Microsoft and Adobe Patch Tuesday (September 2021) – Microsoft 60 Vulnerabilities with 3 Critical, Adobe 61 Vulnerabilities

2021-09-14T18:56:17

Description

### Microsoft Patch Tuesday – September 2021 Microsoft patched 60 vulnerabilities in their September 2021 Patch Tuesday release, and an additional 26 CVEs since September 1st. Among the 60 released in the September Patch Tuesday, 3 of them are rated as critical severity, one as moderate, and 56 as important. #### Critical Microsoft Vulnerabilities Patched [CVE-2021-40444](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-40444>) - Microsoft MSHTML Remote Code Execution Vulnerability This vulnerability has been publicly disclosed and is known to be exploited. The vulnerability allows for remote code execution via MSHTML, a component used by Internet Explorer and Office. Microsoft also released a workaround to show how users can disable ActiveX controls in IE. The vendor has assigned a CVSSv3 base score of 8.8. It should be prioritized for patching. [CVE-2021-26435](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-26435>) - Windows Scripting Engine Memory Corruption Vulnerability Microsoft released patches addressing a critical remote code execution vulnerability in Windows Scripting Engine. The exploitation of this vulnerability requires an attacker to convince users to click a link and then open a specially-crafted file. The vendor has assigned a CVSSv3 base score of 8.8. It should be prioritized for patching. [CVE-2021-36965](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-36965>) - Windows WLAN AutoConfig Service Remote Code Execution Vulnerability This vulnerability does not allow user interaction and also has a low complexity for attack. The vendor has assigned a CVSSv3 base score of 8.8. It should be prioritized for patching. [CVE-2021-38633](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-38633>), [CVE-2021-36963](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-36963>) - Windows Common Log File System Driver Elevation of Privilege Vulnerability The vulnerabilities allow an attacker to gain elevated privileges to make changes to the victim’s system. These CVEs have a high likelihood of exploitability and is assigned a CVSSv3 base score of 7.8 by the vendor. It should be prioritized for patching. [CVE-2021-38671](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-38671>) - Windows Print Spooler Elevation of Privilege Vulnerability This CVE has a high likelihood of exploitability and is assigned a CVSSv3 base score of 7.8 by the vendor. It should be prioritized for patching. ### Qualys QIDs Providing Coverage **QID**| **Title**| **Severity**| **CVE ID** ---|---|---|--- 375861| Microsoft Edge Based On Chromium Prior to 93.0.961.47 Multiple Vulnerabilities| High| _CVE-2021-30632_ 110390| Microsoft Office and Microsoft Office Services and Web Apps Security Update September 2021| High| _CVE-2021-38655,CVE-2021-38650,CVE-2021-38654,CVE-2021-38653,CVE-2021-38658,CVE-2021-38646,CVE-2021-38660,CVE-2021-38657,CVE-2021-38656,CVE-2021-38659_ 110391| Microsoft SharePoint Enterprise Server Multiple Vulnerabilities September 2021| Medium| _CVE-2021-38651,CVE-2021-38652_ 375860| Azure Open Management Infrastructure Multiple Vulnerabilities| Medium | CVE-2021-38645 CVE-2021-38647 CVE-2021-38648 CVE-2021-38649 91821| Microsoft Cumulative Security Update for Internet Explorer (KB5005563) | Medium| _KB5005563 _ 375854| Visual Studio Code Spoofing Vulnerability | Medium| _CVE-2021-26437 _ 45505| Microsoft MSHTML Remote Code Execution Vulnerability Active X Controls Disabled (Mitigation for CVE-2021-40444 Enabled)| Low| 91815| Microsoft Visual Studio Security Update for September 2021 | Medium | _CVE-2021-26434 CVE-2021-36952 _ 91816| Microsoft Windows Security Update for September 2021| High| _CVE-2021-38667,CVE-2021-38639,CVE-2021-38638,CVE-2021-38637,CVE-2021-26435,CVE-2021-40447,CVE-2021-38671,CVE-2021-36965,CVE-2021-36967,CVE-2021-36974,CVE-2021-36972,CVE-2021-36966,CVE-2021-36969,CVE-2021-36973,CVE-2021-36962,CVE-2021-36961,CVE-2021-36964,CVE-2021-36963,CVE-2021-36959,CVE-2021-36968,CVE-2021-36975,CVE-2021-38636,CVE-2021-38635,CVE-2021-38633,CVE-2021-38629,CVE-2021-38628,CVE-2021-38634,CVE-2021-38632,CVE-2021-38630,CVE-2021-38624,CVE-2021-36955,CVE-2021-36954,CVE-2021-36960,CVE-2021-36958_ 91817| Microsoft Dynamics Business Central Cross-Site Scripting (XSS) Vulnerability September 2021| Medium| _CVE-2021-40440_ 91818| Microsoft Windows Kernel Elevation of Privilege Vulnerability September 2021| High| _CVE-2021-38625,CVE-2021-38626_ 91819| Microsoft Windows Codecs Library HEVC Video Extensions Remote Code Execution (RCE) Vulnerability - September 2021| High| _CVE-2021-38661 _ 91820| Microsoft MPEG-2 Video Extension Remote Code Execution (RCE) Vulnerability| High| _CVE-2021-38644 _ ### Adobe Patch Tuesday – September 2021 Adobe addressed [61 CVEs](<https://helpx.adobe.com/security.html>) this Patch Tuesday impacting Adobe Acrobat and Reader, ColdFusion, Premiere Pro, Adobe InCopy, Adobe SVG-Native Viewer, InDesign, Framemaker, Creative Cloud Desktop Apps, Photoshop Elements, Premiere Elements, Digital Editions, Genuine Service, Photoshop, XMP Toolit SDK and Experience Manager. The patches for Adobe Acrobat and Reader, ColdFusion and Experience Manager are labeled as [Priority 2](<https://helpx.adobe.com/security/severity-ratings.html>), while the remaining patches are labeled as [Priority 3](<https://helpx.adobe.com/security/severity-ratings.html>). **Adobe Security Bulletin**| **QID**| **Severity**| **CVE ID** ---|---|---|--- Adobe Security Update for Adobe Acrobat and Adobe Reader (APSB21-55) | 375845| Medium| _CVE-2021-39841, CVE-2021-39863, CVE-2021-39857, CVE-2021-39856, CVE-2021-39855, CVE-2021-39844, CVE-2021-39861, CVE-2021-39858, CVE-2021-39843, CVE-2021-39846, CVE-2021-39845, CVE-2021-35982, CVE-2021-39859, CVE-2021-39840, CVE-2021-39842, CVE-2021-39839, CVE-2021-39838,CVE-2021-39837,CVE-2021-39836,CVE-2021-39860,CVE-2021-39852,CVE-2021-39854,CVE-2021-39853,CVE-2021-39850,CVE-2021-39849,CVE-2021-39851_ ### Discover Patch Tuesday Vulnerabilities in VMDR Qualys VMDR automatically detects new Patch Tuesday vulnerabilities using continuous updates to its Knowledge Base (KB). You can see all your impacted hosts by these vulnerabilities using the following QQL query: `vulnerabilities.vulnerability:(qid:`375861` OR qid:`110390` OR qid:`110391` OR qid:`375860` OR qid:`91821` OR qid:`375854` OR qid:`45505` OR qid:`91815` OR qid:`91816` OR qid:`91817` OR qid:`91818` OR qid:`91819` OR qid:`91820`)` ![](https://blog.qualys.com/wp-content/uploads/2021/09/first-image-1070x361.png) ### Respond by Patching VMDR rapidly remediates Windows hosts by deploying the most relevant and applicable per-technology version patches. You can simply select respective QIDs in the Patch Catalog and filter on the “Missing” patches to identify and deploy the applicable, available patches in one go. The following QQL will return the missing patches pertaining to this Patch Tuesday. `(qid:`375861` OR qid:`110390` OR qid:`110391` OR qid:`375860` OR qid:`91821` OR qid:`375854` OR qid:`45505` OR qid:`91815` OR qid:`91816` OR qid:`91817` OR qid:`91818` OR qid:`91819` OR qid:`91820`)` ![](https://blog.qualys.com/wp-content/uploads/2021/09/image2-1070x359.png) ### Patch Tuesday Dashboard The current updated Patch Tuesday dashboards are available in [Dashboard Toolbox: 2021 Patch Tuesday Dashboard](<https://success.qualys.com/discussions/s/article/000006505>). ### Webinar Series: This Month in Vulnerabilities and Patches To help customers leverage the seamless integration between Qualys VMDR and Patch Management and reduce the median time to remediate critical vulnerabilities, the Qualys Research team is hosting a monthly webinar series [_T_](<https://event.on24.com/wcc/r/3411753/DC43289F29EF66CAE5CF62637F8CB6E3>)_[his Month in Vulnerabilities and Patches](<https://event.on24.com/wcc/r/3411753/DC43289F29EF66CAE5CF62637F8CB6E3>)_. We discuss some of the key vulnerabilities disclosed in the past month and how to patch them: * Microsoft Patch Tuesday, September 2021 * Adobe Patch Tuesday, September 2021 [Join us live or watch on demand!](<https://event.on24.com/wcc/r/3411753/DC43289F29EF66CAE5CF62637F8CB6E3>) ![](https://blog.qualys.com/wp-content/uploads/2021/07/This-Month-in-Vulnerabilities-and-Patches-Webinar-Desktop-1070x465.png)Thursday, September 16, 2021 or later on demand ### About Patch Tuesday Patch Tuesday QIDs are published at [Security Alerts](<https://www.qualys.com/research/security-alerts/>), typically late in the evening of [Patch Tuesday](<https://blog.qualys.com/tag/patch-tuesday>), followed shortly after by [PT dashboards](<https://qualys-secure.force.com/discussions/s/article/000006505>).

{"id": "QUALYSBLOG:5576D16DC39617927D8AEFF027CC0911", "type": "qualysblog", "bulletinFamily": "blog", "title": "Microsoft and Adobe Patch Tuesday (September 2021) \u2013 Microsoft 60 Vulnerabilities with 3 Critical, Adobe 61 Vulnerabilities", "description": "### Microsoft Patch Tuesday \u2013 September 2021\n\nMicrosoft patched 60 vulnerabilities in their September 2021 Patch Tuesday release, and an additional 26 CVEs since September 1st. Among the 60 released in the September Patch Tuesday, 3 of them are rated as critical severity, one as moderate, and 56 as important.\n\n#### Critical Microsoft Vulnerabilities Patched\n\n[CVE-2021-40444](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-40444>) - Microsoft MSHTML Remote Code Execution Vulnerability \n\nThis vulnerability has been publicly disclosed and is known to be exploited. The vulnerability allows for remote code execution via MSHTML, a component used by Internet Explorer and Office. Microsoft also released a workaround to show how users can disable ActiveX controls in IE. The vendor has assigned a CVSSv3 base score of 8.8. It should be prioritized for patching.\n\n[CVE-2021-26435](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-26435>) - Windows Scripting Engine Memory Corruption Vulnerability \n\nMicrosoft released patches addressing a critical remote code execution vulnerability in Windows Scripting Engine. The exploitation of this vulnerability requires an attacker to convince users to click a link and then open a specially-crafted file. The vendor has assigned a CVSSv3 base score of 8.8. It should be prioritized for patching. \n\n[CVE-2021-36965](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-36965>) - Windows WLAN AutoConfig Service Remote Code Execution Vulnerability \n\nThis vulnerability does not allow user interaction and also has a low complexity for attack. The vendor has assigned a CVSSv3 base score of 8.8. It should be prioritized for patching.\n\n[CVE-2021-38633](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-38633>), [CVE-2021-36963](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-36963>) - Windows Common Log File System Driver Elevation of Privilege Vulnerability \n\nThe vulnerabilities allow an attacker to gain elevated privileges to make changes to the victim\u2019s system. These CVEs have a high likelihood of exploitability and is assigned a CVSSv3 base score of 7.8 by the vendor. It should be prioritized for patching. \n\n[CVE-2021-38671](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-38671>) - Windows Print Spooler Elevation of Privilege Vulnerability\n\nThis CVE has a high likelihood of exploitability and is assigned a CVSSv3 base score of 7.8 by the vendor. It should be prioritized for patching.\n\n### Qualys QIDs Providing Coverage\n\n**QID**| **Title**| **Severity**| **CVE ID** \n---|---|---|--- \n375861| Microsoft Edge Based On Chromium Prior to 93.0.961.47 Multiple Vulnerabilities| High| _CVE-2021-30632_ \n110390| Microsoft Office and Microsoft Office Services and Web Apps Security Update September 2021| High| _CVE-2021-38655,CVE-2021-38650,CVE-2021-38654,CVE-2021-38653,CVE-2021-38658,CVE-2021-38646,CVE-2021-38660,CVE-2021-38657,CVE-2021-38656,CVE-2021-38659_ \n110391| Microsoft SharePoint Enterprise Server Multiple Vulnerabilities September 2021| Medium| _CVE-2021-38651,CVE-2021-38652_ \n375860| Azure Open Management Infrastructure Multiple Vulnerabilities| Medium | CVE-2021-38645 CVE-2021-38647 CVE-2021-38648 CVE-2021-38649 \n \n91821| \nMicrosoft Cumulative Security Update for Internet Explorer (KB5005563) \n| Medium| _KB5005563 _ \n375854| Visual Studio Code Spoofing Vulnerability | Medium| _CVE-2021-26437 _ \n45505| Microsoft MSHTML Remote Code Execution Vulnerability Active X Controls Disabled (Mitigation for CVE-2021-40444 Enabled)| Low| \n91815| Microsoft Visual Studio Security Update for September 2021 | Medium | _CVE-2021-26434 CVE-2021-36952 _ \n91816| Microsoft Windows Security Update for September 2021| High| _CVE-2021-38667,CVE-2021-38639,CVE-2021-38638,CVE-2021-38637,CVE-2021-26435,CVE-2021-40447,CVE-2021-38671,CVE-2021-36965,CVE-2021-36967,CVE-2021-36974,CVE-2021-36972,CVE-2021-36966,CVE-2021-36969,CVE-2021-36973,CVE-2021-36962,CVE-2021-36961,CVE-2021-36964,CVE-2021-36963,CVE-2021-36959,CVE-2021-36968,CVE-2021-36975,CVE-2021-38636,CVE-2021-38635,CVE-2021-38633,CVE-2021-38629,CVE-2021-38628,CVE-2021-38634,CVE-2021-38632,CVE-2021-38630,CVE-2021-38624,CVE-2021-36955,CVE-2021-36954,CVE-2021-36960,CVE-2021-36958_ \n91817| Microsoft Dynamics Business Central Cross-Site Scripting (XSS) Vulnerability September 2021| Medium| _CVE-2021-40440_ \n91818| Microsoft Windows Kernel Elevation of Privilege Vulnerability September 2021| High| _CVE-2021-38625,CVE-2021-38626_ \n91819| Microsoft Windows Codecs Library HEVC Video Extensions Remote Code Execution (RCE) Vulnerability - September 2021| High| _CVE-2021-38661 _ \n91820| Microsoft MPEG-2 Video Extension Remote Code Execution (RCE) Vulnerability| High| _CVE-2021-38644 _ \n \n### Adobe Patch Tuesday \u2013 September 2021\n\nAdobe addressed [61 CVEs](<https://helpx.adobe.com/security.html>) this Patch Tuesday impacting Adobe Acrobat and Reader, ColdFusion, Premiere Pro, Adobe InCopy, Adobe SVG-Native Viewer, InDesign, Framemaker, Creative Cloud Desktop Apps, Photoshop Elements, Premiere Elements, Digital Editions, Genuine Service, Photoshop, XMP Toolit SDK and Experience Manager.\n\nThe patches for Adobe Acrobat and Reader, ColdFusion and Experience Manager are labeled as [Priority 2](<https://helpx.adobe.com/security/severity-ratings.html>), while the remaining patches are labeled as [Priority 3](<https://helpx.adobe.com/security/severity-ratings.html>). \n\n**Adobe Security Bulletin**| **QID**| **Severity**| **CVE ID** \n---|---|---|--- \nAdobe Security Update for Adobe Acrobat and Adobe Reader (APSB21-55) | 375845| Medium| _CVE-2021-39841, CVE-2021-39863, CVE-2021-39857, CVE-2021-39856, CVE-2021-39855, CVE-2021-39844, CVE-2021-39861, CVE-2021-39858, CVE-2021-39843, CVE-2021-39846, CVE-2021-39845, CVE-2021-35982, CVE-2021-39859, CVE-2021-39840, CVE-2021-39842, CVE-2021-39839, CVE-2021-39838,CVE-2021-39837,CVE-2021-39836,CVE-2021-39860,CVE-2021-39852,CVE-2021-39854,CVE-2021-39853,CVE-2021-39850,CVE-2021-39849,CVE-2021-39851_ \n \n### Discover Patch Tuesday Vulnerabilities in VMDR\n\nQualys VMDR automatically detects new Patch Tuesday vulnerabilities using continuous updates to its Knowledge Base (KB).\n\nYou can see all your impacted hosts by these vulnerabilities using the following QQL query:\n\n`vulnerabilities.vulnerability:(qid:`375861` OR qid:`110390` OR qid:`110391` OR qid:`375860` OR qid:`91821` OR qid:`375854` OR qid:`45505` OR qid:`91815` OR qid:`91816` OR qid:`91817` OR qid:`91818` OR qid:`91819` OR qid:`91820`)`\n\n![](https://blog.qualys.com/wp-content/uploads/2021/09/first-image-1070x361.png)\n\n### Respond by Patching\n\nVMDR rapidly remediates Windows hosts by deploying the most relevant and applicable per-technology version patches. You can simply select respective QIDs in the Patch Catalog and filter on the \u201cMissing\u201d patches to identify and deploy the applicable, available patches in one go.\n\nThe following QQL will return the missing patches pertaining to this Patch Tuesday.\n\n`(qid:`375861` OR qid:`110390` OR qid:`110391` OR qid:`375860` OR qid:`91821` OR qid:`375854` OR qid:`45505` OR qid:`91815` OR qid:`91816` OR qid:`91817` OR qid:`91818` OR qid:`91819` OR qid:`91820`)`\n\n![](https://blog.qualys.com/wp-content/uploads/2021/09/image2-1070x359.png)\n\n### Patch Tuesday Dashboard\n\nThe current updated Patch Tuesday dashboards are available in [Dashboard Toolbox: 2021 Patch Tuesday Dashboard](<https://success.qualys.com/discussions/s/article/000006505>).\n\n### Webinar Series: This Month in Vulnerabilities and Patches\n\nTo help customers leverage the seamless integration between Qualys VMDR and Patch Management and reduce the median time to remediate critical vulnerabilities, the Qualys Research team is hosting a monthly webinar series [_T_](<https://event.on24.com/wcc/r/3411753/DC43289F29EF66CAE5CF62637F8CB6E3>)_[his Month in Vulnerabilities and Patches](<https://event.on24.com/wcc/r/3411753/DC43289F29EF66CAE5CF62637F8CB6E3>)_.\n\nWe discuss some of the key vulnerabilities disclosed in the past month and how to patch them: \n\n * Microsoft Patch Tuesday, September 2021 \n * Adobe Patch Tuesday, September 2021 \n\n[Join us live or watch on demand!](<https://event.on24.com/wcc/r/3411753/DC43289F29EF66CAE5CF62637F8CB6E3>)\n\n![](https://blog.qualys.com/wp-content/uploads/2021/07/This-Month-in-Vulnerabilities-and-Patches-Webinar-Desktop-1070x465.png)Thursday, September 16, 2021 or later on demand\n\n### About Patch Tuesday\n\nPatch Tuesday QIDs are published at [Security Alerts](<https://www.qualys.com/research/security-alerts/>), typically late in the evening of [Patch Tuesday](<https://blog.qualys.com/tag/patch-tuesday>), followed shortly after by [PT dashboards](<https://qualys-secure.force.com/discussions/s/article/000006505>).", "published": "2021-09-14T18:56:17", "modified": "2021-09-14T18:56:17", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}, "cvss2": {}, "cvss3": {}, "href": "https://blog.qualys.com/category/vulnerabilities-threat-research", "reporter": "Animesh Jain", "references": [], "cvelist": ["CVE-2021-26434", "CVE-2021-26435", "CVE-2021-26437", "CVE-2021-30632", "CVE-2021-35982", "CVE-2021-36952", "CVE-2021-36954", "CVE-2021-36955", "CVE-2021-36958", "CVE-2021-36959", "CVE-2021-36960", "CVE-2021-36961", "CVE-2021-36962", "CVE-2021-36963", "CVE-2021-36964", "CVE-2021-36965", "CVE-2021-36966", "CVE-2021-36967", "CVE-2021-36968", "CVE-2021-36969", "CVE-2021-36972", "CVE-2021-36973", "CVE-2021-36974", "CVE-2021-36975", "CVE-2021-38624", "CVE-2021-38625", "CVE-2021-38626", "CVE-2021-38628", "CVE-2021-38629", "CVE-2021-38630", "CVE-2021-38632", "CVE-2021-38633", "CVE-2021-38634", "CVE-2021-38635", "CVE-2021-38636", "CVE-2021-38637", "CVE-2021-38638", "CVE-2021-38639", "CVE-2021-38644", "CVE-2021-38645", "CVE-2021-38646", "CVE-2021-38647", "CVE-2021-38648", "CVE-2021-38649", "CVE-2021-38650", "CVE-2021-38651", "CVE-2021-38652", "CVE-2021-38653", "CVE-2021-38654", "CVE-2021-38655", "CVE-2021-38656", "CVE-2021-38657", "CVE-2021-38658", "CVE-2021-38659", "CVE-2021-38660", "CVE-2021-38661", "CVE-2021-38667", "CVE-2021-38671", "CVE-2021-39836", "CVE-2021-39837", "CVE-2021-39838", "CVE-2021-39839", "CVE-2021-39840", "CVE-2021-39841", "CVE-2021-39842", "CVE-2021-39843", "CVE-2021-39844", "CVE-2021-39845", "CVE-2021-39846", "CVE-2021-39849", "CVE-2021-39850", "CVE-2021-39851", "CVE-2021-39852", "CVE-2021-39853", "CVE-2021-39854", "CVE-2021-39855", "CVE-2021-39856", "CVE-2021-39857", "CVE-2021-39858", "CVE-2021-39859", "CVE-2021-39860", "CVE-2021-39861", "CVE-2021-39863", "CVE-2021-40440", "CVE-2021-40444", "CVE-2021-40447"], "immutableFields": [], "lastseen": "2021-09-16T10:35:06", "viewCount": 