njscript9.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:30| 29,696 \njscript9.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:30| 32,768 \njscript9.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:31| 33,280 \njscript9.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:32| 35,328 \njscript9.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:32| 37,888 \njscript9.dll.mui| 11.0.9600.20091| 13-Jul-2021| 13:06| 29,696 \njscript9.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:33| 34,304 \njscript9.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:34| 29,696 \njscript9.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:34| 33,280 \njscript9.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:35| 34,304 \njscript9.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:35| 27,648 \njscript9.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:36| 29,696 \njscript9.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:37| 34,304 \njscript9.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:37| 33,792 \njscript9.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:38| 23,040 \njscript9.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:39| 22,016 \njscript9.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:40| 29,696 \njscript9.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:40| 29,696 \njscript9.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:41| 31,232 \njscript9.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:42| 34,304 \njscript9.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:42| 35,840 \njscript9.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:42| 32,768 \njscript9.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:43| 33,280 \njscript9.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:44| 29,696 \njscript9.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:44| 34,816 \njscript9.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:45| 33,280 \njscript9.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:45| 32,256 \njscript9.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:46| 29,696 \njscript9.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:46| 32,768 \njscript9.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:47| 29,696 \njscript9.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:48| 30,720 \njscript9.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:48| 29,696 \njscript9.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:49| 16,384 \njscript9.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:50| 16,896 \njscript9.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:50| 16,896 \njscript9.dll| 11.0.9600.20091| 12-Jul-2021| 20:46| 4,119,040 \njscript9diag.dll| 11.0.9600.20091| 12-Jul-2021| 20:58| 620,032 \njscript.dll| 5.8.9600.20091| 12-Jul-2021| 20:58| 653,824 \nvbscript.dll| 5.8.9600.20091| 12-Jul-2021| 21:07| 498,176 \n \n### \n\n__\n\nInternet Explorer 11 on all supported x64-based versions\n\n**File name**| **File version**| **Date**| **Time**| **File size** \n---|---|---|---|--- \nurlmon.dll| 11.0.9600.20091| 12-Jul-2021| 20:48| 1,562,624 \niexplore.exe| 11.0.9600.20091| 14-Jul-2021| 11:23| 810,376 \nwebcheck.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:24| 31,744 \nwebcheck.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:25| 36,352 \nwebcheck.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:25| 35,328 \nwebcheck.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:26| 34,816 \nwebcheck.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:26| 36,864 \nwebcheck.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:27| 39,424 \nwebcheck.dll.mui| 11.0.9600.20091| 14-Jul-2021| 12:32| 32,768 \nwebcheck.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:28| 37,376 \nwebcheck.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:28| 33,280 \nwebcheck.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:29| 34,816 \nwebcheck.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:30| 38,400 \nwebcheck.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:30| 30,720 \nwebcheck.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:31| 34,816 \nwebcheck.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:31| 35,328 \nwebcheck.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:32| 36,864 \nwebcheck.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:32| 25,600 \nwebcheck.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:33| 24,576 \nwebcheck.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:34| 35,840 \nwebcheck.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:34| 34,304 \nwebcheck.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:35| 34,304 \nwebcheck.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:36| 36,352 \nwebcheck.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:36| 35,840 \nwebcheck.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:37| 34,816 \nwebcheck.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:37| 35,840 \nwebcheck.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:38| 35,840 \nwebcheck.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:39| 34,304 \nwebcheck.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:39| 35,840 \nwebcheck.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:40| 34,816 \nwebcheck.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:40| 34,816 \nwebcheck.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:41| 34,816 \nwebcheck.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:42| 33,280 \nwebcheck.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:42| 34,304 \nwebcheck.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:43| 34,304 \nwebcheck.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:43| 20,992 \nwebcheck.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:44| 21,504 \nwebcheck.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:45| 21,504 \nwininet.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:24| 46,592 \nwininet.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:24| 52,736 \nwininet.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:25| 51,200 \nwininet.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:26| 51,200 \nwininet.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:26| 56,320 \nwininet.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:27| 57,856 \nwininet.dll.mui| 11.0.9600.20091| 14-Jul-2021| 12:32| 49,664 \nwininet.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:28| 54,272 \nwininet.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:28| 47,616 \nwininet.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:29| 49,152 \nwininet.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:30| 55,296 \nwininet.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:30| 45,056 \nwininet.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:31| 51,712 \nwininet.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:31| 51,712 \nwininet.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:32| 53,248 \nwininet.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:32| 39,424 \nwininet.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:33| 35,840 \nwininet.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:34| 50,176 \nwininet.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:34| 51,200 \nwininet.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:35| 50,688 \nwininet.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:36| 52,736 \nwininet.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:36| 53,760 \nwininet.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:37| 54,272 \nwininet.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:37| 54,272 \nwininet.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:38| 52,736 \nwininet.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:39| 51,200 \nwininet.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:40| 53,248 \nwininet.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:40| 52,736 \nwininet.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:40| 51,712 \nwininet.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:41| 50,688 \nwininet.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:42| 50,688 \nwininet.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:43| 50,176 \nwininet.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:43| 50,176 \nwininet.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:43| 30,720 \nwininet.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:44| 30,720 \nwininet.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:45| 30,720 \ninetcpl.cpl| 11.0.9600.20091| 12-Jul-2021| 20:57| 2,132,992 \nDiagnosticsTap.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:24| 10,752 \nDiagnosticsTap.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:25| 10,752 \nDiagnosticsTap.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:26| 10,752 \nDiagnosticsTap.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:26| 10,752 \nDiagnosticsTap.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:26| 10,752 \nDiagnosticsTap.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:27| 10,752 \nDiagnosticsTap.dll.mui| 11.0.9600.20091| 14-Jul-2021| 12:32| 10,752 \nDiagnosticsTap.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:28| 10,752 \nDiagnosticsTap.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:28| 10,752 \nDiagnosticsTap.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:29| 10,752 \nDiagnosticsTap.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:30| 10,752 \nDiagnosticsTap.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:30| 10,752 \nDiagnosticsTap.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:31| 10,752 \nDiagnosticsTap.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:31| 10,752 \nDiagnosticsTap.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:32| 10,752 \nDiagnosticsTap.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:32| 10,752 \nDiagnosticsTap.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:33| 10,752 \nDiagnosticsTap.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:34| 10,752 \nDiagnosticsTap.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:34| 10,752 \nDiagnosticsTap.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:35| 10,752 \nDiagnosticsTap.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:36| 10,752 \nDiagnosticsTap.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:36| 10,752 \nDiagnosticsTap.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:37| 10,752 \nDiagnosticsTap.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:37| 10,752 \nDiagnosticsTap.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:38| 10,752 \nDiagnosticsTap.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:39| 10,752 \nDiagnosticsTap.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:39| 10,752 \nDiagnosticsTap.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:40| 10,752 \nDiagnosticsTap.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:41| 10,752 \nDiagnosticsTap.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:41| 10,752 \nDiagnosticsTap.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:42| 10,752 \nDiagnosticsTap.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:42| 10,752 \nDiagnosticsTap.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:43| 10,752 \nDiagnosticsTap.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:43| 10,752 \nDiagnosticsTap.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:44| 10,752 \nDiagnosticsTap.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:45| 10,752 \nmshtml.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:24| 307,200 \nmshtml.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:25| 293,888 \nmshtml.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:25| 290,304 \nmshtml.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:26| 289,280 \nmshtml.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:26| 299,008 \nmshtml.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:27| 303,104 \nmshtml.dll.mui| 11.0.9600.20091| 14-Jul-2021| 12:32| 282,112 \nmshtml.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:28| 296,960 \nmshtml.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:28| 283,648 \nmshtml.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:29| 291,840 \nmshtml.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:30| 299,520 \nmshtml.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:30| 275,968 \nmshtml.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:31| 290,816 \nmshtml.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:31| 293,376 \nmshtml.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:32| 296,960 \nmshtml.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:33| 258,048 \nmshtml.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:33| 256,512 \nmshtml.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:34| 289,280 \nmshtml.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:35| 288,256 \nmshtml.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:35| 285,184 \nmshtml.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:36| 295,424 \nmshtml.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:36| 297,472 \nmshtml.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:37| 292,864 \nmshtml.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:37| 295,424 \nmshtml.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:38| 294,400 \nmshtml.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:39| 294,400 \nmshtml.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:39| 292,864 \nmshtml.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:40| 290,816 \nmshtml.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:40| 288,768 \nmshtml.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:41| 286,208 \nmshtml.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:42| 281,600 \nmshtml.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:42| 286,720 \nmshtml.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:43| 292,352 \nmshtml.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:43| 242,176 \nmshtml.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:44| 243,200 \nmshtml.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:45| 243,200 \nF12Resources.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:24| 65,536 \nF12Resources.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:25| 73,728 \nF12Resources.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:26| 67,584 \nF12Resources.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:26| 67,584 \nF12Resources.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:26| 74,240 \nF12Resources.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:27| 78,848 \nF12Resources.dll.mui| 11.0.9600.20091| 14-Jul-2021| 12:32| 61,440 \nF12Resources.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:28| 74,752 \nF12Resources.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:28| 62,464 \nF12Resources.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:29| 68,096 \nF12Resources.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:30| 75,264 \nF12Resources.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:30| 65,536 \nF12Resources.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:31| 68,608 \nF12Resources.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:31| 72,192 \nF12Resources.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:32| 73,216 \nF12Resources.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:32| 41,472 \nF12Resources.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:33| 37,888 \nF12Resources.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:34| 68,608 \nF12Resources.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:34| 67,584 \nF12Resources.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:35| 65,536 \nF12Resources.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:36| 74,240 \nF12Resources.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:36| 70,656 \nF12Resources.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:37| 71,168 \nF12Resources.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:37| 71,680 \nF12Resources.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:39| 71,168 \nF12Resources.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:39| 69,632 \nF12Resources.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:39| 68,096 \nF12Resources.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:40| 68,608 \nF12Resources.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:41| 68,096 \nF12Resources.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:41| 65,536 \nF12Resources.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:42| 59,904 \nF12Resources.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:42| 65,536 \nF12Resources.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:43| 69,120 \nF12Resources.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:43| 29,696 \nF12Resources.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:44| 30,720 \nF12Resources.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:45| 30,720 \nJavaScriptCollectionAgent.dll| 11.0.9600.20091| 12-Jul-2021| 21:13| 77,824 \nDiagnosticsHub.ScriptedSandboxPlugin.dll| 11.0.9600.20091| 12-Jul-2021| 21:14| 276,480 \nurlmon.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:24| 46,080 \nurlmon.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:24| 50,176 \nurlmon.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:25| 48,640 \nurlmon.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:26| 49,664 \nurlmon.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:26| 51,712 \nurlmon.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:27| 54,272 \nurlmon.dll.mui| 11.0.9600.20091| 14-Jul-2021| 12:32| 48,128 \nurlmon.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:28| 50,176 \nurlmon.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:28| 47,616 \nurlmon.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:29| 49,152 \nurlmon.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:30| 50,688 \nurlmon.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:30| 45,056 \nurlmon.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:31| 49,152 \nurlmon.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:31| 49,152 \nurlmon.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:32| 49,664 \nurlmon.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:33| 39,936 \nurlmon.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:33| 39,424 \nurlmon.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:34| 47,616 \nurlmon.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:34| 47,616 \nurlmon.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:35| 48,640 \nurlmon.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:36| 51,200 \nurlmon.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:36| 50,688 \nurlmon.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:37| 49,664 \nurlmon.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:37| 50,176 \nurlmon.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:38| 49,152 \nurlmon.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:39| 48,640 \nurlmon.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:40| 50,176 \nurlmon.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:40| 48,640 \nurlmon.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:40| 49,664 \nurlmon.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:41| 48,640 \nurlmon.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:42| 48,128 \nurlmon.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:42| 49,152 \nurlmon.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:43| 48,128 \nurlmon.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:43| 35,328 \nurlmon.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:44| 35,328 \nurlmon.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:45| 35,328 \noccache.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:24| 9,728 \noccache.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:25| 10,752 \noccache.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:25| 10,240 \noccache.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:26| 9,728 \noccache.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:26| 10,752 \noccache.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:27| 11,264 \noccache.dll.mui| 11.0.9600.20091| 14-Jul-2021| 12:32| 9,728 \noccache.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:28| 10,752 \noccache.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:28| 10,240 \noccache.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:29| 10,240 \noccache.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:30| 10,752 \noccache.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:30| 9,216 \noccache.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:31| 10,240 \noccache.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:31| 10,240 \noccache.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:32| 10,752 \noccache.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:33| 7,680 \noccache.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:33| 7,680 \noccache.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:34| 10,240 \noccache.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:34| 10,240 \noccache.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:35| 9,728 \noccache.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:36| 10,240 \noccache.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:36| 10,240 \noccache.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:37| 10,752 \noccache.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:37| 10,752 \noccache.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:38| 10,240 \noccache.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:39| 10,240 \noccache.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:40| 10,752 \noccache.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:40| 10,240 \noccache.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:40| 10,240 \noccache.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:41| 9,728 \noccache.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:42| 9,728 \noccache.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:42| 10,240 \noccache.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:43| 10,240 \noccache.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:43| 6,656 \noccache.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:44| 6,656 \noccache.