63, "enchantments": {"dependencies": {"references": [{"type": "adobe", "idList": ["APSB21-55"]}, {"type": "archlinux", "idList": ["ASA-202109-6"]}, {"type": "attackerkb", "idList": ["AKB:0802ECEE-BB4C-4C5B-969C-32CB9808C281", "AKB:135864DA-C379-4CF4-A283-6C03BDA859D9", "AKB:1FA9A53C-0452-4411-96C9-C0DD833F8D18", "AKB:35FD7D35-F3F0-4CE6-A919-5DE145C48A21", "AKB:8F9B90F9-9DCD-4EEE-BFAF-3FCDFA4F7552", "AKB:9AEB3380-7185-402B-B0D2-BE10A1E7F0D9", "AKB:9FA3DEAE-7284-4BC4-9B9E-31A739E6FABE", "AKB:AC92E5DD-15E0-44E1-99A5-C1AED6D4703F", "AKB:F7CCD0B7-220B-49E5-A4DF-27E26B64A3F0"]}, {"type": "avleonov", "idList": ["AVLEONOV:44DF3C4B3D05A7DC39FB6314F5D94892", "AVLEONOV:5945665DFA613F7707360C10CED8C916"]}, {"type": "cert", "idList": ["VU:131152"]}, {"type": "checkpoint_advisories", "idList": ["CPAI-2021-0544", "CPAI-2021-0545", "CPAI-2021-0550", "CPAI-2021-0554", "CPAI-2021-0573", "CPAI-2021-0574", "CPAI-2021-0575", "CPAI-2021-0576", "CPAI-2021-0577", "CPAI-2021-0578", "CPAI-2021-0579", "CPAI-2021-0580", "CPAI-2021-0582", "CPAI-2021-0583", "CPAI-2021-0587", "CPAI-2021-0592", "CPAI-2021-0684", "CPAI-2021-0685", "CPAI-2021-0686"]}, {"type": "chrome", "idList": ["GCSA-2705646769654617144"]}, {"type": "cisa", "idList": ["CISA:82FAB13698D3611E1292062AD6C8B405", "CISA:C70D91615E3DC8B589B493118D474566"]}, {"type": "cve", "idList": ["CVE-2021-26434", "CVE-2021-26435", "CVE-2021-26437", "CVE-2021-30632", "CVE-2021-35982", "CVE-2021-36936", "CVE-2021-36947", "CVE-2021-36952", "CVE-2021-36954", "CVE-2021-36955", "CVE-2021-36958", "CVE-2021-36959", "CVE-2021-36960", "CVE-2021-36961", "CVE-2021-36962", "CVE-2021-36963", "CVE-2021-36964", "CVE-2021-36965", "CVE-2021-36966", "CVE-2021-36967", "CVE-2021-36968", "CVE-2021-36969", "CVE-2021-36972", "CVE-2021-36973", "CVE-2021-36974", "CVE-2021-36975", "CVE-2021-38624", "CVE-2021-38625", "CVE-2021-38626", "CVE-2021-38628", "CVE-2021-38629", "CVE-2021-38630", "CVE-2021-38632", "CVE-2021-38633", "CVE-2021-38634", "CVE-2021-38635", "CVE-2021-38636", "CVE-2021-38637", "CVE-2021-38638", "CVE-2021-38639", "CVE-2021-38644", "CVE-2021-38645", "CVE-2021-38646", "CVE-2021-38647", "CVE-2021-38648", "CVE-2021-38649", "CVE-2021-38650", "CVE-2021-38651", "CVE-2021-38652", "CVE-2021-38653", "CVE-2021-38654", "CVE-2021-38655", "CVE-2021-38656", "CVE-2021-38657", "CVE-2021-38658", "CVE-2021-38659", "CVE-2021-38660", "CVE-2021-38661", "CVE-2021-38667", "CVE-2021-38671", "CVE-2021-39836", "CVE-2021-39837", "CVE-2021-39838", "CVE-2021-39839", "CVE-2021-39840", "CVE-2021-39841", "CVE-2021-39842", "CVE-2021-39843", "CVE-2021-39844", "CVE-2021-39845", "CVE-2021-39846", "CVE-2021-39849", "CVE-2021-39850", "CVE-2021-39851", "CVE-2021-39852", "CVE-2021-39853", "CVE-2021-39854", "CVE-2021-39855", "CVE-2021-39856", "CVE-2021-39857", "CVE-2021-39858", "CVE-2021-39860", "CVE-2021-39861", "CVE-2021-39863", "CVE-2021-40440", "CVE-2021-40444", "CVE-2021-40447"]}, {"type": "debiancve", "idList": ["DEBIANCVE:CVE-2021-30632"]}, {"type": "fedora", "idList": ["FEDORA:4CD8430AA7AD", "FEDORA:5C0DB31397D8", "FEDORA:E043930AE6E8"]}, {"type": "freebsd", "idList": ["47B571F2-157B-11EC-AE98-704D7B472482"]}, {"type": "gentoo", "idList": ["GLSA-202201-02"]}, {"type": "githubexploit", "idList": ["09412330-832C-538A-A226-61474048E41B", "0990FE6E-7DC3-559E-9B84-E739872B988C", "0D0DAF60-4F3C-5B17-8BAB-5A8A73BC25CC", "0E388E09-F00E-58B6-BEFE-026913357CE0", "0E965070-1EAE-59AA-86E6-41ADEFDAED7D", "111C9F44-593D-5E56-8040-615B48ED3E24", "1EC6324C-A18E-517A-9A55-F1C2D1BCA358", "24DE1902-4427-5442-BF63-7657293966E2", "28B1FAAB-984F-5469-BC0D-3861F3BCF3B5", "29AB2E6A-3E44-55A2-801D-2971FABB2E5D", "37D2BE4F-9D7A-51CD-B802-2FAB35B39A4E", "54D698B4-9CF0-5D7F-88D2-1053A11EA7C3", "588DA6EE-E603-5CF2-A9A3-47E98F68926C", "5BC9FD05-BCBB-5B7C-AE22-BE3732D2976B", "610ADCD3-C281-52D4-A546-467569FE3AC1", "64DFB465-6754-5E4B-B311-7668EDD4D962", "6BC80C90-569E-5084-8C0E-891F12F1805E", "72881C31-5BFD-5DAF-9D20-D6170EEC520D", "7333A285-768C-5AD9-B64E-0EC75F075597", "745C9387-7E9D-5BA8-BC2D-5B3EF7DCE82A", "7643EC22-CCD0-56A6-9113-B5EF435E22FC", "7DE60C34-40B8-50E4-B1A0-FC1D10F97677", "8217668C-9748-5511-8C01-7E933D69F872", "88EFCA30-5DED-59FB-A476-A92F53D1497E", "8B4EDA16-9E27-500D-B648-9C3AD4295562", "8B907536-B213-590D-81B9-32CF4A55322E", "8CD90173-6341-5FAD-942A-A9617561026A", "9366C7C7-BF57-5CFF-A1B5-8D8CF169E72A", "A6B7D4D8-4578-5AD8-961D-3BC35007FF29", "A99AB73C-8E46-5B9C-A402-F78F96EE2327", "AAFEAA7E-81B7-5CE7-9E2F-16828CC5468F", "B7D137AD-216F-5D27-9D7B-6F3B5EEB266D", "B9C2639D-9C07-5F11-B663-C144F457A9F7", "BF40B403-9D06-5460-8B40-3FC2E56A4A07", "CC6DFDC6-184F-5748-A9EC-946E8BA5FB04", "CCA69DF0-1EB2-5F30-BEC9-04ED43F42EA5", "CE2FB7D7-ABCF-58F8-AACC-D0E6FEE8865A", "D03F8616-CD02-52E2-80E1-347A8A3132BC", "DD5D2BF7-BE9D-59EA-8DF2-D85AEC13A4A0", "E06577DB-A581-55E1-968E-81430C294A84", "F5CEF191-B04C-5FC5-82D1-3B728EC648A9", "FA1DEEA0-A8AF-5C21-98E6-9D3379266529", "FBB2DA29-1A11-5D78-A28C-1BF3821613AC", "FF761088-559C-5E71-A5CD-196D4E4571B8"]}, {"type": "googleprojectzero", "idList": ["GOOGLEPROJECTZERO:3B4F7E79DDCD0AFF3B9BB86429182DCA", "GOOGLEPROJECTZERO:CA925EE6A931620550EF819815B14156"]}, {"type": "hivepro", "idList": ["HIVEPRO:8AF52D0A3BB6DDEEAC663A63DA954039", "HIVEPRO:B772F2F7B4C9AE8452D1197E2E240204", "HIVEPRO:E57DA2FED4B890B898EFA2B68C657043"]}, {"type": "ibm", "idList": ["1E405D4974F6EA8AB73C7DDA9E9B3B2FCA2359AF05B6CF7C124046402F2BC520"]}, {"type": "kaspersky", "idList": ["KLA12277", "KLA12278", "KLA12281", "KLA12282", "KLA12284", "KLA12285", "KLA12286", "KLA12287", "KLA12288", "KLA12289", "KLA12290", "KLA12297"]}, {"type": "kitploit", "idList": ["KITPLOIT:1624142243530526923", "KITPLOIT:2590785192528609562", "KITPLOIT:3456474172768099634", "KITPLOIT:3697667464193804316", "KITPLOIT:4033244480100620751", "KITPLOIT:4074521293617632933", "KITPLOIT:5187040326820919368", "KITPLOIT:5230148353750207837", "KITPLOIT:698315176468431184", "KITPLOIT:942518396640901655"]}, {"type": "krebs", "idList": ["KREBS:2EC42B845847A6DCFE50ECEB9FF61C29", "KREBS:409088FC2DFC219B74043104C2B672CC"]}, {"type": "malwarebytes", "idList": ["MALWAREBYTES:390E663F11CA04293C83488A40CB3A8A", "MALWAREBYTES:76333D1F0FCAFD79FA2EDD4A4CAFBB38", "MALWAREBYTES:7F8FC685D6EFDE8FC4909FDA86D496A5", "MALWAREBYTES:801E20618F96EF51F9E60F7BC7906C2B", "MALWAREBYTES:DB54B348AF1AC41987150B5CE7B1BC66", "MALWAREBYTES:F1563A57212EB7AEC347075E94FF1605", "MALWAREBYTES:FC8647475CCD473D01B5C0257286E101"]}, {"type": "metasploit", "idList": ["MSF:EXPLOIT-LINUX-LOCAL-CVE_2021_38648_OMIGOD-", "MSF:EXPLOIT-LINUX-MISC-CVE_2021_38647_OMIGOD-", "MSF:EXPLOIT-WINDOWS-FILEFORMAT-WORD_MSHTML_RCE-"]}, {"type": "mmpc", "idList": ["MMPC:27EEFD67E5E7E712750B1472E15C5A0B", "MMPC:795E0A765679492C51FEFA2B19EAD597"]}, {"type": "mscve", "idList": ["MS:CVE-2021-26434", "MS:CVE-2021-26435", "MS:CVE-2021-26437", "MS:CVE-2021-30632", "MS:CVE-2021-36936", "MS:CVE-2021-36947", "MS:CVE-2021-36952", "MS:CVE-2021-36954", "MS:CVE-2021-36955", "MS:CVE-2021-36958", "MS:CVE-2021-36959", "MS:CVE-2021-36960", "MS:CVE-2021-36961", "MS:CVE-2021-36962", "MS:CVE-2021-36963", "MS:CVE-2021-36964", "MS:CVE-2021-36965", "MS:CVE-2021-36966", "MS:CVE-2021-36967", "MS:CVE-2021-36968", "MS:CVE-2021-36969", "MS:CVE-2021-36972", "MS:CVE-2021-36973", "MS:CVE-2021-36974", "MS:CVE-2021-36975", "MS:CVE-2021-38624", "MS:CVE-2021-38625", "MS:CVE-2021-38626", "MS:CVE-2021-38628", "MS:CVE-2021-38629", "MS:CVE-2021-38630", "MS:CVE-2021-38632", "MS:CVE-2021-38633", "MS:CVE-2021-38634", "MS:CVE-2021-38635", "MS:CVE-2021-38636", "MS:CVE-2021-38637", "MS:CVE-2021-38638", "MS:CVE-2021-38639", "MS:CVE-2021-38644", "MS:CVE-2021-38645", "MS:CVE-2021-38646", "MS:CVE-2021-38647", "MS:CVE-2021-38648", "MS:CVE-2021-38649", "MS:CVE-2021-38650", "MS:CVE-2021-38651", "MS:CVE-2021-38652", "MS:CVE-2021-38653", "MS:CVE-2021-38654", "MS:CVE-2021-38655", "MS:CVE-2021-38656", "MS:CVE-2021-38657", "MS:CVE-2021-38658", "MS:CVE-2021-38659", "MS:CVE-2021-38660", "MS:CVE-2021-38661", "MS:CVE-2021-38667", "MS:CVE-2021-38671", "MS:CVE-2021-40440", "MS:CVE-2021-40444", "MS:CVE-2021-40447"]}, {"type": "mskb", "idList": ["KB4484103", "KB4484108", "KB5001958", "KB5001997", "KB5001999", "KB5002003", "KB5002005", "KB5002007", "KB5002009", "KB5002014", "KB5002018", "KB5002020", "KB5002024", "KB5005563", "KB5005565", "KB5005566", "KB5005568", "KB5005569", "KB5005573", "KB5005575", "KB5005606", "KB5005607", "KB5005613", "KB5005615", "KB5005618", "KB5005623", "KB5005627", "KB5005633", "KB5006075", "KB5006076"]}, {"type": "msrc", "idList": ["MSRC:69CC27233CB7711437A7019644E4AE73"]}, {"type": "mssecure", "idList": ["MSSECURE:27EEFD67E5E7E712750B1472E15C5A0B", "MSSECURE:795E0A765679492C51FEFA2B19EAD597"]}, {"type": "nessus", "idList": ["ADOBE_ACROBAT_APSB21-55.NASL", "ADOBE_READER_APSB21-55.NASL", "AZURE_OPEN_MGMT_INFRA_1_6_8_1.NASL", "FREEBSD_PKG_47B571F2157B11ECAE98704D7B472482.NASL", "GENTOO_GLSA-202201-02.NASL", "GOOGLE_CHROME_93_0_4577_82.NASL", "MACOSX_GOOGLE_CHROME_93_0_4577_82.NASL", "MACOS_ADOBE_ACROBAT_APSB21-55.NASL", "MACOS_ADOBE_READER_APSB21-55.NASL", "MACOS_MS21_SEP_OFFICE.NASL", "MICROSOFT_EDGE_CHROMIUM_93_0_961_47.NASL", "MICROSOFT_VISUAL_STUDIO_CODE_1_59_1.NASL", "OMI_1_6_8_1.NASL", "OMI_CVE-2021-38647.NBIN", "OPENSUSE-2021-1300.NASL", "OPENSUSE-2021-1303.NASL", "OPENSUSE-2021-1330.NASL", "OPENSUSE-2022-0070-1.NASL", "SMB_NT_MS21_IE_SEPT_2021.NASL", "SMB_NT_MS21_SEP_5005565.NASL", "SMB_NT_MS21_SEP_5005566.NASL", "SMB_NT_MS21_SEP_5005568.NASL", "SMB_NT_MS21_SEP_5005569.NASL", "SMB_NT_MS21_SEP_5005573.NASL", "SMB_NT_MS21_SEP_5005606.NASL", "SMB_NT_MS21_SEP_5005613.NASL", "SMB_NT_MS21_SEP_5005623.NASL", "SMB_NT_MS21_SEP_5005633.NASL", "SMB_NT_MS21_SEP_EXCEL.NASL", "SMB_NT_MS21_SEP_EXCEL_C2R.NASL", "SMB_NT_MS21_SEP_HEVC.NASL", "SMB_NT_MS21_SEP_INTERNET_EXPLORER.NASL", "SMB_NT_MS21_SEP_MICROSOFT_DYNAMICS_365_BC.NASL", "SMB_NT_MS21_SEP_MPEG2.NASL", "SMB_NT_MS21_SEP_OFFICE.NASL", "SMB_NT_MS21_SEP_OFFICE_C2R.NASL", "SMB_NT_MS21_SEP_OFFICE_SHAREPOINT_2013.NASL", "SMB_NT_MS21_SEP_OFFICE_SHAREPOINT_2016.NASL", "SMB_NT_MS21_SEP_OFFICE_SHAREPOINT_2019.NASL", "SMB_NT_MS21_SEP_OFFICE_WEB.NASL", "SMB_NT_MS21_SEP_VISUAL_STUDIO.NASL"]}, {"type": "packetstorm", "idList": ["PACKETSTORM:164694", "PACKETSTORM:164925", "PACKETSTORM:165214", "PACKETSTORM:167317"]}, {"type": "pentestpartners", "idList": ["PENTESTPARTNERS:E6B48FF79C5D0D1E4DD360F6010F2A93"]}, {"type": "qualysblog", "idList": ["QUALYSBLOG:0082A77BD8EFFF48B406D107FEFD0DD3", "QUALYSBLOG:BC22CE22A3E70823D5F0E944CBD5CE4A"]}, {"type": "rapid7blog", "idList": ["RAPID7BLOG:5CDF95FB2AC31414FD390E0E0A47E057", "RAPID7BLOG:7805FE8CEF45482B462D2B4F7A9F7F75", "RAPID7BLOG:8C1A6CAF7B07CD1A38A8D65351756A2F", "RAPID7BLOG:8D4E5743B0CE5246D493CE7356B4972D", "RAPID7BLOG:AE824D3989C792700A622C455D8EE160", "RAPID7BLOG:CC071AA6971D64B0F7A596B2BBD5F046"]}, {"type": "saint", "idList": ["SAINT:A224EF4FDA8E067B5A4576A0BC6D6F10", "SAINT:B21EB0CE85BB4A8171AF59A4CF014F01", "SAINT:E5FBEA63E5EE8A91F5066541141037D1"]}, {"type": "securelist", "idList": ["SECURELIST:11665FFD7075FB9D59316195101DE894", "SECURELIST:29152837444B2A7E5A9B9FCB107DAB36", "SECURELIST:63306FA6D056BD9A04969409AC790D84", "SECURELIST:86368EF0EA7DAA3D2AB20E0597A62656", "SECURELIST:C540EBB7FD8B7FB9E54E119E88DB5C48"]}, {"type": "suse", "idList": ["OPENSUSE-SU-2021:1300-1", "OPENSUSE-SU-2021:1303-1", "OPENSUSE-SU-2021:1330-1", "OPENSUSE-SU-2022:0070-1", "OPENSUSE-SU-2022:0110-1"]}, {"type": "thn", "idList": ["THN:1A836FDDE57334BC4DAFA65E6DFA02E4", "THN:3F83D0C001F2A9046C61A56F5ABE7695", "THN:4CC79A3CEFEDEB0DC9CF87C5B9035209", "THN:4E80D9371FAC9B29044F9D8F732A3AD5", "THN:50D7C51FE6D69FC5DB5B37402AD0E412", "THN:59AE75C78D4644BFA6AD90225B3DE0C1", "THN:6428957E9DED493169A2E63839F98667", "THN:67ECC712AB360F5A56F2434CDBF6B51F", "THN:69DC54E89A77C1E4E0DFE9C6EA3BAB48", "THN:6A9CD6F085628D08978727C0FF597535", "THN:8A60310AB796B7372A105B7C8811306B", "THN:959FD46A8D71CA9DDAEDD6516113CE3E", "THN:B7217784F9D53002315C9C43CCC73766", "THN:BD014635C5F702379060A20290985162", "THN:C4188C7A44467E425407D33067C14094", "THN:D4E86BD8938D3B2E15104CA4922A51F8", "THN:E7762183A6F7B3DDB942D3F1F99748F6", "THN:F35E41E26872B23A7F620C6D8F7E2334"]}, {"type": "threatpost", "idList": ["THREATPOST:3697F9293A6DFF6CD5927E9E68FF488A", "THREATPOST:3C3F20C93519036CC712D1CA3A6D7C48", "THREATPOST:4C8D995307A845304CF691725B2352A2", "THREATPOST:62DC935BF4DB4EF8A4F1E83519B1D5CD", "THREATPOST:6D61C560E85ECD0A7A35C55E74849510", "THREATPOST:88DD5812D3C8652E304F32507E4F68DD", "THREATPOST:A98C64CB9BDDE55F51C984B749753904", "THREATPOST:ADA9E95C8FD42722E783C74443148525", "THREATPOST:B2FEDF3EA50507F526C77105093E8977", "THREATPOST:C6B47B678F2F0E21955D4053DE13FA64", "THREATPOST:FD28EAD589B45A1A4A7412632B25CEAB"]}, {"type": "trendmicroblog", "idList": ["TRENDMICROBLOG:E0C479F55DF4C53A47CA2170110555AE", "TRENDMICROBLOG:E17B66F8728189778826A0F497A540F2"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2021-30632"]}, {"type": "veracode", "idList": ["VERACODE:32108"]}, {"type": "zdi", "idList": ["ZDI-21-1075", "ZDI-21-1076", "ZDI-21-1077", "ZDI-21-1078", "ZDI-21-1079", "ZDI-21-1080", "ZDI-21-1081", "ZDI-21-1082", "ZDI-21-1083", "ZDI-21-1084", "ZDI-21-1092", "ZDI-21-1093", "ZDI-21-1096", "ZDI-21-1098", "ZDI-21-1099", "ZDI-21-1100", "ZDI-21-1101", "ZDI-21-1103"]}, {"type": "zdt", "idList": ["1337DAY-ID-36967", "1337DAY-ID-37024", "1337DAY-ID-37126"]}]}, "score": {"value": 0.0, "vector": "NONE"}, "backreferences": {"references": [{"type": "adobe", "idList": ["APSB21-", "APSB21-55"]}, {"type": "archlinux", "idList": ["ASA-202109-6"]}, {"type": "attackerkb", "idList": ["AKB:0802ECEE-BB4C-4C5B-969C-32CB9808C281", "AKB:135864DA-C379-4CF4-A283-6C03BDA859D9", "AKB:9AEB3380-7185-402B-B0D2-BE10A1E7F0D9", "AKB:9FA3DEAE-7284-4BC4-9B9E-31A739E6FABE", "AKB:AC92E5DD-15E0-44E1-99A5-C1AED6D4703F", "AKB:F7CCD0B7-220B-49E5-A4DF-27E26B64A3F0"]}, {"type": "avleonov", "idList": ["AVLEONOV:5945665DFA613F7707360C10CED8C916"]}, {"type": "cert", "idList": ["VU:131152"]}, {"type": "checkpoint_advisories", "idList": ["CPAI-2021-0544", "CPAI-2021-0545", "CPAI-2021-0550", "CPAI-2021-0554", "CPAI-2021-0573", "CPAI-2021-0574", "CPAI-2021-0575", "CPAI-2021-0576", "CPAI-2021-0577", "CPAI-2021-0578", "CPAI-2021-0579", "CPAI-2021-0580", "CPAI-2021-0582", "CPAI-2021-0583", "CPAI-2021-0587", "CPAI-2021-0592"]}, {"type": "chrome", "idList": ["GCSA-2705646769654617144"]}, {"type": "cisa", "idList": ["CISA:82FAB13698D3611E1292062AD6C8B405", "CISA:C70D91615E3DC8B589B493118D474566"]}, {"type": "cve", "idList": ["CVE-2021-26434", "CVE-2021-26435", "CVE-2021-26437", "CVE-2021-35982", "CVE-2021-36952", "CVE-2021-36954", "CVE-2021-36955", "CVE-2021-36958", "CVE-2021-36959", "CVE-2021-36960", "CVE-2021-36961", "CVE-2021-36962", "CVE-2021-36963", "CVE-2021-36964", "CVE-2021-36965", "CVE-2021-36966", "CVE-2021-36967", "CVE-2021-36968", "CVE-2021-36969", "CVE-2021-36972", "CVE-2021-36973", "CVE-2021-36974", "CVE-2021-36975", "CVE-2021-38624", "CVE-2021-38625", "CVE-2021-38626", "CVE-2021-38628", "CVE-2021-38629", "CVE-2021-38630", "CVE-2021-38632", "CVE-2021-38633", "CVE-2021-38634", "CVE-2021-38635", "CVE-2021-38636", "CVE-2021-38637", "CVE-2021-38638", "CVE-2021-38639", "CVE-2021-38644", "CVE-2021-38645", "CVE-2021-38646", "CVE-2021-38647", "CVE-2021-38648", "CVE-2021-38649", "CVE-2021-38650", "CVE-2021-38651", "CVE-2021-38652", "CVE-2021-38653", "CVE-2021-38654", "CVE-2021-38655", "CVE-2021-38656", "CVE-2021-38657", "CVE-2021-38658", "CVE-2021-38659", "CVE-2021-38660", "CVE-2021-38661", "CVE-2021-38667", "CVE-2021-38671", "CVE-2021-39836", "CVE-2021-39837", "CVE-2021-39838", "CVE-2021-39839", "CVE-2021-39840", "CVE-2021-39841", "CVE-2021-39842", "CVE-2021-39843", "CVE-2021-39844", "CVE-2021-39845", "CVE-2021-39846", "CVE-2021-39849", "CVE-2021-39850", "CVE-2021-39851", "CVE-2021-39852", "CVE-2021-39853", "CVE-2021-39854", "CVE-2021-39855", "CVE-2021-39856", "CVE-2021-39857", "CVE-2021-39858", "CVE-2021-39860", "CVE-2021-39861", "CVE-2021-39863", "CVE-2021-40440", "CVE-2021-40444", "CVE-2021-40447"]}, {"type": "debiancve", "idList": ["DEBIANCVE:CVE-2021-30632"]}, {"type": "fedora", "idList": ["FEDORA:4CD8430AA7AD", "FEDORA:5C0DB31397D8"]}, {"type": "freebsd", "idList": ["47B571F2-157B-11EC-AE98-704D7B472482"]}, {"type": "gentoo", "idList": ["GLSA-202201-02"]}, {"type": "githubexploit", "idList": ["8B907536-B213-590D-81B9-32CF4A55322E"]}, {"type": "hivepro", "idList": ["HIVEPRO:8AF52D0A3BB6DDEEAC663A63DA954039"]}, {"type": "kaspersky", "idList": ["KLA12277", "KLA12278", "KLA12281", "KLA12282", "KLA12284", "KLA12285", "KLA12286", "KLA12287", "KLA12288", "KLA12289", "KLA12290", "KLA12297"]}, {"type": "kitploit", "idList": ["KITPLOIT:1624142243530526923", "KITPLOIT:2590785192528609562", "KITPLOIT:3456474172768099634", "KITPLOIT:3697667464193804316", "KITPLOIT:4033244480100620751", "KITPLOIT:4074521293617632933", "KITPLOIT:5187040326820919368", "KITPLOIT:5230148353750207837", "KITPLOIT:698315176468431184", "KITPLOIT:942518396640901655"]}, {"type": "krebs", "idList": ["KREBS:2EC42B845847A6DCFE50ECEB9FF61C29", "KREBS:409088FC2DFC219B74043104C2B672CC"]}, {"type": "malwarebytes", "idList": ["MALWAREBYTES:390E663F11CA04293C83488A40CB3A8A", "MALWAREBYTES:76333D1F0FCAFD79FA2EDD4A4CAFBB38", "MALWAREBYTES:7F8FC685D6EFDE8FC4909FDA86D496A5", "MALWAREBYTES:801E20618F96EF51F9E60F7BC7906C2B", "MALWAREBYTES:DB54B348AF1AC41987150B5CE7B1BC66"]}, {"type": "mmpc", "idList": ["MMPC:795E0A765679492C51FEFA2B19EAD597"]}, {"type": "mscve", "idList": ["MS:CVE-2021-26434", "MS:CVE-2021-26435", "MS:CVE-2021-26437", "MS:CVE-2021-30632", "MS:CVE-2021-36952", "MS:CVE-2021-36954", "MS:CVE-2021-36955", "MS:CVE-2021-36958", "MS:CVE-2021-36959", "MS:CVE-2021-36960", "MS:CVE-2021-36961", "MS:CVE-2021-36962", "MS:CVE-2021-36963", "MS:CVE-2021-36964", "MS:CVE-2021-36965", "MS:CVE-2021-36966", "MS:CVE-2021-36967", "MS:CVE-2021-36968", "MS:CVE-2021-36969", "MS:CVE-2021-36972", "MS:CVE-2021-36973", "MS:CVE-2021-36974", "MS:CVE-2021-36975", "MS:CVE-2021-38624", "MS:CVE-2021-38625", "MS:CVE-2021-38626", "MS:CVE-2021-38628", "MS:CVE-2021-38629", "MS:CVE-2021-38630", "MS:CVE-2021-38632", "MS:CVE-2021-38633", "MS:CVE-2021-38634", "MS:CVE-2021-38635", "MS:CVE-2021-38636", "MS:CVE-2021-38637", "MS:CVE-2021-38638", "MS:CVE-2021-38639", "MS:CVE-2021-38644", "MS:CVE-2021-38645", "MS:CVE-2021-38646", "MS:CVE-2021-38647", "MS:CVE-2021-38648", "MS:CVE-2021-38649", "MS:CVE-2021-38650", "MS:CVE-2021-38651", "MS:CVE-2021-38652", "MS:CVE-2021-38653", "MS:CVE-2021-38654", "MS:CVE-2021-38655", "MS:CVE-2021-38656", "MS:CVE-2021-38657", "MS:CVE-2021-38658", "MS:CVE-2021-38659", "MS:CVE-2021-38660", "MS:CVE-2021-38661", "MS:CVE-2021-38667", "MS:CVE-2021-38671", "MS:CVE-2021-40440", "MS:CVE-2021-40444", "MS:CVE-2021-40447"]}, {"type": "mskb", "idList": ["KB4484103", "KB5005565", "KB5006075"]}, {"type": "msrc", "idList": ["MSRC:69CC27233CB7711437A7019644E4AE73"]}, {"type": "mssecure", "idList": ["MSSECURE:795E0A765679492C51FEFA2B19EAD597"]}, {"type": "nessus", "idList": ["ADOBE_ACROBAT_APSB21-55.NASL", "ADOBE_READER_APSB21-55.NASL", "AZURE_OPEN_MGMT_INFRA_1_6_8_1.NASL", "FREEBSD_PKG_47B571F2157B11ECAE98704D7B472482.NASL", "GENTOO_GLSA-202201-02.NASL", "GOOGLE_CHROME_93_0_4577_82.NASL", "MACOSX_GOOGLE_CHROME_93_0_4577_82.NASL", "MACOS_ADOBE_ACROBAT_APSB21-55.NASL", "MACOS_MS21_SEP_OFFICE.NASL", "MICROSOFT_EDGE_CHROMIUM_93_0_961_47.NASL", "MICROSOFT_VISUAL_STUDIO_CODE_1_59_1.NASL", "OMI_1_6_8_1.NASL", "OMI_CVE-2021-38647.NBIN", "OPENSUSE-2021-1300.NASL", "OPENSUSE-2021-1303.NASL", "SMB_NT_MS21_IE_SEPT_2021.NASL", "SMB_NT_MS21_SEP_5005565.NASL", "SMB_NT_MS21_SEP_5005566.NASL", "SMB_NT_MS21_SEP_5005568.NASL", "SMB_NT_MS21_SEP_5005569.NASL", "SMB_NT_MS21_SEP_5005573.NASL", "SMB_NT_MS21_SEP_5005606.NASL", "SMB_NT_MS21_SEP_5005613.NASL", "SMB_NT_MS21_SEP_5005623.NASL", "SMB_NT_MS21_SEP_5005633.NASL", "SMB_NT_MS21_SEP_INTERNET_EXPLORER.NASL", "SMB_NT_MS21_SEP_MICROSOFT_DYNAMICS_365_BC.NASL", "SMB_NT_MS21_SEP_VISUAL_STUDIO.NASL"]}, {"type": "packetstorm", "idList": ["PACKETSTORM:164694", "PACKETSTORM:164925", "PACKETSTORM:165214"]}, {"type": "qualysblog", "idList": ["QUALYSBLOG:BC22CE22A3E70823D5F0E944CBD5CE4A"]}, {"type": "rapid7blog", "idList": ["RAPID7BLOG:5CDF95FB2AC31414FD390E0E0A47E057", "RAPID7BLOG:8C1A6CAF7B07CD1A38A8D65351756A2F", "RAPID7BLOG:8D4E5743B0CE5246D493CE7356B4972D", "RAPID7BLOG:AE824D3989C792700A622C455D8EE160", "RAPID7BLOG:CC071AA6971D64B0F7A596B2BBD5F046"]}, {"type": "saint", "idList": ["SAINT:B21EB0CE85BB4A8171AF59A4CF014F01"]}, {"type": "securelist", "idList": ["SECURELIST:63306FA6D056BD9A04969409AC790D84", "SECURELIST:C540EBB7FD8B7FB9E54E119E88DB5C48"]}, {"type": "suse", "idList": ["OPENSUSE-SU-2021:1300-1", "OPENSUSE-SU-2021:1303-1", "OPENSUSE-SU-2021:1330-1"]}, {"type": "thn", "idList": ["THN:1A836FDDE57334BC4DAFA65E6DFA02E4", "THN:3F83D0C001F2A9046C61A56F5ABE7695", "THN:4CC79A3CEFEDEB0DC9CF87C5B9035209", "THN:50D7C51FE6D69FC5DB5B37402AD0E412", "THN:59AE75C78D4644BFA6AD90225B3DE0C1", "THN:6428957E9DED493169A2E63839F98667", "THN:67ECC712AB360F5A56F2434CDBF6B51F", "THN:69DC54E89A77C1E4E0DFE9C6EA3BAB48", "THN:6A9CD6F085628D08978727C0FF597535", "THN:B7217784F9D53002315C9C43CCC73766", "THN:C4188C7A44467E425407D33067C14094", "THN:D4E86BD8938D3B2E15104CA4922A51F8"]}, {"type": "threatpost", "idList": ["THREATPOST:3C3F20C93519036CC712D1CA3A6D7C48", "THREATPOST:62DC935BF4DB4EF8A4F1E83519B1D5CD", "THREATPOST:6D61C560E85ECD0A7A35C55E74849510", "THREATPOST:88DD5812D3C8652E304F32507E4F68DD", "THREATPOST:ADA9E95C8FD42722E783C74443148525", "THREATPOST:C6B47B678F2F0E21955D4053DE13FA64", "THREATPOST:FD28EAD589B45A1A4A7412632B25CEAB"]}, {"type": "trendmicroblog", "idList": ["TRENDMICROBLOG:E0C479F55DF4C53A47CA2170110555AE", "TRENDMICROBLOG:E17B66F8728189778826A0F497A540F2"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2021-30632"]}, {"type": "zdi", "idList": ["ZDI-21-1075", "ZDI-21-1076", "ZDI-21-1077", "ZDI-21-1078", "ZDI-21-1079", "ZDI-21-1080", "ZDI-21-1081", "ZDI-21-1082", "ZDI-21-1083", "ZDI-21-1084", "ZDI-21-1092", "ZDI-21-1093", "ZDI-21-1096", "ZDI-21-1098", "ZDI-21-1099", "ZDI-21-1100", "ZDI-21-1101", "ZDI-21-1103"]}, {"type": "zdt", "idList": ["1337DAY-ID-36967", "1337DAY-ID-37024", "1337DAY-ID-37126"]}]}, "exploitation": null, "epss": [{"cve": "CVE-2021-26434", "epss": "0.000460000", "percentile": "0.127700000", "modified": "2023-03-17"}, {"cve": "CVE-2021-26435", "epss": "0.000610000", "percentile": "0.237510000", "modified": "2023-03-17"}, {"cve": "CVE-2021-26437", "epss": "0.001210000", "percentile": "0.446540000", "modified": "2023-03-17"}, {"cve": "CVE-2021-30632", "epss": "0.893050000", "percentile": "0.981180000", "modified": "2023-03-17"}, {"cve": "CVE-2021-35982", "epss": "0.001420000", "percentile": "0.482480000", "modified": "2023-03-17"}, {"cve": "CVE-2021-36952", "epss": "0.002450000", "percentile": "0.607600000", "modified": "2023-03-17"}, {"cve": "CVE-2021-36954", "epss": "0.000430000", "percentile": "0.073630000", "modified": "2023-03-17"}, {"cve": "CVE-2021-36955", "epss": "0.026040000", "percentile": "0.886310000", "modified": "2023-03-17"}, {"cve": "CVE-2021-36958", "epss": "0.003670000", "percentile": "0.681480000", "modified": "2023-03-17"}, {"cve": "CVE-2021-36959", "epss": "0.001210000", "percentile": "0.446540000", "modified": "2023-03-17"}, {"cve": "CVE-2021-36960", "epss": "0.002770000", "percentile": "0.632070000", "modified": "2023-03-17"}, {"cve": "CVE-2021-36961", "epss": "0.000430000", "percentile": "0.075730000", "modified": "2023-03-17"}, {"cve": "CVE-2021-36962", "epss": "0.000430000", "percentile": "0.077570000", "modified": "2023-03-17"}, {"cve": "CVE-2021-36963", "epss": "0.000430000", "percentile": "0.073630000", "modified": "2023-03-17"}, {"cve": "CVE-2021-36964", "epss": "0.000430000", "percentile": "0.073630000", "modified": "2023-03-17"}, {"cve": "CVE-2021-36965", "epss": "0.013190000", "percentile": "0.838930000", "modified": "2023-03-17"}, {"cve": "CVE-2021-36966", "epss": "0.000430000", "percentile": "0.073630000", "modified": "2023-03-17"}, {"cve": "CVE-2021-36967", "epss": "0.000570000", "percentile": "0.216950000", "modified": "2023-03-17"}, {"cve": "CVE-2021-36968", "epss": "0.000430000", "percentile": "0.073630000", "modified": "2023-03-17"}, {"cve": "CVE-2021-36969", "epss": "0.000430000", "percentile": "0.073630000", "modified": "2023-03-17"}, {"cve": "CVE-2021-36972", "epss": "0.000430000", "percentile": "0.073630000", "modified": "2023-03-17"}, {"cve": "CVE-2021-36973", "epss": "0.000430000", "percentile": "0.073630000", "modified": "2023-03-17"}, {"cve": "CVE-2021-36974", "epss": "0.000430000", "percentile": "0.073630000", "modified": "2023-03-17"}, {"cve": "CVE-2021-36975", "epss": "0.000430000", "percentile": "0.073630000", "modified": "2023-03-17"}, {"cve": "CVE-2021-38624", "epss": "0.000590000", "percentile": "0.230640000", "modified": "2023-03-17"}, {"cve": "CVE-2021-38625", "epss": "0.000430000", "percentile": "0.073630000", "modified": "2023-03-17"}, {"cve": "CVE-2021-38626", "epss": "0.000430000", "percentile": "0.073630000", "modified": "2023-03-17"}, {"cve": "CVE-2021-38628", "epss": "0.000430000", "percentile": "0.073630000", "modified": "2023-03-17"}, {"cve": "CVE-2021-38629", "epss": "0.066750000", "percentile": "0.926720000", "modified": "2023-03-17"}, {"cve": "CVE-2021-38630", "epss": "0.000430000", "percentile": "0.073630000", "modified": "2023-03-17"}, {"cve": "CVE-2021-38632", "epss": "0.000540000", "percentile": "0.200630000", "modified": "2023-03-17"}, {"cve": "CVE-2021-38633", "epss": "0.000430000", "percentile": "0.073630000", "modified": "2023-03-17"}, {"cve": "CVE-2021-38634", "epss": "0.000460000", "percentile": "0.127700000", "modified": "2023-03-17"}, {"cve": "CVE-2021-38635", "epss": "0.000430000", "percentile": "0.073630000", "modified": "2023-03-17"}, {"cve": "CVE-2021-38636", "epss": "0.000430000", "percentile": "0.073630000", "modified": "2023-03-17"}, {"cve": "CVE-2021-38637", "epss": "0.000430000", "percentile": "0.073630000", "modified": "2023-03-17"}, {"cve": "CVE-2021-38638", "epss": "0.000430000", "percentile": "0.073630000", "modified": "2023-03-17"}, {"cve": "CVE-2021-38639", "epss": "0.000430000", "percentile": "0.073630000", "modified": "2023-03-17"}, {"cve": "CVE-2021-38644", "epss": "0.005230000", "percentile": "0.733370000", "modified": "2023-03-17"}, {"cve": "CVE-2021-38645", "epss": "0.026040000", "percentile": "0.886310000", "modified": "2023-03-17"}, {"cve": "CVE-2021-38646", "epss": "0.008410000", "percentile": "0.795260000", "modified": "2023-03-17"}, {"cve": "CVE-2021-38647", "epss": "0.974860000", "percentile": "0.999410000", "modified": "2023-03-17"}, {"cve": "CVE-2021-38648", "epss": "0.973400000", "percentile": "0.997750000", "modified": "2023-03-17"}, {"cve": "CVE-2021-38649", "epss": "0.026040000", "percentile": "0.886310000", "modified": "2023-03-17"}, {"cve": "CVE-2021-38650", "epss": "0.000610000", "percentile": "0.238860000", "modified": "2023-03-17"}, {"cve": "CVE-2021-38651", "epss": "0.000610000", "percentile": "0.238860000", "modified": "2023-03-17"}, {"cve": "CVE-2021-38652", "epss": "0.000610000", "percentile": "0.238860000", "modified": "2023-03-17"}, {"cve": "CVE-2021-38653", "epss": "0.002450000", "percentile": "0.607600000", "modified": "2023-03-17"}, {"cve": "CVE-2021-38654", "epss": "0.001860000", "percentile": "0.542150000", "modified": "2023-03-17"}, {"cve": "CVE-2021-38655", "epss": "0.002140000", "percentile": "0.577200000", "modified": "2023-03-17"}, {"cve": "CVE-2021-38656", "epss": "0.002140000", "percentile": "0.577200000", "modified": "2023-03-17"}, {"cve": "CVE-2021-38657", "epss": "0.000430000", "percentile": "0.073630000", "modified": "2023-03-17"}, {"cve": "CVE-2021-38658", "epss": "0.001860000", "percentile": "0.542150000", "modified": "2023-03-17"}, {"cve": "CVE-2021-38659", "epss": "0.002110000", "percentile": "0.572730000", "modified": "2023-03-17"}, {"cve": "CVE-2021-38660", "epss": "0.005230000", "percentile": "0.733370000", "modified": "2023-03-17"}, {"cve": "CVE-2021-38661", "epss": "0.005230000", "percentile": "0.733370000", "modified": "2023-03-17"}, {"cve": "CVE-2021-38667", "epss": "0.000430000", "percentile": "0.073630000", "modified": "2023-03-17"}, {"cve": "CVE-2021-38671", "epss": "0.000430000", "percentile": "0.073630000", "modified": "2023-03-17"}, {"cve": "CVE-2021-39836", "epss": "0.159310000", "percentile": "0.950370000", "modified": "2023-03-17"}, {"cve": "CVE-2021-39837", "epss": "0.159310000", "percentile": "0.950370000", "modified": "2023-03-17"}, {"cve": "CVE-2021-39838", "epss": "0.159310000", "percentile": "0.950370000", "modified": "2023-03-17"}, {"cve": "CVE-2021-39839", "epss": "0.159310000", "percentile": "0.950370000", "modified": "2023-03-17"}, {"cve": "CVE-2021-39840", "epss": "0.159310000", "percentile": "0.950370000", "modified": "2023-03-17"}, {"cve": "CVE-2021-39841", "epss": "0.001220000", "percentile": "0.448240000", "modified": "2023-03-17"}, {"cve": "CVE-2021-39842", "epss": "0.032220000", "percentile": "0.896820000", "modified": "2023-03-17"}, {"cve": "CVE-2021-39843", "epss": "0.111240000", "percentile": "0.942190000", "modified": "2023-03-17"}, {"cve": "CVE-2021-39844", "epss": "0.000570000", "percentile": "0.216780000", "modified": "2023-03-17"}, {"cve": "CVE-2021-39845", "epss": "0.001210000", "percentile": "0.446430000", "modified": "2023-03-17"}, {"cve": "CVE-2021-39846", "epss": "0.001210000", "percentile": "0.446430000", "modified": "2023-03-17"}, {"cve": "CVE-2021-39849", "epss": "0.000630000", "percentile": "0.247490000", "modified": "2023-03-17"}, {"cve": "CVE-2021-39850", "epss": "0.000630000", "percentile": "0.247490000", "modified": "2023-03-17"}, {"cve": "CVE-2021-39851", "epss": "0.000630000", "percentile": "0.247490000", "modified": "2023-03-17"}, {"cve": "CVE-2021-39852", "epss": "0.000630000", "percentile": "0.247490000", "modified": "2023-03-17"}, {"cve": "CVE-2021-39853", "epss": "0.000630000", "percentile": "0.247490000", "modified": "2023-03-17"}, {"cve": "CVE-2021-39854", "epss": "0.000630000", "percentile": "0.247490000", "modified": "2023-03-17"}, {"cve": "CVE-2021-39855", "epss": "0.002480000", "percentile": "0.609720000", "modified": "2023-03-17"}, {"cve": "CVE-2021-39856", "epss": "0.002480000", "percentile": "0.609720000", "modified": "2023-03-17"}, {"cve": "CVE-2021-39857", "epss": "0.001250000", "percentile": "0.452870000", "modified": "2023-03-17"}, {"cve": "CVE-2021-39858", "epss": "0.000440000", "percentile": "0.107480000", "modified": "2023-03-17"}, {"cve": "CVE-2021-39860", "epss": "0.000760000", "percentile": "0.306630000", "modified": "2023-03-17"}, {"cve": "CVE-2021-39861", "epss": "0.000740000", "percentile": "0.300100000", "modified": "2023-03-17"}, {"cve": "CVE-2021-39863", "epss": "0.001340000", "percentile": "0.468910000", "modified": "2023-03-17"}, {"cve": "CVE-2021-40440", "epss": "0.000520000", "percentile": "0.180990000", "modified": "2023-03-17"}, {"cve": "CVE-2021-40444", "epss": "0.966120000", "percentile": "0.993300000", "modified": "2023-03-17"}, {"cve": "CVE-2021-40447", "epss": "0.000430000", "percentile": "0.073630000", "modified": "2023-03-17"}], "vulnersScore": 0.0}, "_state": {"dependencies": 1660004461, "score": 1684009192, "epss": 1679112172}, "_internal": {"score_hash": "14df594923145994f6a43a008d91a445"}}

{"kaspersky": [{"lastseen": "2023-05-27T14:56:57", "description": "### *Detect date*:\n09/14/2021\n\n### *Severity*:\nCritical\n\n### *Description*:\nMultiple vulnerabilities were found in Microsoft Windows. Malicious users can exploit these vulnerabilities to gain privileges, obtain sensitive information, cause denial of service, bypass security restrictions, execute arbitrary code, spoof user interface.\n\n### *Exploitation*:\nMalware exists for this vulnerability. Usually such malware is classified as Exploit. [More details](<https://threats.kaspersky.com/en/class/Exploit/>).\n\n### *Affected products*:\nWindows Server 2012 R2 (Server Core installation) \nWindows 10 Version 21H1 for x64-based Systems \nWindows Server 2008 for 32-bit Systems Service Pack 2 \nWindows 10 Version 1909 for 32-bit Systems \nWindows Server 2022 \nWindows Server 2022 (Server Core installation) \nWindows 7 for 32-bit Systems Service Pack 1 \nWindows Server 2008 R2 for x64-based Systems Service Pack 1 \nWindows Server, version 2004 (Server Core installation) \nWindows Server 2016 (Server Core installation) \nWindows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) \nWindows 10 Version 1809 for ARM64-based Systems \nWindows 10 Version 20H2 for ARM64-based Systems \nWindows 10 Version 1809 for x64-based Systems \nWindows 10 Version 2004 for ARM64-based Systems \nWindows 10 Version 2004 for x64-based Systems \nWindows Server 2016 \nWindows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) \nWindows 10 Version 1909 for x64-based Systems \nHEVC Video Extensions \nWindows Server 2012 (Server Core installation) \nWindows 10 Version 2004 for 32-bit Systems \nWindows 10 Version 1607 for 32-bit Systems \nWindows 10 Version 1909 for ARM64-based Systems \nWindows 8.1 for x64-based systems \nWindows 10 for x64-based Systems \nWindows RT 8.1 \nWindows Server 2012 R2 \nWindows Server 2012 \nWindows 10 Version 1809 for 32-bit Systems \nWindows 10 Version 21H1 for 32-bit Systems \nWindows Server 2019 \nWindows 10 Version 1607 for x64-based Systems \nWindows 8.1 for 32-bit systems \nWindows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) \nWindows Server 2019 (Server Core installation) \nWindows 10 Version 20H2 for x64-based Systems \nWindows 7 for x64-based Systems Service Pack 1 \nWindows Server 2008 for x64-based Systems Service Pack 2 \nWindows 10 Version 21H1 for ARM64-based Systems \nWindows Server, version 20H2 (Server Core Installation) \nWindows 10 for 32-bit Systems \nWindows 10 Version 20H2 for 32-bit Systems\n\n### *Solution*:\nInstall necessary updates from the KB section, that are listed in your Windows Update (Windows Update usually can be accessed from the Control Panel)\n\n### *Original advisories*:\n[CVE-2021-36973](<https://nvd.nist.gov/vuln/detail/CVE-2021-36973>) \n[CVE-2021-38635](<https://nvd.nist.gov/vuln/detail/CVE-2021-38635>) \n[CVE-2021-36962](<https://nvd.nist.gov/vuln/detail/CVE-2021-36962>) \n[CVE-2021-38628](<https://nvd.nist.gov/vuln/detail/CVE-2021-38628>) \n[CVE-2021-36961](<https://nvd.nist.gov/vuln/detail/CVE-2021-36961>) \n[CVE-2021-38638](<https://nvd.nist.gov/vuln/detail/CVE-2021-38638>) \n[CVE-2021-36964](<https://nvd.nist.gov/vuln/detail/CVE-2021-36964>) \n[CVE-2021-38632](<https://nvd.nist.gov/vuln/detail/CVE-2021-38632>) \n[CVE-2021-38644](<https://nvd.nist.gov/vuln/detail/CVE-2021-38644>) \n[CVE-2021-36967](<https://nvd.nist.gov/vuln/detail/CVE-2021-36967>) \n[CVE-2021-36959](<https://nvd.nist.gov/vuln/detail/CVE-2021-36959>) \n[CVE-2021-36960](<https://nvd.nist.gov/vuln/detail/CVE-2021-36960>) \n[CVE-2021-38636](<https://nvd.nist.gov/vuln/detail/CVE-2021-38636>) \n[CVE-2021-38634](<https://nvd.nist.gov/vuln/detail/CVE-2021-38634>) \n[CVE-2021-36972](<https://nvd.nist.gov/vuln/detail/CVE-2021-36972>) \n[CVE-2021-36969](<https://nvd.nist.gov/vuln/detail/CVE-2021-36969>) \n[CVE-2021-26435](<https://nvd.nist.gov/vuln/detail/CVE-2021-26435>) \n[CVE-2021-36955](<https://nvd.nist.gov/vuln/detail/CVE-2021-36955>) \n[CVE-2021-38630](<https://nvd.nist.gov/vuln/detail/CVE-2021-38630>) \n[CVE-2021-38671](<https://nvd.nist.gov/vuln/detail/CVE-2021-38671>) \n[CVE-2021-40447](<https://nvd.nist.gov/vuln/detail/CVE-2021-40447>) \n[CVE-2021-36974](<https://nvd.nist.gov/vuln/detail/CVE-2021-36974>) \n[CVE-2021-38629](<https://nvd.nist.gov/vuln/detail/CVE-2021-38629>) \n[CVE-2021-38639](<https://nvd.nist.gov/vuln/detail/CVE-2021-38639>) \n[CVE-2021-36966](<https://nvd.nist.gov/vuln/detail/CVE-2021-36966>) \n[CVE-2021-38667](<https://nvd.nist.gov/vuln/detail/CVE-2021-38667>) \n[CVE-2021-36965](<https://nvd.nist.gov/vuln/detail/CVE-2021-36965>) \n[CVE-2021-36963](<https://nvd.nist.gov/vuln/detail/CVE-2021-36963>) \n[CVE-2021-38624](<https://nvd.nist.gov/vuln/detail/CVE-2021-38624>) \n[CVE-2021-38661](<https://nvd.nist.gov/vuln/detail/CVE-2021-38661>) \n[CVE-2021-36954](<https://nvd.nist.gov/vuln/detail/CVE-2021-36954>) \n[CVE-2021-38633](<https://nvd.nist.gov/vuln/detail/CVE-2021-38633>) \n[CVE-2021-36975](<https://nvd.nist.gov/vuln/detail/CVE-2021-36975>) \n[CVE-2021-38637](<https://nvd.nist.gov/vuln/detail/CVE-2021-38637>) \n\n\n### *Impacts*:\nACE \n\n### *Related products*:\n[Microsoft Windows](<https://threats.kaspersky.com/en/product/Microsoft-Windows/>)\n\n### *KB list*:\n[5005613](<http://support.microsoft.com/kb/5005613>) \n[5005568](<http://support.microsoft.com/kb/5005568>) \n[5005575](<http://support.microsoft.com/kb/5005575>) \n[5005627](<http://support.microsoft.com/kb/5005627>) \n[5005565](<http://support.microsoft.com/kb/5005565>) \n[5005623](<http://support.microsoft.com/kb/5005623>) \n[5005573](<http://support.microsoft.com/kb/5005573>) \n[5005569](<http://support.microsoft.com/kb/5005569>) \n[5005566](<http://support.microsoft.com/kb/5005566>) \n[5005607](<http://support.microsoft.com/kb/5005607>) \n[5006699](<http://support.microsoft.com/kb/5006699>) \n[5006672](<http://support.microsoft.com/kb/5006672>) \n[5006674](<http://support.microsoft.com/kb/5006674>) \n[5006670](<http://support.microsoft.com/kb/5006670>) \n[5006667](<http://support.microsoft.com/kb/5006667>)\n\n### *Microsoft official advisories*:", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-09-14T00:00:00", "type": "kaspersky", "title": "KLA12290 Multiple vulnerabilities in Microsoft Windows", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-26435", "CVE-2021-36954", "CVE-2021-36955", "CVE-2021-36959", "CVE-2021-36960", "CVE-2021-36961", "CVE-2021-36962", "CVE-2021-36963", "CVE-2021-36964", "CVE-2021-36965", "CVE-2021-36966", "CVE-2021-36967", "CVE-2021-36969", "CVE-2021-36972", "CVE-2021-36973", "CVE-2021-36974", "CVE-2021-36975", "CVE-2021-38624", "CVE-2021-38628", "CVE-2021-38629", "CVE-2021-38630", "CVE-2021-38632", "CVE-2021-38633", "CVE-2021-38634", "CVE-2021-38635", "CVE-2021-38636", "CVE-2021-38637", "CVE-2021-38638", "CVE-2021-38639", "CVE-2021-38644", "CVE-2021-38661", "CVE-2021-38667", "CVE-2021-38671", "CVE-2021-40447"], "modified": "2021-10-14T00:00:00", "id": "KLA12290", "href": "https://threats.kaspersky.com/en/vulnerability/KLA12290/", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-05-27T14:56:59", "description": "### *Detect date*:\n09/14/2021\n\n### *Severity*:\nCritical\n\n### *Description*:\nMultiple vulnerabilities were found in Microsoft Products (Extended Security Update). Malicious users can exploit these vulnerabilities to obtain sensitive information, gain privileges, cause denial of service, spoof user interface, execute arbitrary code.\n\n### *Affected products*:\nWindows Server 2012 R2 (Server Core installation) \nWindows 10 Version 21H1 for x64-based Systems \nWindows Server 2008 for 32-bit Systems Service Pack 2 \nWindows 10 Version 1909 for 32-bit Systems \nWindows Server 2022 \nWindows Server 2022 (Server Core installation) \nWindows 7 for 32-bit Systems Service Pack 1 \nWindows Server 2008 R2 for x64-based Systems Service Pack 1 \nWindows Server, version 2004 (Server Core installation) \nWindows Server 2016 (Server Core installation) \nWindows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) \nWindows 10 Version 1809 for ARM64-based Systems \nWindows 10 Version 20H2 for ARM64-based Systems \nWindows 10 Version 1809 for x64-based Systems \nWindows 10 Version 2004 for ARM64-based Systems \nWindows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) \nWindows Server 2016 \nWindows 10 Version 2004 for x64-based Systems \nWindows 10 Version 1909 for x64-based Systems \nWindows Server 2012 (Server Core installation) \nWindows 10 Version 2004 for 32-bit Systems \nWindows 10 Version 1607 for 32-bit Systems \nWindows 10 Version 1909 for ARM64-based Systems \nWindows 8.1 for x64-based systems \nWindows RT 8.1 \nWindows 10 for x64-based Systems \nWindows Server 2012 R2 \nWindows Server 2012 \nWindows 10 Version 1809 for 32-bit Systems \nWindows 10 Version 21H1 for 32-bit Systems \nWindows Server 2019 \nWindows 10 Version 1607 for x64-based Systems \nWindows 8.1 for 32-bit systems \nWindows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) \nWindows Server 2019 (Server Core installation) \nWindows 10 Version 20H2 for x64-based Systems \nWindows 7 for x64-based Systems Service Pack 1 \nWindows Server 2008 for x64-based Systems Service Pack 2 \nWindows 10 Version 21H1 for ARM64-based Systems \nWindows Server, version 20H2 (Server Core Installation) \nWindows 10 for 32-bit Systems \nWindows 10 Version 20H2 for 32-bit Systems\n\n### *Solution*:\nInstall necessary updates from the KB section, that are listed in your Windows Update (Windows Update usually can be accessed from the Control Panel)\n\n### *Original advisories*:\n[CVE-2021-38635](<https://nvd.nist.gov/vuln/detail/CVE-2021-38635>) \n[CVE-2021-36962](<https://nvd.nist.gov/vuln/detail/CVE-2021-36962>) \n[CVE-2021-38628](<https://nvd.nist.gov/vuln/detail/CVE-2021-38628>) \n[CVE-2021-36961](<https://nvd.nist.gov/vuln/detail/CVE-2021-36961>) \n[CVE-2021-38671](<https://nvd.nist.gov/vuln/detail/CVE-2021-38671>) \n[CVE-2021-26435](<https://nvd.nist.gov/vuln/detail/CVE-2021-26435>) \n[CVE-2021-38630](<https://nvd.nist.gov/vuln/detail/CVE-2021-38630>) \n[CVE-2021-36969](<https://nvd.nist.gov/vuln/detail/CVE-2021-36969>) \n[CVE-2021-36955](<https://nvd.nist.gov/vuln/detail/CVE-2021-36955>) \n[CVE-2021-38638](<https://nvd.nist.gov/vuln/detail/CVE-2021-38638>) \n[CVE-2021-36964](<https://nvd.nist.gov/vuln/detail/CVE-2021-36964>) \n[CVE-2021-38629](<https://nvd.nist.gov/vuln/detail/CVE-2021-38629>) \n[CVE-2021-40447](<https://nvd.nist.gov/vuln/detail/CVE-2021-40447>) \n[CVE-2021-38639](<https://nvd.nist.gov/vuln/detail/CVE-2021-38639>) \n[CVE-2021-36959](<https://nvd.nist.gov/vuln/detail/CVE-2021-36959>) \n[CVE-2021-38667](<https://nvd.nist.gov/vuln/detail/CVE-2021-38667>) \n[CVE-2021-38626](<https://nvd.nist.gov/vuln/detail/CVE-2021-38626>) \n[CVE-2021-38636](<https://nvd.nist.gov/vuln/detail/CVE-2021-38636>) \n[CVE-2021-36960](<https://nvd.nist.gov/vuln/detail/CVE-2021-36960>) \n[CVE-2021-36965](<https://nvd.nist.gov/vuln/detail/CVE-2021-36965>) \n[CVE-2021-36968](<https://nvd.nist.gov/vuln/detail/CVE-2021-36968>) \n[CVE-2021-36963](<https://nvd.nist.gov/vuln/detail/CVE-2021-36963>) \n[CVE-2021-38625](<https://nvd.nist.gov/vuln/detail/CVE-2021-38625>) \n[CVE-2021-38633](<https://nvd.nist.gov/vuln/detail/CVE-2021-38633>) \n\n\n### *Impacts*:\nACE \n\n### *Related products*:\n[Microsoft Windows](<https://threats.kaspersky.com/en/product/Microsoft-Windows/>)\n\n### *KB list*:\n[5005633](<http://support.microsoft.com/kb/5005633>) \n[5005606](<http://support.microsoft.com/kb/5005606>) \n[5005615](<http://support.microsoft.com/kb/5005615>) \n[5005618](<http://support.microsoft.com/kb/5005618>)", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-09-14T00:00:00", "type": "kaspersky", "title": "KLA12289 Multiple vulnerabilities in Microsoft Products (ESU)", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-26435", "CVE-2021-36955", "CVE-2021-36959", "CVE-2021-36960", "CVE-2021-36961", "CVE-2021-36962", "CVE-2021-36963", "CVE-2021-36964", "CVE-2021-36965", "CVE-2021-36968", "CVE-2021-36969", "CVE-2021-38625", "CVE-2021-38626", "CVE-2021-38628", "CVE-2021-38629", "CVE-2021-38630", "CVE-2021-38633", "CVE-2021-38635", "CVE-2021-38636", "CVE-2021-38638", "CVE-2021-38639", "CVE-2021-38667", "CVE-2021-38671", "CVE-2021-40447"], "modified": "2021-09-16T00:00:00", "id": "KLA12289", "href": "https://threats.kaspersky.com/en/vulnerability/KLA12289/", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-05-23T16:30:39", "description": "### *Detect date*:\n09/14/2021\n\n### *Severity*:\nHigh\n\n### *Description*:\nMultiple vulnerabilities were found in Microsoft Office. Malicious users can exploit these vulnerabilities to execute arbitrary code, spoof user interface.