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:45| 6,656 \nwininet.dll| 11.0.9600.20091| 12-Jul-2021| 21:04| 4,858,880 \njsproxy.dll| 11.0.9600.20091| 12-Jul-2021| 21:32| 54,784 \ninetcpl.cpl.mui| 11.0.9600.20091| 14-Jul-2021| 11:24| 114,176 \ninetcpl.cpl.mui| 11.0.9600.20091| 14-Jul-2021| 11:25| 130,560 \ninetcpl.cpl.mui| 11.0.9600.20091| 14-Jul-2021| 11:25| 124,928 \ninetcpl.cpl.mui| 11.0.9600.20091| 14-Jul-2021| 11:26| 122,880 \ninetcpl.cpl.mui| 11.0.9600.20091| 14-Jul-2021| 11:26| 130,048 \ninetcpl.cpl.mui| 11.0.9600.20091| 14-Jul-2021| 11:27| 138,240 \ninetcpl.cpl.mui| 11.0.9600.20091| 14-Jul-2021| 12:32| 114,688 \ninetcpl.cpl.mui| 11.0.9600.20091| 14-Jul-2021| 11:28| 131,584 \ninetcpl.cpl.mui| 11.0.9600.20091| 14-Jul-2021| 11:28| 117,760 \ninetcpl.cpl.mui| 11.0.9600.20091| 14-Jul-2021| 11:29| 122,368 \ninetcpl.cpl.mui| 11.0.9600.20091| 14-Jul-2021| 11:30| 134,144 \ninetcpl.cpl.mui| 11.0.9600.20091| 14-Jul-2021| 11:31| 107,008 \ninetcpl.cpl.mui| 11.0.9600.20091| 14-Jul-2021| 11:31| 123,392 \ninetcpl.cpl.mui| 11.0.9600.20091| 14-Jul-2021| 11:31| 127,488 \ninetcpl.cpl.mui| 11.0.9600.20091| 14-Jul-2021| 11:32| 128,512 \ninetcpl.cpl.mui| 11.0.9600.20091| 14-Jul-2021| 11:33| 88,576 \ninetcpl.cpl.mui| 11.0.9600.20091| 14-Jul-2021| 11:33| 82,944 \ninetcpl.cpl.mui| 11.0.9600.20091| 14-Jul-2021| 11:34| 125,440 \ninetcpl.cpl.mui| 11.0.9600.20091| 14-Jul-2021| 11:34| 123,392 \ninetcpl.cpl.mui| 11.0.9600.20091| 14-Jul-2021| 11:35| 120,320 \ninetcpl.cpl.mui| 11.0.9600.20091| 14-Jul-2021| 11:36| 130,560 \ninetcpl.cpl.mui| 11.0.9600.20091| 14-Jul-2021| 11:36| 129,024 \ninetcpl.cpl.mui| 11.0.9600.20091| 14-Jul-2021| 11:37| 125,952 \ninetcpl.cpl.mui| 11.0.9600.20091| 14-Jul-2021| 11:37| 129,024 \ninetcpl.cpl.mui| 11.0.9600.20091| 14-Jul-2021| 11:38| 128,000 \ninetcpl.cpl.mui| 11.0.9600.20091| 14-Jul-2021| 11:39| 123,904 \ninetcpl.cpl.mui| 11.0.9600.20091| 14-Jul-2021| 11:39| 129,024 \ninetcpl.cpl.mui| 11.0.9600.20091| 14-Jul-2021| 11:40| 123,904 \ninetcpl.cpl.mui| 11.0.9600.20091| 14-Jul-2021| 11:41| 124,416 \ninetcpl.cpl.mui| 11.0.9600.20091| 14-Jul-2021| 11:41| 121,856 \ninetcpl.cpl.mui| 11.0.9600.20091| 14-Jul-2021| 11:42| 115,712 \ninetcpl.cpl.mui| 11.0.9600.20091| 14-Jul-2021| 11:42| 123,904 \ninetcpl.cpl.mui| 11.0.9600.20091| 14-Jul-2021| 11:43| 125,440 \ninetcpl.cpl.mui| 11.0.9600.20091| 14-Jul-2021| 11:43| 72,704 \ninetcpl.cpl.mui| 11.0.9600.20091| 14-Jul-2021| 11:44| 73,728 \ninetcpl.cpl.mui| 11.0.9600.20091| 14-Jul-2021| 11:45| 73,728 \niedkcs32.dll| 18.0.9600.20091| 14-Jul-2021| 11:23| 390,528 \ninstall.ins| Not versioned| 12-Jul-2021| 19:07| 464 \nieapfltr.dat| 10.0.9301.0| 12-Apr-2021| 22:55| 616,104 \nieapfltr.dll| 11.0.9600.20091| 12-Jul-2021| 20:29| 800,768 \ntdc.ocx| 11.0.9600.20091| 12-Jul-2021| 21:13| 88,064 \nDiagnosticsHub.DataWarehouse.dll| 11.0.9600.20091| 12-Jul-2021| 21:41| 666,624 \niedvtool.dll| 11.0.9600.20091| 12-Jul-2021| 22:22| 950,784 \nDiagnosticsHub_is.dll| 11.0.9600.20091| 12-Jul-2021| 21:43| 50,176 \ndxtmsft.dll| 11.0.9600.20091| 12-Jul-2021| 21:19| 491,008 \ndxtrans.dll| 11.0.9600.20091| 12-Jul-2021| 21:09| 316,416 \nMicrosoft-Windows-IE-F12-Provider.ptxml| Not versioned| 12-Jul-2021| 19:13| 11,892 \nF12.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:24| 4,096 \nF12.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:25| 4,096 \nF12.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:25| 4,096 \nF12.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:26| 4,096 \nF12.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:26| 4,096 \nF12.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:27| 4,096 \nF12.dll.mui| 11.0.9600.20091| 14-Jul-2021| 12:32| 4,096 \nF12.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:28| 4,096 \nF12.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:28| 4,096 \nF12.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:29| 4,096 \nF12.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:30| 4,096 \nF12.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:30| 4,096 \nF12.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:31| 4,096 \nF12.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:31| 4,096 \nF12.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:32| 4,096 \nF12.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:33| 3,584 \nF12.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:33| 3,584 \nF12.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:34| 4,096 \nF12.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:34| 4,096 \nF12.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:35| 4,096 \nF12.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:36| 4,096 \nF12.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:36| 4,096 \nF12.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:37| 4,096 \nF12.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:37| 4,096 \nF12.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:38| 4,096 \nF12.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:39| 4,096 \nF12.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:39| 4,096 \nF12.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:40| 4,096 \nF12.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:41| 4,096 \nF12.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:41| 4,096 \nF12.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:42| 4,096 \nF12.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:42| 4,096 \nF12.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:43| 4,096 \nF12.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:43| 3,584 \nF12.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:44| 3,584 \nF12.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:45| 3,584 \nDiagnosticsTap.dll| 11.0.9600.20091| 12-Jul-2021| 21:17| 245,248 \nF12Resources.dll| 11.0.9600.20091| 12-Jul-2021| 21:45| 10,949,120 \nF12Tools.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:24| 2,048 \nF12Tools.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:25| 2,048 \nF12Tools.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:25| 2,048 \nF12Tools.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:26| 2,048 \nF12Tools.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:26| 2,048 \nF12Tools.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:27| 2,048 \nF12Tools.dll.mui| 11.0.9600.20091| 14-Jul-2021| 12:32| 2,048 \nF12Tools.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:28| 2,048 \nF12Tools.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:28| 2,048 \nF12Tools.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:29| 2,048 \nF12Tools.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:30| 2,048 \nF12Tools.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:30| 2,048 \nF12Tools.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:31| 2,048 \nF12Tools.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:31| 2,048 \nF12Tools.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:32| 2,048 \nF12Tools.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:33| 2,048 \nF12Tools.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:33| 2,048 \nF12Tools.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:34| 2,048 \nF12Tools.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:34| 2,048 \nF12Tools.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:35| 2,048 \nF12Tools.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:36| 2,048 \nF12Tools.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:36| 2,048 \nF12Tools.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:37| 2,048 \nF12Tools.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:37| 2,048 \nF12Tools.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:38| 2,048 \nF12Tools.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:39| 2,048 \nF12Tools.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:39| 2,048 \nF12Tools.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:40| 2,048 \nF12Tools.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:40| 2,048 \nF12Tools.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:41| 2,048 \nF12Tools.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:42| 2,048 \nF12Tools.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:43| 2,048 \nF12Tools.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:43| 2,048 \nF12Tools.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:44| 2,048 \nF12Tools.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:44| 2,048 \nF12Tools.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:45| 2,048 \nF12Tools.dll| 11.0.9600.20091| 12-Jul-2021| 21:16| 372,224 \nF12.dll| 11.0.9600.20091| 12-Jul-2021| 21:06| 1,422,848 \nmsfeeds.dll| 11.0.9600.20091| 12-Jul-2021| 20:58| 809,472 \nmsfeeds.mof| Not versioned| 12-Jul-2021| 19:21| 1,518 \nmsfeedsbs.mof| Not versioned| 12-Jul-2021| 19:21| 1,574 \nmsfeedsbs.dll| 11.0.9600.20091| 12-Jul-2021| 21:11| 60,416 \nmsfeedssync.exe| 11.0.9600.20091| 12-Jul-2021| 21:39| 13,312 \nhtml.iec| 2019.0.0.20091| 12-Jul-2021| 21:38| 417,280 \nmshtmled.dll| 11.0.9600.20091| 12-Jul-2021| 21:10| 92,672 \nmshtmlmedia.dll| 11.0.9600.20091| 12-Jul-2021| 20:57| 1,359,872 \nmshtml.dll| 11.0.9600.20091| 12-Jul-2021| 22:22| 25,757,696 \nmshtml.tlb| 11.0.9600.20091| 12-Jul-2021| 21:50| 2,724,864 \nMicrosoft-Windows-IE-HTMLRendering.ptxml| Not versioned| 12-Jul-2021| 19:13| 3,228 \nieetwcollector.exe| 11.0.9600.20091| 12-Jul-2021| 21:28| 116,224 \nieetwproxystub.dll| 11.0.9600.20091| 12-Jul-2021| 21:38| 48,640 \nieetwcollectorres.dll| 11.0.9600.20091| 12-Jul-2021| 21:50| 4,096 \nielowutil.exe| 11.0.9600.20091| 12-Jul-2021| 21:31| 222,720 \nieproxy.dll| 11.0.9600.20091| 12-Jul-2021| 20:29| 870,400 \nIEShims.dll| 11.0.9600.20091| 12-Jul-2021| 20:34| 387,072 \nWindows Pop-up Blocked.wav| Not versioned| 12-Apr-2021| 22:57| 85,548 \nWindows Information Bar.wav| Not versioned| 12-Apr-2021| 22:57| 23,308 \nWindows Feed Discovered.wav| Not versioned| 12-Apr-2021| 22:57| 19,884 \nWindows Navigation Start.wav| Not versioned| 12-Apr-2021| 22:57| 11,340 \nbing.ico| Not versioned| 12-Apr-2021| 22:56| 5,430 \nieUnatt.exe| 11.0.9600.20091| 12-Jul-2021| 21:28| 144,384 \nMicrosoft-Windows-IE-InternetExplorer-ppdlic.xrm-ms| Not versioned| 14-Jul-2021| 12:32| 2,956 \njsprofilerui.dll| 11.0.9600.20091| 12-Jul-2021| 21:12| 628,736 \nMemoryAnalyzer.dll| 11.0.9600.20091| 12-Jul-2021| 21:26| 1,862,656 \nMshtmlDac.dll| 11.0.9600.20091| 12-Jul-2021| 21:37| 88,064 \nnetworkinspection.dll| 11.0.9600.20091| 12-Jul-2021| 21:06| 1,217,024 \noccache.dll| 11.0.9600.20091| 12-Jul-2021| 21:07| 152,064 \ndesktop.ini| Not versioned| 12-Apr-2021| 22:55| 65 \nwebcheck.dll| 11.0.9600.20091| 12-Jul-2021| 20:59| 262,144 \ndesktop.ini| Not versioned| 12-Apr-2021| 22:55| 65 \nmsrating.dll| 11.0.9600.20091| 12-Jul-2021| 21:11| 199,680 \nicrav03.rat| Not versioned| 12-Apr-2021| 22:55| 8,798 \nticrf.rat| Not versioned| 12-Apr-2021| 22:55| 1,988 \niertutil.dll| 11.0.9600.20091| 12-Jul-2021| 21:48| 2,916,864 \nsqmapi.dll| 6.2.9200.16384| 14-Jul-2021| 11:23| 286,088 \nie4uinit.exe| 11.0.9600.20091| 12-Jul-2021| 20:58| 728,064 \niernonce.dll| 11.0.9600.20091| 12-Jul-2021| 21:31| 34,304 \niesetup.dll| 11.0.9600.20091| 12-Jul-2021| 21:38| 66,560 \nieuinit.inf| Not versioned| 12-Jul-2021| 20:09| 16,303 \ninseng.dll| 11.0.9600.20091| 12-Jul-2021| 21:13| 107,520 \nTimeline.dll| 11.0.9600.20091| 12-Jul-2021| 21:12| 219,648 \nTimeline_is.dll| 11.0.9600.20091| 12-Jul-2021| 21:31| 172,032 \nTimeline.cpu.xml| Not versioned| 12-Apr-2021| 22:55| 3,197 \nVGX.dll| 11.0.9600.20091| 12-Jul-2021| 21:10| 1,018,880 \nieframe.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:24| 2,066,432 \nieui.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:24| 3,072 \nieframe.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:25| 2,121,216 \nieui.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:25| 3,072 \nieframe.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:25| 2,075,648 \nieui.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:25| 3,072 \nieframe.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:26| 2,063,872 \nieui.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:26| 3,072 \nieframe.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:27| 2,314,240 \nieui.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:26| 3,072 \nieframe.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:27| 2,390,528 \nieui.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:27| 3,584 \nieframe.dll.mui| 11.0.9600.20091| 14-Jul-2021| 12:32| 2,033,152 \nieui.dll.mui| 11.0.9600.20091| 14-Jul-2021| 12:32| 3,072 \nieframe.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:28| 2,307,584 \nieui.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:28| 3,072 \nieframe.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:29| 2,255,872 \nieui.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:28| 3,072 \nieframe.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:29| 2,061,312 \nieui.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:29| 3,072 \nieframe.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:30| 2,326,016 \nieui.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:30| 3,584 \nieframe.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:31| 2,019,840 \nieui.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:30| 3,072 \nieframe.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:31| 2,071,040 \nieui.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:31| 3,072 \nieframe.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:32| 2,082,816 \nieui.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:31| 3,584 \nieframe.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:32| 2,307,584 \nieui.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:32| 3,072 \nieframe.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:33| 2,170,368 \nieui.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:32| 3,072 \nieframe.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:34| 2,153,984 \nieui.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:33| 3,072 \nieframe.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:34| 2,291,712 \nieui.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:34| 3,072 \nieframe.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:35| 2,283,520 \nieui.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:34| 3,072 \nieframe.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:35| 2,052,096 \nieui.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:35| 3,072 \nieframe.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:36| 2,301,952 \nieui.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:36| 3,584 \nieframe.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:37| 2,093,056 \nieui.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:36| 3,072 \nieframe.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:37| 2,075,648 \nieui.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:37| 3,072 \nieframe.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:38| 2,299,392 \nieui.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:37| 3,072 \nieframe.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:38| 2,094,592 \nieui.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:38| 3,072 \nieframe.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:39| 2,316,800 \nieui.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:39| 3,584 \nieframe.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:40| 2,305,536 \nieui.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:39| 3,072 \nieframe.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:40| 2,278,912 \nieui.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:40| 3,072 \nieframe.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:41| 2,285,568 \nieui.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:40| 3,584 \nieframe.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:41| 2,060,288 \nieui.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:41| 3,072 \nieframe.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:42| 2,315,776 \nieui.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:42| 3,072 \nieframe.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:43| 2,279,424 \nieui.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:43| 3,072 \nieframe.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:43| 2,324,992 \nieui.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:43| 3,072 \nieframe.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:44| 2,098,176 \nieui.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:43| 3,072 \nieframe.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:44| 1,890,304 \nieui.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:44| 3,072 \nieframe.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:45| 1,890,304 \nieui.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:45| 3,072 \nieframe.dll| 11.0.9600.20091| 12-Jul-2021| 21:26| 15,507,456 \nieui.dll| 11.0.9600.20091| 12-Jul-2021| 21:30| 615,936 \nieframe.ptxml| Not versioned| 12-Jul-2021| 19:13| 24,486 \nieinstal.exe| 11.0.9600.20091| 12-Jul-2021| 21:08| 492,032 \nInetRes.adml| Not versioned| 14-Jul-2021| 11:24| 463,373 \nInetRes.adml| Not versioned| 14-Jul-2021| 11:25| 751,268 \nInetRes.adml| Not versioned| 14-Jul-2021| 11:25| 526,344 \nInetRes.adml| Not versioned| 14-Jul-2021| 11:26| 499,704 \nInetRes.adml| Not versioned| 14-Jul-2021| 11:26| 552,384 \nInetRes.adml| Not versioned| 14-Jul-2021| 11:27| 944,610 \nInetRes.adml| Not versioned| 14-Jul-2021| 12:32| 457,561 \nInetRes.adml| Not versioned| 14-Jul-2021| 11:28| 543,995 \nInetRes.adml| Not versioned| 14-Jul-2021| 11:28| 751,402 \nInetRes.adml| Not versioned| 14-Jul-2021| 11:29| 526,608 \nInetRes.adml| Not versioned| 14-Jul-2021| 11:30| 575,890 \nInetRes.adml| Not versioned| 14-Jul-2021| 11:30| 463,373 \nInetRes.adml| Not versioned| 14-Jul-2021| 11:31| 751,351 \nInetRes.adml| Not versioned| 14-Jul-2021| 11:31| 570,787 \nInetRes.adml| Not versioned| 14-Jul-2021| 11:32| 548,169 \nInetRes.adml| Not versioned| 14-Jul-2021| 11:33| 639,283 \nInetRes.adml| Not versioned| 14-Jul-2021| 11:33| 525,516 \nInetRes.adml| Not versioned| 14-Jul-2021| 11:34| 751,362 \nInetRes.adml| Not versioned| 14-Jul-2021| 11:34| 751,276 \nInetRes.adml| Not versioned| 14-Jul-2021| 11:35| 488,538 \nInetRes.adml| Not versioned| 14-Jul-2021| 11:36| 548,545 \nInetRes.adml| Not versioned| 14-Jul-2021| 11:36| 559,392 \nInetRes.adml| Not versioned| 14-Jul-2021| 11:37| 535,119 \nInetRes.adml| Not versioned| 14-Jul-2021| 11:37| 541,503 \nInetRes.adml| Not versioned| 14-Jul-2021| 11:38| 751,379 \nInetRes.adml| Not versioned| 14-Jul-2021| 11:39| 804,522 \nInetRes.adml| Not versioned| 14-Jul-2021| 11:39| 751,404 \nInetRes.adml| Not versioned| 14-Jul-2021| 11:40| 751,525 \nInetRes.adml| Not versioned| 14-Jul-2021| 11:41| 751,407 \nInetRes.adml| Not versioned| 14-Jul-2021| 11:41| 503,960 \nInetRes.adml| Not versioned| 14-Jul-2021| 11:42| 751,417 \nInetRes.adml| Not versioned| 14-Jul-2021| 11:42| 521,632 \nInetRes.adml| Not versioned| 14-Jul-2021| 11:43| 751,304 \nInetRes.adml| Not versioned| 14-Jul-2021| 11:43| 420,094 \nInetRes.adml| Not versioned| 14-Jul-2021| 11:44| 436,663 \nInetRes.adml| Not versioned| 14-Jul-2021| 11:45| 436,663 \ninetres.admx| Not versioned| 12-Apr-2021| 22:59| 1,678,023 \nMsSpellCheckingFacility.exe| 6.3.9600.20091| 12-Jul-2021| 21:22| 970,752 \njscript9.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:24| 29,184 \njscript9.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:25| 29,696 \njscript9.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:25| 32,768 \njscript9.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:26| 33,280 \njscript9.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:27| 35,328 \njscript9.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:27| 37,888 \njscript9.dll.mui| 11.0.9600.20091| 14-Jul-2021| 12:32| 29,696 \njscript9.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:28| 34,304 \njscript9.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:28| 29,696 \njscript9.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:29| 33,280 \njscript9.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:30| 34,304 \njscript9.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:30| 27,648 \njscript9.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:31| 29,696 \njscript9.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:31| 34,304 \njscript9.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:32| 33,792 \njscript9.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:32| 23,040 \njscript9.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:33| 22,016 \njscript9.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:34| 29,696 \njscript9.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:34| 29,696 \njscript9.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:35| 31,232 \njscript9.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:36| 34,304 \njscript9.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:36| 35,840 \njscript9.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:37| 32,768 \njscript9.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:37| 33,280 \njscript9.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:38| 29,696 \njscript9.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:39| 34,816 \njscript9.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:40| 33,280 \njscript9.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:40| 32,256 \njscript9.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:41| 29,696 \njscript9.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:41| 32,768 \njscript9.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:42| 29,696 \njscript9.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:42| 30,720 \njscript9.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:43| 29,696 \njscript9.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:43| 16,384 \njscript9.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:44| 16,896 \njscript9.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:45| 16,896 \njscript9.dll| 11.0.9600.20091| 12-Jul-2021| 22:01| 5,507,584 \njscript9diag.dll| 11.0.9600.20091| 12-Jul-2021| 21:28| 814,592 \njscript.dll| 5.8.9600.20091| 12-Jul-2021| 21:29| 785,408 \nvbscript.dll| 5.8.9600.20091| 12-Jul-2021| 21:39| 580,608 \niexplore.exe| 11.0.9600.20091| 13-Jul-2021| 12:28| 810,400 \ntdc.ocx| 11.0.9600.20091| 12-Jul-2021| 20:47| 73,728 \ndxtmsft.dll| 11.0.9600.20091| 12-Jul-2021| 20:51| 415,744 \ndxtrans.dll| 11.0.9600.20091| 12-Jul-2021| 20:43| 280,064 \nmsfeeds.dll| 11.0.9600.20091| 12-Jul-2021| 20:37| 696,320 \nmsfeeds.mof| Not versioned| 12-Jul-2021| 19:13| 1,518 \nmshtmled.dll| 11.0.9600.20091| 12-Jul-2021| 20:44| 76,800 \nmshtmlmedia.dll| 11.0.9600.20091| 12-Jul-2021| 20:36| 1,155,584 \nmshtml.dll| 11.0.9600.20091| 12-Jul-2021| 21:35| 20,293,632 \nmshtml.tlb| 11.0.9600.20091| 12-Jul-2021| 21:16| 2,724,864 \nwow64_Microsoft-Windows-IE-HTMLRendering.ptxml| Not versioned| 12-Jul-2021| 19:04| 3,228 \nieetwproxystub.dll| 11.0.9600.20091| 12-Jul-2021| 21:06| 47,616 \nieUnatt.exe| 11.0.9600.20091| 12-Jul-2021| 20:58| 115,712 \noccache.dll| 11.0.9600.20091| 12-Jul-2021| 20:42| 130,048 \nwebcheck.dll| 11.0.9600.20091| 12-Jul-2021| 20:37| 230,400 \niernonce.dll| 11.0.9600.20091| 12-Jul-2021| 21:00| 30,720 \niesetup.dll| 11.0.9600.20091| 12-Jul-2021| 21:06| 62,464 \nieuinit.inf| Not versioned| 12-Jul-2021| 20:01| 16,303 \nieframe.dll| 11.0.9600.20091| 12-Jul-2021| 20:43| 13,882,368 \nieui.dll| 11.0.9600.20091| 12-Jul-2021| 20:59| 476,160 \nie9props.propdesc| Not versioned| 4-Mar-2021| 13:47| 2,843 \nwow64_ieframe.ptxml| Not versioned| 12-Jul-2021| 19:04| 24,486 \njscript9.dll| 11.0.9600.20091| 12-Jul-2021| 20:46| 4,119,040 \njscript9diag.dll| 11.0.9600.20091| 12-Jul-2021| 20:58| 620,032 \njscript.dll| 5.8.9600.20091| 12-Jul-2021| 20:58| 653,824 \nvbscript.dll| 5.8.9600.20091| 12-Jul-2021| 21:07| 498,176 \nurlmon.dll| 11.0.9600.20091| 12-Jul-2021| 20:21| 1,342,976 \nwebcheck.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:29| 31,744 \nwebcheck.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:30| 36,352 \nwebcheck.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:31| 35,328 \nwebcheck.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:31| 34,816 \nwebcheck.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:32| 36,864 \nwebcheck.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:32| 39,424 \nwebcheck.dll.mui| 11.0.9600.20091| 13-Jul-2021| 13:07| 32,768 \nwebcheck.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:33| 37,376 \nwebcheck.