\n\n### *Affected products*:\nMicrosoft Office 2013 Service Pack 1 (32-bit editions) \nMicrosoft Excel 2013 Service Pack 1 (64-bit editions) \nMicrosoft Office 2019 for 64-bit editions \nMicrosoft Excel 2016 (32-bit edition) \nMicrosoft Office 2019 for Mac \nMicrosoft Office 2013 Service Pack 1 (64-bit editions) \nMicrosoft 365 Apps for Enterprise for 32-bit Systems \nMicrosoft Office 2016 (32-bit edition) \nMicrosoft SharePoint Enterprise Server 2016 \nMicrosoft Office 2016 (64-bit edition) \nMicrosoft Excel 2013 Service Pack 1 (32-bit editions) \nMicrosoft Office Online Server \nMicrosoft 365 Apps for Enterprise for 64-bit Systems \nMicrosoft Office Web Apps Server 2013 Service Pack 1 \nMicrosoft Office 2019 for 32-bit editions \nMicrosoft Excel 2016 (64-bit edition) \nMicrosoft Office 2013 RT Service Pack 1 \nMicrosoft Excel 2013 RT Service Pack 1 \nMicrosoft SharePoint Foundation 2013 Service Pack 1 \nMicrosoft SharePoint Server 2019\n\n### *Solution*:\nInstall necessary updates from the KB section, that are listed in your Windows Update (Windows Update usually can be accessed from the Control Panel)\n\n### *Original advisories*:\n[CVE-2021-38660](<https://nvd.nist.gov/vuln/detail/CVE-2021-38660>) \n[CVE-2021-38654](<https://nvd.nist.gov/vuln/detail/CVE-2021-38654>) \n[CVE-2021-38655](<https://nvd.nist.gov/vuln/detail/CVE-2021-38655>) \n[CVE-2021-38656](<https://nvd.nist.gov/vuln/detail/CVE-2021-38656>) \n[CVE-2021-38659](<https://nvd.nist.gov/vuln/detail/CVE-2021-38659>) \n[CVE-2021-38653](<https://nvd.nist.gov/vuln/detail/CVE-2021-38653>) \n[CVE-2021-38658](<https://nvd.nist.gov/vuln/detail/CVE-2021-38658>) \n[CVE-2021-38651](<https://nvd.nist.gov/vuln/detail/CVE-2021-38651>) \n[CVE-2021-38646](<https://nvd.nist.gov/vuln/detail/CVE-2021-38646>) \n[CVE-2021-38652](<https://nvd.nist.gov/vuln/detail/CVE-2021-38652>) \n[CVE-2021-38650](<https://nvd.nist.gov/vuln/detail/CVE-2021-38650>) \n[CVE-2021-38657](<https://nvd.nist.gov/vuln/detail/CVE-2021-38657>) \n\n\n### *Impacts*:\nACE \n\n### *Related products*:\n[Microsoft Office](<https://threats.kaspersky.com/en/product/Microsoft-Office/>)\n\n### *KB list*:\n[4484108](<http://support.microsoft.com/kb/4484108>) \n[5001997](<http://support.microsoft.com/kb/5001997>) \n[5002014](<http://support.microsoft.com/kb/5002014>) \n[5002024](<http://support.microsoft.com/kb/5002024>) \n[5002007](<http://support.microsoft.com/kb/5002007>) \n[4484103](<http://support.microsoft.com/kb/4484103>) \n[5002009](<http://support.microsoft.com/kb/5002009>) \n[5002018](<http://support.microsoft.com/kb/5002018>) \n[5002003](<http://support.microsoft.com/kb/5002003>) \n[5002020](<http://support.microsoft.com/kb/5002020>) \n[5001999](<http://support.microsoft.com/kb/5001999>) \n[5002005](<http://support.microsoft.com/kb/5002005>) \n[5001958](<http://support.microsoft.com/kb/5001958>)", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2021-09-14T00:00:00", "type": "kaspersky", "title": "KLA12288 Multiple vulnerabilities in Microsoft Office", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-38646", "CVE-2021-38650", "CVE-2021-38651", "CVE-2021-38652", "CVE-2021-38653", "CVE-2021-38654", "CVE-2021-38655", "CVE-2021-38656", "CVE-2021-38657", "CVE-2021-38658", "CVE-2021-38659", "CVE-2021-38660"], "modified": "2021-09-16T00:00:00", "id": "KLA12288", "href": "https://threats.kaspersky.com/en/vulnerability/KLA12288/", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-05-23T16:30:33", "description": "### *Detect date*:\n09/14/2021\n\n### *Severity*:\nCritical\n\n### *Description*:\nMultiple vulnerabilities were found in Microsoft System Center. Malicious users can exploit these vulnerabilities to execute arbitrary code, cause denial of service, gain privileges.\n\n### *Affected products*:\nAzure Diagnostics (LAD) \nAzure Security Center \nSystem Center Operations Manager (SCOM) \nContainer Monitoring Solution \nAzure Open Management Infrastructure \nAzure Stack Hub \nAzure Automation State Configuration, DSC Extension \nAzure Sentinel \nLog Analytics Agent \nAzure Automation Update Management\n\n### *Solution*:\nInstall necessary updates from the KB section, that are listed in your Windows Update (Windows Update usually can be accessed from the Control Panel)\n\n### *Original advisories*:\n[CVE-2021-38647](<https://nvd.nist.gov/vuln/detail/CVE-2021-38647>) \n[CVE-2021-38648](<https://nvd.nist.gov/vuln/detail/CVE-2021-38648>) \n[CVE-2021-38649](<https://nvd.nist.gov/vuln/detail/CVE-2021-38649>) \n[CVE-2021-38645](<https://nvd.nist.gov/vuln/detail/CVE-2021-38645>) \n\n\n### *Impacts*:\nACE \n\n### *Related products*:\n[Microsoft System Center Operations Manager](<https://threats.kaspersky.com/en/product/Microsoft-System-Center-Operations-Manager/>)\n\n### *Microsoft official advisories*:", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-09-14T00:00:00", "type": "kaspersky", "title": "KLA12297 Multiple vulnerabilities in Microsoft System Center", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-38645", "CVE-2021-38647", "CVE-2021-38648", "CVE-2021-38649"], "modified": "2021-09-30T00:00:00", "id": "KLA12297", "href": "https://threats.kaspersky.com/en/vulnerability/KLA12297/", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-05-27T14:57:07", "description": "### *Detect date*:\n09/14/2021\n\n### *Severity*:\nHigh\n\n### *Description*:\nMultiple vulnerabilities were found in Microsoft Developer Tools. Malicious users can exploit these vulnerabilities to execute arbitrary code, spoof user interface, gain privileges.\n\n### *Affected products*:\nMicrosoft Visual Studio 2017 version 15.9 (includes 15.0 - 15.8) \nMicrosoft Visual Studio 2019 version 16.7 (includes 16.0 \u2013 16.6) \nMicrosoft Visual Studio 2019 version 16.11 (includes 16.0 - 16.10) \nMicrosoft Visual Studio 2019 version 16.9 (includes 16.0 - 16.8) \nVisual Studio Code \nMicrosoft Visual Studio 2019 version 16.4 (includes 16.0 - 16.3)\n\n### *Solution*:\nInstall necessary updates from the KB section, that are listed in your Windows Update (Windows Update usually can be accessed from the Control Panel)\n\n### *Original advisories*:\n[CVE-2021-36952](<https://nvd.nist.gov/vuln/detail/CVE-2021-36952>) \n[CVE-2021-26437](<https://nvd.nist.gov/vuln/detail/CVE-2021-26437>) \n[CVE-2021-26434](<https://nvd.nist.gov/vuln/detail/CVE-2021-26434>) \n\n\n### *Impacts*:\nACE \n\n### *Related products*:\n[Microsoft Visual Studio](<https://threats.kaspersky.com/en/product/Microsoft-Visual-Studio/>)", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-09-14T00:00:00", "type": "kaspersky", "title": "KLA12285 Multiple vulnerabilities in Microsoft Developer Tools", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-26434", "CVE-2021-26437", "CVE-2021-36952"], "modified": "2021-09-16T00:00:00", "id": "KLA12285", "href": "https://threats.kaspersky.com/en/vulnerability/KLA12285/", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-05-23T16:30:40", "description": "### *Detect date*:\n09/14/2021\n\n### *Severity*:\nCritical\n\n### *Description*:\nMultiple vulnerabilities were found in Microsoft Azure. Malicious users can exploit these vulnerabilities to gain privileges, obtain sensitive information.\n\n### *Affected products*:\nAccessibility Insights for Android \nAzure Open Management Infrastructure \nAzure Sphere\n\n### *Solution*:\nInstall necessary updates from the KB section, that are listed in your Windows Update (Windows Update usually can be accessed from the Control Panel)\n\n### *Original advisories*:\n[CVE-2021-38645](<https://nvd.nist.gov/vuln/detail/CVE-2021-38645>) \n[CVE-2021-38649](<https://nvd.nist.gov/vuln/detail/CVE-2021-38649>) \n[CVE-2021-40448](<https://nvd.nist.gov/vuln/detail/CVE-2021-40448>) \n[CVE-2021-38647](<https://nvd.nist.gov/vuln/detail/CVE-2021-38647>) \n[CVE-2021-38648](<https://nvd.nist.gov/vuln/detail/CVE-2021-38648>) \n[CVE-2021-36956](<https://nvd.nist.gov/vuln/detail/CVE-2021-36956>) \n\n\n### *Impacts*:\nACE \n\n### *Related products*:\n[Microsoft Access](<https://threats.kaspersky.com/en/product/Microsoft-Access/>)", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-09-14T00:00:00", "type": "kaspersky", "title": "KLA12286 Mutliple vulnerabilities in Microsoft Azure", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-36956", "CVE-2021-38645", "CVE-2021-38647", "CVE-2021-38648", "CVE-2021-38649", "CVE-2021-40448"], "modified": "2021-09-16T00:00:00", "id": "KLA12286", "href": "https://threats.kaspersky.com/en/vulnerability/KLA12286/", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-05-23T16:30:39", "description": "### *Detect date*:\n09/14/2021\n\n### *Severity*:\nHigh\n\n### *Description*:\nA cross-site-scripting (XSS) vulnerability was found in Microsoft Dynamics. Malicious users can exploit this vulnerability to perform cross-site scripting attack.\n\n### *Affected products*:\nMicrosoft Dynamics 365 Business Central 2021 Release Wave 1 - Update 18.5 \nMicrosoft Dynamics 365 Business Central 2020 Release Wave 2 \u2013 Update 17.10\n\n### *Solution*:\nInstall necessary updates from the KB section, that are listed in your Windows Update (Windows Update usually can be accessed from the Control Panel)\n\n### *Original advisories*:\n[CVE-2021-40440](<https://nvd.nist.gov/vuln/detail/CVE-2021-40440>) \n\n\n### *Impacts*:\nXSS/CSS \n\n### *Related products*:\n[Microsoft Dynamics 365](<https://threats.kaspersky.com/en/product/Microsoft-Dynamics-365/>)\n\n### *KB list*:\n[5006076](<http://support.microsoft.com/kb/5006076>) \n[5006075](<http://support.microsoft.com/kb/5006075>)", "cvss3": {"exploitabilityScore": 2.3, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "LOW", "baseScore": 5.4, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 2.7}, "published": "2021-09-14T00:00:00", "type": "kaspersky", "title": "KLA12287 XSS vulnerability in Microsoft Dynamics", "bulletinFamily": "info", "cvss2": {"severity": "LOW", "exploitabilityScore": 6.8, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 3.5, "vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-40440"], "modified": "2021-09-16T00:00:00", "id": "KLA12287", "href": "https://threats.kaspersky.com/en/vulnerability/KLA12287/", "cvss": {"score": 3.5, "vector": "AV:N/AC:M/Au:S/C:N/I:P/A:N"}}], "nessus": [{"lastseen": "2023-05-19T15:14:11", "description": "The version of Adobe Acrobat installed on the remote macOS host is a version prior to 2017.011.30202, 2020.004.30015, or 2021.007.20091. It is, therefore, affected by multiple vulnerabilities.\n\n - Acrobat Reader DC versions 2021.005.20060 (and earlier), 2020.004.30006 (and earlier) and 2017.011.30199 (and earlier) are affected by a Buffer Overflow vulnerability when parsing a specially crafted PDF file.\n An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. (CVE-2021-39863)\n\n - Acrobat Reader DC versions 2021.005.20060 (and earlier), 2020.004.30006 (and earlier) and 2017.011.30199 (and earlier) are affected by an Uncontrolled Search Path Element vulnerability. An attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the current user via DLL hijacking. Exploitation of this issue requires user interaction. (CVE-2021-35982)\n\n - Acrobat Reader DC versions 2021.005.20060 (and earlier), 2020.004.30006 (and earlier) and 2017.011.30199 (and earlier) are affected by a use-after-free vulnerability in the processing of the AcroForm buttonGetIcon action that could result in arbitrary code execution in the context of the current user.\n Exploitation of this issue requires user interaction in that a victim must open a malicious file.\n (CVE-2021-39836)\n\n - Acrobat Reader DC versions 2021.005.20060 (and earlier), 2020.004.30006 (and earlier) and 2017.011.30199 (and earlier) are affected by a use-after-free vulnerability in the processing of the AcroForm deleteItemAt action that could result in arbitrary code execution in the context of the current user.\n Exploitation of this issue requires user interaction in that a victim must open a malicious file.\n (CVE-2021-39837)\n\n - Acrobat Reader DC versions 2021.005.20060 (and earlier), 2020.004.30006 (and earlier) and 2017.011.30199 (and earlier) are affected by a use-after-free vulnerability in the processing of the AcroForm buttonGetCaption action that could result in arbitrary code execution in the context of the current user.\n Exploitation of this issue requires user interaction in that a victim must open a malicious file.\n (CVE-2021-39838)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2021-09-14T00:00:00", "type": "nessus", "title": "Adobe Acrobat < 2017.011.30202 / 2020.004.30015 / 2021.007.20091 Multiple Vulnerabilities (APSB21-55) (macOS)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2021-35982", "CVE-2021-39836", "CVE-2021-39837", "CVE-2021-39838", "CVE-2021-39839", "CVE-2021-39840", "CVE-2021-39841", "CVE-2021-39842", "CVE-2021-39843", "CVE-2021-39844", "CVE-2021-39845", "CVE-2021-39846", "CVE-2021-39849", "CVE-2021-39850", "CVE-2021-39851", "CVE-2021-39852", "CVE-2021-39853", "CVE-2021-39854", "CVE-2021-39855", "CVE-2021-39856", "CVE-2021-39857", "CVE-2021-39858", "CVE-2021-39859", "CVE-2021-39860", "CVE-2021-39861", "CVE-2021-39863"], "modified": "2022-01-26T00:00:00", "cpe": ["cpe:/a:adobe:acrobat"], "id": "MACOS_ADOBE_ACROBAT_APSB21-55.NASL", "href": "https://www.tenable.com/plugins/nessus/153362", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(153362);\n script_version(\"1.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/01/26\");\n\n script_cve_id(\n \"CVE-2021-35982\",\n \"CVE-2021-39836\",\n \"CVE-2021-39837\",\n \"CVE-2021-39838\",\n \"CVE-2021-39839\",\n \"CVE-2021-39840\",\n \"CVE-2021-39841\",\n \"CVE-2021-39842\",\n \"CVE-2021-39843\",\n \"CVE-2021-39844\",\n \"CVE-2021-39845\",\n \"CVE-2021-39846\",\n \"CVE-2021-39849\",\n \"CVE-2021-39850\",\n \"CVE-2021-39851\",\n \"CVE-2021-39852\",\n \"CVE-2021-39853\",\n \"CVE-2021-39854\",\n \"CVE-2021-39855\",\n \"CVE-2021-39856\",\n \"CVE-2021-39857\",\n \"CVE-2021-39858\",\n \"CVE-2021-39859\",\n \"CVE-2021-39860\",\n \"CVE-2021-39861\",\n \"CVE-2021-39863\"\n );\n script_xref(name:\"IAVA\", value:\"2021-A-0415-S\");\n\n script_name(english:\"Adobe Acrobat < 2017.011.30202 / 2020.004.30015 / 2021.007.20091 Multiple Vulnerabilities (APSB21-55) (macOS)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The version of Adobe Acrobat installed on the remote macOS host is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of Adobe Acrobat installed on the remote macOS host is a version prior to 2017.011.30202, 2020.004.30015, or\n2021.007.20091. It is, therefore, affected by multiple vulnerabilities.\n\n - Acrobat Reader DC versions 2021.005.20060 (and earlier), 2020.004.30006 (and earlier) and 2017.011.30199\n (and earlier) are affected by a Buffer Overflow vulnerability when parsing a specially crafted PDF file.\n An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the\n context of the current user. Exploitation of this issue requires user interaction in that a victim must\n open a malicious file. (CVE-2021-39863)\n\n - Acrobat Reader DC versions 2021.005.20060 (and earlier), 2020.004.30006 (and earlier) and 2017.011.30199\n (and earlier) are affected by an Uncontrolled Search Path Element vulnerability. An attacker could\n leverage this vulnerability to achieve arbitrary code execution in the context of the current user via DLL\n hijacking. Exploitation of this issue requires user interaction. (CVE-2021-35982)\n\n - Acrobat Reader DC versions 2021.005.20060 (and earlier), 2020.004.30006 (and earlier) and 2017.011.30199\n (and earlier) are affected by a use-after-free vulnerability in the processing of the AcroForm\n buttonGetIcon action that could result in arbitrary code execution in the context of the current user.\n Exploitation of this issue requires user interaction in that a victim must open a malicious file.\n (CVE-2021-39836)\n\n - Acrobat Reader DC versions 2021.005.20060 (and earlier), 2020.004.30006 (and earlier) and 2017.011.30199\n (and earlier) are affected by a use-after-free vulnerability in the processing of the AcroForm\n deleteItemAt action that could result in arbitrary code execution in the context of the current user.\n Exploitation of this issue requires user interaction in that a victim must open a malicious file.\n (CVE-2021-39837)\n\n - Acrobat Reader DC versions 2021.005.20060 (and earlier), 2020.004.30006 (and earlier) and 2017.011.30199\n (and earlier) are affected by a use-after-free vulnerability in the processing of the AcroForm\n buttonGetCaption action that could result in arbitrary code execution in the context of the current user.\n Exploitation of this issue requires user interaction in that a victim must open a malicious file.\n (CVE-2021-39838)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://cwe.mitre.org/data/definitions/121.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://cwe.mitre.org/data/definitions/122.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://cwe.mitre.org/data/definitions/125.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://cwe.mitre.org/data/definitions/200.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://cwe.mitre.org/data/definitions/416.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://cwe.mitre.org/data/definitions/427.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://cwe.mitre.org/data/definitions/476.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://cwe.mitre.org/data/definitions/787.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://cwe.mitre.org/data/definitions/843.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://helpx.adobe.com/security/products/acrobat/apsb21-55.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Adobe Acrobat version 2017.011.30202 / 2020.004.30015 / 2021.007.20091 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-39863\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(121, 122, 125, 200, 416, 427, 476, 787, 843);\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/09/14\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/09/14\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/09/14\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:adobe:acrobat\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"MacOS X Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"macosx_adobe_acrobat_installed.nbin\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/MacOSX/Version\", \"installed_sw/Adobe Acrobat\");\n\n exit(0);\n}\n\ninclude('vcf.inc');\ninclude('vcf_extras.inc');\n\nget_kb_item_or_exit('Host/local_checks_enabled');\nos = get_kb_item('Host/MacOSX/Version');\nif (empty_or_null(os)) audit(AUDIT_OS_NOT, 'Mac OS X');\n\nvar app_info = vcf::get_app_info(app:'Adobe Acrobat');\n\n# vcf::adobe_reader::check_version_and_report will\n# properly separate tracks when checking constraints.\n# x.y.30zzz = DC Classic\n# x.y.20zzz = DC Continuous\nvar constraints = [\n { 'min_version' : '15.7', 'max_version' : '21.005.20058', 'fixed_version' : '21.007.20091' },\n { 'min_version' : '20.1', 'max_version' : '20.004.30006', 'fixed_version' : '20.004.30015' },\n { 'min_version' : '17.8', 'max_version' : '17.011.30199', 'fixed_version' : '17.011.30202' }\n];\nvcf::adobe_reader::check_version_and_report(app_info:app_info, constraints:constraints, severity:SECURITY_WARNING, max_segs:3);\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T15:33:38", "description": "The version of Adobe Reader installed on the remote macOS host is a version prior to 2017.011.30202, 2020.004.30015, or 2021.007.20091. It is, therefore, affected by multiple vulnerabilities.\n\n - Acrobat Reader DC versions 2021.005.20060 (and earlier), 2020.004.30006 (and earlier) and 2017.011.30199 (and earlier) are affected by a Buffer Overflow vulnerability when parsing a specially crafted PDF file.\n An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. (CVE-2021-39863)\n\n - Acrobat Reader DC versions 2021.005.20060 (and earlier), 2020.004.30006 (and earlier) and 2017.011.30199 (and earlier) are affected by an Uncontrolled Search Path Element vulnerability. An attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the current user via DLL hijacking. Exploitation of this issue requires user interaction. (CVE-2021-35982)\n\n - Acrobat Reader DC versions 2021.005.20060 (and earlier), 2020.004.30006 (and earlier) and 2017.011.30199 (and earlier) are affected by a use-after-free vulnerability in the processing of the AcroForm buttonGetIcon action that could result in arbitrary code execution in the context of the current user.\n Exploitation of this issue requires user interaction in that a victim must open a malicious file.\n (CVE-2021-39836)\n\n - Acrobat Reader DC versions 2021.005.20060 (and earlier), 2020.004.30006 (and earlier) and 2017.011.30199 (and earlier) are affected by a use-after-free vulnerability in the processing of the AcroForm deleteItemAt action that could result in arbitrary code execution in the context of the current user.\n Exploitation of this issue requires user interaction in that a victim must open a malicious file.\n (CVE-2021-39837)\n\n - Acrobat Reader DC versions 2021.005.20060 (and earlier), 2020.004.30006 (and earlier) and 2017.011.30199 (and earlier) are affected by a use-after-free vulnerability in the processing of the AcroForm buttonGetCaption action that could result in arbitrary code execution in the context of the current user.\n Exploitation of this issue requires user interaction in that a victim must open a malicious file.\n (CVE-2021-39838)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2021-09-14T00:00:00", "type": "nessus", "title": "Adobe Reader < 2017.011.30202 / 2020.004.30015 / 2021.007.20091 Multiple Vulnerabilities (APSB21-55) (macOS)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2021-35982", "CVE-2021-39836", "CVE-2021-39837", "CVE-2021-39838", "CVE-2021-39839", "CVE-2021-39840", "CVE-2021-39841", "CVE-2021-39842", "CVE-2021-39843", "CVE-2021-39844", "CVE-2021-39845", "CVE-2021-39846", "CVE-2021-39849", "CVE-2021-39850", "CVE-2021-39851", "CVE-2021-39852", "CVE-2021-39853", "CVE-2021-39854", "CVE-2021-39855", "CVE-2021-39856", "CVE-2021-39857", "CVE-2021-39858", "CVE-2021-39859", "CVE-2021-39860", "CVE-2021-39861", "CVE-2021-39863"], "modified": "2022-01-26T00:00:00", "cpe": ["cpe:/a:adobe:acrobat_reader"], "id": "MACOS_ADOBE_READER_APSB21-55.NASL", "href": "https://www.tenable.com/plugins/nessus/153365", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(153365);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/01/26\");\n\n script_cve_id(\n \"CVE-2021-35982\",\n \"CVE-2021-39836\",\n \"CVE-2021-39837\",\n \"CVE-2021-39838\",\n \"CVE-2021-39839\",\n \"CVE-2021-39840\",\n \"CVE-2021-39841\",\n \"CVE-2021-39842\",\n \"CVE-2021-39843\",\n \"CVE-2021-39844\",\n \"CVE-2021-39845\",\n \"CVE-2021-39846\",\n \"CVE-2021-39849\",\n \"CVE-2021-39850\",\n \"CVE-2021-39851\",\n \"CVE-2021-39852\",\n \"CVE-2021-39853\",\n \"CVE-2021-39854\",\n \"CVE-2021-39855\",\n \"CVE-2021-39856\",\n \"CVE-2021-39857\",\n \"CVE-2021-39858\",\n \"CVE-2021-39859\",\n \"CVE-2021-39860\",\n \"CVE-2021-39861\",\n \"CVE-2021-39863\"\n );\n script_xref(name:\"IAVA\", value:\"2021-A-0415-S\");\n\n script_name(english:\"Adobe Reader < 2017.011.30202 / 2020.004.30015 / 2021.007.20091 Multiple Vulnerabilities (APSB21-55) (macOS)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The version of Adobe Reader installed on the remote macOS host is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of Adobe Reader installed on the remote macOS host is a version prior to 2017.011.30202, 2020.004.30015, or\n2021.007.20091. It is, therefore, affected by multiple vulnerabilities.\n\n - Acrobat Reader DC versions 2021.005.20060 (and earlier), 2020.004.30006 (and earlier) and 2017.011.30199\n (and earlier) are affected by a Buffer Overflow vulnerability when parsing a specially crafted PDF file.\n An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the\n context of the current user. Exploitation of this issue requires user interaction in that a victim must\n open a malicious file. (CVE-2021-39863)\n\n - Acrobat Reader DC versions 2021.005.20060 (and earlier), 2020.004.30006 (and earlier) and 2017.011.30199\n (and earlier) are affected by an Uncontrolled Search Path Element vulnerability. An attacker could\n leverage this vulnerability to achieve arbitrary code execution in the context of the current user via DLL\n hijacking. Exploitation of this issue requires user interaction. (CVE-2021-35982)\n\n - Acrobat Reader DC versions 2021.005.20060 (and earlier), 2020.004.30006 (and earlier) and 2017.011.30199\n (and earlier) are affected by a use-after-free vulnerability in the processing of the AcroForm\n buttonGetIcon action that could result in arbitrary code execution in the context of the current user.\n Exploitation of this issue requires user interaction in that a victim must open a malicious file.\n (CVE-2021-39836)\n\n - Acrobat Reader DC versions 2021.005.20060 (and earlier), 2020.004.30006 (and earlier) and 2017.011.30199\n (and earlier) are affected by a use-after-free vulnerability in the processing of the AcroForm\n deleteItemAt action that could result in arbitrary code execution in the context of the current user.\n Exploitation of this issue requires user interaction in that a victim must open a malicious file.\n (CVE-2021-39837)\n\n - Acrobat Reader DC versions 2021.005.20060 (and earlier), 2020.004.30006 (and earlier) and 2017.011.30199\n (and earlier) are affected by a use-after-free vulnerability in the processing of the AcroForm\n buttonGetCaption action that could result in arbitrary code execution in the context of the current user.\n Exploitation of this issue requires user interaction in that a victim must open a malicious file.\n (CVE-2021-39838)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://cwe.mitre.org/data/definitions/121.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://cwe.mitre.org/data/definitions/122.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://cwe.mitre.org/data/definitions/125.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://cwe.mitre.org/data/definitions/200.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://cwe.mitre.org/data/definitions/416.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://cwe.mitre.org/data/definitions/427.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://cwe.mitre.org/data/definitions/476.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://cwe.mitre.org/data/definitions/787.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://cwe.mitre.org/data/definitions/843.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://helpx.adobe.com/security/products/acrobat/apsb21-55.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Adobe Reader version 2017.011.30202 / 2020.004.30015 / 2021.007.20091 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-39863\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(121, 122, 125, 200, 416, 427, 476, 787, 843);\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/09/14\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/09/14\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/09/14\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:adobe:acrobat_reader\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"MacOS X Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"macosx_adobe_reader_installed.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/MacOSX/Version\", \"installed_sw/Adobe Reader\");\n\n exit(0);\n}\n\ninclude('vcf.inc');\ninclude('vcf_extras.inc');\n\nget_kb_item_or_exit('Host/local_checks_enabled');\nos = get_kb_item('Host/MacOSX/Version');\nif (empty_or_null(os)) audit(AUDIT_OS_NOT, 'Mac OS X');\n\nvar app_info = vcf::get_app_info(app:'Adobe Reader');\n\n# vcf::adobe_reader::check_version_and_report will\n# properly separate tracks when checking constraints.\n# x.y.30zzz = DC Classic\n# x.y.20zzz = DC Continuous\nvar constraints = [\n { 'min_version' : '15.7', 'max_version' : '21.005.20058', 'fixed_version' : '21.007.20091' },\n { 'min_version' : '20.1', 'max_version' : '20.004.30006', 'fixed_version' : '20.004.30015' },\n { 'min_version' : '17.8', 'max_version' : '17.011.30199', 'fixed_version' : '17.011.30202' }\n];\nvcf::adobe_reader::check_version_and_report(app_info:app_info, constraints:constraints, severity:SECURITY_WARNING, max_segs:3);\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T15:33:27", "description": "The version of Adobe Reader installed on the remote Windows host is a version prior to 2017.011.30202, 2020.004.30015, or 2021.007.20091. It is, therefore, affected by multiple vulnerabilities.\n\n - Acrobat Reader DC versions 2021.005.20060 (and earlier), 2020.004.30006 (and earlier) and 2017.011.30199 (and earlier) are affected by a Buffer Overflow vulnerability when parsing a specially crafted PDF file.\n An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. (CVE-2021-39863)\n\n - Acrobat Reader DC versions 2021.005.20060 (and earlier), 2020.004.30006 (and earlier) and 2017.011.30199 (and earlier) are affected by an Uncontrolled Search Path Element vulnerability. An attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the current user via DLL hijacking. Exploitation of this issue requires user interaction. (CVE-2021-35982)\n\n - Acrobat Reader DC versions 2021.005.20060 (and earlier), 2020.004.30006 (and earlier) and 2017.011.30199 (and earlier) are affected by a use-after-free vulnerability in the processing of the AcroForm buttonGetIcon action that could result in arbitrary code execution in the context of the current user.\n Exploitation of this issue requires user interaction in that a victim must open a malicious file.\n (CVE-2021-39836)\n\n - Acrobat Reader DC versions 2021.005.20060 (and earlier), 2020.004.30006 (and earlier) and 2017.011.30199 (and earlier) are affected by a use-after-free vulnerability in the processing of the AcroForm deleteItemAt action that could result in arbitrary code execution in the context of the current user.\n Exploitation of this issue requires user interaction in that a victim must open a malicious file.\n (CVE-2021-39837)\n\n - Acrobat Reader DC versions 2021.005.20060 (and earlier), 2020.004.30006 (and earlier) and 2017.011.30199 (and earlier) are affected by a use-after-free vulnerability in the processing of the AcroForm buttonGetCaption action that could result in arbitrary code execution in the context of the current user.\n Exploitation of this issue requires user interaction in that a victim must open a malicious file.\n (CVE-2021-39838)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2021-09-14T00:00:00", "type": "nessus", "title": "Adobe Reader < 2017.011.30202 / 2020.004.30015 / 2021.007.20091 Multiple Vulnerabilities (APSB21-55)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2021-35982", "CVE-2021-39836", "CVE-2021-39837", "CVE-2021-39838", "CVE-2021-39839", "CVE-2021-39840", "CVE-2021-39841", "CVE-2021-39842", "CVE-2021-39843", "CVE-2021-39844", "CVE-2021-39845", "CVE-2021-39846", "CVE-2021-39849", "CVE-2021-39850", "CVE-2021-39851", "CVE-2021-39852", "CVE-2021-39853", "CVE-2021-39854", "CVE-2021-39855", "CVE-2021-39856", "CVE-2021-39857", "CVE-2021-39858", "CVE-2021-39859", "CVE-2021-39860", "CVE-2021-39861", "CVE-2021-39863"], "modified": "2022-01-26T00:00:00", "cpe": ["cpe:/a:adobe:acrobat_reader"], "id": "ADOBE_READER_APSB21-55.NASL", "href": "https://www.tenable.com/plugins/nessus/153364", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(153364);\n script_version(\"1.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/01/26\");\n\n script_cve_id(\n \"CVE-2021-35982\",\n \"CVE-2021-39836\",\n \"CVE-2021-39837\",\n \"CVE-2021-39838\",\n \"CVE-2021-39839\",\n \"CVE-2021-39840\",\n \"CVE-2021-39841\",\n \"CVE-2021-39842\",\n \"CVE-2021-39843\",\n \"CVE-2021-39844\",\n \"CVE-2021-39845\",\n \"CVE-2021-39846\",\n \"CVE-2021-39849\",\n \"CVE-2021-39850\",\n \"CVE-2021-39851\",\n \"CVE-2021-39852\",\n \"CVE-2021-39853\",\n \"CVE-2021-39854\",\n \"CVE-2021-39855\",\n \"CVE-2021-39856\",\n \"CVE-2021-39857\",\n \"CVE-2021-39858\",\n \"CVE-2021-39859\",\n \"CVE-2021-39860\",\n \"CVE-2021-39861\",\n \"CVE-2021-39863\"\n );\n script_xref(name:\"IAVA\", value:\"2021-A-0415-S\");\n\n script_name(english:\"Adobe Reader < 2017.011.30202 / 2020.004.30015 / 2021.007.20091 Multiple Vulnerabilities (APSB21-55)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The version of Adobe Reader installed on the remote Windows host is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of Adobe Reader installed on the remote Windows host is a version prior to 2017.011.30202, 2020.004.30015,\nor 2021.007.20091. It is, therefore, affected by multiple vulnerabilities.\n\n - Acrobat Reader DC versions 2021.005.20060 (and earlier), 2020.004.30006 (and earlier) and 2017.011.30199\n (and earlier) are affected by a Buffer Overflow vulnerability when parsing a specially crafted PDF file.\n An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the\n context of the current user. Exploitation of this issue requires user interaction in that a victim must\n open a malicious file. (CVE-2021-39863)\n\n - Acrobat Reader DC versions 2021.005.20060 (and earlier), 2020.004.30006 (and earlier) and 2017.011.30199\n (and earlier) are affected by an Uncontrolled Search Path Element vulnerability. An attacker could\n leverage this vulnerability to achieve arbitrary code execution in the context of the current user via DLL\n hijacking. Exploitation of this issue requires user interaction. (CVE-2021-35982)\n\n - Acrobat Reader DC versions 2021.005.20060 (and earlier), 2020.004.30006 (and earlier) and 2017.011.30199\n (and earlier) are affected by a use-after-free vulnerability in the processing of the AcroForm\n buttonGetIcon action that could result in arbitrary code execution in the context of the current user.\n Exploitation of this issue requires user interaction in that a victim must open a malicious file.\n (CVE-2021-39836)\n\n - Acrobat Reader DC versions 2021.005.20060 (and earlier), 2020.004.30006 (and earlier) and 2017.011.30199\n (and earlier) are affected by a use-after-free vulnerability in the processing of the AcroForm\n deleteItemAt action that could result in arbitrary code execution in the context of the current user.\n Exploitation of this issue requires user interaction in that a victim must open a malicious file.\n (CVE-2021-39837)\n\n - Acrobat Reader DC versions 2021.005.20060 (and earlier), 2020.004.30006 (and earlier) and 2017.011.30199\n (and earlier) are affected by a use-after-free vulnerability in the processing of the AcroForm\n buttonGetCaption action that could result in arbitrary code execution in the context of the current user.\n Exploitation of this issue requires user interaction in that a victim must open a malicious file.\n (CVE-2021-39838)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://cwe.mitre.org/data/definitions/121.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://cwe.mitre.org/data/definitions/122.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://cwe.mitre.org/data/definitions/125.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://cwe.mitre.org/data/definitions/200.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://cwe.mitre.org/data/definitions/416.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://cwe.mitre.org/data/definitions/427.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://cwe.mitre.org/data/definitions/476.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://cwe.mitre.org/data/definitions/787.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://cwe.mitre.org/data/definitions/843.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://helpx.adobe.com/security/products/acrobat/apsb21-55.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Adobe Reader version 2017.011.30202 / 2020.004.30015 / 2021.007.20091 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-39863\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(121, 122, 125, 200, 416, 427, 476, 787, 843);\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/09/14\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/09/14\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/09/14\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:adobe:acrobat_reader\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows\");\n\n script_copyright(english:\"This script is Copyright (C) 2021-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"adobe_reader_installed.nasl\");\n script_require_keys(\"SMB/Registry/Enumerated\", \"installed_sw/Adobe Reader\");\n\n exit(0);\n}\n\ninclude('vcf.inc');\ninclude('vcf_extras.inc');\n\nget_kb_item_or_exit('SMB/Registry/Enumerated');\nvar app_info = vcf::get_app_info(app:'Adobe Reader', win_local:TRUE);\n\n# vcf::adobe_reader::check_version_and_report will\n# properly separate tracks when checking constraints.\n# x.y.30zzz = DC Classic\n# x.y.20zzz = DC Continuous\nvar constraints = [\n { 'min_version' : '15.7', 'max_version' : '21.005.20060', 'fixed_version' : '21.007.20091' },\n { 'min_version' : '20.1', 'max_version' : '20.004.30006', 'fixed_version' : '20.004.30015' },\n { 'min_version' : '17.8', 'max_version' : '17.011.30199', 'fixed_version' : '17.011.30202' }\n];\nvcf::adobe_reader::check_version_and_report(app_info:app_info, constraints:constraints, severity:SECURITY_WARNING, max_segs:3);\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T15:33:27", "description": "The version of Adobe Acrobat installed on the remote Windows host is a version prior to 2017.011.30202, 2020.004.30015, or 2021.007.20091. It is, therefore, affected by multiple vulnerabilities.\n\n - Acrobat Reader DC versions 2021.005.20060 (and earlier), 2020.004.30006 (and earlier) and 2017.011.30199 (and earlier) are affected by a Buffer Overflow vulnerability when parsing a specially crafted PDF file.\n An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. (CVE-2021-39863)\n\n - Acrobat Reader DC versions 2021.005.20060 (and earlier), 2020.004.30006 (and earlier) and 2017.011.30199 (and earlier) are affected by an Uncontrolled Search Path Element vulnerability. An attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the current user via DLL hijacking. Exploitation of this issue requires user interaction. (CVE-2021-35982)\n\n - Acrobat Reader DC versions 2021.005.20060 (and earlier), 2020.004.30006 (and earlier) and 2017.011.30199 (and earlier) are affected by a use-after-free vulnerability in the processing of the AcroForm buttonGetIcon action that could result in arbitrary code execution in the context of the current user.\n Exploitation of this issue requires user interaction in that a victim must open a malicious file.\n (CVE-2021-39836)\n\n - Acrobat Reader DC versions 2021.005.20060 (and earlier), 2020.004.30006 (and earlier) and 2017.011.30199 (and earlier) are affected by a use-after-free vulnerability in the processing of the AcroForm deleteItemAt action that could result in arbitrary code execution in the context of the current user.\n Exploitation of this issue requires user interaction in that a victim must open a malicious file.\n (CVE-2021-39837)\n\n - Acrobat Reader DC versions 2021.005.20060 (and earlier), 2020.004.30006 (and earlier) and 2017.011.30199 (and earlier) are affected by a use-after-free vulnerability in the processing of the AcroForm buttonGetCaption action that could result in arbitrary code execution in the context of the current user.\n Exploitation of this issue requires user interaction in that a victim must open a malicious file.