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:34| 33,280 \nwebcheck.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:34| 34,816 \nwebcheck.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:35| 38,400 \nwebcheck.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:35| 30,720 \nwebcheck.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:36| 34,816 \nwebcheck.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:37| 35,328 \nwebcheck.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:37| 36,864 \nwebcheck.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:38| 25,600 \nwebcheck.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:39| 24,576 \nwebcheck.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:39| 35,840 \nwebcheck.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:40| 34,304 \nwebcheck.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:41| 34,304 \nwebcheck.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:41| 36,352 \nwebcheck.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:42| 35,840 \nwebcheck.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:42| 34,816 \nwebcheck.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:43| 35,840 \nwebcheck.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:44| 35,840 \nwebcheck.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:44| 34,304 \nwebcheck.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:45| 35,840 \nwebcheck.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:45| 34,816 \nwebcheck.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:46| 34,816 \nwebcheck.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:46| 34,816 \nwebcheck.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:47| 33,280 \nwebcheck.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:48| 34,304 \nwebcheck.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:48| 34,304 \nwebcheck.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:49| 20,992 \nwebcheck.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:50| 21,504 \nwebcheck.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:50| 21,504 \nwininet.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:29| 46,592 \nwininet.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:30| 52,736 \nwininet.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:30| 51,200 \nwininet.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:31| 51,200 \nwininet.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:32| 56,320 \nwininet.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:33| 57,856 \nwininet.dll.mui| 11.0.9600.20091| 13-Jul-2021| 13:06| 49,664 \nwininet.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:33| 54,272 \nwininet.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:34| 47,616 \nwininet.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:34| 49,152 \nwininet.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:35| 55,296 \nwininet.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:36| 45,056 \nwininet.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:36| 51,712 \nwininet.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:37| 51,712 \nwininet.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:37| 53,248 \nwininet.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:38| 39,424 \nwininet.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:39| 35,840 \nwininet.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:39| 50,176 \nwininet.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:40| 51,200 \nwininet.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:40| 50,688 \nwininet.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:41| 52,736 \nwininet.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:42| 53,760 \nwininet.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:42| 54,272 \nwininet.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:43| 54,272 \nwininet.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:44| 52,736 \nwininet.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:44| 51,200 \nwininet.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:45| 53,248 \nwininet.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:46| 52,736 \nwininet.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:46| 51,712 \nwininet.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:46| 50,688 \nwininet.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:47| 50,688 \nwininet.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:48| 50,176 \nwininet.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:48| 50,176 \nwininet.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:49| 30,720 \nwininet.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:50| 30,720 \nwininet.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:50| 30,720 \ninetcpl.cpl| 11.0.9600.20091| 12-Jul-2021| 20:37| 2,058,752 \nDiagnosticsTap.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:29| 10,752 \nDiagnosticsTap.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:30| 10,752 \nDiagnosticsTap.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:31| 10,752 \nDiagnosticsTap.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:31| 10,752 \nDiagnosticsTap.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:32| 10,752 \nDiagnosticsTap.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:33| 10,752 \nDiagnosticsTap.dll.mui| 11.0.9600.20091| 13-Jul-2021| 13:07| 10,752 \nDiagnosticsTap.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:33| 10,752 \nDiagnosticsTap.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:34| 10,752 \nDiagnosticsTap.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:34| 10,752 \nDiagnosticsTap.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:35| 10,752 \nDiagnosticsTap.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:36| 10,752 \nDiagnosticsTap.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:36| 10,752 \nDiagnosticsTap.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:37| 10,752 \nDiagnosticsTap.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:37| 10,752 \nDiagnosticsTap.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:38| 10,752 \nDiagnosticsTap.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:39| 10,752 \nDiagnosticsTap.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:39| 10,752 \nDiagnosticsTap.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:40| 10,752 \nDiagnosticsTap.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:41| 10,752 \nDiagnosticsTap.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:41| 10,752 \nDiagnosticsTap.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:42| 10,752 \nDiagnosticsTap.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:43| 10,752 \nDiagnosticsTap.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:43| 10,752 \nDiagnosticsTap.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:44| 10,752 \nDiagnosticsTap.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:44| 10,752 \nDiagnosticsTap.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:45| 10,752 \nDiagnosticsTap.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:45| 10,752 \nDiagnosticsTap.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:46| 10,752 \nDiagnosticsTap.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:46| 10,752 \nDiagnosticsTap.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:47| 10,752 \nDiagnosticsTap.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:48| 10,752 \nDiagnosticsTap.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:48| 10,752 \nDiagnosticsTap.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:49| 10,752 \nDiagnosticsTap.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:50| 10,752 \nDiagnosticsTap.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:50| 10,752 \nmshtml.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:29| 307,200 \nmshtml.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:30| 293,888 \nmshtml.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:31| 290,304 \nmshtml.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:31| 289,280 \nmshtml.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:32| 299,008 \nmshtml.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:33| 303,104 \nmshtml.dll.mui| 11.0.9600.20091| 13-Jul-2021| 13:07| 282,112 \nmshtml.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:33| 296,960 \nmshtml.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:34| 283,648 \nmshtml.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:34| 291,840 \nmshtml.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:35| 299,520 \nmshtml.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:36| 275,968 \nmshtml.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:36| 290,816 \nmshtml.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:37| 293,376 \nmshtml.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:37| 296,960 \nmshtml.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:38| 258,048 \nmshtml.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:39| 256,512 \nmshtml.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:39| 289,280 \nmshtml.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:40| 288,256 \nmshtml.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:41| 285,184 \nmshtml.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:42| 295,424 \nmshtml.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:42| 297,472 \nmshtml.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:42| 292,864 \nmshtml.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:43| 295,424 \nmshtml.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:44| 294,400 \nmshtml.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:44| 294,400 \nmshtml.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:45| 292,864 \nmshtml.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:45| 290,816 \nmshtml.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:46| 288,768 \nmshtml.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:47| 286,208 \nmshtml.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:47| 281,600 \nmshtml.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:48| 286,720 \nmshtml.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:48| 292,352 \nmshtml.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:49| 242,176 \nmshtml.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:50| 243,200 \nmshtml.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:51| 243,200 \nJavaScriptCollectionAgent.dll| 11.0.9600.20091| 12-Jul-2021| 20:47| 60,416 \nurlmon.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:29| 46,080 \nurlmon.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:30| 50,176 \nurlmon.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:30| 48,640 \nurlmon.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:32| 49,664 \nurlmon.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:32| 51,712 \nurlmon.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:32| 54,272 \nurlmon.dll.mui| 11.0.9600.20091| 13-Jul-2021| 13:07| 48,128 \nurlmon.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:33| 50,176 \nurlmon.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:34| 47,616 \nurlmon.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:34| 49,152 \nurlmon.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:35| 50,688 \nurlmon.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:35| 45,056 \nurlmon.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:36| 49,152 \nurlmon.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:37| 49,152 \nurlmon.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:37| 49,664 \nurlmon.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:38| 39,936 \nurlmon.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:39| 39,424 \nurlmon.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:39| 47,616 \nurlmon.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:40| 47,616 \nurlmon.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:41| 48,640 \nurlmon.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:41| 51,200 \nurlmon.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:42| 50,688 \nurlmon.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:42| 49,664 \nurlmon.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:43| 50,176 \nurlmon.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:44| 49,152 \nurlmon.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:44| 48,640 \nurlmon.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:45| 50,176 \nurlmon.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:45| 48,640 \nurlmon.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:46| 49,664 \nurlmon.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:46| 48,640 \nurlmon.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:47| 48,128 \nurlmon.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:48| 49,152 \nurlmon.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:48| 48,128 \nurlmon.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:49| 35,328 \nurlmon.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:50| 35,328 \nurlmon.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:50| 35,328 \noccache.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:29| 9,728 \noccache.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:30| 10,752 \noccache.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:31| 10,240 \noccache.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:31| 9,728 \noccache.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:32| 10,752 \noccache.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:33| 11,264 \noccache.dll.mui| 11.0.9600.20091| 13-Jul-2021| 13:07| 9,728 \noccache.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:33| 10,752 \noccache.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:34| 10,240 \noccache.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:34| 10,240 \noccache.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:35| 10,752 \noccache.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:35| 9,216 \noccache.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:36| 10,240 \noccache.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:37| 10,240 \noccache.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:37| 10,752 \noccache.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:38| 7,680 \noccache.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:39| 7,680 \noccache.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:39| 10,240 \noccache.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:40| 10,240 \noccache.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:40| 9,728 \noccache.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:41| 10,240 \noccache.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:42| 10,240 \noccache.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:42| 10,752 \noccache.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:43| 10,752 \noccache.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:44| 10,240 \noccache.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:45| 10,240 \noccache.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:45| 10,752 \noccache.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:45| 10,240 \noccache.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:46| 10,240 \noccache.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:46| 9,728 \noccache.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:47| 9,728 \noccache.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:48| 10,240 \noccache.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:48| 10,240 \noccache.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:49| 6,656 \noccache.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:50| 6,656 \noccache.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:51| 6,656 \nwininet.dll| 11.0.9600.20091| 12-Jul-2021| 20:26| 4,387,840 \njsproxy.dll| 11.0.9600.20091| 12-Jul-2021| 21:01| 47,104 \ninetcpl.cpl.mui| 11.0.9600.20091| 13-Jul-2021| 12:29| 114,176 \ninetcpl.cpl.mui| 11.0.9600.20091| 13-Jul-2021| 12:30| 130,560 \ninetcpl.cpl.mui| 11.0.9600.20091| 13-Jul-2021| 12:31| 124,928 \ninetcpl.cpl.mui| 11.0.9600.20091| 13-Jul-2021| 12:31| 122,880 \ninetcpl.cpl.mui| 11.0.9600.20091| 13-Jul-2021| 12:32| 130,048 \ninetcpl.cpl.mui| 11.0.9600.20091| 13-Jul-2021| 12:33| 138,240 \ninetcpl.cpl.mui| 11.0.9600.20091| 13-Jul-2021| 13:06| 114,688 \ninetcpl.cpl.mui| 11.0.9600.20091| 13-Jul-2021| 12:33| 131,584 \ninetcpl.cpl.mui| 11.0.9600.20091| 13-Jul-2021| 12:34| 117,760 \ninetcpl.cpl.mui| 11.0.9600.20091| 13-Jul-2021| 12:34| 122,368 \ninetcpl.cpl.mui| 11.0.9600.20091| 13-Jul-2021| 12:35| 134,144 \ninetcpl.cpl.mui| 11.0.9600.20091| 13-Jul-2021| 12:36| 107,008 \ninetcpl.cpl.mui| 11.0.9600.20091| 13-Jul-2021| 12:36| 123,392 \ninetcpl.cpl.mui| 11.0.9600.20091| 13-Jul-2021| 12:37| 127,488 \ninetcpl.cpl.mui| 11.0.9600.20091| 13-Jul-2021| 12:37| 128,512 \ninetcpl.cpl.mui| 11.0.9600.20091| 13-Jul-2021| 12:38| 88,576 \ninetcpl.cpl.mui| 11.0.9600.20091| 13-Jul-2021| 12:39| 82,944 \ninetcpl.cpl.mui| 11.0.9600.20091| 13-Jul-2021| 12:39| 125,440 \ninetcpl.cpl.mui| 11.0.9600.20091| 13-Jul-2021| 12:40| 123,392 \ninetcpl.cpl.mui| 11.0.9600.20091| 13-Jul-2021| 12:40| 120,320 \ninetcpl.cpl.mui| 11.0.9600.20091| 13-Jul-2021| 12:41| 130,560 \ninetcpl.cpl.mui| 11.0.9600.20091| 13-Jul-2021| 12:42| 129,024 \ninetcpl.cpl.mui| 11.0.9600.20091| 13-Jul-2021| 12:42| 125,952 \ninetcpl.cpl.mui| 11.0.9600.20091| 13-Jul-2021| 12:43| 129,024 \ninetcpl.cpl.mui| 11.0.9600.20091| 13-Jul-2021| 12:44| 128,000 \ninetcpl.cpl.mui| 11.0.9600.20091| 13-Jul-2021| 12:44| 123,904 \ninetcpl.cpl.mui| 11.0.9600.20091| 13-Jul-2021| 12:45| 129,024 \ninetcpl.cpl.mui| 11.0.9600.20091| 13-Jul-2021| 12:45| 123,904 \ninetcpl.cpl.mui| 11.0.9600.20091| 13-Jul-2021| 12:46| 124,416 \ninetcpl.cpl.mui| 11.0.9600.20091| 13-Jul-2021| 12:46| 121,856 \ninetcpl.cpl.mui| 11.0.9600.20091| 13-Jul-2021| 12:47| 115,712 \ninetcpl.cpl.mui| 11.0.9600.20091| 13-Jul-2021| 12:48| 123,904 \ninetcpl.cpl.mui| 11.0.9600.20091| 13-Jul-2021| 12:48| 125,440 \ninetcpl.cpl.mui| 11.0.9600.20091| 13-Jul-2021| 12:49| 72,704 \ninetcpl.cpl.mui| 11.0.9600.20091| 13-Jul-2021| 12:50| 73,728 \ninetcpl.cpl.mui| 11.0.9600.20091| 13-Jul-2021| 12:50| 73,728 \niedkcs32.dll| 18.0.9600.20091| 13-Jul-2021| 12:28| 341,920 \ninstall.ins| Not versioned| 12-Jul-2021| 19:02| 464 \nieapfltr.dat| 10.0.9301.0| 4-Mar-2021| 13:41| 616,104 \nieapfltr.dll| 11.0.9600.20091| 12-Jul-2021| 20:18| 710,656 \niedvtool.dll| 11.0.9600.20091| 12-Jul-2021| 21:35| 772,608 \nDiagnosticsTap.dll| 11.0.9600.20091| 12-Jul-2021| 20:50| 175,104 \nF12Tools.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:29| 2,048 \nF12Tools.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:30| 2,048 \nF12Tools.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:31| 2,048 \nF12Tools.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:32| 2,048 \nF12Tools.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:32| 2,048 \nF12Tools.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:33| 2,048 \nF12Tools.dll.mui| 11.0.9600.20091| 13-Jul-2021| 13:07| 2,048 \nF12Tools.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:33| 2,048 \nF12Tools.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:34| 2,048 \nF12Tools.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:35| 2,048 \nF12Tools.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:35| 2,048 \nF12Tools.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:35| 2,048 \nF12Tools.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:36| 2,048 \nF12Tools.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:37| 2,048 \nF12Tools.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:37| 2,048 \nF12Tools.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:38| 2,048 \nF12Tools.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:39| 2,048 \nF12Tools.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:39| 2,048 \nF12Tools.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:40| 2,048 \nF12Tools.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:41| 2,048 \nF12Tools.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:42| 2,048 \nF12Tools.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:42| 2,048 \nF12Tools.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:42| 2,048 \nF12Tools.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:43| 2,048 \nF12Tools.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:44| 2,048 \nF12Tools.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:45| 2,048 \nF12Tools.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:45| 2,048 \nF12Tools.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:45| 2,048 \nF12Tools.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:46| 2,048 \nF12Tools.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:46| 2,048 \nF12Tools.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:47| 2,048 \nF12Tools.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:48| 2,048 \nF12Tools.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:48| 2,048 \nF12Tools.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:49| 2,048 \nF12Tools.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:50| 2,048 \nF12Tools.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:50| 2,048 \nF12Tools.dll| 11.0.9600.20091| 12-Jul-2021| 20:49| 256,000 \nmsfeedsbs.mof| Not versioned| 12-Jul-2021| 19:13| 1,574 \nmsfeedsbs.dll| 11.0.9600.20091| 12-Jul-2021| 20:45| 52,736 \nmsfeedssync.exe| 11.0.9600.20091| 12-Jul-2021| 21:07| 11,776 \nhtml.iec| 2019.0.0.20091| 12-Jul-2021| 21:06| 341,504 \nielowutil.exe| 11.0.9600.20091| 12-Jul-2021| 21:00| 221,184 \nieproxy.dll| 11.0.9600.20091| 12-Jul-2021| 20:16| 310,784 \nIEShims.dll| 11.0.9600.20091| 12-Jul-2021| 20:20| 290,304 \njsprofilerui.dll| 11.0.9600.20091| 12-Jul-2021| 20:46| 579,584 \nMshtmlDac.dll| 11.0.9600.20091| 12-Jul-2021| 21:05| 64,000 \nnetworkinspection.dll| 11.0.9600.20091| 12-Jul-2021| 20:42| 1,075,200 \nmsrating.dll| 11.0.9600.20091| 12-Jul-2021| 20:45| 168,960 \nicrav03.rat| Not versioned| 4-Mar-2021| 13:44| 8,798 \nticrf.rat| Not versioned| 4-Mar-2021| 13:44| 1,988 \niertutil.dll| 11.0.9600.20091| 12-Jul-2021| 21:06| 2,308,608 \nsqmapi.dll| 6.2.9200.16384| 13-Jul-2021| 12:28| 228,256 \ninseng.dll| 11.0.9600.20091| 12-Jul-2021| 20:47| 91,136 \nVGX.dll| 11.0.9600.20091| 12-Jul-2021| 20:44| 818,176 \nieframe.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:30| 2,066,432 \nieui.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:29| 3,072 \nieframe.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:30| 2,121,216 \nieui.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:30| 3,072 \nieframe.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:31| 2,075,648 \nieui.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:31| 3,072 \nieframe.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:31| 2,063,872 \nieui.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:31| 3,072 \nieframe.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:32| 2,314,240 \nieui.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:32| 3,072 \nieframe.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:33| 2,390,528 \nieui.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:32| 3,584 \nieframe.dll.mui| 11.0.9600.20091| 13-Jul-2021| 13:07| 2,033,152 \nieui.dll.mui| 11.0.9600.20091| 13-Jul-2021| 13:06| 3,072 \nieframe.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:33| 2,307,584 \nieui.