\n (CVE-2021-39838)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2021-09-14T00:00:00", "type": "nessus", "title": "Adobe Acrobat < 2017.011.30202 / 2020.004.30015 / 2021.007.20091 Multiple Vulnerabilities (APSB21-55)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2021-35982", "CVE-2021-39836", "CVE-2021-39837", "CVE-2021-39838", "CVE-2021-39839", "CVE-2021-39840", "CVE-2021-39841", "CVE-2021-39842", "CVE-2021-39843", "CVE-2021-39844", "CVE-2021-39845", "CVE-2021-39846", "CVE-2021-39849", "CVE-2021-39850", "CVE-2021-39851", "CVE-2021-39852", "CVE-2021-39853", "CVE-2021-39854", "CVE-2021-39855", "CVE-2021-39856", "CVE-2021-39857", "CVE-2021-39858", "CVE-2021-39859", "CVE-2021-39860", "CVE-2021-39861", "CVE-2021-39863"], "modified": "2022-01-26T00:00:00", "cpe": ["cpe:/a:adobe:acrobat"], "id": "ADOBE_ACROBAT_APSB21-55.NASL", "href": "https://www.tenable.com/plugins/nessus/153363", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(153363);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/01/26\");\n\n script_cve_id(\n \"CVE-2021-35982\",\n \"CVE-2021-39836\",\n \"CVE-2021-39837\",\n \"CVE-2021-39838\",\n \"CVE-2021-39839\",\n \"CVE-2021-39840\",\n \"CVE-2021-39841\",\n \"CVE-2021-39842\",\n \"CVE-2021-39843\",\n \"CVE-2021-39844\",\n \"CVE-2021-39845\",\n \"CVE-2021-39846\",\n \"CVE-2021-39849\",\n \"CVE-2021-39850\",\n \"CVE-2021-39851\",\n \"CVE-2021-39852\",\n \"CVE-2021-39853\",\n \"CVE-2021-39854\",\n \"CVE-2021-39855\",\n \"CVE-2021-39856\",\n \"CVE-2021-39857\",\n \"CVE-2021-39858\",\n \"CVE-2021-39859\",\n \"CVE-2021-39860\",\n \"CVE-2021-39861\",\n \"CVE-2021-39863\"\n );\n script_xref(name:\"IAVA\", value:\"2021-A-0415-S\");\n\n script_name(english:\"Adobe Acrobat < 2017.011.30202 / 2020.004.30015 / 2021.007.20091 Multiple Vulnerabilities (APSB21-55)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The version of Adobe Acrobat installed on the remote Windows host is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of Adobe Acrobat installed on the remote Windows host is a version prior to 2017.011.30202, 2020.004.30015,\nor 2021.007.20091. It is, therefore, affected by multiple vulnerabilities.\n\n - Acrobat Reader DC versions 2021.005.20060 (and earlier), 2020.004.30006 (and earlier) and 2017.011.30199\n (and earlier) are affected by a Buffer Overflow vulnerability when parsing a specially crafted PDF file.\n An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the\n context of the current user. Exploitation of this issue requires user interaction in that a victim must\n open a malicious file. (CVE-2021-39863)\n\n - Acrobat Reader DC versions 2021.005.20060 (and earlier), 2020.004.30006 (and earlier) and 2017.011.30199\n (and earlier) are affected by an Uncontrolled Search Path Element vulnerability. An attacker could\n leverage this vulnerability to achieve arbitrary code execution in the context of the current user via DLL\n hijacking. Exploitation of this issue requires user interaction. (CVE-2021-35982)\n\n - Acrobat Reader DC versions 2021.005.20060 (and earlier), 2020.004.30006 (and earlier) and 2017.011.30199\n (and earlier) are affected by a use-after-free vulnerability in the processing of the AcroForm\n buttonGetIcon action that could result in arbitrary code execution in the context of the current user.\n Exploitation of this issue requires user interaction in that a victim must open a malicious file.\n (CVE-2021-39836)\n\n - Acrobat Reader DC versions 2021.005.20060 (and earlier), 2020.004.30006 (and earlier) and 2017.011.30199\n (and earlier) are affected by a use-after-free vulnerability in the processing of the AcroForm\n deleteItemAt action that could result in arbitrary code execution in the context of the current user.\n Exploitation of this issue requires user interaction in that a victim must open a malicious file.\n (CVE-2021-39837)\n\n - Acrobat Reader DC versions 2021.005.20060 (and earlier), 2020.004.30006 (and earlier) and 2017.011.30199\n (and earlier) are affected by a use-after-free vulnerability in the processing of the AcroForm\n buttonGetCaption action that could result in arbitrary code execution in the context of the current user.\n Exploitation of this issue requires user interaction in that a victim must open a malicious file.\n (CVE-2021-39838)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://cwe.mitre.org/data/definitions/121.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://cwe.mitre.org/data/definitions/122.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://cwe.mitre.org/data/definitions/125.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://cwe.mitre.org/data/definitions/200.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://cwe.mitre.org/data/definitions/416.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://cwe.mitre.org/data/definitions/427.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://cwe.mitre.org/data/definitions/476.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://cwe.mitre.org/data/definitions/787.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://cwe.mitre.org/data/definitions/843.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://helpx.adobe.com/security/products/acrobat/apsb21-55.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Adobe Acrobat version 2017.011.30202 / 2020.004.30015 / 2021.007.20091 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-39863\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(121, 122, 125, 200, 416, 427, 476, 787, 843);\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/09/14\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/09/14\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/09/14\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:adobe:acrobat\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows\");\n\n script_copyright(english:\"This script is Copyright (C) 2021-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"adobe_acrobat_installed.nasl\");\n script_require_keys(\"SMB/Registry/Enumerated\", \"installed_sw/Adobe Acrobat\");\n\n exit(0);\n}\n\ninclude('vcf.inc');\ninclude('vcf_extras.inc');\n\nget_kb_item_or_exit('SMB/Registry/Enumerated');\nvar app_info = vcf::get_app_info(app:'Adobe Acrobat', win_local:TRUE);\n\n# vcf::adobe_reader::check_version_and_report will\n# properly separate tracks when checking constraints.\n# x.y.30zzz = DC Classic\n# x.y.20zzz = DC Continuous\nvar constraints = [\n { 'min_version' : '15.7', 'max_version' : '21.005.20060', 'fixed_version' : '21.007.20091' },\n { 'min_version' : '20.1', 'max_version' : '20.004.30006', 'fixed_version' : '20.004.30015' },\n { 'min_version' : '17.8', 'max_version' : '17.011.30199', 'fixed_version' : '17.011.30202' }\n];\nvcf::adobe_reader::check_version_and_report(app_info:app_info, constraints:constraints, severity:SECURITY_WARNING, max_segs:3);\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T15:33:26", "description": "The remote Windows host is missing security update 5005566.\nIt is, therefore, affected by multiple vulnerabilities :\n\n - An elevation of privilege vulnerability. An attacker can exploit this to gain elevated privileges.\n (CVE-2021-36954, CVE-2021-36955, CVE-2021-36963, CVE-2021-36964, CVE-2021-36966, CVE-2021-36967, CVE-2021-36973, CVE-2021-36974, CVE-2021-36975, CVE-2021-38628, CVE-2021-38630, CVE-2021-38633, CVE-2021-38634, CVE-2021-38638, CVE-2021-38639, CVE-2021-38667, CVE-2021-38671, CVE-2021-40447)\n\n - An memory corruption vulnerability exists. An attacker can exploit this to corrupt the memory and cause unexpected behaviors within the system/application.\n (CVE-2021-26435)\n\n - An information disclosure vulnerability. An attacker can exploit this to disclose potentially sensitive information. (CVE-2021-36960, CVE-2021-36962, CVE-2021-36969, CVE-2021-36972, CVE-2021-38629, CVE-2021-38635, CVE-2021-38636, CVE-2021-38637)\n\n - A security feature bypass vulnerability exists. An attacker can exploit this and bypass the security feature and perform unauthorized actions compromising the integrity of the system/application.\n (CVE-2021-38624, CVE-2021-38632)\n\n - A remote code execution vulnerability. An attacker can exploit this to bypass authentication and execute unauthorized arbitrary commands. (CVE-2021-36965, CVE-2021-36958, CVE-2021-40444))\n\n - A denial of service (DoS) vulnerability. An attacker can exploit this issue to cause the affected component to deny system or application services. (CVE-2021-36961)\n\n - A session spoofing vulnerability exists. An attacker can exploit this to perform actions with the privileges of another user. (CVE-2021-36959)", "cvss3": {}, "published": "2021-09-14T00:00:00", "type": "nessus", "title": "KB5005566: Windows 10 version 1909 / Windows Server 1909 Security Update (September 2021)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2021-26435", "CVE-2021-36954", "CVE-2021-36955", "CVE-2021-36958", "CVE-2021-36959", "CVE-2021-36960", "CVE-2021-36961", "CVE-2021-36962", "CVE-2021-36963", "CVE-2021-36964", "CVE-2021-36965", "CVE-2021-36966", "CVE-2021-36967", "CVE-2021-36969", "CVE-2021-36972", "CVE-2021-36973", "CVE-2021-36974", "CVE-2021-36975", "CVE-2021-38624", "CVE-2021-38628", "CVE-2021-38629", "CVE-2021-38630", "CVE-2021-38632", "CVE-2021-38633", "CVE-2021-38634", "CVE-2021-38635", "CVE-2021-38636", "CVE-2021-38637", "CVE-2021-38638", "CVE-2021-38639", "CVE-2021-38667", "CVE-2021-38671", "CVE-2021-40444", "CVE-2021-40447"], "modified": "2023-01-30T00:00:00", "cpe": ["cpe:/o:microsoft:windows"], "id": "SMB_NT_MS21_SEP_5005566.NASL", "href": "https://www.tenable.com/plugins/nessus/153383", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the Microsoft Security Updates API. The text\n# itself is copyright (C) Microsoft Corporation.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(153383);\n script_version(\"1.10\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/01/30\");\n\n script_cve_id(\n \"CVE-2021-26435\",\n \"CVE-2021-36954\",\n \"CVE-2021-36955\",\n \"CVE-2021-36958\",\n \"CVE-2021-36959\",\n \"CVE-2021-36960\",\n \"CVE-2021-36961\",\n \"CVE-2021-36962\",\n \"CVE-2021-36963\",\n \"CVE-2021-36964\",\n \"CVE-2021-36965\",\n \"CVE-2021-36966\",\n \"CVE-2021-36967\",\n \"CVE-2021-36969\",\n \"CVE-2021-36972\",\n \"CVE-2021-36973\",\n \"CVE-2021-36974\",\n \"CVE-2021-36975\",\n \"CVE-2021-38624\",\n \"CVE-2021-38628\",\n \"CVE-2021-38629\",\n \"CVE-2021-38630\",\n \"CVE-2021-38632\",\n \"CVE-2021-38633\",\n \"CVE-2021-38634\",\n \"CVE-2021-38635\",\n \"CVE-2021-38636\",\n \"CVE-2021-38637\",\n \"CVE-2021-38638\",\n \"CVE-2021-38639\",\n \"CVE-2021-38667\",\n \"CVE-2021-38671\",\n \"CVE-2021-40444\",\n \"CVE-2021-40447\"\n );\n script_xref(name:\"MSKB\", value:\"5005566\");\n script_xref(name:\"MSFT\", value:\"MS21-5005566\");\n script_xref(name:\"IAVA\", value:\"2021-A-0431-S\");\n script_xref(name:\"IAVA\", value:\"2021-A-0429-S\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2021/11/17\");\n\n script_name(english:\"KB5005566: Windows 10 version 1909 / Windows Server 1909 Security Update (September 2021)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Windows host is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Windows host is missing security update 5005566.\nIt is, therefore, affected by multiple vulnerabilities :\n\n - An elevation of privilege vulnerability. An attacker can\n exploit this to gain elevated privileges.\n (CVE-2021-36954, CVE-2021-36955, CVE-2021-36963,\n CVE-2021-36964, CVE-2021-36966, CVE-2021-36967,\n CVE-2021-36973, CVE-2021-36974, CVE-2021-36975,\n CVE-2021-38628, CVE-2021-38630, CVE-2021-38633,\n CVE-2021-38634, CVE-2021-38638, CVE-2021-38639,\n CVE-2021-38667, CVE-2021-38671, CVE-2021-40447)\n\n - An memory corruption vulnerability exists. An attacker\n can exploit this to corrupt the memory and cause\n unexpected behaviors within the system/application.\n (CVE-2021-26435)\n\n - An information disclosure vulnerability. An attacker can\n exploit this to disclose potentially sensitive\n information. (CVE-2021-36960, CVE-2021-36962,\n CVE-2021-36969, CVE-2021-36972, CVE-2021-38629,\n CVE-2021-38635, CVE-2021-38636, CVE-2021-38637)\n\n - A security feature bypass vulnerability exists. An\n attacker can exploit this and bypass the security\n feature and perform unauthorized actions compromising\n the integrity of the system/application.\n (CVE-2021-38624, CVE-2021-38632)\n\n - A remote code execution vulnerability. An attacker can\n exploit this to bypass authentication and execute\n unauthorized arbitrary commands. (CVE-2021-36965,\n CVE-2021-36958, CVE-2021-40444))\n\n - A denial of service (DoS) vulnerability. An attacker can\n exploit this issue to cause the affected component to\n deny system or application services. (CVE-2021-36961)\n\n - A session spoofing vulnerability exists. An attacker can\n exploit this to perform actions with the privileges of\n another user. (CVE-2021-36959)\");\n # https://support.microsoft.com/en-us/topic/september-14-2021-kb5005566-os-build-18363-1801-c2535eb5-9e8a-4127-a923-0c6a643bba1d\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?ff9fca7f\");\n script_set_attribute(attribute:\"solution\", value:\n\"Apply Cumulative Update KB5005566.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-36958\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2021-36965\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Microsoft Office Word Malicious MSHTML RCE');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:\"CANVAS\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/09/14\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/09/14\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/09/14\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:microsoft:windows\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows : Microsoft Bulletins\");\n\n script_copyright(english:\"This script is Copyright (C) 2021-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"smb_check_rollup.nasl\", \"smb_hotfixes.nasl\", \"ms_bulletin_checks_possible.nasl\");\n script_require_keys(\"SMB/MS_Bulletin_Checks/Possible\");\n script_require_ports(139, 445, \"Host/patch_management_checks\");\n\n exit(0);\n}\n\ninclude('smb_func.inc');\ninclude('smb_hotfixes.inc');\ninclude('smb_hotfixes_fcheck.inc');\ninclude('smb_reg_query.inc');\n\nget_kb_item_or_exit('SMB/MS_Bulletin_Checks/Possible');\n\nbulletin = 'MS21-09';\nkbs = make_list(\n '5005566'\n);\n\nif (get_kb_item('Host/patch_management_checks')) hotfix_check_3rd_party(bulletin:bulletin, kbs:kbs, severity:SECURITY_HOLE);\n\nget_kb_item_or_exit('SMB/Registry/Enumerated');\nget_kb_item_or_exit('SMB/WindowsVersion', exit_code:1);\n\nif (hotfix_check_sp_range(win10:'0') <= 0) audit(AUDIT_OS_SP_NOT_VULN);\n\nshare = hotfix_get_systemdrive(as_share:TRUE, exit_on_fail:TRUE);\nif (!is_accessible_share(share:share)) audit(AUDIT_SHARE_FAIL, share);\n\nif (\n smb_check_rollup(os:'10',\n sp:0,\n os_build:'18363',\n rollup_date:'09_2021',\n bulletin:bulletin,\n rollup_kb_list:[5005566])\n)\n{\n replace_kb_item(name:'SMB/Missing/'+bulletin, value:TRUE);\n hotfix_security_hole();\n hotfix_check_fversion_end();\n exit(0);\n}\nelse\n{\n hotfix_check_fversion_end();\n audit(AUDIT_HOST_NOT, hotfix_get_audit_report());\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T15:33:03", "description": "The remote Windows host is missing security update 5005565.\nIt is, therefore, affected by multiple vulnerabilities :\n\n - An elevation of privilege vulnerability. An attacker can exploit this to gain elevated privileges.\n (CVE-2021-36954, CVE-2021-36955, CVE-2021-36963, CVE-2021-36964, CVE-2021-36966, CVE-2021-36967, CVE-2021-36973, CVE-2021-36974, CVE-2021-36975, CVE-2021-38628, CVE-2021-38630, CVE-2021-38633, CVE-2021-38634, CVE-2021-38638, CVE-2021-38639, CVE-2021-38667, CVE-2021-38671, CVE-2021-40447)\n\n - An memory corruption vulnerability exists. An attacker can exploit this to corrupt the memory and cause unexpected behaviors within the system/application.\n (CVE-2021-26435)\n\n - An information disclosure vulnerability. An attacker can exploit this to disclose potentially sensitive information. (CVE-2021-36960, CVE-2021-36962, CVE-2021-36969, CVE-2021-36972, CVE-2021-38629, CVE-2021-38635, CVE-2021-38636, CVE-2021-38637)\n\n - A security feature bypass vulnerability exists. An attacker can exploit this and bypass the security feature and perform unauthorized actions compromising the integrity of the system/application.\n (CVE-2021-38624, CVE-2021-38632)\n\n - A remote code execution vulnerability. An attacker can exploit this to bypass authentication and execute unauthorized arbitrary commands. (CVE-2021-36965, CVE-2021-36958, CVE-2021-40444)\n\n - A denial of service (DoS) vulnerability. An attacker can exploit this issue to cause the affected component to deny system or application services. (CVE-2021-36961)\n\n - A session spoofing vulnerability exists. An attacker can exploit this to perform actions with the privileges of another user. (CVE-2021-36959)", "cvss3": {}, "published": "2021-09-14T00:00:00", "type": "nessus", "title": "KB5005565: Windows 10 Version 2004 / Windows 10 Version 20H2 / Windows 10 Version 21H1 Security Update (September 2021)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2021-26435", "CVE-2021-36954", "CVE-2021-36955", "CVE-2021-36958", "CVE-2021-36959", "CVE-2021-36960", "CVE-2021-36961", "CVE-2021-36962", "CVE-2021-36963", "CVE-2021-36964", "CVE-2021-36965", "CVE-2021-36966", "CVE-2021-36967", "CVE-2021-36969", "CVE-2021-36972", "CVE-2021-36973", "CVE-2021-36974", "CVE-2021-36975", "CVE-2021-38624", "CVE-2021-38628", "CVE-2021-38629", "CVE-2021-38630", "CVE-2021-38632", "CVE-2021-38633", "CVE-2021-38634", "CVE-2021-38635", "CVE-2021-38636", "CVE-2021-38637", "CVE-2021-38638", "CVE-2021-38639", "CVE-2021-38667", "CVE-2021-38671", "CVE-2021-40444", "CVE-2021-40447"], "modified": "2023-01-30T00:00:00", "cpe": ["cpe:/o:microsoft:windows"], "id": "SMB_NT_MS21_SEP_5005565.NASL", "href": "https://www.tenable.com/plugins/nessus/153381", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the Microsoft Security Updates API. The text\n# itself is copyright (C) Microsoft Corporation.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(153381);\n script_version(\"1.9\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/01/30\");\n\n script_cve_id(\n \"CVE-2021-26435\",\n \"CVE-2021-36954\",\n \"CVE-2021-36955\",\n \"CVE-2021-36958\",\n \"CVE-2021-36959\",\n \"CVE-2021-36960\",\n \"CVE-2021-36961\",\n \"CVE-2021-36962\",\n \"CVE-2021-36963\",\n \"CVE-2021-36964\",\n \"CVE-2021-36965\",\n \"CVE-2021-36966\",\n \"CVE-2021-36967\",\n \"CVE-2021-36969\",\n \"CVE-2021-36972\",\n \"CVE-2021-36973\",\n \"CVE-2021-36974\",\n \"CVE-2021-36975\",\n \"CVE-2021-38624\",\n \"CVE-2021-38628\",\n \"CVE-2021-38629\",\n \"CVE-2021-38630\",\n \"CVE-2021-38632\",\n \"CVE-2021-38633\",\n \"CVE-2021-38634\",\n \"CVE-2021-38635\",\n \"CVE-2021-38636\",\n \"CVE-2021-38637\",\n \"CVE-2021-38638\",\n \"CVE-2021-38639\",\n \"CVE-2021-38667\",\n \"CVE-2021-38671\",\n \"CVE-2021-40444\",\n \"CVE-2021-40447\"\n );\n script_xref(name:\"IAVA\", value:\"2021-A-0429-S\");\n script_xref(name:\"IAVA\", value:\"2021-A-0431-S\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2021/11/17\");\n script_xref(name:\"MSKB\", value:\"5005565\");\n script_xref(name:\"MSFT\", value:\"MS21-5005565\");\n\n script_name(english:\"KB5005565: Windows 10 Version 2004 / Windows 10 Version 20H2 / Windows 10 Version 21H1 Security Update (September 2021)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Windows host is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Windows host is missing security update 5005565.\nIt is, therefore, affected by multiple vulnerabilities :\n\n - An elevation of privilege vulnerability. An attacker can\n exploit this to gain elevated privileges.\n (CVE-2021-36954, CVE-2021-36955, CVE-2021-36963,\n CVE-2021-36964, CVE-2021-36966, CVE-2021-36967,\n CVE-2021-36973, CVE-2021-36974, CVE-2021-36975,\n CVE-2021-38628, CVE-2021-38630, CVE-2021-38633,\n CVE-2021-38634, CVE-2021-38638, CVE-2021-38639,\n CVE-2021-38667, CVE-2021-38671, CVE-2021-40447)\n\n - An memory corruption vulnerability exists. An attacker\n can exploit this to corrupt the memory and cause\n unexpected behaviors within the system/application.\n (CVE-2021-26435)\n\n - An information disclosure vulnerability. An attacker can\n exploit this to disclose potentially sensitive\n information. (CVE-2021-36960, CVE-2021-36962,\n CVE-2021-36969, CVE-2021-36972, CVE-2021-38629,\n CVE-2021-38635, CVE-2021-38636, CVE-2021-38637)\n\n - A security feature bypass vulnerability exists. An\n attacker can exploit this and bypass the security\n feature and perform unauthorized actions compromising\n the integrity of the system/application.