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:33| 3,072 \nieframe.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:34| 2,255,872 \nieui.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:34| 3,072 \nieframe.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:35| 2,061,312 \nieui.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:35| 3,072 \nieframe.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:35| 2,326,016 \nieui.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:35| 3,584 \nieframe.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:36| 2,019,840 \nieui.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:35| 3,072 \nieframe.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:36| 2,071,040 \nieui.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:36| 3,072 \nieframe.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:37| 2,082,816 \nieui.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:37| 3,584 \nieframe.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:38| 2,307,584 \nieui.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:37| 3,072 \nieframe.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:38| 2,170,368 \nieui.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:38| 3,072 \nieframe.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:39| 2,153,984 \nieui.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:39| 3,072 \nieframe.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:40| 2,291,712 \nieui.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:39| 3,072 \nieframe.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:40| 2,283,520 \nieui.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:40| 3,072 \nieframe.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:41| 2,052,096 \nieui.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:41| 3,072 \nieframe.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:41| 2,301,952 \nieui.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:41| 3,584 \nieframe.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:42| 2,093,056 \nieui.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:42| 3,072 \nieframe.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:43| 2,075,648 \nieui.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:42| 3,072 \nieframe.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:43| 2,299,392 \nieui.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:43| 3,072 \nieframe.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:44| 2,094,592 \nieui.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:44| 3,072 \nieframe.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:44| 2,316,800 \nieui.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:44| 3,584 \nieframe.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:45| 2,305,536 \nieui.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:45| 3,072 \nieframe.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:46| 2,278,912 \nieui.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:46| 3,072 \nieframe.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:46| 2,285,568 \nieui.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:46| 3,584 \nieframe.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:47| 2,060,288 \nieui.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:46| 3,072 \nieframe.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:48| 2,315,776 \nieui.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:47| 3,072 \nieframe.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:48| 2,279,424 \nieui.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:48| 3,072 \nieframe.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:49| 2,324,992 \nieui.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:48| 3,072 \nieframe.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:49| 2,098,176 \nieui.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:49| 3,072 \nieframe.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:50| 1,890,304 \nieui.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:50| 3,072 \nieframe.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:51| 1,890,304 \nieui.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:50| 3,072 \nieinstal.exe| 11.0.9600.20091| 12-Jul-2021| 20:43| 475,648 \njscript9.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:29| 29,184 \njscript9.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:30| 29,696 \njscript9.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:30| 32,768 \njscript9.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:31| 33,280 \njscript9.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:32| 35,328 \njscript9.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:32| 37,888 \njscript9.dll.mui| 11.0.9600.20091| 13-Jul-2021| 13:06| 29,696 \njscript9.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:33| 34,304 \njscript9.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:34| 29,696 \njscript9.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:34| 33,280 \njscript9.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:35| 34,304 \njscript9.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:35| 27,648 \njscript9.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:36| 29,696 \njscript9.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:37| 34,304 \njscript9.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:37| 33,792 \njscript9.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:38| 23,040 \njscript9.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:39| 22,016 \njscript9.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:40| 29,696 \njscript9.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:40| 29,696 \njscript9.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:41| 31,232 \njscript9.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:42| 34,304 \njscript9.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:42| 35,840 \njscript9.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:42| 32,768 \njscript9.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:43| 33,280 \njscript9.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:44| 29,696 \njscript9.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:44| 34,816 \njscript9.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:45| 33,280 \njscript9.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:45| 32,256 \njscript9.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:46| 29,696 \njscript9.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:46| 32,768 \njscript9.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:47| 29,696 \njscript9.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:48| 30,720 \njscript9.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:48| 29,696 \njscript9.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:49| 16,384 \njscript9.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:50| 16,896 \njscript9.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:50| 16,896 \n \n### Windows Server 2008\n\n### \n\n__\n\nInternet Explorer 9 on all supported x86-based versions\n\n**File name**| **File version**| **Date**| **Time**| **File size** \n---|---|---|---|--- \nurlmon.dll| 9.0.8112.21581| 13-Jul-2021| 13:30| 1,142,784 \niexplore.exe| 9.0.8112.21581| 13-Jul-2021| 13:39| 751,512 \ninetcpl.cpl| 9.0.8112.21581| 13-Jul-2021| 13:29| 1,427,968 \nwininet.dll| 9.0.8112.21581| 13-Jul-2021| 13:30| 1,132,544 \njsproxy.dll| 9.0.8112.21581| 13-Jul-2021| 13:29| 75,776 \nWininetPlugin.dll| 1.0.0.1| 13-Jul-2021| 13:29| 66,048 \ntdc.ocx| 9.0.8112.21581| 13-Jul-2021| 13:28| 63,488 \niedvtool.dll| 9.0.8112.21581| 13-Jul-2021| 13:29| 678,912 \ndxtmsft.dll| 9.0.8112.21581| 13-Jul-2021| 13:28| 354,304 \ndxtrans.dll| 9.0.8112.21581| 13-Jul-2021| 13:28| 223,744 \nmsfeeds.dll| 9.0.8112.21581| 13-Jul-2021| 13:28| 607,744 \nmsfeeds.mof| Not versioned| 13-Jul-2021| 13:09| 1,518 \nmsfeedsbs.mof| Not versioned| 13-Jul-2021| 13:09| 1,574 \nmsfeedsbs.dll| 9.0.8112.21581| 13-Jul-2021| 13:28| 41,472 \nmsfeedssync.exe| 9.0.8112.21581| 13-Jul-2021| 13:28| 10,752 \nmshta.exe| 9.0.8112.21581| 13-Jul-2021| 13:28| 11,776 \nhtml.iec| 2019.0.0.21576| 13-Jul-2021| 13:31| 367,616 \nmshtmled.dll| 9.0.8112.21581| 13-Jul-2021| 13:28| 72,704 \nmshtml.dll| 9.0.8112.21581| 13-Jul-2021| 13:34| 12,845,056 \nmshtml.tlb| 9.0.8112.21581| 13-Jul-2021| 13:28| 2,382,848 \nielowutil.exe| 9.0.8112.21581| 13-Jul-2021| 13:29| 223,232 \nieproxy.dll| 9.0.8112.21581| 13-Jul-2021| 13:29| 195,072 \nIEShims.dll| 9.0.8112.21581| 13-Jul-2021| 13:29| 194,560 \nExtExport.exe| 9.0.8112.21581| 13-Jul-2021| 13:29| 22,528 \nWindows Pop-up Blocked.wav| Not versioned| 11-Mar-2021| 0:00| 85,548 \nWindows Information Bar.wav| Not versioned| 11-Mar-2021| 0:00| 23,308 \nWindows Feed Discovered.wav| Not versioned| 11-Mar-2021| 0:00| 19,884 \nWindows Navigation Start.wav| Not versioned| 11-Mar-2021| 0:00| 11,340 \nieUnatt.exe| 9.0.8112.21581| 13-Jul-2021| 13:28| 142,848 \njsdbgui.dll| 9.0.8112.21581| 13-Jul-2021| 13:29| 387,584 \niertutil.dll| 9.0.8112.21581| 13-Jul-2021| 13:29| 1,808,384 \nsqmapi.dll| 6.0.6000.16386| 13-Jul-2021| 13:40| 142,744 \nVGX.dll| 9.0.8112.21581| 13-Jul-2021| 13:29| 769,024 \nurl.dll| 9.0.8112.21581| 13-Jul-2021| 13:29| 231,936 \nieframe.dll| 9.0.8112.21581| 13-Jul-2021| 13:30| 9,757,696 \nieui.dll| 9.0.8112.21581| 13-Jul-2021| 13:27| 176,640 \nieinstal.exe| 9.0.8112.21581| 13-Jul-2021| 13:29| 474,624 \nInetRes.adml| Not versioned| 13-Jul-2021| 13:44| 393,813 \ninetres.admx| Not versioned| 11-Mar-2021| 0:10| 1,601,204 \njsdebuggeride.dll| 9.0.8112.21581| 13-Jul-2021| 13:29| 104,448 \njscript.dll| 5.8.7601.21576| 13-Jul-2021| 13:29| 723,456 \njscript9.dll| 9.0.8112.21581| 13-Jul-2021| 13:35| 1,819,648 \nvbscript.dll| 5.8.7601.21576| 13-Jul-2021| 13:29| 434,176 \n \n### \n\n__\n\nInternet Explorer 9 on all supported x64-based versions\n\n**File name**| **File version**| **Date**| **Time**| **File size** \n---|---|---|---|--- \nurlmon.dll| 9.0.8112.21581| 13-Jul-2021| 14:24| 1,391,616 \niexplore.exe| 9.0.8112.21581| 13-Jul-2021| 14:38| 757,656 \ninetcpl.cpl| 9.0.8112.21581| 13-Jul-2021| 14:23| 1,494,528 \nwininet.dll| 9.0.8112.21581| 13-Jul-2021| 14:24| 1,395,200 \njsproxy.dll| 9.0.8112.21581| 13-Jul-2021| 14:23| 97,280 \nWininetPlugin.dll| 1.0.0.1| 13-Jul-2021| 14:23| 86,528 \ntdc.ocx| 9.0.8112.21581| 13-Jul-2021| 14:22| 76,800 \niedvtool.dll| 9.0.8112.21581| 13-Jul-2021| 14:23| 887,808 \ndxtmsft.dll| 9.0.8112.21581| 13-Jul-2021| 14:23| 452,608 \ndxtrans.dll| 9.0.8112.21581| 13-Jul-2021| 14:23| 281,600 \nmsfeeds.dll| 9.0.8112.21581| 13-Jul-2021| 14:23| 729,088 \nmsfeeds.mof| Not versioned| 13-Jul-2021| 14:01| 1,518 \nmsfeedsbs.mof| Not versioned| 13-Jul-2021| 14:01| 1,574 \nmsfeedsbs.dll| 9.0.8112.21581| 13-Jul-2021| 14:23| 55,296 \nmsfeedssync.exe| 9.0.8112.21581| 13-Jul-2021| 14:22| 11,264 \nmshta.exe| 9.0.8112.21581| 13-Jul-2021| 14:22| 12,800 \nhtml.iec| 2019.0.0.21576| 13-Jul-2021| 14:26| 448,512 \nmshtmled.dll| 9.0.8112.21581| 13-Jul-2021| 14:23| 96,256 \nmshtml.dll| 9.0.8112.21581| 13-Jul-2021| 14:33| 18,812,416 \nmshtml.tlb| 9.0.8112.21581| 13-Jul-2021| 14:22| 2,382,848 \nielowutil.exe| 9.0.8112.21581| 13-Jul-2021| 14:23| 223,744 \nieproxy.dll| 9.0.8112.21581| 13-Jul-2021| 14:23| 550,912 \nIEShims.dll| 9.0.8112.21581| 13-Jul-2021| 14:23| 305,664 \nWindows Pop-up Blocked.wav| Not versioned| 11-Mar-2021| 0:00| 85,548 \nWindows Information Bar.wav| Not versioned| 11-Mar-2021| 0:00| 23,308 \nWindows Feed Discovered.wav| Not versioned| 11-Mar-2021| 0:00| 19,884 \nWindows Navigation Start.wav| Not versioned| 11-Mar-2021| 0:00| 11,340 \nieUnatt.exe| 9.0.8112.21581| 13-Jul-2021| 14:23| 173,056 \njsdbgui.dll| 9.0.8112.21581| 13-Jul-2021| 14:23| 499,200 \niertutil.dll| 9.0.8112.21581| 13-Jul-2021| 14:23| 2,163,200 \nsqmapi.dll| 6.0.6000.16386| 13-Jul-2021| 14:39| 176,024 \nVGX.dll| 9.0.8112.21581| 13-Jul-2021| 14:23| 997,376 \nurl.dll| 9.0.8112.21581| 13-Jul-2021| 14:23| 237,056 \nieframe.dll| 9.0.8112.21581| 13-Jul-2021| 14:25| 10,944,000 \nieui.dll| 9.0.8112.21581| 13-Jul-2021| 14:21| 248,320 \nieinstal.exe| 9.0.8112.21581| 13-Jul-2021| 14:23| 490,496 \nInetRes.adml| Not versioned| 13-Jul-2021| 14:43| 393,813 \ninetres.admx| Not versioned| 11-Mar-2021| 0:10| 1,601,204 \njsdebuggeride.dll| 9.0.8112.21581| 13-Jul-2021| 14:23| 141,312 \njscript.dll| 5.8.7601.21576| 13-Jul-2021| 14:23| 818,176 \njscript9.dll| 9.0.8112.21581| 13-Jul-2021| 14:29| 2,358,784 \nvbscript.dll| 5.8.7601.21576| 13-Jul-2021| 14:23| 583,680 \niexplore.exe| 9.0.8112.21581| 13-Jul-2021| 13:39| 751,512 \nieUnatt.exe| 9.0.8112.21581| 13-Jul-2021| 13:28| 142,848 \nurlmon.dll| 9.0.8112.21581| 13-Jul-2021| 13:30| 1,142,784 \ninetcpl.cpl| 9.0.8112.21581| 13-Jul-2021| 13:29| 1,427,968 \nwininet.dll| 9.0.8112.21581| 13-Jul-2021| 13:30| 1,132,544 \njsproxy.dll| 9.0.8112.21581| 13-Jul-2021| 13:29| 75,776 \nWininetPlugin.dll| 1.0.0.1| 13-Jul-2021| 13:29| 66,048 \ntdc.ocx| 9.0.8112.21581| 13-Jul-2021| 13:28| 63,488 \niedvtool.dll| 9.0.8112.21581| 13-Jul-2021| 13:29| 678,912 \ndxtmsft.dll| 9.0.8112.21581| 13-Jul-2021| 13:28| 354,304 \ndxtrans.dll| 9.0.8112.21581| 13-Jul-2021| 13:28| 223,744 \nmsfeeds.dll| 9.0.8112.21581| 13-Jul-2021| 13:28| 607,744 \nmsfeeds.mof| Not versioned| 13-Jul-2021| 13:09| 1,518 \nmsfeedsbs.mof| Not versioned| 13-Jul-2021| 13:09| 1,574 \nmsfeedsbs.dll| 9.0.8112.21581| 13-Jul-2021| 13:28| 41,472 \nmsfeedssync.exe| 9.0.8112.21581| 13-Jul-2021| 13:28| 10,752 \nmshta.exe| 9.0.8112.21581| 13-Jul-2021| 13:28| 11,776 \nhtml.iec| 2019.0.0.21576| 13-Jul-2021| 13:31| 367,616 \nmshtmled.dll| 9.0.8112.21581| 13-Jul-2021| 13:28| 72,704 \nmshtml.dll| 9.0.8112.21581| 13-Jul-2021| 13:34| 12,845,056 \nmshtml.tlb| 9.0.8112.21581| 13-Jul-2021| 13:28| 2,382,848 \nielowutil.exe| 9.0.8112.21581| 13-Jul-2021| 13:29| 223,232 \nieproxy.dll| 9.0.8112.21581| 13-Jul-2021| 13:29| 195,072 \nIEShims.dll| 9.0.8112.21581| 13-Jul-2021| 13:29| 194,560 \nExtExport.exe| 9.0.8112.21581| 13-Jul-2021| 13:29| 22,528 \njsdbgui.dll| 9.0.8112.21581| 13-Jul-2021| 13:29| 387,584 \niertutil.dll| 9.0.8112.21581| 13-Jul-2021| 13:29| 1,808,384 \nsqmapi.dll| 6.0.6000.16386| 13-Jul-2021| 13:40| 142,744 \nVGX.dll| 9.0.8112.21581| 13-Jul-2021| 13:29| 769,024 \nurl.dll| 9.0.8112.21581| 13-Jul-2021| 13:29| 231,936 \nieframe.dll| 9.0.8112.21581| 13-Jul-2021| 13:30| 9,757,696 \nieui.dll| 9.0.8112.21581| 13-Jul-2021| 13:27| 176,640 \nieinstal.exe| 9.0.8112.21581| 13-Jul-2021| 13:29| 474,624 \njsdebuggeride.dll| 9.0.8112.21581| 13-Jul-2021| 13:29| 104,448 \njscript.dll| 5.8.7601.21576| 13-Jul-2021| 13:29| 723,456 \njscript9.dll| 9.0.8112.21581| 13-Jul-2021| 13:35| 1,819,648 \nvbscript.dll| 5.8.7601.21576| 13-Jul-2021| 13:29| 434,176 \n \n## **Information about protection and security**\n\n * Protect yourself online: [Windows Security support](<https://support.microsoft.com/hub/4099151/windows-security-help>)\n * Learn how we guard against cyber threats: [Microsoft Security](<https://www.microsoft.com/security>)\n\n## **References**\n\nLearn about the [terminology](<https://support.microsoft.com/help/824684>) that Microsoft uses to describe software updates.\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2021-08-10T07:00:00", "type": "mskb", "title": "KB5005036: Cumulative security update for Internet Explorer: August 10, 2021", "bulletinFamily": "microsoft", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-34480"], "modified": "2021-08-10T07:00:00", "id": "KB5005036", "href": "https://support.microsoft.com/en-us/help/5005036", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-05-19T10:52:21", "description": "None\n**Important: **This release includes the Flash Removal Package. Taking this update will remove Adobe Flash from the device. For more information, see the [Update on Adobe Flash Player End of Support](<https://blogs.windows.com/msedgedev/2020/09/04/update-adobe-flash-end-support/>).\n\n**Important: **Windows Server 2012 has reached the end of mainstream support and is now in extended support. Starting in July 2020, there will no longer be optional releases (known as \"C\" or \"D\" releases) for this operating system. Operating systems in extended support have only cumulative monthly security updates (known as the \"B\" or Update Tuesday release). \n \nVerify that** **you have installed the required updates listed in the **How to get this update** section before installing this update. \n \nFor information about the various types of Windows updates, such as critical, security, driver, service packs, and so on, please see the following [article](<https://support.microsoft.com/help/824684>). To view other notes and messages, see the Windows Server 2012 update history [home page](<https://support.microsoft.com/help/4009471>).\n\n## **Improvements and fixes**\n\nThis security update includes improvements and fixes that were a part of update [KB5004294](<https://support.microsoft.com/help/5004294>) (released previous July 13, 2021) and addresses the following issues:\n\n * Changes the default privilege requirement for installing drivers when using Point and Print. After installing this update, you must have administrative privileges to install drivers. If you use Point and Print, see [KB5005652](<https://support.microsoft.com/topic/873642bf-2634-49c5-a23b-6d8e9a302872>), [Point and Print Default Behavior Change](<https://aka.ms/PointPrintMSRCBlog>), and [CVE-2021-34481](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-34481>) for more information.\n * Addresses an issue in which Smart Card Authentication (PIV) fails on non-RFC compliant printers and scanners requiring smartcard authentication. For more information, see [KB5005389.](<https://support.microsoft.com/help/5005389>)\n * This update also contains miscellaneous security improvements to internal OS functionality.\nFor more information about the resolved security vulnerabilities, please refer to the new [Security Update Guide](<https://msrc.microsoft.com/update-guide>) website.\n\n## **Known issues in this update**\n\n**Symptom**| **Workaround** \n---|--- \nAfter installing this update, the Encrypted File System (EFS) API **[OpenEncryptedFileRaw(A/W)](<https://docs.microsoft.com/en-us/windows/win32/api/winbase/nf-winbase-openencryptedfilerawa>)**, often used in backup software, will not work when you back up to or from a Windows Server 2008 SP2 device. **OpenEncryptedFileRaw** will continue to work on all other versions of Windows (local and remote).| This behavior is expected because we addressed the issue in [CVE-2021-36942](<https://portal.msrc.microsoft.com/security-guidance/advisory/CVE-2021-36942>).**Note** If you cannot use backup software on Windows 7 SP1 and Server 2008 R2 SP1 or later after installing this update, contact the manufacturer of your backup software for updates and support. \nCertain operations, such as **rename**, that you perform on files or folders that are on a Cluster Shared Volume (CSV) may fail with the error, \u201cSTATUS_BAD_IMPERSONATION_LEVEL (0xC00000A5)\u201d. This occurs when you perform the operation on a CSV owner node from a process that doesn\u2019t have administrator privilege.| Do one of the following:\n\n * Perform the operation from a process that has administrator privilege.\n * Perform the operation from a node that doesn\u2019t have CSV ownership.\nMicrosoft is working on a resolution and will provide an update in an upcoming release. \n \n## **How to get this update**\n\n**Before installing this update**We strongly recommend that you install the latest servicing stack update (SSU) for your operating system before installing the latest Rollup. SSUs improve the reliability of the update process to mitigate potential issues while installing the Rollup and applying Microsoft security fixes. For general information about SSUs, see [Servicing stack updates](<https://docs.microsoft.com/en-us/windows/deployment/update/servicing-stack-updates>) and [Servicing Stack Updates (SSU): Frequently Asked Questions](<https://support.microsoft.com/help/4535697>).If you use Windows Update, the latest SSU ([KB5001401](<https://support.microsoft.com/help/5001401>)) will be offered to you automatically. To get the standalone package for the latest SSU, search for it in the [Microsoft Update Catalog](<http://www.catalog.update.microsoft.com/home.aspx>). **Install this update****Release Channel**| **Available**| **Next Step** \n---|---|--- \nWindows Update and Microsoft Update| Yes| None. This update will be downloaded and installed automatically from Windows Update. \nMicrosoft Update Catalog| Yes| To get the standalone package for this update, go to the [Microsoft Update Catalog](<https://www.catalog.update.microsoft.com/Search.aspx?q=KB5005099>) website. \nWindows Server Update Services (WSUS)| Yes| This update will automatically sync with WSUS if you configure **Products and Classifications** as follows:**Product**: Windows Server 2012, Windows Embedded 8 Standard**Classification**: Security Updates \n \n## **File information**\n\nFor a list of the files that are provided in this update, download the [file information for update 5005099](<https://download.microsoft.com/download/5/4/b/54b50378-2639-49db-8cb2-4b4241268317/5005099.csv>). \n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-08-10T07:00:00", "type": "mskb", "title": "August 10, 2021\u2014KB5005099 (Monthly Rollup)", "bulletinFamily": "microsoft", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-34481", "CVE-2021-36937", "CVE-2021-36942"], "modified": "2021-08-10T07:00:00", "id": "KB5005099", "href": "https://support.microsoft.com/en-us/help/5005099", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-05-19T10:52:20", "description": "None\n**Important: **Windows Server 2008 Service Pack 2 (SP2) has reached the end of mainstream support and are now in extended support. Starting in July 2020, there will no longer be optional, non-security releases (known as \"C\" releases) for this operating system. Operating systems in extended support have only cumulative monthly security updates (known as the \"B\" or Update Tuesday release). \n \nVerify that** **you have installed the required updates listed in the **How to get this update** section before installing this update. \n \nWSUS scan cab files will continue to be available for Windows Server 2008 SP2. If you have a subset of devices running this operating system without ESU, they might show as non-compliant in your patch management and compliance toolsets.\n\n## **Improvements and fixes**\n\nThis security update includes quality improvements. Key changes include:\n\n * Changes the default privilege requirement for installing drivers when using Point and Print. After installing this update, you must have administrative privileges to install drivers. If you use Point and Print, see [KB5005652](<https://support.microsoft.com/topic/873642bf-2634-49c5-a23b-6d8e9a302872>), [Point and Print Default Behavior Change](<https://aka.ms/PointPrintMSRCBlog>), and [CVE-2021-34481](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-34481>) for more information.\n * Addresses an issue in which Smart Card Authentication (PIV) fails on non-RFC compliant printers and scanners requiring smartcard authentication. For more information, see [KB5005391](<https://support.microsoft.com/help/5005390>).\n * This update also contains miscellaneous security improvements to internal OS functionality.\nFor more information about the resolved security vulnerabilities, please refer to the new [Security Update Guide](<https://msrc.microsoft.com/update-guide>) website.\n\n## **Known issues in this update**\n\n**Symptom**| **Workaround** \n---|--- \nAfter installing this update, the Encrypted File System (EFS) API **[OpenEncryptedFileRaw(A/W)](<https://docs.microsoft.com/en-us/windows/win32/api/winbase/nf-winbase-openencryptedfilerawa>)**, often used in backup software, will not work when you back up to or from a Windows Server 2008 SP2 device. **OpenEncryptedFileRaw** will continue to work on all other versions of Windows (local and remote).| This behavior is expected because we addressed the issue in [CVE-2021-36942](<https://portal.msrc.microsoft.com/security-guidance/advisory/CVE-2021-36942>).**Note** If you cannot use backup software on Windows 7 SP1 and Server 2008 R2 SP1 or later after installing this update, contact the manufacturer of your backup software for updates and support. \nAfter installing this update and restarting your device, you might receive the error, \u201cFailure to configure Windows updates. Reverting Changes. Do not turn off your computer\u201d, and the update might show as **Failed** in **Update History**.| This is expected in the following circumstances:\n\n * If you are installing this update on a device that is running an edition that is not supported for ESU. For a complete list of which editions are supported, see [KB4497181](<https://support.microsoft.com/help/4497181>).\n * If you do not have an ESU MAK add-on key installed and activated.\nIf you have purchased an ESU key and have encountered this issue, please verify you have applied all prerequisites and that your key is activated. For information on activation, please see this [blog](<https://aka.ms/Windows7ESU>) post. For information on the prerequisites, see the \"How to get this update\" section of this article. \nCertain operations, such as **rename**, that you perform on files or folders that are on a Cluster Shared Volume (CSV) may fail with the error, \u201cSTATUS_BAD_IMPERSONATION_LEVEL (0xC00000A5)\u201d. This occurs when you perform the operation on a CSV owner node from a process that doesn\u2019t have administrator privilege.| Do one of the following:\n\n * Perform the operation from a process that has administrator privilege.\n * Perform the operation from a node that doesn\u2019t have CSV ownership.\nMicrosoft is working on a resolution and will provide an update in an upcoming release. \n \n## **How to get this update**\n\n**Before installing this update****IMPORTANT** Customers who have purchased the [Extended Security Update (ESU)](<https://www.microsoft.com/en-us/cloud-platform/extended-security-updates>) for on-premises versions of this OS must follow the procedures in [KB4522133](<https://support.microsoft.com/help/4522133>) to continue receiving security updates after extended support ends on January 14, 2020.For more information on ESU and which editions are supported, see [KB4497181](<https://support.microsoft.com/help/4497181>).**Prerequisite:**You must install the updates listed below and **restart your device** before installing the latest Rollup. Installing these updates improves the reliability of the update process and mitigates potential issues while installing the Rollup and applying Microsoft security fixes.\n\n 1. The April 9, 2019 servicing stack update (SSU) ([KB4493730](<https://support.microsoft.com/help/4493730>)). To get the standalone package for this SSU, search for it in the [Microsoft Update Catalog](<http://www.catalog.update.microsoft.com/home.aspx>). This update is required to install updates that are only SHA-2 signed.\n 2. The latest SHA-2 update ([KB4474419](<https://support.microsoft.com/help/4474419>)) released October 8, 2019. If you are using Windows Update, the latest SHA-2 update will be offered to you automatically. This update is required to install updates that are only SHA-2 signed. For more information on SHA-2 updates, see [2019 SHA-2 Code Signing Support requirement for Windows and WSUS](<https://support.microsoft.com/help/4472027>).\n 3. The Extended Security Updates (ESU) Licensing Preparation Package ([KB4538484](<https://support.microsoft.com/help/4538484>)) or the Update for the Extended Security Updates (ESU) Licensing Preparation Package ([KB4575904](<https://support.microsoft.com/help/4575904>)). The ESU licensing preparation package will be offered to you from WSUS. To get the standalone package for ESU licensing preparation package, search for it in the [Microsoft Update Catalog](<http://www.catalog.update.microsoft.com/home.aspx>).\nAfter installing the items above, we strongly recommend that you install the latest SSU ([KB4580971](<https://support.microsoft.com/help/4580971>)). If you are using Windows Update, the latest SSU will be offered to you automatically if you are an ESU customer. To get the standalone package for the latest SSU, search for it in the [Microsoft Update Catalog](<http://www.catalog.update.microsoft.com/home.aspx>). For general information about SSUs, see [Servicing stack updates](<https://docs.microsoft.com/en-us/windows/deployment/update/servicing-stack-updates>) and [Servicing Stack Updates (SSU): Frequently Asked Questions](<https://support.microsoft.com/help/4535697>).**REMINDER** If you are using Security-only updates, you will also need to install all previous Security-only updates and the latest cumulative update for Internet Explorer ([KB5005036](<https://support.microsoft.com/help/5005036>)).**Install this update****Release Channel**| **Available**| **Next Step** \n---|---|--- \nWindows Update and Microsoft Update| No| See the other options below. \nMicrosoft Update Catalog| Yes| To get the standalone package for this update, go to the [Microsoft Update Catalog](<https://www.catalog.update.microsoft.com/Search.aspx?q=KBNNNNNNN>) website. \nWindows Server Update Services (WSUS)| Yes| This update will automatically sync with WSUS if you configure **Products and Classifications** as follows:**Product**: Windows Server 2008 Service Pack 2**Classification**: Security Updates \n \n## **File information**\n\nFor a list of the files that are provided in this update, download the [file information for update 5005095](<https://download.microsoft.com/download/2/f/9/2f99a9fc-08b2-4463-9199-43e8f557ead0/5005095.csv>).\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-08-10T07:00:00", "type": "mskb", "title": "August 10, 2021\u2014KB5005095 (Security-only update)", "bulletinFamily": "microsoft", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-34481", "CVE-2021-36937", "CVE-2021-36942"], "modified": "2021-08-10T07:00:00", "id": "KB5005095", "href": "https://support.microsoft.com/en-us/help/5005095", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-05-19T10:52:19", "description": "None\n**Important: **This release includes the Flash Removal Package. Taking this update will remove Adobe Flash from the device. For more information, see the [Update on Adobe Flash Player End of Support](<https://blogs.windows.com/msedgedev/2020/09/04/update-adobe-flash-end-support/>).\n\n**Important: **Windows 8.1 and Windows Server 2012 R2 have reached the end of mainstream support and are now in extended support. Starting in July 2020, there will no longer be optional, non-security releases (known as \"C\" releases) for this operating system. Operating systems in extended support have only cumulative monthly security updates (known as the \"B\" or Update Tuesday release). \n \nFor information about the various types of Windows updates, such as critical, security, driver, service packs, and so on, please see the following [article](<https://support.microsoft.com/help/824684>). To view other notes and messages, see the Windows 8.1 and Windows Server 2012 R2 update history [home page](<https://support.microsoft.com/help/4009470>).\n\n## **Improvements and fixes**\n\nThis security update includes improvements and fixes that were a part of update [KB5004298](<https://support.microsoft.com/help/5004298>) (released July 13, 2021) and addresses the following issues:\n\n * Changes the default privilege requirement for installing drivers when using Point and Print. After installing this update, you must have administrative privileges to install drivers. If you use Point and Print, see [KB5005652](<https://support.microsoft.com/topic/873642bf-2634-49c5-a23b-6d8e9a302872>), [Point and Print Default Behavior Change](<https://aka.ms/PointPrintMSRCBlog>), and [CVE-2021-34481](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-34481>) for more information.\n * Addresses an issue in which Smart Card Authentication (PIV) fails on non-RFC compliant printers and scanners requiring smartcard authentication. For more information, see [KB5005391.](<https://support.microsoft.com/help/5005391>)\n * This update also contains miscellaneous security improvements to internal OS functionality.\nFor more information about the resolved security vulnerabilities, please refer to the new [Security Update Guide](<https://msrc.microsoft.com/update-guide>) website.\n\n## **Known issues in this update**\n\n**Symptom**| **Workaround** \n---|--- \nAfter installing this update, the Encrypted File System (EFS) API **[OpenEncryptedFileRaw(A/W)](<https://docs.microsoft.com/en-us/windows/win32/api/winbase/nf-winbase-openencryptedfilerawa>)**, often used in backup software, will not work when you back up to or from a Windows Server 2008 SP2 device. **OpenEncryptedFileRaw** will continue to work on all other versions of Windows (local and remote).| This behavior is expected because we addressed the issue in [CVE-2021-36942](<https://portal.msrc.microsoft.com/security-guidance/advisory/CVE-2021-36942>).**Note** If you cannot use backup software on Windows 7 SP1 and Server 2008 R2 SP1 or later after installing this update, contact the manufacturer of your backup software for updates and support. \nCertain operations, such as **rename**, that you perform on files or folders that are on a Cluster Shared Volume (CSV) may fail with the error, \u201cSTATUS_BAD_IMPERSONATION_LEVEL (0xC00000A5)\u201d. This occurs when you perform the operation on a CSV owner node from a process that doesn\u2019t have administrator privilege.| Do one of the following:\n\n * Perform the operation from a process that has administrator privilege.\n * Perform the operation from a node that doesn\u2019t have CSV ownership.\nMicrosoft is working on a resolution and will provide an update in an upcoming release. \n \n## **How to get this update**\n\n**Before installing this update**We strongly recommend that you install the latest servicing stack update (SSU) for your operating system before you install the latest Rollup. SSUs improve the reliability of the update process to mitigate potential issues while installing the Rollup and applying Microsoft security fixes. For general information about SSUs, see [Servicing stack updates](<https://docs.microsoft.com/en-us/windows/deployment/update/servicing-stack-updates>) and [Servicing Stack Updates (SSU): Frequently Asked Questions](<https://support.microsoft.com/help/4535697>).If you use Windows Update, the latest SSU ([KB5001403](<https://support.microsoft.com/help/5001403>)) will be offered to you automatically. To get the standalone package for the latest SSU, search for it in the [Microsoft Update Catalog](<http://www.catalog.update.microsoft.com/home.aspx>). **Install this update****Release Channel**| **Available**| **Next Step** \n---|---|--- \nWindows Update and Microsoft Update| Yes| None. This update will be downloaded and installed automatically from Windows Update. \nMicrosoft Update Catalog| Yes| To get the standalone package for this update, go to the [Microsoft Update Catalog](<https://www.catalog.update.microsoft.com/Search.aspx?q=KB5005076>) website. \nWindows Server Update Services (WSUS)| Yes| This update will automatically sync with WSUS if you configure **Products and Classifications** as follows:**Product**: Windows 8.1, Windows Server 2012 R2, Windows Embedded 8.1 Industry Enterprise, Windows Embedded 8.1 Industry Pro**Classification**: Security Updates \n \n## **File information**\n\nFor a list of the files that are provided in this update, download the [file information for update 5005076](<https://download.microsoft.com/download/f/e/9/fe907252-2606-4ef8-b4cd-bfe1b3bbae60/5005076.csv>). \n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-08-10T07:00:00", "type": "mskb", "title": "August 10, 2021\u2014KB5005076 (Monthly Rollup)", "bulletinFamily": "microsoft", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-34481", "CVE-2021-36937", "CVE-2021-36942"], "modified": "2021-08-10T07:00:00", "id": "KB5005076", "href": "https://support.microsoft.com/en-us/help/5005076", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-05-19T10:52:19", "description": "None\n**Important: **Windows 7 and Windows Server 2008 R2 have reached the end of mainstream support and are now in extended support. Starting in July 2020, there will no longer be optional, non-security releases (known as \"C\" releases) for this operating system. Operating systems in extended support have only cumulative monthly security updates (known as the \"B\" or Update Tuesday release). \n \nVerify that** **you have installed the required updates listed in the **How to get this update** section before installing this update. \n \nFor information about the various types of Windows updates, such as critical, security, driver, service packs, and so on, please see the following [article](<https://support.microsoft.com/help/824684>). To view other notes and messages, see the Windows 7 and Windows Server 2008 R2 update history [home page](<https://support.microsoft.com/help/4009469>).\n\n## **Improvements and fixes**\n\nThis security update includes quality improvements. Key changes include:\n\n * Changes the default privilege requirement for installing drivers when using Point and Print. After installing this update, you must have administrative privileges to install drivers. If you use Point and Print, see [KB5005652](<https://support.microsoft.com/topic/873642bf-2634-49c5-a23b-6d8e9a302872>), [Point and Print Default Behavior Change](<https://aka.ms/PointPrintMSRCBlog>), and [CVE-2021-34481](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-34481>) for more information.\n * Addresses an issue in which Smart Card Authentication (PIV) fails on non-RFC compliant printers and scanners requiring smartcard authentication. For more information, see [KB5005392](<https://support.microsoft.com/help/5005392>).\n * This update also contains miscellaneous security improvements to internal OS functionality.\nFor more information about the resolved security vulnerabilities, please refer to the new [Security Update Guide](<https://msrc.microsoft.com/update-guide>) website.\n\n## **Known issues in this update**\n\n**Symptom**| **Workaround** \n---|--- \nAfter installing this update, the Encrypted File System (EFS) API **[OpenEncryptedFileRaw(A/W)](<https://docs.microsoft.com/en-us/windows/win32/api/winbase/nf-winbase-openencryptedfilerawa>)**, often used in backup software, will not work when you back up to or from a Windows Server 2008 SP2 device. **OpenEncryptedFileRaw** will continue to work on all other versions of Windows (local and remote).| This behavior is expected because we addressed the issue in [CVE-2021-36942](<https://portal.msrc.microsoft.com/security-guidance/advisory/CVE-2021-36942>).**Note** If you cannot use backup software on Windows 7 SP1 and Server 2008 R2 SP1 or later after installing this update, contact the manufacturer of your backup software for updates and support. \nAfter installing this update and restarting your device, you might receive the error, \u201cFailure to configure Windows updates. Reverting Changes. Do not turn off your computer,\u201d and the update might show as **Failed **in **Update History**.| This is expected in the following circumstances:\n\n * If you are installing this update on a device that is running an edition that is not supported for ESU. For a complete list of which editions are supported, see [KB4497181](<https://support.microsoft.com/help/4497181>).\n * If you do not have an ESU MAK add-on key installed and activated.\n * If you have purchased an ESU key and have encountered this issue, please verify you have applied all prerequisites and that your key is activated. For information on activation, please see this [blog](<https://techcommunity.microsoft.com/t5/windows-it-pro-blog/obtaining-extended-security-updates-for-eligible-windows-devices/ba-p/1167091>) post. For information on the prerequisites, see the **How to get this update** section of this article. \nCertain operations, such as **rename**, that you perform on files or folders that are on a Cluster Shared Volume (CSV) may fail with the error, \"STATUS_BAD_IMPERSONATION_LEVEL (0xC00000A5)\". This occurs when you perform the operation on a CSV owner node from a process that doesn\u2019t have administrator privilege.| Do one of the following:\n\n * Perform the operation from a process that has administrator privilege.\n * Perform the operation from a node that doesn\u2019t have CSV ownership.\nMicrosoft is working on a resolution and will provide an update in an upcoming release. \n \n## **How to get this update**\n\n**Before installing this update****IMPORTANT** Customers who have purchased the Extended Security Update (ESU) for on-premises versions of these operating systems must follow the procedures in [KB4522133](<https://support.microsoft.com/help/4522133>) to continue receiving security updates after extended support ends. Extended support ends as follows:\n\n * For Windows 7 Service Pack 1 and Windows Server 2008 R2 Service Pack 1, extended support ends on January 14, 2020.\n * For Windows Embedded Standard 7, extended support ends on October 13, 2020.\nFor more information about ESU and which editions are supported, see [KB4497181](<https://support.microsoft.com/help/4497181>).**Note** For Windows Embedded Standard 7, Windows Management Instrumentation (WMI) must be enabled to get updates from Windows Update or Windows Server Update Services.**Prerequisite:**You must install the updates listed below and **restart your device** before installing the latest Rollup. Installing these updates improves the reliability of the update process and mitigates potential issues while installing the Rollup and applying Microsoft security fixes.\n\n 1. The March 12, 2019 servicing stack update (SSU) ([KB4490628](<https://support.microsoft.com/help/4490628>)). To get the standalone package for this SSU, search for it in the [Microsoft Update Catalog](<http://www.catalog.update.microsoft.com/home.aspx>). This update is required to install updates that are only SHA-2 signed.\n 2. The latest SHA-2 update ([KB4474419](<https://support.microsoft.com/help/4474419>)) released September 10, 2019. If you are using Windows Update, the latest SHA-2 update will be offered to you automatically. This update is required to install updates that are only SHA-2 signed. For more information on SHA-2 updates, see [2019 SHA-2 Code Signing Support requirement for Windows and WSUS](<https://support.microsoft.com/help/4472027>).\n 3. For Windows Thin PC, you must have the August 11, 2020 SSU ([KB4570673](<https://support.microsoft.com/help/4570673>)) or a later SSU installed to make sure you continue to get the extended security updates starting with the October 13, 2020 updates.\n 4. To get this security update, you must reinstall the \"Extended Security Updates (ESU) Licensing Preparation Package\" ([KB4538483](<https://support.microsoft.com/help/4538483>)) or the \"Update for the Extended Security Updates (ESU) Licensing Preparation Package\" ([KB4575903](<https://support.microsoft.com/help/4575903>)) even if you previously installed the ESU key. The ESU licensing preparation package will be offered to you from WSUS. To get the standalone package for ESU licensing preparation package, search for it in the [Microsoft Update Catalog](<http://www.catalog.update.microsoft.com/home.aspx>).\nAfter installing the items above, Microsoft strongly recommends that you install the latest SSU ([KB5004378](<https://support.microsoft.com/help/5004378>)). If you are using Windows Update, the latest SSU will be offered to you automatically if you are an ESU customer. To get the standalone package for the latest SSU, search for it in the [Microsoft Update Catalog](<http://www.catalog.update.microsoft.com/home.aspx>). For general information about SSUs, see [Servicing stack updates](<https://docs.microsoft.com/en-us/windows/deployment/update/servicing-stack-updates>) and [Servicing Stack Updates (SSU): Frequently Asked Questions](<https://support.microsoft.com/help/4535697>).**REMINDER** If you are using Security-only updates, you will also need to install all previous Security-only updates and the latest cumulative update for Internet Explorer ([KB5005036](<https://support.microsoft.com/help/5005036>)).**Install this update****Release Channel**| **Available**| **Next Step** \n---|---|--- \nWindows Update and Microsoft Update| No| See the other options below. \nMicrosoft Update Catalog| Yes| To get the standalone package for this update, go to the [Microsoft Update Catalog](<https://www.catalog.update.microsoft.com/Search.aspx?q=KB5005089>) website. \nWindows Server Update Services (WSUS)| Yes| This update will automatically sync with WSUS if you configure **Products and Classifications** as follows:**Product**: Windows 7 Service Pack 1, Windows Server 2008 R2 Service Pack 1, Windows Embedded Standard 7 Service Pack 1, Windows Embedded POSReady 7, Windows Thin PC**Classification**: Security Updates \n \n## **File information**\n\nFor a list of the files that are provided in this update, download the [file information for update 5005089](<https://download.microsoft.com/download/d/0/4/d0487f5c-6448-4a25-badb-8fcab6fc55bf/5005089.csv>).\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-08-10T07:00:00", "type": "mskb", "title": "August 10, 2021\u2014KB5005089 (Security-only update)", "bulletinFamily": "microsoft", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-34481", "CVE-2021-36937", "CVE-2021-36942"], "modified": "2021-08-10T07:00:00", "id": "KB5005089", "href": "https://support.microsoft.com/en-us/help/5005089", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-05-19T10:52:20", "description": "None\n**Important: **This release includes the Flash Removal Package. Taking this update will remove Adobe Flash from the device. For more information, see the [Update on Adobe Flash Player End of Support](<https://blogs.windows.com/msedgedev/2020/09/04/update-adobe-flash-end-support/>).\n\n**Important: **Windows Server 2012 has reached the end of mainstream support and is now in extended support. Starting in July 2020, there will no longer be optional releases (known as \"C\" or \"D\" releases) for this operating system. Operating systems in extended support have only cumulative monthly security updates (known as the \"B\" or Update Tuesday release). \n \nVerify that** **you have installed the required updates listed in the **How to get this update** section before installing this update. \n \nFor information about the various types of Windows updates, such as critical, security, driver, service packs, and so on, please see the following [article](<https://support.microsoft.com/help/824684>). To view other notes and messages, see the Windows Server 2012 update history [home page](<https://support.microsoft.com/help/4009471>).