\n (CVE-2021-38624, CVE-2021-38632)\n\n - A remote code execution vulnerability. An attacker can\n exploit this to bypass authentication and execute\n unauthorized arbitrary commands. (CVE-2021-36965,\n CVE-2021-36958, CVE-2021-40444)\n\n - A denial of service (DoS) vulnerability. An attacker can\n exploit this issue to cause the affected component to\n deny system or application services. (CVE-2021-36961)\n\n - A session spoofing vulnerability exists. An attacker can\n exploit this to perform actions with the privileges of\n another user. (CVE-2021-36959)\");\n # https://support.microsoft.com/en-us/topic/september-14-2021-kb5005565-os-builds-19041-1237-19042-1237-and-19043-1237-292cf8ed-f97b-4cd8-9883-32b71e3e6b44\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?45dd819c\");\n script_set_attribute(attribute:\"solution\", value:\n\"Apply Cumulative Update KB5005565.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-36958\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2021-36965\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Microsoft Office Word Malicious MSHTML RCE');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:\"CANVAS\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/09/14\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/09/14\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/09/14\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:microsoft:windows\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows : Microsoft Bulletins\");\n\n script_copyright(english:\"This script is Copyright (C) 2021-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"smb_check_rollup.nasl\", \"smb_hotfixes.nasl\", \"ms_bulletin_checks_possible.nasl\");\n script_require_keys(\"SMB/MS_Bulletin_Checks/Possible\");\n script_require_ports(139, 445, \"Host/patch_management_checks\");\n\n exit(0);\n}\ninclude('smb_func.inc');\ninclude('smb_hotfixes.inc');\ninclude('smb_hotfixes_fcheck.inc');\ninclude('smb_reg_query.inc');\n\nget_kb_item_or_exit('SMB/MS_Bulletin_Checks/Possible');\n\nbulletin = 'MS21-09';\nkbs = make_list(\n '5005565'\n);\n\nif (get_kb_item('Host/patch_management_checks')) hotfix_check_3rd_party(bulletin:bulletin, kbs:kbs, severity:SECURITY_HOLE);\n\nget_kb_item_or_exit('SMB/Registry/Enumerated');\nget_kb_item_or_exit('SMB/WindowsVersion', exit_code:1);\n\nif (hotfix_check_sp_range(win10:'0') <= 0) audit(AUDIT_OS_SP_NOT_VULN);\n\nshare = hotfix_get_systemdrive(as_share:TRUE, exit_on_fail:TRUE);\nif (!is_accessible_share(share:share)) audit(AUDIT_SHARE_FAIL, share);\n\nif (\n smb_check_rollup(os:'10',\n sp:0,\n os_build:'19041',\n rollup_date:'09_2021',\n bulletin:bulletin,\n rollup_kb_list:[5005565])\n||\n smb_check_rollup(os:'10',\n sp:0,\n os_build:'19042',\n rollup_date:'09_2021',\n bulletin:bulletin,\n rollup_kb_list:[5005565]) \n||\n smb_check_rollup(os:'10',\n sp:0,\n os_build:'19043',\n rollup_date:'09_2021',\n bulletin:bulletin,\n rollup_kb_list:[5005565])\n)\n{\n replace_kb_item(name:'SMB/Missing/'+bulletin, value:TRUE);\n hotfix_security_hole();\n hotfix_check_fversion_end();\n exit(0);\n}\nelse\n{\n hotfix_check_fversion_end();\n audit(AUDIT_HOST_NOT, hotfix_get_audit_report());\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T15:33:18", "description": "The remote Windows host is missing security update 5005568.\nIt is, therefore, affected by multiple vulnerabilities :\n\n - An elevation of privilege vulnerability. An attacker can exploit this to gain elevated privileges.\n (CVE-2021-36954, CVE-2021-36955, CVE-2021-36963, CVE-2021-36964, CVE-2021-36966, CVE-2021-36967, CVE-2021-36973, CVE-2021-36974, CVE-2021-36975, CVE-2021-38628, CVE-2021-38630, CVE-2021-38633, CVE-2021-38634, CVE-2021-38638, CVE-2021-38639, CVE-2021-38667, CVE-2021-38671, CVE-2021-40447)\n\n - An memory corruption vulnerability exists. An attacker can exploit this to corrupt the memory and cause unexpected behaviors within the system/application.\n (CVE-2021-26435)\n\n - An information disclosure vulnerability. An attacker can exploit this to disclose potentially sensitive information. (CVE-2021-36960, CVE-2021-36962, CVE-2021-36969, CVE-2021-36972, CVE-2021-38629, CVE-2021-38635, CVE-2021-38636, CVE-2021-38637)\n\n - A security feature bypass vulnerability exists. An attacker can exploit this and bypass the security feature and perform unauthorized actions compromising the integrity of the system/application.\n (CVE-2021-38624, CVE-2021-38632)\n\n - A remote code execution vulnerability. An attacker can exploit this to bypass authentication and execute unauthorized arbitrary commands. (CVE-2021-36965, CVE-2021-36958, CVE-2021-40444)\n\n - A denial of service (DoS) vulnerability. An attacker can exploit this issue to cause the affected component to deny system or application services. (CVE-2021-36961)\n\n - A session spoofing vulnerability exists. An attacker can exploit this to perform actions with the privileges of another user. (CVE-2021-36959)", "cvss3": {}, "published": "2021-09-14T00:00:00", "type": "nessus", "title": "KB5005568: Windows 10 Version 1809 and Windows Server 2019 September 2021 Security Update", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2021-26435", "CVE-2021-36954", "CVE-2021-36955", "CVE-2021-36958", "CVE-2021-36959", "CVE-2021-36960", "CVE-2021-36961", "CVE-2021-36962", "CVE-2021-36963", "CVE-2021-36964", "CVE-2021-36965", "CVE-2021-36966", "CVE-2021-36967", "CVE-2021-36969", "CVE-2021-36972", "CVE-2021-36973", "CVE-2021-36974", "CVE-2021-36975", "CVE-2021-38624", "CVE-2021-38628", "CVE-2021-38629", "CVE-2021-38630", "CVE-2021-38632", "CVE-2021-38633", "CVE-2021-38634", "CVE-2021-38635", "CVE-2021-38636", "CVE-2021-38637", "CVE-2021-38638", "CVE-2021-38639", "CVE-2021-38667", "CVE-2021-38671", "CVE-2021-40444", "CVE-2021-40447"], "modified": "2023-01-30T00:00:00", "cpe": ["cpe:/o:microsoft:windows"], "id": "SMB_NT_MS21_SEP_5005568.NASL", "href": "https://www.tenable.com/plugins/nessus/153373", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the Microsoft Security Updates API. The text\n# itself is copyright (C) Microsoft Corporation.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(153373);\n script_version(\"1.9\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/01/30\");\n\n script_cve_id(\n \"CVE-2021-26435\",\n \"CVE-2021-36954\",\n \"CVE-2021-36955\",\n \"CVE-2021-36958\",\n \"CVE-2021-36959\",\n \"CVE-2021-36960\",\n \"CVE-2021-36961\",\n \"CVE-2021-36962\",\n \"CVE-2021-36963\",\n \"CVE-2021-36964\",\n \"CVE-2021-36965\",\n \"CVE-2021-36966\",\n \"CVE-2021-36967\",\n \"CVE-2021-36969\",\n \"CVE-2021-36972\",\n \"CVE-2021-36973\",\n \"CVE-2021-36974\",\n \"CVE-2021-36975\",\n \"CVE-2021-38624\",\n \"CVE-2021-38628\",\n \"CVE-2021-38629\",\n \"CVE-2021-38630\",\n \"CVE-2021-38632\",\n \"CVE-2021-38633\",\n \"CVE-2021-38634\",\n \"CVE-2021-38635\",\n \"CVE-2021-38636\",\n \"CVE-2021-38637\",\n \"CVE-2021-38638\",\n \"CVE-2021-38639\",\n \"CVE-2021-38667\",\n \"CVE-2021-38671\",\n \"CVE-2021-40444\",\n \"CVE-2021-40447\"\n );\n script_xref(name:\"IAVA\", value:\"2021-A-0429-S\");\n script_xref(name:\"IAVA\", value:\"2021-A-0431-S\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2021/11/17\");\n script_xref(name:\"MSKB\", value:\"5005568\");\n script_xref(name:\"MSFT\", value:\"MS21-5005568\");\n\n script_name(english:\"KB5005568: Windows 10 Version 1809 and Windows Server 2019 September 2021 Security Update\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Windows host is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Windows host is missing security update 5005568.\nIt is, therefore, affected by multiple vulnerabilities :\n\n - An elevation of privilege vulnerability. An attacker can\n exploit this to gain elevated privileges.\n (CVE-2021-36954, CVE-2021-36955, CVE-2021-36963,\n CVE-2021-36964, CVE-2021-36966, CVE-2021-36967,\n CVE-2021-36973, CVE-2021-36974, CVE-2021-36975,\n CVE-2021-38628, CVE-2021-38630, CVE-2021-38633,\n CVE-2021-38634, CVE-2021-38638, CVE-2021-38639,\n CVE-2021-38667, CVE-2021-38671, CVE-2021-40447)\n\n - An memory corruption vulnerability exists. An attacker\n can exploit this to corrupt the memory and cause\n unexpected behaviors within the system/application.\n (CVE-2021-26435)\n\n - An information disclosure vulnerability. An attacker can\n exploit this to disclose potentially sensitive\n information. (CVE-2021-36960, CVE-2021-36962,\n CVE-2021-36969, CVE-2021-36972, CVE-2021-38629,\n CVE-2021-38635, CVE-2021-38636, CVE-2021-38637)\n\n - A security feature bypass vulnerability exists. An\n attacker can exploit this and bypass the security\n feature and perform unauthorized actions compromising\n the integrity of the system/application.\n (CVE-2021-38624, CVE-2021-38632)\n\n - A remote code execution vulnerability. An attacker can\n exploit this to bypass authentication and execute\n unauthorized arbitrary commands. (CVE-2021-36965, \n CVE-2021-36958, CVE-2021-40444)\n\n - A denial of service (DoS) vulnerability. An attacker can\n exploit this issue to cause the affected component to\n deny system or application services. (CVE-2021-36961)\n\n - A session spoofing vulnerability exists. An attacker can\n exploit this to perform actions with the privileges of\n another user. (CVE-2021-36959)\");\n # https://support.microsoft.com/en-us/topic/september-14-2021-kb5005568-os-build-17763-2183-d19b2778-204a-4c09-a0c3-23dc28d5deac\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?54269929\");\n script_set_attribute(attribute:\"solution\", value:\n\"Apply Cumulative Update KB5005568.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-36958\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2021-36965\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Microsoft Office Word Malicious MSHTML RCE');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:\"CANVAS\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/09/14\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/09/14\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/09/14\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:microsoft:windows\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows : Microsoft Bulletins\");\n\n script_copyright(english:\"This script is Copyright (C) 2021-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"smb_check_rollup.nasl\", \"smb_hotfixes.nasl\", \"ms_bulletin_checks_possible.nasl\");\n script_require_keys(\"SMB/MS_Bulletin_Checks/Possible\");\n script_require_ports(139, 445, \"Host/patch_management_checks\");\n\n exit(0);\n}\n\ninclude('audit.inc');\ninclude('smb_hotfixes_fcheck.inc');\ninclude('smb_hotfixes.inc');\ninclude('smb_func.inc');\ninclude('misc_func.inc');\n\nget_kb_item_or_exit('SMB/MS_Bulletin_Checks/Possible');\n\nbulletin = \"MS21-09\";\nkbs = make_list('5005568');\n\nif (get_kb_item('Host/patch_management_checks')) hotfix_check_3rd_party(bulletin:bulletin, kbs:kbs, severity:SECURITY_HOLE);\n\nget_kb_item_or_exit('SMB/Registry/Enumerated');\nget_kb_item_or_exit('SMB/WindowsVersion', exit_code:1);\n\nif (hotfix_check_sp_range(win10:'0') <= 0) audit(AUDIT_OS_SP_NOT_VULN);\n\nshare = hotfix_get_systemdrive(as_share:TRUE, exit_on_fail:TRUE);\nif (!is_accessible_share(share:share)) audit(AUDIT_SHARE_FAIL, share);\n\nif (\n smb_check_rollup(os:\"10\",\n sp:0,\n os_build:'17763',\n rollup_date:'09_2021',\n bulletin:bulletin,\n rollup_kb_list:[5005568])\n)\n{\n replace_kb_item(name:'SMB/Missing/'+bulletin, value:TRUE);\n hotfix_security_hole();\n hotfix_check_fversion_end();\n exit(0);\n}\nelse\n{\n hotfix_check_fversion_end();\n audit(AUDIT_HOST_NOT, hotfix_get_audit_report());\n}", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T15:33:12", "description": "The remote Windows host is missing security update 5005569.\nIt is, therefore, affected by multiple vulnerabilities :\n\n - An memory corruption vulnerability exists. An attacker can exploit this to corrupt the memory and cause unexpected behaviors within the system/application.\n (CVE-2021-26435)\n\n - An information disclosure vulnerability. An attacker can exploit this to disclose potentially sensitive information. (CVE-2021-36960, CVE-2021-36962, CVE-2021-36969, CVE-2021-36972, CVE-2021-38629, CVE-2021-38635, CVE-2021-38636)\n\n - An elevation of privilege vulnerability. An attacker can exploit this to gain elevated privileges.\n (CVE-2021-36955, CVE-2021-36963, CVE-2021-36964, CVE-2021-36967, CVE-2021-36973, CVE-2021-36974, CVE-2021-38628, CVE-2021-38630, CVE-2021-38633, CVE-2021-38634, CVE-2021-38638, CVE-2021-38639, CVE-2021-38667, CVE-2021-38671, CVE-2021-40447)\n\n - A remote code execution vulnerability. An attacker can exploit this to bypass authentication and execute unauthorized arbitrary commands. (CVE-2021-36965, CVE-2021-36958, CVE-2021-40444)\n\n - A denial of service (DoS) vulnerability. An attacker can exploit this issue to cause the affected component to deny system or application services. (CVE-2021-36961)\n\n - A security feature bypass vulnerability exists. An attacker can exploit this and bypass the security feature and perform unauthorized actions compromising the integrity of the system/application.\n (CVE-2021-38624)\n\n - A session spoofing vulnerability exists. An attacker can exploit this to perform actions with the privileges of another user. (CVE-2021-36959)", "cvss3": {}, "published": "2021-09-14T00:00:00", "type": "nessus", "title": "KB5005569: Windows 10 version 1507 LTS September 2021 Security Update", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2021-26435", "CVE-2021-36955", "CVE-2021-36958", "CVE-2021-36959", "CVE-2021-36960", "CVE-2021-36961", "CVE-2021-36962", "CVE-2021-36963", "CVE-2021-36964", "CVE-2021-36965", "CVE-2021-36967", "CVE-2021-36969", "CVE-2021-36972", "CVE-2021-36973", "CVE-2021-36974", "CVE-2021-38624", "CVE-2021-38628", "CVE-2021-38629", "CVE-2021-38630", "CVE-2021-38633", "CVE-2021-38634", "CVE-2021-38635", "CVE-2021-38636", "CVE-2021-38638", "CVE-2021-38639", "CVE-2021-38667", "CVE-2021-38671", "CVE-2021-40444", "CVE-2021-40447"], "modified": "2023-01-30T00:00:00", "cpe": ["cpe:/o:microsoft:windows"], "id": "SMB_NT_MS21_SEP_5005569.NASL", "href": "https://www.tenable.com/plugins/nessus/153372", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the Microsoft Security Updates API. The text\n# itself is copyright (C) Microsoft Corporation.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(153372);\n script_version(\"1.10\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/01/30\");\n\n script_cve_id(\n \"CVE-2021-26435\",\n \"CVE-2021-36955\",\n \"CVE-2021-36958\",\n \"CVE-2021-36959\",\n \"CVE-2021-36960\",\n \"CVE-2021-36961\",\n \"CVE-2021-36962\",\n \"CVE-2021-36963\",\n \"CVE-2021-36964\",\n \"CVE-2021-36965\",\n \"CVE-2021-36967\",\n \"CVE-2021-36969\",\n \"CVE-2021-36972\",\n \"CVE-2021-36973\",\n \"CVE-2021-36974\",\n \"CVE-2021-38624\",\n \"CVE-2021-38628\",\n \"CVE-2021-38629\",\n \"CVE-2021-38630\",\n \"CVE-2021-38633\",\n \"CVE-2021-38634\",\n \"CVE-2021-38635\",\n \"CVE-2021-38636\",\n \"CVE-2021-38638\",\n \"CVE-2021-38639\",\n \"CVE-2021-38667\",\n \"CVE-2021-38671\",\n \"CVE-2021-40444\",\n \"CVE-2021-40447\"\n );\n script_xref(name:\"MSKB\", value:\"5005569\");\n script_xref(name:\"MSFT\", value:\"MS21-5005569\");\n script_xref(name:\"IAVA\", value:\"2021-A-0431-S\");\n script_xref(name:\"IAVA\", value:\"2021-A-0429-S\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2021/11/17\");\n\n script_name(english:\"KB5005569: Windows 10 version 1507 LTS September 2021 Security Update\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Windows host is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Windows host is missing security update 5005569.\nIt is, therefore, affected by multiple vulnerabilities :\n\n - An memory corruption vulnerability exists. An attacker\n can exploit this to corrupt the memory and cause\n unexpected behaviors within the system/application.\n (CVE-2021-26435)\n\n - An information disclosure vulnerability. An attacker can\n exploit this to disclose potentially sensitive\n information. (CVE-2021-36960, CVE-2021-36962,\n CVE-2021-36969, CVE-2021-36972, CVE-2021-38629,\n CVE-2021-38635, CVE-2021-38636)\n\n - An elevation of privilege vulnerability. An attacker can\n exploit this to gain elevated privileges.\n (CVE-2021-36955, CVE-2021-36963, CVE-2021-36964,\n CVE-2021-36967, CVE-2021-36973, CVE-2021-36974,\n CVE-2021-38628, CVE-2021-38630, CVE-2021-38633,\n CVE-2021-38634, CVE-2021-38638, CVE-2021-38639,\n CVE-2021-38667, CVE-2021-38671, CVE-2021-40447)\n\n - A remote code execution vulnerability. An attacker can\n exploit this to bypass authentication and execute\n unauthorized arbitrary commands. (CVE-2021-36965,\n CVE-2021-36958, CVE-2021-40444)\n\n - A denial of service (DoS) vulnerability. An attacker can\n exploit this issue to cause the affected component to\n deny system or application services. (CVE-2021-36961)\n\n - A security feature bypass vulnerability exists. An\n attacker can exploit this and bypass the security\n feature and perform unauthorized actions compromising\n the integrity of the system/application.\n (CVE-2021-38624)\n\n - A session spoofing vulnerability exists. An attacker can\n exploit this to perform actions with the privileges of\n another user. (CVE-2021-36959)\");\n # https://support.microsoft.com/en-us/topic/september-14-2021-kb5005569-os-build-10240-19060-0de156d8-d616-49bb-ad8d-3cf352611ca4\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?322a809c\");\n script_set_attribute(attribute:\"solution\", value:\n\"Apply Cumulative Update KB5005569.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-36958\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2021-36965\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Microsoft Office Word Malicious MSHTML RCE');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:\"CANVAS\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/09/14\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/09/14\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/09/14\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:microsoft:windows\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows : Microsoft Bulletins\");\n\n script_copyright(english:\"This script is Copyright (C) 2021-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"smb_check_rollup.nasl\", \"smb_hotfixes.nasl\", \"ms_bulletin_checks_possible.nasl\");\n script_require_keys(\"SMB/MS_Bulletin_Checks/Possible\");\n script_require_ports(139, 445, \"Host/patch_management_checks\");\n\n exit(0);\n}\n\ninclude('audit.inc');\ninclude('smb_hotfixes_fcheck.inc');\ninclude('smb_hotfixes.inc');\ninclude('smb_func.inc');\ninclude('misc_func.inc');\n\nget_kb_item_or_exit('SMB/MS_Bulletin_Checks/Possible');\n\nbulletin = \"MS21-09\";\nkbs = make_list('5005569');\n\nif (get_kb_item('Host/patch_management_checks')) hotfix_check_3rd_party(bulletin:bulletin, kbs:kbs, severity:SECURITY_HOLE);\n\nget_kb_item_or_exit('SMB/Registry/Enumerated');\nget_kb_item_or_exit('SMB/WindowsVersion', exit_code:1);\n\nif (hotfix_check_sp_range(win10:'0') <= 0) audit(AUDIT_OS_SP_NOT_VULN);\n\nshare = hotfix_get_systemdrive(as_share:TRUE, exit_on_fail:TRUE);\nif (!is_accessible_share(share:share)) audit(AUDIT_SHARE_FAIL, share);\n\nif (\n smb_check_rollup(os:\"10\",\n sp:0,\n os_build:'10240',\n rollup_date:'09_2021',\n bulletin:bulletin,\n rollup_kb_list:[5005569])\n)\n{\n replace_kb_item(name:'SMB/Missing/'+bulletin, value:TRUE);\n hotfix_security_hole();\n hotfix_check_fversion_end();\n exit(0);\n}\nelse\n{\n hotfix_check_fversion_end();\n audit(AUDIT_HOST_NOT, hotfix_get_audit_report());\n}", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T15:33:26", "description": "The remote Windows host is missing security update 5005573.\nIt is, therefore, affected by multiple vulnerabilities :\n\n - An memory corruption vulnerability exists. An attacker can exploit this to corrupt the memory and cause unexpected behaviors within the system/application.\n (CVE-2021-26435)\n\n - An information disclosure vulnerability. An attacker can exploit this to disclose potentially sensitive information. (CVE-2021-36960, CVE-2021-36962, CVE-2021-36969, CVE-2021-36972, CVE-2021-38629, CVE-2021-38635, CVE-2021-38636)\n\n - A security feature bypass vulnerability exists. An attacker can exploit this and bypass the security feature and perform unauthorized actions compromising the integrity of the system/application.\n (CVE-2021-38624, CVE-2021-38632)\n\n - An elevation of privilege vulnerability. An attacker can exploit this to gain elevated privileges.