\n\n## **Improvements and fixes**\n\nThis security update includes quality improvements. Key changes include:\n\n * Changes the default privilege requirement for installing drivers when using Point and Print. After installing this update, you must have administrative privileges to install drivers. If you use Point and Print, see [KB5005652](<https://support.microsoft.com/topic/873642bf-2634-49c5-a23b-6d8e9a302872>), [Point and Print Default Behavior Change](<https://aka.ms/PointPrintMSRCBlog>), and [CVE-2021-34481](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-34481>) for more information.\n * Addresses an issue in which Smart Card Authentication (PIV) fails on non-RFC compliant printers and scanners requiring smartcard authentication. For more information, see [KB5005389](<https://support.microsoft.com/help/5005389>).\n * This update also contains miscellaneous security improvements to internal OS functionality.\nFor more information about the resolved security vulnerabilities, please refer to the [Security Update Guide](<https://portal.msrc.microsoft.com/security-guidance>).\n\n## **Known issues in this update**\n\n**Symptom**| **Workaround** \n---|--- \nAfter installing this update, the Encrypted File System (EFS) API **[OpenEncryptedFileRaw(A/W)](<https://docs.microsoft.com/en-us/windows/win32/api/winbase/nf-winbase-openencryptedfilerawa>)**, often used in backup software, will not work when you back up to or from a Windows Server 2008 SP2 device. **OpenEncryptedFileRaw** will continue to work on all other versions of Windows (local and remote).| This behavior is expected because we addressed the issue in [CVE-2021-36942](<https://portal.msrc.microsoft.com/security-guidance/advisory/CVE-2021-36942>).**Note** If you cannot use backup software on Windows 7 SP1 and Server 2008 R2 SP1 or later after installing this update, contact the manufacturer of your backup software for updates and support. \nCertain operations, such as **rename**, that you perform on files or folders that are on a Cluster Shared Volume (CSV) may fail with the error, \u201cSTATUS_BAD_IMPERSONATION_LEVEL (0xC00000A5)\u201d. This occurs when you perform the operation on a CSV owner node from a process that doesn\u2019t have administrator privilege.| Do one of the following:\n\n * Perform the operation from a process that has administrator privilege.\n * Perform the operation from a node that doesn\u2019t have CSV ownership.\nMicrosoft is working on a resolution and will provide an update in an upcoming release. \n \n## **How to get this update**\n\n**Before installing this update**We strongly recommend that you install the latest servicing stack update (SSU) for your operating system before installing the latest Rollup. SSUs improve the reliability of the update process to mitigate potential issues while installing the Rollup and applying Microsoft security fixes. For general information about SSUs, see [Servicing stack updates](<https://docs.microsoft.com/en-us/windows/deployment/update/servicing-stack-updates>) and [Servicing Stack Updates (SSU): Frequently Asked Questions](<https://support.microsoft.com/help/4535697>).If you use Windows Update, the latest SSU ([KB5001401](<https://support.microsoft.com/help/5001401>)) will be offered to you automatically. To get the standalone package for the latest SSU, search for it in the [Microsoft Update Catalog](<http://www.catalog.update.microsoft.com/home.aspx>). **REMINDER** If you are using Security-only updates, you will also need to install all previous Security-only updates and the latest cumulative update for Internet Explorer ([KB5005036](<https://support.microsoft.com/help/5005036>)).**Install this update****Release Channel**| **Available**| **Next Step** \n---|---|--- \nWindows Update and Microsoft Update| No| See the other options below. \nMicrosoft Update Catalog| Yes| To get the standalone package for this update, go to the [Microsoft Update Catalog](<https://www.catalog.update.microsoft.com/Search.aspx?q=KBNNNNNNN>) website. \nWindows Server Update Services (WSUS)| Yes| This update will automatically sync with WSUS if you configure **Products and Classifications** as follows:**Product**: Windows Server 2012, Windows Embedded 8 Standard**Classification**: Security Update \n \n## **File information**\n\nFor a list of the files that are provided in this update, download the [file information for update 5005094](<https://download.microsoft.com/download/4/d/f/4dfb503a-e6e6-464c-a027-c7cfe76e0792/5005094.csv>).\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-08-10T07:00:00", "type": "mskb", "title": "August 10, 2021\u2014KB5005094 (Security-only update)", "bulletinFamily": "microsoft", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-34481", "CVE-2021-36937", "CVE-2021-36942"], "modified": "2021-08-10T07:00:00", "id": "KB5005094", "href": "https://support.microsoft.com/en-us/help/5005094", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-05-19T10:52:19", "description": "None\n**Important: **Windows 7 and Windows Server 2008 R2 have reached the end of mainstream support and are now in extended support. Starting in July 2020, there will no longer be optional, non-security releases (known as \"C\" releases) for this operating system. Operating systems in extended support have only cumulative monthly security updates (known as the \"B\" or Update Tuesday release). \n \nVerify that** **you have installed the required updates listed in the **How to get this update** section before installing this update. \n \nFor information about the various types of Windows updates, such as critical, security, driver, service packs, and so on, please see the following [article](<https://support.microsoft.com/help/824684>). To view other notes and messages, see the Windows 7 and Windows Server 2008 R2 update history [home page](<https://support.microsoft.com/help/4009469>).\n\n## **Improvements and fixes**\n\nThis security update includes improvements and fixes that were a part of update [KB5004289](<https://support.microsoft.com/help/5004289>) (released July 13, 2021) and addresses the following issues:\n\n * Changes the default privilege requirement for installing drivers when using Point and Print. After installing this update, you must have administrative privileges to install drivers. If you use Point and Print, see [KB5005652](<https://support.microsoft.com/topic/873642bf-2634-49c5-a23b-6d8e9a302872>), [Point and Print Default Behavior Change](<https://aka.ms/PointPrintMSRCBlog>), and [CVE-2021-34481](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-34481>) for more information.\n * Addresses an issue in which Smart Card Authentication (PIV) fails on non-RFC compliant printers and scanners requiring smartcard authentication. For more information, see [KB5005392](<https://support.microsoft.com/help/5005392>).\n * This update also contains miscellaneous security improvements to internal OS functionality.\nFor more information about the resolved security vulnerabilities, please refer to the new [Security Update Guide](<https://msrc.microsoft.com/update-guide>) website.\n\n## **Known issues in this update**\n\n**How to get this update****Symptom **| **Workaround ** \n---|--- \nAfter installing this update, the Encrypted File System (EFS) API **[OpenEncryptedFileRaw(A/W)](<https://docs.microsoft.com/en-us/windows/win32/api/winbase/nf-winbase-openencryptedfilerawa>)**, often used in backup software, will not work when you back up to or from a Windows Server 2008 SP2 device. **OpenEncryptedFileRaw** will continue to work on all other versions of Windows (local and remote).| This behavior is expected because we addressed the issue in [CVE-2021-36942](<https://portal.msrc.microsoft.com/security-guidance/advisory/CVE-2021-36942>).**Note** If you cannot use backup software on Windows 7 SP1 and Server 2008 R2 SP1 or later after installing this update, contact the manufacturer of your backup software for updates and support. \nAfter installing this update and restarting your device, you might receive the error, \"Failure to configure Windows updates. Reverting Changes. Do not turn off your computer\", and the update might show as **Failed** in **Update History**.| This is expected in the following circumstances:\n\n * If you are installing this update on a device that is running an edition that is not supported for ESU. For a complete list of which editions are supported, see [KB4497181](<https://support.microsoft.com/help/4497181>).\n * If you do not have an ESU MAK add-on key installed and activated.\nIf you have purchased an ESU key and have encountered this issue, please verify you have applied all prerequisites and that your key is activated. For information on activation, please see this [blog](<https://techcommunity.microsoft.com/t5/windows-it-pro-blog/obtaining-extended-security-updates-for-eligible-windows-devices/ba-p/1167091>) post. For information on the prerequisites, see the **How to get this update** section of this article. \nCertain operations, such as **rename**, that you perform on files or folders that are on a Cluster Shared Volume (CSV) may fail with the error, \"STATUS_BAD_IMPERSONATION_LEVEL (0xC00000A5)\". This occurs when you perform the operation on a CSV owner node from a process that doesn\u2019t have administrator privilege.| Do one of the following: \n\n * Perform the operation from a process that has administrator privilege.\n * Perform the operation from a node that doesn\u2019t have CSV ownership.\nMicrosoft is working on a resolution and will provide an update in an upcoming release. \n**Before installing this update****IMPORTANT** Customers who have purchased the Extended Security Update (ESU) for on-premises versions of these operating systems must follow the procedures in [KB4522133](<https://support.microsoft.com/help/4522133>) to continue receiving security updates after extended support ends. Extended support ends as follows:\n\n * For Windows 7 Service Pack 1 and Windows Server 2008 R2 Service Pack 1, extended support ends on January 14, 2020.\n * For Windows Embedded Standard 7, extended support ends on October 13, 2020.\nFor more information about ESU and which editions are supported, see [KB4497181](<https://support.microsoft.com/help/4497181>).**Note** For Windows Embedded Standard 7, Windows Management Instrumentation (WMI) must be enabled to get updates from Windows Update or Windows Server Update Services.**Prerequisite:**You must install the updates listed below and **restart your device** before installing the latest Rollup. Installing these updates improves the reliability of the update process and mitigates potential issues while installing the Rollup and applying Microsoft security fixes.\n\n 1. The March 12, 2019 servicing stack update (SSU) ([KB4490628](<https://support.microsoft.com/help/4490628>)). To get the standalone package for this SSU, search for it in the [Microsoft Update Catalog](<http://www.catalog.update.microsoft.com/home.aspx>). This update is required to install updates that are only SHA-2 signed.\n 2. The latest SHA-2 update ([KB4474419](<https://support.microsoft.com/help/4474419>)) released September 10, 2019. If you are using Windows Update, the latest SHA-2 update will be offered to you automatically. This update is required to install updates that are only SHA-2 signed. For more information on SHA-2 updates, see [2019 SHA-2 Code Signing Support requirement for Windows and WSUS](<https://support.microsoft.com/help/4472027>).\n 3. For Windows Thin PC, you must have the August 11, 2020 SSU ([KB4570673](<https://support.microsoft.com/help/4570673>)) or a later SSU installed to make sure you continue to get the extended security updates starting with the October 13, 2020 updates.\n 4. To get this security update, you must reinstall the \"Extended Security Updates (ESU) Licensing Preparation Package\" ([KB4538483](<https://support.microsoft.com/help/4538483>)) or the \"Update for the Extended Security Updates (ESU) Licensing Preparation Package\" ([KB4575903](<https://support.microsoft.com/help/4575903>)) even if you previously installed the ESU key. The ESU licensing preparation package will be offered to you from WSUS. To get the standalone package for ESU licensing preparation package, search for it in the [Microsoft Update Catalog](<http://www.catalog.update.microsoft.com/home.aspx>).\nAfter you install the items above, we strongly recommend that you install the latest SSU ([KB5004378](<https://support.microsoft.com/help/5004378>)). If you are using Windows Update, the latest SSU will be offered to you automatically if you are an ESU customer. To get the standalone package for the latest SSU, search for it in the [Microsoft Update Catalog](<http://www.catalog.update.microsoft.com/home.aspx>). For general information about SSUs, see [Servicing stack updates](<https://docs.microsoft.com/en-us/windows/deployment/update/servicing-stack-updates>) and [Servicing Stack Updates (SSU): Frequently Asked Questions](<https://support.microsoft.com/help/4535697>).**Install this update****Release Channel**| **Available**| **Next Step** \n---|---|--- \nWindows Update and Microsoft Update| Yes| None. This update will be downloaded and installed automatically from Windows Update if you are an ESU customer. \nMicrosoft Update Catalog| Yes| To get the standalone package for this update, go to the [Microsoft Update Catalog](<https://www.catalog.update.microsoft.com/Search.aspx?q=KB5005088>) website. \nWindows Server Update Services (WSUS)| Yes| This update will automatically sync with WSUS if you configure **Products and Classifications** as follows:**Product**: Windows 7 Service Pack 1, Windows Server 2008 R2 Service Pack 1, Windows Embedded Standard 7 Service Pack 1, Windows Embedded POSReady 7, Windows Thin PC**Classification**: Security Updates \n \n## **File information**\n\nFor a list of the files that are provided in this update, download the [file information for update 5005088](<https://download.microsoft.com/download/5/1/c/51cfa686-f644-4875-b76b-610d21809361/5005088.csv>).\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-08-10T07:00:00", "type": "mskb", "title": "August 10, 2021\u2014KB5005088 (Monthly Rollup)", "bulletinFamily": "microsoft", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-34481", "CVE-2021-36937", "CVE-2021-36942"], "modified": "2021-08-10T07:00:00", "id": "KB5005088", "href": "https://support.microsoft.com/en-us/help/5005088", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-05-19T10:52:20", "description": "None\n**Important: **Windows Server 2008 Service Pack 2 (SP2) has reached the end of mainstream support and is now in extended support. Starting in July 2020, there will no longer be optional, non-security releases (known as \"C\" releases) for this operating system. Operating systems in extended support have only cumulative monthly security updates (known as the \"B\" or Update Tuesday release). \n \nVerify that** **you have installed the required updates listed in the **How to get this update** section before installing this update. \n \nFor information about the various types of Windows updates, such as critical, security, driver, service packs, and so on, please see the following [article](<https://support.microsoft.com/help/824684>). To view other notes and messages, see the Windows Server 2008 Service Pack 2 update history [home page](<https://support.microsoft.com/help/4343218>).\n\n## **Improvements and fixes**\n\nThis security update includes improvements and fixes that were a part of update [KB5004305](<https://support.microsoft.com/help/5004305>) (released July 13, 2021) and addresses the following issues:\n\n * Changes the default privilege requirement for installing drivers when using Point and Print. After installing this update, you must have administrative privileges to install drivers. If you use Point and Print, see [KB5005652](<https://support.microsoft.com/topic/873642bf-2634-49c5-a23b-6d8e9a302872>), [Point and Print Default Behavior Change](<https://aka.ms/PointPrintMSRCBlog>), and [CVE-2021-34481](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-34481>) for more information.\n * Addresses an issue in which Smart Card Authentication (PIV) fails on non-RFC compliant printers and scanners requiring smartcard authentication. For more information, see [KB5005390.](<https://support.microsoft.com/help/5005390>)\n * This update also contains miscellaneous security improvements to internal OS functionality.\nFor more information about the resolved security vulnerabilities, please refer to the new [Security Update Guide](<https://msrc.microsoft.com/update-guide>) website.\n\n## **Known issues in this update**\n\n**Symptom**| **Workaround** \n---|--- \nAfter installing this update, the Encrypted File System (EFS) API **[OpenEncryptedFileRaw(A/W)](<https://docs.microsoft.com/en-us/windows/win32/api/winbase/nf-winbase-openencryptedfilerawa>)**, often used in backup software, will not work when you back up to or from a Windows Server 2008 SP2 device. **OpenEncryptedFileRaw** will continue to work on all other versions of Windows (local and remote).| This behavior is expected because we addressed the issue in [CVE-2021-36942](<https://portal.msrc.microsoft.com/security-guidance/advisory/CVE-2021-36942>).**Note** If you cannot use backup software on Windows 7 SP1 and Server 2008 R2 SP1 or later after installing this update, contact the manufacturer of your backup software for updates and support. \nAfter installing this update and restarting your device, you might receive the error, \u201cFailure to configure Windows updates. Reverting Changes. Do not turn off your computer\u201d, and the update might show as **Failed** in **Update History**.| This is expected in the following circumstances:\n\n * If you are installing this update on a device that is running an edition that is not supported for ESU. For a complete list of which editions are supported, see [KB4497181](<https://support.microsoft.com/help/4497181>).\n * If you do not have an ESU MAK add-on key installed and activated.\nIf you have purchased an ESU key and have encountered this issue, please verify you have applied all prerequisites and that your key is activated. For information on activation, please see this [blog](<https://aka.ms/Windows7ESU>) post. For information on the prerequisites, see the \"How to get this update\" section of this article. \nCertain operations, such as **rename**, that you perform on files or folders that are on a Cluster Shared Volume (CSV) may fail with the error, \u201cSTATUS_BAD_IMPERSONATION_LEVEL (0xC00000A5)\u201d. This occurs when you perform the operation on a CSV owner node from a process that doesn\u2019t have administrator privilege.| Do one of the following:\n\n * Perform the operation from a process that has administrator privilege.\n * Perform the operation from a node that doesn\u2019t have CSV ownership.\nMicrosoft is working on a resolution and will provide an update in an upcoming release. \n \n## **How to get this update**\n\n**Before installing this update****IMPORTANT** Customers who have purchased the Extended Security Update (ESU) for on-premises versions of these operating systems must follow the procedures in [KB4522133](<https://support.microsoft.com/help/4522133>) to continue receiving security updates after extended support ends on January 14, 2020.For more information about ESU and which editions are supported, see [KB4497181](<https://support.microsoft.com/help/4497181>).**Prerequisite:**You must install the updates listed below and **restart your device** before installing the latest Rollup. Installing these updates improves the reliability of the update process and mitigates potential issues while installing the Rollup and applying Microsoft security fixes.\n\n 1. The April 9, 2019 servicing stack update (SSU) ([KB4493730](<https://support.microsoft.com/help/4493730>)). To get the standalone package for this SSU, search for it in the [Microsoft Update Catalog](<http://www.catalog.update.microsoft.com/home.aspx>). This update is required to install updates that are only SHA-2 signed.\n 2. The latest SHA-2 update ([KB4474419](<https://support.microsoft.com/help/4474419>)) released October 8, 2019. If you are using Windows Update, the latest SHA-2 update will be offered to you automatically. This update is required to install updates that are only SHA-2 signed. For more information on SHA-2 updates, see [2019 SHA-2 Code Signing Support requirement for Windows and WSUS](<https://support.microsoft.com/help/4472027>).\n 3. The Extended Security Updates (ESU) Licensing Preparation Package ([KB4538484](<https://support.microsoft.com/help/4538484>)) or the Update for the Extended Security Updates (ESU) Licensing Preparation Package ([KB4575904](<https://support.microsoft.com/help/4575904>)). The ESU licensing preparation package will be offered to you from WSUS. To get the standalone package for ESU licensing preparation package, search for it in the [Microsoft Update Catalog](<http://www.catalog.update.microsoft.com/home.aspx>).\nAfter installing the items above, Microsoft strongly recommends that you install the latest SSU ([KB4580971](<https://support.microsoft.com/help/4580971>)). If you are using Windows Update, the latest SSU will be offered to you automatically if you are an ESU customer. To get the standalone package for the latest SSU, search for it in the [Microsoft Update Catalog](<http://www.catalog.update.microsoft.com/home.aspx>). For general information about SSUs, see [Servicing stack updates](<https://docs.microsoft.com/en-us/windows/deployment/update/servicing-stack-updates>) and [Servicing Stack Updates (SSU): Frequently Asked Questions](<https://support.microsoft.com/help/4535697>).**Install this update****Release Channel**| **Available**| **Next Step** \n---|---|--- \nWindows Update and Microsoft Update| Yes| None. This update will be downloaded and installed automatically from Windows Update if you are an ESU customer. \nMicrosoft Update Catalog| Yes| To get the standalone package for this update, go to the [Microsoft Update Catalog](<https://www.catalog.update.microsoft.com/Search.aspx?q=KB5005090>) website. \nWindows Server Update Services (WSUS)| Yes| This update will automatically sync with WSUS if you configure **Products and Classifications** as follows:**Product**: Windows Server 2008 Service Pack 2**Classification**: Security Updates \n \n## **File information**\n\nFor a list of the files that are provided in this update, download the [file information for update 5005090](<https://download.microsoft.com/download/3/e/d/3ed5bcad-9cd8-4084-860a-0eeff78ed341/5005090.csv>).\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-08-10T07:00:00", "type": "mskb", "title": "August 10, 2021\u2014KB5005090 (Monthly Rollup)", "bulletinFamily": "microsoft", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-34481", "CVE-2021-36937", "CVE-2021-36942"], "modified": "2021-08-10T07:00:00", "id": "KB5005090", "href": "https://support.microsoft.com/en-us/help/5005090", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-05-19T10:52:21", "description": "None\n**Important: **Windows 8.1 and Windows Server 2012 R2 have reached the end of mainstream support and are now in extended support. Starting in July 2020, there will no longer be optional, non-security releases (known as \"C\" releases) for this operating system. Operating systems in extended support have only cumulative monthly security updates (known as the \"B\" or Update Tuesday release). \n \nFor information about the various types of Windows updates, such as critical, security, driver, service packs, and so on, please see the following [article](<https://support.microsoft.com/help/824684>). To view other notes and messages, see the Windows 8.1 and Windows Server 2012 R2 update history [home page](<https://support.microsoft.com/help/4009470>).\n\n## **Improvements and fixes**\n\nThis security update includes quality improvements. Key changes include:\n\n * Changes the default privilege requirement for installing drivers when using Point and Print. After installing this update, you must have administrative privileges to install drivers. If you use Point and Print, see [KB5005652](<https://support.microsoft.com/topic/873642bf-2634-49c5-a23b-6d8e9a302872>), [Point and Print Default Behavior Change](<https://aka.ms/PointPrintMSRCBlog>), and [CVE-2021-34481](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-34481>) for more information.\n * Addresses an issue in which Smart Card Authentication (PIV) fails on non-RFC compliant printers and scanners requiring smartcard authentication. For more information, see [KB5005391](<https://support.microsoft.com/help/5005391>)\n * This update also contains miscellaneous security improvements to internal OS functionality.\nFor more information about the resolved security vulnerabilities, please refer to the new [Security Update Guide](<https://msrc.microsoft.com/update-guide>) website.\n\n## **Known issues in this update**\n\n**Symptom**| **Workaround** \n---|--- \nAfter installing this update, the Encrypted File System (EFS) API **[OpenEncryptedFileRaw(A/W)](<https://docs.microsoft.com/en-us/windows/win32/api/winbase/nf-winbase-openencryptedfilerawa>)**, often used in backup software, will not work when you back up to or from a Windows Server 2008 SP2 device. **OpenEncryptedFileRaw** will continue to work on all other versions of Windows (local and remote).| This behavior is expected because we addressed the issue in [CVE-2021-36942](<https://portal.msrc.microsoft.com/security-guidance/advisory/CVE-2021-36942>).**Note** If you cannot use backup software on Windows 7 SP1 and Server 2008 R2 SP1 or later after installing this update, contact the manufacturer of your backup software for updates and support. \nCertain operations, such as **rename**, that you perform on files or folders that are on a Cluster Shared Volume (CSV) may fail with the error, \u201cSTATUS_BAD_IMPERSONATION_LEVEL (0xC00000A5)\u201d. This occurs when you perform the operation on a CSV owner node from a process that doesn\u2019t have administrator privilege.| Do one of the following:\n\n * Perform the operation from a process that has administrator privilege.\n * Perform the operation from a node that doesn\u2019t have CSV ownership.\nMicrosoft is working on a resolution and will provide an update in an upcoming release. \n \n## **How to get this update**\n\n**Before installing this update**We strongly recommend that you install the latest servicing stack update (SSU) for your operating system before you install the latest Rollup. SSUs improve the reliability of the update process to mitigate potential issues while installing the Rollup and applying Microsoft security fixes. For general information about SSUs, see [Servicing stack updates](<https://docs.microsoft.com/en-us/windows/deployment/update/servicing-stack-updates>) and [Servicing Stack Updates (SSU): Frequently Asked Questions](<https://support.microsoft.com/help/4535697>).If you use Windows Update, the latest SSU ([KB5001403](<https://support.microsoft.com/help/5001403>)) will be offered to you automatically. To get the standalone package for the latest SSU, search for it in the [Microsoft Update Catalog](<http://www.catalog.update.microsoft.com/home.aspx>). **REMINDER** If you are using Security-only updates, you will also need to install all previous Security-only updates and the latest cumulative update for Internet Explorer ([KB5005036](<https://support.microsoft.com/help/5005036>)).**Install this update****Release Channel**| **Available**| **Next Step** \n---|---|--- \nWindows Update and Microsoft Update| No| See the other options below. \nMicrosoft Update Catalog| Yes| To get the standalone package for this update, go to the [Microsoft Update Catalog](<https://www.catalog.update.microsoft.com/Search.aspx?q=KB5005106>) website. \nWindows Server Update Services (WSUS)| Yes| This update will automatically sync with WSUS if you configure **Products and Classifications** as follows:**Product**: Windows 8.1, Windows Server 2012 R2, Windows Embedded 8.1 Industry Enterprise, Windows Embedded 8.1 Industry Pro**Classification**: Security Update \n \n## **File information**\n\nFor a list of the files that are provided in this update, download the [file information for update 5005106](<https://download.microsoft.com/download/b/d/a/bda94068-ca0a-4edd-825a-7874cd775e75/5005106.csv>). \n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-08-10T07:00:00", "type": "mskb", "title": "August 10, 2021\u2014KB5005106 (Security-only update)", "bulletinFamily": "microsoft", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-34481", "CVE-2021-36937", "CVE-2021-36942"], "modified": "2021-08-10T07:00:00", "id": "KB5005106", "href": "https://support.microsoft.com/en-us/help/5005106", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-05-19T10:52:17", "description": "None\n**6/15/21 \nIMPORTANT **This release includes the Flash Removal Package. Taking this update will remove Adobe Flash from the machine. For more information, see the [Update on Adobe Flash Player End of Support](<https://blogs.windows.com/msedgedev/2020/09/04/update-adobe-flash-end-support/>).\n\n**11/19/20** \nFor information about Windows update terminology, see the article about the [types of Windows updates](<https://docs.microsoft.com/en-us/troubleshoot/windows-client/deployment/standard-terminology-software-updates>) and the [monthly quality update types](<https://techcommunity.microsoft.com/t5/windows-it-pro-blog/windows-quality-updates-primer/ba-p/2569385>). To view other notes and messages, see the Windows 10, version 1909 update history home page. **Note **Follow [@WindowsUpdate](<https://twitter.com/windowsupdate>) to find out when new content is published to the release information dashboard.\n\n## Highlights\n\n * Updates the default installation privilege requirement so that you must be an administrator to install drivers when using [Point and Print](<https://docs.microsoft.com/en-us/windows-hardware/drivers/print/introduction-to-point-and-print>). \n\n## Improvements and fixes\n\nThis security update includes quality improvements. Key changes include:\n\n * Changes the default privilege requirement for installing drivers when using Point and Print. After installing this update, you must have administrative privileges to install drivers. If you use Point and Print, see [KB5005652](<https://support.microsoft.com/topic/873642bf-2634-49c5-a23b-6d8e9a302872>), [Point and Print Default Behavior Change](<https://aka.ms/PointPrintMSRCBlog>), and [CVE-2021-34481](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-34481>) for more information. \nIf you installed earlier updates, only the new fixes contained in this package will be downloaded and installed on your device.For more information about the resolved security vulnerabilities, please refer to the new [Security Update Guide](<https://msrc.microsoft.com/update-guide>) website.\n\n**Windows Update Improvements**Microsoft has released an update directly to the Windows Update client to improve reliability. Any device running Windows 10 configured to receive updates automatically from Windows Update, including Enterprise and Pro editions, will be offered the latest Windows 10 feature update based on device compatibility and Windows Update for Business deferral policy. This doesn't apply to long-term servicing editions.\n\n## Known issues in this update\n\n**Symptom**| **Workaround** \n---|--- \nAfter installing this update, the Encrypted File System (EFS) API [OpenEncryptedFileRaw(A/W)](<https://docs.microsoft.com/en-us/windows/win32/api/winbase/nf-winbase-openencryptedfilerawa>), often used in backup software, will not work when you back up to or from a Windows Server 2008 SP2 device. OpenEncryptedFileRaw will continue to work on all other versions of Windows (local and remote).| This behavior is expected because we addressed the issue in CVE-2021-36942.**Note** If you cannot use backup software on Windows 7 SP1 and Server 2008 R2 SP1 or later after installing this update, contact the manufacturer of your backup software for updates and support. \n \n## How to get this update\n\n**Before installing this update**Prerequisite:You **must **install the July 13, 2021 servicing stack update (SSU) (KB5004748) or the latest SSU (KB5005412) before installing the latest cumulative update (LCU). SSUs improve the reliability of the update process to mitigate potential issues while installing the LCU and applying Microsoft security fixes. For general information about SSUs, see [Servicing stack updates](<https://docs.microsoft.com/en-us/windows/deployment/update/servicing-stack-updates>) and Servicing Stack Updates (SSU): Frequently Asked Questions.If you are using Windows Update, the latest SSU will be offered to you automatically. To get the standalone package for the latest SSU, search for it in the [Microsoft Update Catalog](<https://www.catalog.update.microsoft.com/home.aspx>).**Install this update****Release Channel**| **Available**| **Next Step** \n---|---|--- \nWindows Update and Microsoft Update| Yes| None. This update will be downloaded and installed automatically from Windows Update. \nWindows Update for Business| Yes| None. This update will be downloaded and installed automatically from Windows Update in accordance with configured policies. \nMicrosoft Update Catalog| Yes| To get the standalone package for this update, go to the [Microsoft Update Catalog](<https://www.catalog.update.microsoft.com/Search.aspx?q=KB5005031>) website. \nWindows Server Update Services (WSUS)| Yes| This update will automatically sync with WSUS if you configure **Products and Classifications** as follows:**Product**: Windows 10, version 1903 and later**Classification**: Security Updates \n**File information**For a list of the files that are provided in this update, download the [file information for cumulative update 5005031](<https://download.microsoft.com/download/5/9/0/5901bffe-66e8-4289-9077-b87ae1af9813/5005031.csv>). \n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-08-10T07:00:00", "type": "mskb", "title": "August 10, 2021\u2014KB5005031 (OS Build 18363.1734)", "bulletinFamily": "microsoft", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-34481", "CVE-2021-36942", "CVE-2021-36948"], "modified": "2021-08-10T07:00:00", "id": "KB5005031", "href": "https://support.microsoft.com/en-us/help/5005031", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-05-19T10:52:17", "description": "None\n**6/15/21 \nIMPORTANT **This release includes the Flash Removal Package. Taking this update will remove Adobe Flash from the machine. For more information, see the [Update on Adobe Flash Player End of Support](<https://blogs.windows.com/msedgedev/2020/09/04/update-adobe-flash-end-support/>).\n\n**11/17/20**For information about Windows update terminology, see the article about the [types of Windows updates](<https://docs.microsoft.com/en-us/troubleshoot/windows-client/deployment/standard-terminology-software-updates>) and the [monthly quality update types](<https://techcommunity.microsoft.com/t5/windows-it-pro-blog/windows-quality-updates-primer/ba-p/2569385>). To view other notes and messages, see the Windows 10, version 2004 update history [home page](<https://support.microsoft.com/en-us/help/4555932>). **Note **Follow [@WindowsUpdate](<https://twitter.com/windowsupdate>) to find out when new content is published to the release information dashboard.\n\n## Highlights\n\n * Updates the default installation privilege requirement so that you must be an administrator to install drivers when using [Point and Print](<https://docs.microsoft.com/en-us/windows-hardware/drivers/print/introduction-to-point-and-print>). \n\n## Improvements and fixes\n\n**Note **To view the list of addressed issues, click or tap the OS name to expand the collapsible section.\n\n### \n\n__\n\nWindows 10, version 21H1\n\nThis security update includes quality improvements. Key changes include:\n\n * This build includes all the improvements from Windows 10, version 2004.\n * No additional issues were documented for this release.\n\n### \n\n__\n\nWindows 10, version 20H2\n\nThis security update includes quality improvements. Key changes include:\n\n * This build includes all the improvements from Windows 10, version 2004.\n * No additional issues were documented for this release.\n\n### \n\n__\n\nWindows 10, version 2004\n\n**Note: **This release also contains updates for Microsoft HoloLens (OS Build 19041.1159) released August 10, 2021. Microsoft will release an update directly to the Windows Update Client to improve Windows Update reliability on Microsoft HoloLens that have not updated to this most recent OS Build.\n\nThis security update includes quality improvements. Key changes include:\n\n * Changes the default privilege requirement for installing drivers when using Point and Print. After installing this update, you must have administrative privileges to install drivers. If you use Point and Print, see [KB5005652](<https://support.microsoft.com/topic/873642bf-2634-49c5-a23b-6d8e9a302872>), [Point and Print Default Behavior Change](<https://aka.ms/PointPrintMSRCBlog>), and [CVE-2021-34481](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-34481>) for more information.\nIf you installed earlier updates, only the new fixes contained in this package will be downloaded and installed on your device.For more information about the resolved security vulnerabilities, please refer to the new [Security Update Guide](<https://msrc.microsoft.com/update-guide>) website.\n\n**Windows Update Improvements**Microsoft has released an update directly to the Windows Update client to improve reliability. Any device running Windows 10 configured to receive updates automatically from Windows Update, including Enterprise and Pro editions, will be offered the latest Windows 10 feature update based on device compatibility and Windows Update for Business deferral policy. This doesn't apply to long-term servicing editions.\n\n### Windows 10 servicing stack update - 19041.1161, 19042.1161, and 19043.1161\n\n * This update makes quality improvements to the servicing stack, which is the component that installs Windows updates. Servicing stack updates (SSU) ensure that you have a robust and reliable servicing stack so that your devices can receive and install Microsoft updates.\n\n## Known issues in this update\n\n### \n\n__\n\nClick or tap to view the known issues\n\n**Symptom**| **Workaround** \n---|--- \nWhen using the Microsoft Japanese Input Method Editor (IME) to enter Kanji characters in an app that automatically allows the input of Furigana characters, you might not get the correct Furigana characters. You might need to enter the Furigana characters manually.**Note **The affected apps are using the **ImmGetCompositionString()** function.| This issue is resolved in KB5005101. \nDevices with Windows installations created from custom offline media or custom ISO image might have [Microsoft Edge Legacy](<https://support.microsoft.com/en-us/microsoft-edge/what-is-microsoft-edge-legacy-3e779e55-4c55-08e6-ecc8-2333768c0fb0>) removed by this update, but not automatically replaced by the new Microsoft Edge. This issue is only encountered when custom offline media or ISO images are created by slipstreaming this update into the image without having first installed the standalone servicing stack update (SSU) released March 29, 2021 or later.**Note **Devices that connect directly to Windows Update to receive updates are not affected. This includes devices using Windows Update for Business. Any device connecting to Windows Update should always receive the latest versions of the SSU and latest cumulative update (LCU) without any extra steps. | To avoid this issue, be sure to first slipstream the SSU released March 29, 2021 or later into the custom offline media or ISO image before slipstreaming the LCU. To do this with the combined SSU and LCU packages now used for Windows 10, version 20H2 and Windows 10, version 2004, you will need to extract the SSU from the combined package. Use the following steps to extract the SSU:\n\n 1. Extract the cab from the msu via this command line (using the package for KB5000842 as an example): **expand Windows10.0-KB5000842-x64.msu /f:Windows10.0-KB5000842-x64.cab <destination path>**\n 2. Extract the SSU from the previously extracted cab via this command line: **expand Windows10.0-KB5000842-x64.cab /f:* <destination path>**\n 3. You will then have the SSU cab, in this example named **SSU-19041.903-x64.cab**. Slipstream this file into your offline image first, then the LCU.\nIf you have already encountered this issue by installing the OS using affected custom media, you can mitigate it by directly installing the [new Microsoft Edge](<https://www.microsoft.com/edge>). If you need to broadly deploy the new Microsoft Edge for business, see [Download and deploy Microsoft Edge for business](<https://www.microsoft.com/edge/business/download>). \nAfter installing the June 21, 2021 (KB5003690) update, some devices cannot install new updates, such as the July 6, 2021 (KB5004945) or later updates. You will receive the error message, \"PSFX_E_MATCHING_BINARY_MISSING\".| For more information and a workaround, see KB5005322. \nAfter installing this update, the Encrypted File System (EFS) API [OpenEncryptedFileRaw(A/W)](<https://docs.microsoft.com/en-us/windows/win32/api/winbase/nf-winbase-openencryptedfilerawa>), often used in backup software, will not work when you back up to or from a Windows Server 2008 SP2 device. OpenEncryptedFileRaw will continue to work on all other versions of Windows (local and remote).| This behavior is expected because we addressed the issue in CVE-2021-36942.**Note** If you cannot use backup software on Windows 7 SP1 and Server 2008 R2 SP1 or later after installing this update, contact the manufacturer of your backup software for updates and support. \n \n## How to get this update\n\n**Before installing this update**Microsoft now combines the latest servicing stack update (SSU) for your operating system with the latest cumulative update (LCU). For general information about SSUs, see [Servicing stack updates](<https://docs.microsoft.com/en-us/windows/deployment/update/servicing-stack-updates>) and Servicing Stack Updates (SSU): Frequently Asked Questions.Prerequisite:For Windows Server Update Services (WSUS) deployment or when installing the standalone package from Microsoft Update Catalog:If your devices do not have the May 11, 2021 update (KB5003173) or later LCU, you **must **install the special standalone August 10, 2021 SSU (KB5005260).**Install this update****Release Channel**| **Available**| **Next Step** \n---|---|--- \nWindows Update and Microsoft Update| Yes| None. This update will be downloaded and installed automatically from Windows Update. \nWindows Update for Business| Yes| None. This update will be downloaded and installed automatically from Windows Update in accordance with configured policies. \nMicrosoft Update Catalog| Yes| To get the standalone package for this update, go to the [Microsoft Update Catalog](<https://www.catalog.update.microsoft.com/Search.aspx?q=KB5005033>) website. \nWindows Server Update Services (WSUS)| Yes| This update will automatically sync with WSUS if you configure **Products and Classifications** as follows:**Product**: Windows 10, version 1903 and later**Classification**: Security Updates \n \n**If you want to remove the LCU**To remove the LCU after installing the combined SSU and LCU package, use the [DISM/Remove-Package](<https://docs.microsoft.com/en-us/windows-hardware/manufacture/desktop/dism-operating-system-package-servicing-command-line-options>) command line option with the LCU package name as the argument. You can find the package name by using this command: **DISM /online /get-packages**.Running [Windows Update Standalone Installer](<https://support.microsoft.com/en-us/topic/description-of-the-windows-update-standalone-installer-in-windows-799ba3df-ec7e-b05e-ee13-1cdae8f23b19>) (**wusa.exe**) with the **/uninstall **switch on the combined package will not work because the combined package contains the SSU. You cannot remove the SSU from the system after installation.\n\n**File information**For a list of the files that are provided in this update, download the [file information for cumulative update 5005033](<https://download.microsoft.com/download/1/e/e/1eeb7268-cb6a-4865-a98b-9c51f0ec7beb/5005033.csv>). For a list of the files that are provided in the servicing stack update, download the [file information for the SSU - version 19041.1161, 19042.1161, and 19043.1161](<https://download.microsoft.com/download/f/7/4/f74513f3-7838-4538-89f5-8be86d571826/SSU_version_19041_1161.csv>). \n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-08-10T07:00:00", "type": "mskb", "title": "August 10, 2021\u2014KB5005033 (OS Builds 19041.1165, 19042.1165, and 19043.1165)", "bulletinFamily": "microsoft", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-34481", "CVE-2021-36942", "CVE-2021-36948"], "modified": "2021-08-10T07:00:00", "id": "KB5005033", "href": "https://support.microsoft.com/en-us/help/5005033", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-05-19T10:52:17", "description": "None\n**6/15/21 \nIMPORTANT **This release includes the Flash Removal Package. Taking this update will remove Adobe Flash from the machine. For more information, see the [Update on Adobe Flash Player End of Support](<https://blogs.windows.com/msedgedev/2020/09/04/update-adobe-flash-end-support/>).\n\n**11/17/20** \nFor information about Windows update terminology, see the article about the [types of Windows updates](<https://docs.microsoft.com/en-us/troubleshoot/windows-client/deployment/standard-terminology-software-updates>) and the [monthly quality update types](<https://techcommunity.microsoft.com/t5/windows-it-pro-blog/windows-quality-updates-primer/ba-p/2569385>). To view other notes and messages, see the Windows 10, version 1809 update history home page.\n\n**Note **This release also contains updates for Microsoft HoloLens (OS Build 17763.2114) released August 10, 2021. Microsoft will release an update directly to the Windows Update Client to improve Windows Update reliability on Microsoft HoloLens that have not updated to this most recent OS Build.\n\n## Highlights\n\n * Updates the default installation privilege requirement so that you must be an administrator to install drivers when using [Point and Print](<https://docs.microsoft.com/en-us/windows-hardware/drivers/print/introduction-to-point-and-print>). \n\n## Improvements and fixes\n\nThis security update includes quality improvements. Key changes include:\n\n * Changes the default privilege requirement for installing drivers when using Point and Print. After installing this update, you must have administrative privileges to install drivers. If you use Point and Print, see [KB5005652](<https://support.microsoft.com/topic/873642bf-2634-49c5-a23b-6d8e9a302872>), [Point and Print Default Behavior Change](<https://aka.ms/PointPrintMSRCBlog>), and [CVE-2021-34481](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-34481>) for more information.\nIf you installed earlier updates, only the new fixes contained in this package will be downloaded and installed on your device.For more information about the resolved security vulnerabilities, please refer to the new [Security Update Guide](<https://msrc.microsoft.com/update-guide>) website.\n\n**Windows Update Improvements**Microsoft has released an update directly to the Windows Update client to improve reliability. Any device running Windows 10 configured to receive updates automatically from Windows Update, including Enterprise and Pro editions, will be offered the latest Windows 10 feature update based on device compatibility and Windows Update for Business deferral policy. This doesn't apply to long-term servicing editions.\n\n## Known issues in this update\n\n### \n\n__\n\nClick or tap to view the known issues\n\n**Symptom**| **Workaround** \n---|--- \nAfter installing KB4493509, devices with some Asian language packs installed may receive the error, \"0x800f0982 - PSFX_E_MATCHING_COMPONENT_NOT_FOUND.\"| This issue is addressed by updates released June 11, 2019 and later. We recommend you install the latest security updates for your device. Customers installing Windows Server 2019 using media should install the latest [Servicing Stack Update (SSU)](<https://docs.microsoft.com/windows/deployment/update/servicing-stack-updates>) before installing the language pack or other optional components. If using the [Volume Licensing Service Center (VLSC)](<https://www.microsoft.com/licensing/servicecenter/default.aspx>), acquire the latest Windows Server 2019 media available. The proper order of installation is as follows:\n\n 1. Install the latest prerequisite SSU, currently [KB5005112](<https://support.microsoft.com/help/5005112>)\n 2. Install optional components or language packs\n 3. Install latest cumulative update\n**Note** Updating your device will prevent this issue, but will have no effect on devices already affected by this issue. If this issue is present in your device, you will need to use the workaround steps to repair it.**Workaround:**\n\n 1. Uninstall and reinstall any recently added language packs. For instructions, see [Manage the input and display language settings in Windows 10](<https://support.microsoft.com/windows/manage-the-input-and-display-language-settings-in-windows-12a10cb4-8626-9b77-0ccb-5013e0c7c7a2>).\n 2. Click **Check for Updates **and install the April 2019 Cumulative Update or later. For instructions, see [Update Windows 10](<https://support.microsoft.com/windows/update-windows-3c5ae7fc-9fb6-9af1-1984-b5e0412c556a>).\n**Note **If reinstalling the language pack does not mitigate the issue, use the In-Place-Upgrade feature. For guidance, see [How to do an in-place upgrade on Windows](<https://docs.microsoft.com/troubleshoot/windows-server/deployment/repair-or-in-place-upgrade>), and [Perform an in-place upgrade of Windows Server](<https://docs.microsoft.com/windows-server/get-started/perform-in-place-upgrade>). \nAfter installing KB5001342 or later, the Cluster Service might fail to start because a Cluster Network Driver is not found.| This issue occurs because of an update to the PnP class drivers used by this service. After about 20 minutes, you should be able to restart your device and not encounter this issue. \nFor more information about the specific errors, cause, and workaround for this issue, please see KB5003571. \nAfter installing this update, the Encrypted File System (EFS) API [OpenEncryptedFileRaw(A/W)](<https://docs.microsoft.com/en-us/windows/win32/api/winbase/nf-winbase-openencryptedfilerawa>), often used in backup software, will not work when you back up to or from a Windows Server 2008 SP2 device. OpenEncryptedFileRaw will continue to work on all other versions of Windows (local and remote).| This behavior is expected because we addressed the issue in CVE-2021-36942.**Note** If you cannot use backup software on Windows 7 SP1 and Server 2008 R2 SP1 or later after installing this update, contact the manufacturer of your backup software for updates and support. \nAfter installing updates released April 22, 2021 or later, an issue occurs that affects versions of Windows Server that are in use as a Key Management Services (KMS) host. Client devices running Windows 10 Enterprise LTSC 2019 and Windows 10 Enterprise LTSC 2016 might fail to activate. This issue only occurs when using a new Customer Support Volume License Key (CSVLK). **Note** This does not affect activation of any other version or edition of Windows. Client devices that are attempting to activate and are affected by this issue might receive the error, \"Error: 0xC004F074. The Software Licensing Service reported that the computer could not be activated. No Key Management Service (KMS) could be contacted. Please see the Application Event Log for additional information.\"Event Log entries related to activation are another way to tell that you might be affected by this issue. Open **Event Viewer **on the client device that failed activation and go to **Windows Logs **> **Application**. If you see only event ID 12288 without a corresponding event ID 12289, this means one of the following:\n\n * The KMS client could not reach the KMS host.\n * The KMS host did not respond.\n * The client did not receive the response.\nFor more information on these event IDs, see [Useful KMS client events - Event ID 12288 and Event ID 12289](<https://docs.microsoft.com/windows-server/get-started/activation-troubleshoot-kms-general#event-id-12288-and-event-id-12289>).| This issue is resolved in KB5009616. \n \n## How to get this update\n\n**Before installing this update**Prerequisite:You **must **install the May 11, 2021 servicing stack update (SSU) (KB5003243) or the latest SSU (KB5005112) before installing the latest cumulative update (LCU). SSUs improve the reliability of the update process to mitigate potential issues while installing the LCU and applying Microsoft security fixes. For general information about SSUs, see [Servicing stack updates](<https://docs.microsoft.com/en-us/windows/deployment/update/servicing-stack-updates>) and Servicing Stack Updates (SSU): Frequently Asked Questions.If you are using Windows Update, the latest SSU will be offered to you automatically. To get the standalone package for the latest SSU, search for it in the [Microsoft Update Catalog](<http://www.catalog.update.microsoft.com/home.aspx>).**Install this update****Release Channel**| **Available**| **Next Step** \n---|---|--- \nWindows Update and Microsoft Update| Yes| None. This update will be downloaded and installed automatically from Windows Update. \nWindows Update for Business| Yes| None. This update will be downloaded and installed automatically from Windows Update in accordance with configured policies. \nMicrosoft Update Catalog| Yes| To get the standalone package for this update, go to the [Microsoft Update Catalog](<https://www.catalog.update.microsoft.com/Search.aspx?q=KB5005030>) website. \nWindows Server Update Services (WSUS)| Yes| This update will automatically sync with WSUS if you configure **Products and Classifications** as follows:**Product**: Windows 10**Classification**: Security Updates \n**File information**For a list of the files that are provided in this update, download the [file information for cumulative update 5005030](<https://download.microsoft.com/download/3/f/c/3fc996a5-7267-4a7c-9a5b-83ade06204dc/5005030.csv>).\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-08-10T07:00:00", "type": "mskb", "title": "August 10, 2021\u2014KB5005030 (OS Build 17763.2114)", "bulletinFamily": "microsoft", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-34481", "CVE-2021-36942", "CVE-2021-36948"], "modified": "2021-08-10T07:00:00", "id": "KB5005030", "href": "https://support.microsoft.com/en-us/help/5005030", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "googleprojectzero": [{"lastseen": "2023-05-28T02:00:31", "description": "Posted by Ivan Fratric, Project Zero\n\ntl;dr I combined [Fuzzilli](<https://github.com/googleprojectzero/fuzzilli>) (an open-source JavaScript engine fuzzer), with [TinyInst](<https://github.com/googleprojectzero/TinyInst>) (an open-source dynamic instrumentation library for fuzzing). I also added grammar-based mutation support to [Jackalope](<https://github.com/googleprojectzero/Jackalope>) (my black-box binary fuzzer). So far, these two approaches resulted in finding three security issues in jscript9.dll (default JavaScript engine used by Internet Explorer).\n\n# Introduction or \u201cwhen you can\u2019t beat them, join them\u201d\n\nIn the past, I\u2019ve invested a lot of time in generation-based fuzzing, which was a successful way to find vulnerabilities in various targets, especially those that take some form of language as input. For example, Domato, my grammar-based generational fuzzer, found [over 40 vulnerabilities in WebKit](<https://bugs.chromium.org/p/project-zero/issues/list?q=ifratric%20webkit&can=1>) and [numerous bugs in Jscript](<https://bugs.chromium.org/p/project-zero/issues/list?q=ifratric%20jscript&can=1>).\n\nWhile generation-based fuzzing is still a good way to fuzz many complex targets, it was demonstrated that, for finding vulnerabilities in modern JavaScript engines, especially engines with JIT compilers, better results can be achieved with mutational, coverage-guided approaches. My colleague Samuel Gro\u00df gives a compelling case on why that is in his [OffensiveCon talk](<https://www.youtube.com/watch?v=OHjq9Y66yfc>). Samuel is also the author of [Fuzzilli](<https://github.com/googleprojectzero/fuzzilli>), an open-source JavaScript engine fuzzer based on mutating a custom intermediate language. Fuzzilli has found a large number of bugs in various JavaScript engines.\n\nWhile there has been a lot of development on coverage-guided fuzzers over the last few years, most of the public tooling focuses on open-source targets or software running on the Linux operating system. Meanwhile, I focused on developing tooling for fuzzing of closed-source binaries on operating systems where such software is more prevalent (currently Windows and macOS). Some years back, I published [WinAFL](<https://github.com/googleprojectzero/winafl>), the first performant AFL-based fuzzer for Windows. About a year and a half ago, however, I started working on a brand new toolset for black-box coverage-guided fuzzing. [TinyInst](<https://github.com/googleprojectzero/TinyInst>) and [Jackalope](<https://github.com/googleprojectzero/Jackalope>) are the two outcomes of this effort.\n\nIt comes somewhat naturally to combine the tooling I\u2019ve been working on with techniques that have been so successful in finding JavaScript bugs, and try to use the resulting tooling to fuzz JavaScript engines for which the source code is not available. Of such engines, I know two: jscript and jscript9 (implemented in jscript.dll and jscript9.dll) on Windows, which are both used by the Internet Explorer web browser. Of these two, jscript9 is probably more interesting in the context of mutational coverage-guided fuzzing since it includes a JIT compiler and more advanced engine features.\n\nWhile you might think that Internet Explorer is a [thing of the past](<https://blogs.windows.com/windowsexperience/2021/05/19/the-future-of-internet-explorer-on-windows-10-is-in-microsoft-edge/>) and it doesn\u2019t make sense to spend energy looking for bugs in it, the fact remains that Internet Explorer is still heavily exploited by real-world attackers. In [2020](<https://docs.google.com/spreadsheets/d/1lkNJ0uQwbeC1ZTRrxdtuPLCIl7mlUreoKfSIgajnSyY/edit#gid=1869060786>) there were two Internet Explorer 0days exploited in the wild and three in [2021](<https://docs.google.com/spreadsheets/d/1lkNJ0uQwbeC1ZTRrxdtuPLCIl7mlUreoKfSIgajnSyY/edit#gid=2129022708>) so far. One of these vulnerabilities was in the JIT compiler of jscript9. I\u2019ve personally vowed several times that I\u2019m done looking into Internet Explorer, but each time, more 0days in the wild pop up and I change my mind.\n\nAdditionally, the techniques described here could be applied to any closed-source or even open-source software, not just Internet Explorer. In particular, grammar-based mutational fuzzing described two sections down can be applied to targets other than JavaScript engines by simply changing the input grammar.\n\n# Approach 1: Fuzzilli + TinyInst\n\n[Fuzzilli](<https://github.com/googleprojectzero/fuzzilli>), as said above, is a state-of-the-art JavaScript engine fuzzer and [TinyInst](<https://github.com/googleprojectzero/TinyInst>) is a dynamic instrumentation library. Although TinyInst is general-purpose and could be used in other applications, it comes with various features useful for fuzzing, such as out-of-the-box support for persistent fuzzing, various types of coverage instrumentations etc. TinyInst is meant to be simple to integrate with other software, in particular fuzzers, and has already been integrated with some.\n\nSo, integrating with Fuzzilli was meant to be simple. However, there were still various challenges to overcome for different reasons:\n\nChallenge 1: Getting Fuzzilli to build on Windows where our targets are.\n\nEdit 2021-09-20: The version of Swift for Windows used in this project was from January 2021, when I first started working on it. Since version 5.4, Swift Package Manager is supported on Windows, so building Swift code should be much easier now. Additionally, static linking is supported for C/C++ code.\n\nFuzzilli was written in Swift and the support for Swift on Windows is currently not great. While [Swift on Windows](<https://github.com/compnerd/swift-build>) builds exist (I\u2019m linking to the builds by Saleem Abdulrasool instead of the official ones because the latter didn\u2019t work for me), not all features that you would find on Linux and macOS are there. For example, one does not simply run swift build on Windows, as the build system is one of the features that didn\u2019t get ported (yet). Fortunately, CMake and Ninja support Swift, so the solution to this problem is to switch to the CMake build system. There are [helpful examples](<https://github.com/compnerd/swift-cmake-examples>) on how to do this, once again from Saleem Abdulrasool.\n\nAnother feature that didn\u2019t make it to Swift for Windows is statically linking libraries. This means that all libraries (such as those written in C and C++ that the user wants to include in their Swift project) need to be dynamically linked. This goes for libraries already included in the Fuzzilli project, but also for TinyInst. Since TinyInst also uses the CMake build system, my first attempt at integrating TinyInst was to include it via the Fuzzilli CMake project, and simply have it built as a shared library. However, the same tooling that was successful in building Fuzzilli would fail to build TinyInst (probably due to various platform libraries TinyInst uses). That\u2019s why, in the end, TinyInst was being built separately into a .dll and this .dll loaded \u201cmanually\u201d into Fuzzilli via the [LoadLibrary](<https://docs.microsoft.com/en-us/windows/win32/api/libloaderapi/nf-libloaderapi-loadlibrarya>) API. This turned out not to be so bad - Swift build tooling for Windows was quite slow, and so it was much faster to only build TinyInst when needed, rather than build the entire Fuzzilli project (even when the changes made were minor).\n\nThe Linux/macOS parts of Fuzzilli, of course, also needed to be rewritten. Fortunately, it turned out that the parts that needed to be rewritten were the parts written in C, and the parts written in Swift worked as-is (other than a couple of exceptions, mostly related to networking). As someone with no previous experience with Swift, this was quite a relief. The main parts that needed to be rewritten were the networking library (libsocket), the library used to run and monitor the child process (libreprl) and the library for collecting coverage (libcoverage). The latter two were changed to use TinyInst. Since these are separate libraries in Fuzzilli, but TinyInst handles both of these tasks, some plumbing through Swift code was needed to make sure both of these libraries talk to the same TinyInst instance for a given target.\n\nChallenge 2: Threading woes\n\nAnother feature that made the integration less straightforward than hoped for was the use of threading in Swift. TinyInst is built on a custom debugger and, on Windows, it uses the Windows debugging API. One specific feature of the Windows debugging API, for example [WaitForDebugEvent](<https://docs.microsoft.com/en-us/windows/win32/api/debugapi/nf-debugapi-waitfordebugevent>), is that it does not take a debugee pid or a process handle as an argument. So then, the question is, if you have multiple debugees, to which of them does the API call refer? The answer to that is, when a debugger on Windows attaches to a debugee (or starts a debugee process), the thread that started/attached it is the debugger. Any subsequent calls for that particular debugee need to be issued on that same thread.\n\nIn contrast, the preferred Swift coding style (that Fuzzilli also uses) is to take advantage of threading primitives such as [DispatchQueue](<https://developer.apple.com/documentation/dispatch/dispatchqueue>). When tasks get posted on a DispatchQueue, they can run in parallel on \u201cbackground\u201d threads. However, with the background threads, there is no guarantee that a certain task is always going to run on the same thread. So it would happen that calls to the same TinyInst instance happened from different threads, thus breaking the Windows debugging model. This is why, for the purposes of this project, TinyInst was modified to create its own thread (one for each target process) and ensure that any debugger calls for a particular child process always happen on that thread.\n\nVarious minor changes\n\nSome examples of features Fuzzilli requires that needed to be added to TinyInst are stdin/stdout redirection and a channel for reading out the \u201cstatus\u201d of JavaScript execution (specifically, to be able to tell if JavaScript code was throwing an exception or executing successfully). Some of these features were already integrated into the \u201cmainline\u201d TinyInst or will be integrated in the future.\n\nAfter all of that was completed though, the Fuzzilli/Tinyinst hybrid was running in a stable manner:\n\n[![](https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiry3nRhxaazq03y2AKG_3VBvYocm8t5239naPV7YNNU_FWG9uUcVsOjUTDwf9JDft3dkh7Qpxr-UgRfshNt7FAtbYARvIbpbTIYWK3RS_hFhSjX-7rAy4WmN_5nsgIlktzDWNBzZEpDVJWlERlFwc0hcOgZl8rg_-akQ6w9918lhrM_oFisW7F_43P/s1999/image2%20%283%29.png)](<https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiry3nRhxaazq03y2AKG_3VBvYocm8t5239naPV7YNNU_FWG9uUcVsOjUTDwf9JDft3dkh7Qpxr-UgRfshNt7FAtbYARvIbpbTIYWK3RS_hFhSjX-7rAy4WmN_5nsgIlktzDWNBzZEpDVJWlERlFwc0hcOgZl8rg_-akQ6w9918lhrM_oFisW7F_43P/s1999/image2%20%283%29.png>)\n\nNote that coverage percentage reported by Fuzzilli is incorrect. Because TinyInst is a dynamic instrumentation library, it cannot know the number of basic blocks/edges in advance. \n\nPrimarily because of the current Swift on Windows issues, this closed-source mode of Fuzzilli is not something we want to officially support. However, the sources and the build we used can be downloaded [here](<https://drive.google.com/file/d/10q4bIZHYAxQRkEVSk27Z7NPjKNnB6dKq/view>).\n\n# Approach 2: Grammar-based mutation fuzzing with Jackalope\n\n[Jackalope](<https://github.com/googleprojectzero/Jackalope>) is a coverage-guided fuzzer I developed for fuzzing black-box binaries on Windows and, recently, macOS. Jackalope initially included mutators suitable for fuzzing of binary formats. However, a key feature of Jackalope is modularity: it is meant to be easy to plug in or replace individual components, including, but not limited to, sample mutators.\n\nAfter observing how Fuzzilli works more closely during Approach 1, as well as observing samples it generated and the bugs it found, the idea was to extend Jackalope to allow mutational JavaScript fuzzing, but also in the future, mutational fuzzing of other targets whose samples can be described by a context-free grammar.\n\nJackalope uses a grammar syntax similar to that of [Domato](<https://github.com/googleprojectzero/domato>), but somewhat simplified (with some features not supported at this time). This grammar format is easy to write and easy to modify (but also easy to parse). The grammar syntax, as well as the list of builtin symbols, can be found on [this page](<https://github.com/googleprojectzero/Jackalope/tree/main/mutators/grammar>) and the JavaScript grammar used in this project can be found [here](<https://github.com/googleprojectzero/Jackalope/tree/main/examples/grammar>).\n\nOne addition to the Domato grammar syntax that allows for more natural mutations, but also sample minimization, are the <repeat_*> grammar nodes. A <repeat_x> symbol tells the grammar engine that it can be represented as zero or more <x> nodes. For example, in our JavaScript grammar, we have\n\n<statementlist> = <repeat_statement>\n\ntelling the grammar engine that <statementlist> can be constructed by concatenating zero or more <statement>s. In our JavaScript grammar, a <statement> expands to an actual JavaScript statement. This helps the mutation engine in the following way: it now knows it can mutate a sample by inserting another <statement> node anywhere in the <statementlist> node. It can also remove <statement> nodes from the <statementlist> node. Both of these operations will keep the sample valid (in the grammar sense).\n\nIt\u2019s not mandatory to have <repeat_*> nodes in the grammar, as the mutation engine knows how to mutate other nodes as well (see the list of mutations below). However, including them where it makes sense might help make mutations in a more natural way, as is the case of the JavaScript grammar.\n\nInternally, grammar-based mutation works by keeping a tree representation of the sample instead of representing the sample just as an array of bytes (Jackalope must in fact represent a grammar sample as a sequence of bytes at some points in time, e.g when storing it to disk, but does so by serializing the tree and deserializing when needed). Mutations work by modifying a part of the tree in a manner that ensures the resulting tree is still valid within the context of the input grammar. Minimization works by removing those nodes that are determined to be unnecessary.\n\nJackalope\u2019s mutation engine can currently perform the following operations on the tree:\n\n * Generate a new tree from scratch. This is not really a mutation and is mainly used to bootstrap the fuzzers when no input samples are provided. In fact, grammar fuzzing mode in Jackalope must either start with an empty corpus or a corpus generated by a previous session. This is because there is currently no way to parse a text file (e.g. a JavaScript source file) into its grammar tree representation (in general, there is no guaranteed unique way to parse a sample with a context-free grammar).\n * Select