\n (CVE-2021-36955, CVE-2021-36963, CVE-2021-36964, CVE-2021-36967, CVE-2021-36973, CVE-2021-36974, CVE-2021-38628, CVE-2021-38630, CVE-2021-38633, CVE-2021-38634, CVE-2021-38638, CVE-2021-38639, CVE-2021-38667, CVE-2021-38671, CVE-2021-40447)\n\n - A remote code execution vulnerability. An attacker can exploit this to bypass authentication and execute unauthorized arbitrary commands. (CVE-2021-36965, CVE-2021-36958, CVE-2021-40444)\n\n - A denial of service (DoS) vulnerability. An attacker can exploit this issue to cause the affected component to deny system or application services. (CVE-2021-36961)\n\n - A session spoofing vulnerability exists. An attacker can exploit this to perform actions with the privileges of another user. (CVE-2021-36959)", "cvss3": {}, "published": "2021-09-14T00:00:00", "type": "nessus", "title": "KB5005573: Windows 10 Version 1607 and Windows Server 2016 September 2021 Security Update", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2021-26435", "CVE-2021-36955", "CVE-2021-36958", "CVE-2021-36959", "CVE-2021-36960", "CVE-2021-36961", "CVE-2021-36962", "CVE-2021-36963", "CVE-2021-36964", "CVE-2021-36965", "CVE-2021-36967", "CVE-2021-36969", "CVE-2021-36972", "CVE-2021-36973", "CVE-2021-36974", "CVE-2021-38624", "CVE-2021-38628", "CVE-2021-38629", "CVE-2021-38630", "CVE-2021-38632", "CVE-2021-38633", "CVE-2021-38634", "CVE-2021-38635", "CVE-2021-38636", "CVE-2021-38638", "CVE-2021-38639", "CVE-2021-38667", "CVE-2021-38671", "CVE-2021-40444", "CVE-2021-40447"], "modified": "2023-01-30T00:00:00", "cpe": ["cpe:/o:microsoft:windows"], "id": "SMB_NT_MS21_SEP_5005573.NASL", "href": "https://www.tenable.com/plugins/nessus/153377", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the Microsoft Security Updates API. The text\n# itself is copyright (C) Microsoft Corporation.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(153377);\n script_version(\"1.10\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/01/30\");\n\n script_cve_id(\n \"CVE-2021-26435\",\n \"CVE-2021-36955\",\n \"CVE-2021-36958\",\n \"CVE-2021-36959\",\n \"CVE-2021-36960\",\n \"CVE-2021-36961\",\n \"CVE-2021-36962\",\n \"CVE-2021-36963\",\n \"CVE-2021-36964\",\n \"CVE-2021-36965\",\n \"CVE-2021-36967\",\n \"CVE-2021-36969\",\n \"CVE-2021-36972\",\n \"CVE-2021-36973\",\n \"CVE-2021-36974\",\n \"CVE-2021-38624\",\n \"CVE-2021-38628\",\n \"CVE-2021-38629\",\n \"CVE-2021-38630\",\n \"CVE-2021-38632\",\n \"CVE-2021-38633\",\n \"CVE-2021-38634\",\n \"CVE-2021-38635\",\n \"CVE-2021-38636\",\n \"CVE-2021-38638\",\n \"CVE-2021-38639\",\n \"CVE-2021-38667\",\n \"CVE-2021-38671\",\n \"CVE-2021-40444\",\n \"CVE-2021-40447\"\n );\n script_xref(name:\"MSKB\", value:\"5005573\");\n script_xref(name:\"MSFT\", value:\"MS21-5005573\");\n script_xref(name:\"IAVA\", value:\"2021-A-0431-S\");\n script_xref(name:\"IAVA\", value:\"2021-A-0429-S\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2021/11/17\");\n\n script_name(english:\"KB5005573: Windows 10 Version 1607 and Windows Server 2016 September 2021 Security Update\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Windows host is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Windows host is missing security update 5005573.\nIt is, therefore, affected by multiple vulnerabilities :\n\n - An memory corruption vulnerability exists. An attacker\n can exploit this to corrupt the memory and cause\n unexpected behaviors within the system/application.\n (CVE-2021-26435)\n\n - An information disclosure vulnerability. An attacker can\n exploit this to disclose potentially sensitive\n information. (CVE-2021-36960, CVE-2021-36962,\n CVE-2021-36969, CVE-2021-36972, CVE-2021-38629,\n CVE-2021-38635, CVE-2021-38636)\n\n - A security feature bypass vulnerability exists. An\n attacker can exploit this and bypass the security\n feature and perform unauthorized actions compromising\n the integrity of the system/application.\n (CVE-2021-38624, CVE-2021-38632)\n\n - An elevation of privilege vulnerability. An attacker can\n exploit this to gain elevated privileges.\n (CVE-2021-36955, CVE-2021-36963, CVE-2021-36964,\n CVE-2021-36967, CVE-2021-36973, CVE-2021-36974,\n CVE-2021-38628, CVE-2021-38630, CVE-2021-38633,\n CVE-2021-38634, CVE-2021-38638, CVE-2021-38639,\n CVE-2021-38667, CVE-2021-38671, CVE-2021-40447)\n\n - A remote code execution vulnerability. An attacker can\n exploit this to bypass authentication and execute\n unauthorized arbitrary commands. (CVE-2021-36965,\n CVE-2021-36958, CVE-2021-40444)\n\n - A denial of service (DoS) vulnerability. An attacker can\n exploit this issue to cause the affected component to\n deny system or application services. (CVE-2021-36961)\n\n - A session spoofing vulnerability exists. An attacker can\n exploit this to perform actions with the privileges of\n another user. (CVE-2021-36959)\");\n # https://support.microsoft.com/en-us/topic/september-14-2021-kb5005573-os-build-14393-4651-48853795-3857-4485-a2bf-f15b39464b41\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?be42cfd3\");\n script_set_attribute(attribute:\"solution\", value:\n\"Apply Cumulative Update KB5005573.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-36958\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2021-36965\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Microsoft Office Word Malicious MSHTML RCE');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:\"CANVAS\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/09/14\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/09/14\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/09/14\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:microsoft:windows\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows : Microsoft Bulletins\");\n\n script_copyright(english:\"This script is Copyright (C) 2021-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"smb_check_rollup.nasl\", \"smb_hotfixes.nasl\", \"ms_bulletin_checks_possible.nasl\");\n script_require_keys(\"SMB/MS_Bulletin_Checks/Possible\");\n script_require_ports(139, 445, \"Host/patch_management_checks\");\n\n exit(0);\n}\n\ninclude('audit.inc');\ninclude('smb_hotfixes_fcheck.inc');\ninclude('smb_hotfixes.inc');\ninclude('smb_func.inc');\ninclude('misc_func.inc');\n\nget_kb_item_or_exit('SMB/MS_Bulletin_Checks/Possible');\n\nbulletin = \"MS21-09\";\nkbs = make_list('5005573');\n\nif (get_kb_item('Host/patch_management_checks')) hotfix_check_3rd_party(bulletin:bulletin, kbs:kbs, severity:SECURITY_HOLE);\n\nget_kb_item_or_exit('SMB/Registry/Enumerated');\nget_kb_item_or_exit('SMB/WindowsVersion', exit_code:1);\n\nif (hotfix_check_sp_range(win10:'0') <= 0) audit(AUDIT_OS_SP_NOT_VULN);\n\nshare = hotfix_get_systemdrive(as_share:TRUE, exit_on_fail:TRUE);\nif (!is_accessible_share(share:share)) audit(AUDIT_SHARE_FAIL, share);\n\nif (\n smb_check_rollup(os:\"10\",\n sp:0,\n os_build:'14393',\n rollup_date:'09_2021',\n bulletin:bulletin,\n rollup_kb_list:[5005573])\n)\n{\n replace_kb_item(name:'SMB/Missing/'+bulletin, value:TRUE);\n hotfix_security_hole();\n hotfix_check_fversion_end();\n exit(0);\n}\nelse\n{\n hotfix_check_fversion_end();\n audit(AUDIT_HOST_NOT, hotfix_get_audit_report());\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T15:33:46", "description": "The remote Windows host is missing security update 5005618 or cumulative update 5005606. It is, therefore, affected by multiple vulnerabilities :\n\n - An memory corruption vulnerability exists. An attacker can exploit this to corrupt the memory and cause unexpected behaviors within the system/application.\n (CVE-2021-26435)\n\n - An information disclosure vulnerability. An attacker can exploit this to disclose potentially sensitive information. (CVE-2021-36962, CVE-2021-38629, CVE-2021-38635, CVE-2021-38636)\n\n - An elevation of privilege vulnerability. An attacker can exploit this to gain elevated privileges.\n (CVE-2021-36955, CVE-2021-36963, CVE-2021-36964, CVE-2021-36968, CVE-2021-38625, CVE-2021-38626, CVE-2021-38628, CVE-2021-38633, CVE-2021-38638, CVE-2021-38639, CVE-2021-38667, CVE-2021-38671, CVE-2021-40447)\n\n - A remote code execution vulnerability. An attacker can exploit this to bypass authentication and execute unauthorized arbitrary commands. (CVE-2021-36965)\n\n - A denial of service (DoS) vulnerability. An attacker can exploit this issue to cause the affected component to deny system or application services. (CVE-2021-36961)\n\n - A session spoofing vulnerability exists. An attacker can exploit this to perform actions with the privileges of another user. (CVE-2021-36959)", "cvss3": {}, "published": "2021-09-14T00:00:00", "type": "nessus", "title": "KB5005618: Windows Server 2008 September 2021 Security Update", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2021-26435", "CVE-2021-36955", "CVE-2021-36959", "CVE-2021-36961", "CVE-2021-36962", "CVE-2021-36963", "CVE-2021-36964", "CVE-2021-36965", "CVE-2021-36968", "CVE-2021-38625", "CVE-2021-38626", "CVE-2021-38628", "CVE-2021-38629", "CVE-2021-38633", "CVE-2021-38635", "CVE-2021-38636", "CVE-2021-38638", "CVE-2021-38639", "CVE-2021-38667", "CVE-2021-38671", "CVE-2021-40447"], "modified": "2022-01-26T00:00:00", "cpe": ["cpe:/o:microsoft:windows"], "id": "SMB_NT_MS21_SEP_5005606.NASL", "href": "https://www.tenable.com/plugins/nessus/153386", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the Microsoft Security Updates API. The text\n# itself is copyright (C) Microsoft Corporation.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(153386);\n script_version(\"1.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/01/26\");\n\n script_cve_id(\n \"CVE-2021-26435\",\n \"CVE-2021-36955\",\n \"CVE-2021-36959\",\n \"CVE-2021-36961\",\n \"CVE-2021-36962\",\n \"CVE-2021-36963\",\n \"CVE-2021-36964\",\n \"CVE-2021-36965\",\n \"CVE-2021-36968\",\n \"CVE-2021-38625\",\n \"CVE-2021-38626\",\n \"CVE-2021-38628\",\n \"CVE-2021-38629\",\n \"CVE-2021-38633\",\n \"CVE-2021-38635\",\n \"CVE-2021-38636\",\n \"CVE-2021-38638\",\n \"CVE-2021-38639\",\n \"CVE-2021-38667\",\n \"CVE-2021-38671\",\n \"CVE-2021-40447\"\n );\n script_xref(name:\"MSKB\", value:\"5005606\");\n script_xref(name:\"MSKB\", value:\"5005618\");\n script_xref(name:\"MSFT\", value:\"MS21-5005606\");\n script_xref(name:\"MSFT\", value:\"MS21-5005618\");\n script_xref(name:\"IAVA\", value:\"2021-A-0431-S\");\n script_xref(name:\"IAVA\", value:\"2021-A-0429-S\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2021/11/17\");\n\n script_name(english:\"KB5005618: Windows Server 2008 September 2021 Security Update\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Windows host is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Windows host is missing security update 5005618\nor cumulative update 5005606. It is, therefore, affected by\nmultiple vulnerabilities :\n\n - An memory corruption vulnerability exists. An attacker\n can exploit this to corrupt the memory and cause\n unexpected behaviors within the system/application.\n (CVE-2021-26435)\n\n - An information disclosure vulnerability. An attacker can\n exploit this to disclose potentially sensitive\n information. (CVE-2021-36962, CVE-2021-38629,\n CVE-2021-38635, CVE-2021-38636)\n\n - An elevation of privilege vulnerability. An attacker can\n exploit this to gain elevated privileges.\n (CVE-2021-36955, CVE-2021-36963, CVE-2021-36964,\n CVE-2021-36968, CVE-2021-38625, CVE-2021-38626,\n CVE-2021-38628, CVE-2021-38633, CVE-2021-38638,\n CVE-2021-38639, CVE-2021-38667, CVE-2021-38671,\n CVE-2021-40447)\n\n - A remote code execution vulnerability. An attacker can\n exploit this to bypass authentication and execute\n unauthorized arbitrary commands. (CVE-2021-36965)\n\n - A denial of service (DoS) vulnerability. An attacker can\n exploit this issue to cause the affected component to\n deny system or application services. (CVE-2021-36961)\n\n - A session spoofing vulnerability exists. An attacker can\n exploit this to perform actions with the privileges of\n another user. (CVE-2021-36959)\");\n # https://support.microsoft.com/en-us/topic/september-14-2021-kb5005606-monthly-rollup-e6cb2ae9-f688-4f8b-b742-43b03b791d6d\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?16fe7ded\");\n # https://support.microsoft.com/en-us/topic/september-14-2021-kb5005618-security-only-update-08a80048-babc-41ce-8b4b-cfd10c7c0dda\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?32ea9fe0\");\n script_set_attribute(attribute:\"solution\", value:\n\"Apply Security Only update KB5005618 or Cumulative Update KB5005606.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-36965\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/09/14\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/09/14\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/09/14\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:microsoft:windows\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows : Microsoft Bulletins\");\n\n script_copyright(english:\"This script is Copyright (C) 2021-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"smb_check_rollup.nasl\", \"smb_hotfixes.nasl\", \"ms_bulletin_checks_possible.nasl\");\n script_require_keys(\"SMB/MS_Bulletin_Checks/Possible\");\n script_require_ports(139, 445, \"Host/patch_management_checks\");\n\n exit(0);\n}\n\ninclude('audit.inc');\ninclude('smb_hotfixes_fcheck.inc');\ninclude('smb_hotfixes.inc');\ninclude('smb_func.inc');\ninclude('misc_func.inc');\n\nget_kb_item_or_exit('SMB/MS_Bulletin_Checks/Possible');\n\nbulletin = \"MS21-09\";\nkbs = make_list('5005606', '5005618');\n\nif (get_kb_item('Host/patch_management_checks')) hotfix_check_3rd_party(bulletin:bulletin, kbs:kbs, severity:SECURITY_HOLE);\n\nget_kb_item_or_exit('SMB/Registry/Enumerated');\nget_kb_item_or_exit('SMB/WindowsVersion', exit_code:1);\n\nif (hotfix_check_sp_range(vista:'2') <= 0) audit(AUDIT_OS_SP_NOT_VULN);\n\nshare = hotfix_get_systemdrive(as_share:TRUE, exit_on_fail:TRUE);\nif (!is_accessible_share(share:share)) audit(AUDIT_SHARE_FAIL, share);\n\nif (\n smb_check_rollup(os:\"6.0\",\n sp:2,\n rollup_date:'09_2021',\n bulletin:bulletin,\n rollup_kb_list:[5005606, 5005618])\n)\n{\n replace_kb_item(name:'SMB/Missing/'+bulletin, value:TRUE);\n hotfix_security_hole();\n hotfix_check_fversion_end();\n exit(0);\n}\nelse\n{\n hotfix_check_fversion_end();\n audit(AUDIT_HOST_NOT, hotfix_get_audit_report());\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T15:33:12", "description": "The remote Windows host is missing security update 5005627 or cumulative update 5005613. It is, therefore, affected by multiple vulnerabilities :\n\n - An memory corruption vulnerability exists. An attacker can exploit this to corrupt the memory and cause unexpected behaviors within the system/application.\n (CVE-2021-26435)\n\n - An information disclosure vulnerability. An attacker can exploit this to disclose potentially sensitive information. (CVE-2021-36960, CVE-2021-36962, CVE-2021-36969, CVE-2021-36972, CVE-2021-38629, CVE-2021-38635, CVE-2021-38636)\n\n - A remote code execution vulnerability. An attacker can exploit this to bypass authentication and execute unauthorized arbitrary commands. (CVE-2021-36965, CVE-2021-36958, CVE-2021-40444)\n\n - An elevation of privilege vulnerability. An attacker can exploit this to gain elevated privileges.\n (CVE-2021-36955, CVE-2021-36963, CVE-2021-36964, CVE-2021-36974, CVE-2021-38628, CVE-2021-38630, CVE-2021-38633, CVE-2021-38638, CVE-2021-38639, CVE-2021-38667, CVE-2021-38671, CVE-2021-40447)\n\n - A denial of service (DoS) vulnerability. An attacker can exploit this issue to cause the affected component to deny system or application services. (CVE-2021-36961)\n\n - A security feature bypass vulnerability exists. An attacker can exploit this and bypass the security feature and perform unauthorized actions compromising the integrity of the system/application.\n (CVE-2021-38624)\n\n - A session spoofing vulnerability exists. An attacker can exploit this to perform actions with the privileges of another user. (CVE-2021-36959)", "cvss3": {}, "published": "2021-09-14T00:00:00", "type": "nessus", "title": "KB5005627: Windows 8.1 and Windows Server 2012 R2 September 2021 Security Update", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2021-26435", "CVE-2021-36955", "CVE-2021-36958", "CVE-2021-36959", "CVE-2021-36960", "CVE-2021-36961", "CVE-2021-36962", "CVE-2021-36963", "CVE-2021-36964", "CVE-2021-36965", "CVE-2021-36969", "CVE-2021-36972", "CVE-2021-36974", "CVE-2021-38624", "CVE-2021-38628", "CVE-2021-38629", "CVE-2021-38630", "CVE-2021-38633", "CVE-2021-38635", "CVE-2021-38636", "CVE-2021-38638", "CVE-2021-38639", "CVE-2021-38667", "CVE-2021-38671", "CVE-2021-40444", "CVE-2021-40447"], "modified": "2023-01-30T00:00:00", "cpe": ["cpe:/o:microsoft:windows"], "id": "SMB_NT_MS21_SEP_5005613.NASL", "href": "https://www.tenable.com/plugins/nessus/153375", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the Microsoft Security Updates API. The text\n# itself is copyright (C) Microsoft Corporation.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(153375);\n script_version(\"1.9\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/01/30\");\n\n script_cve_id(\n \"CVE-2021-26435\",\n \"CVE-2021-36955\",\n \"CVE-2021-36958\",\n \"CVE-2021-36959\",\n \"CVE-2021-36960\",\n \"CVE-2021-36961\",\n \"CVE-2021-36962\",\n \"CVE-2021-36963\",\n \"CVE-2021-36964\",\n \"CVE-2021-36965\",\n \"CVE-2021-36969\",\n \"CVE-2021-36972\",\n \"CVE-2021-36974\",\n \"CVE-2021-38624\",\n \"CVE-2021-38628\",\n \"CVE-2021-38629\",\n \"CVE-2021-38630\",\n \"CVE-2021-38633\",\n \"CVE-2021-38635\",\n \"CVE-2021-38636\",\n \"CVE-2021-38638\",\n \"CVE-2021-38639\",\n \"CVE-2021-38667\",\n \"CVE-2021-38671\",\n \"CVE-2021-40444\",\n \"CVE-2021-40447\"\n );\n script_xref(name:\"IAVA\", value:\"2021-A-0429-S\");\n script_xref(name:\"IAVA\", value:\"2021-A-0431-S\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2021/11/17\");\n script_xref(name:\"MSKB\", value:\"5005613\");\n script_xref(name:\"MSKB\", value:\"5005627\");\n script_xref(name:\"MSFT\", value:\"MS21-5005613\");\n script_xref(name:\"MSFT\", value:\"MS21-5005627\");\n\n script_name(english:\"KB5005627: Windows 8.1 and Windows Server 2012 R2 September 2021 Security Update\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Windows host is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Windows host is missing security update 5005627\nor cumulative update 5005613. It is, therefore, affected by\nmultiple vulnerabilities :\n\n - An memory corruption vulnerability exists. An attacker\n can exploit this to corrupt the memory and cause\n unexpected behaviors within the system/application.\n (CVE-2021-26435)\n\n - An information disclosure vulnerability. An attacker can\n exploit this to disclose potentially sensitive\n information. (CVE-2021-36960, CVE-2021-36962,\n CVE-2021-36969, CVE-2021-36972, CVE-2021-38629,\n CVE-2021-38635, CVE-2021-38636)\n\n - A remote code execution vulnerability. An attacker can\n exploit this to bypass authentication and execute\n unauthorized arbitrary commands. (CVE-2021-36965, \n CVE-2021-36958, CVE-2021-40444)\n\n - An elevation of privilege vulnerability. An attacker can\n exploit this to gain elevated privileges.\n (CVE-2021-36955, CVE-2021-36963, CVE-2021-36964,\n CVE-2021-36974, CVE-2021-38628, CVE-2021-38630,\n CVE-2021-38633, CVE-2021-38638, CVE-2021-38639,\n CVE-2021-38667, CVE-2021-38671, CVE-2021-40447)\n\n - A denial of service (DoS) vulnerability. An attacker can\n exploit this issue to cause the affected component to\n deny system or application services. (CVE-2021-36961)\n\n - A security feature bypass vulnerability exists. An\n attacker can exploit this and bypass the security\n feature and perform unauthorized actions compromising\n the integrity of the system/application.\n (CVE-2021-38624)\n\n - A session spoofing vulnerability exists. An attacker can\n exploit this to perform actions with the privileges of\n another user. (CVE-2021-36959)\");\n # https://support.microsoft.com/en-us/topic/september-14-2021-kb5005627-security-only-update-3404d598-7d6e-4007-93e8-49438460791f\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?c74eba5d\");\n # https://support.microsoft.com/en-us/topic/september-14-2021-kb5005613-monthly-rollup-47b217aa-8d33-4b29-b444-77fcbe57410b\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?f099b11d\");\n script_set_attribute(attribute:\"solution\", value:\n\"Apply Security Only update KB5005627 or Cumulative Update KB5005613.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-36958\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2021-36965\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Microsoft Office Word Malicious MSHTML RCE');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:\"CANVAS\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/09/14\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/09/14\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/09/14\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:microsoft:windows\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows : Microsoft Bulletins\");\n\n script_copyright(english:\"This script is Copyright (C) 2021-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"smb_check_rollup.nasl\", \"smb_hotfixes.nasl\", \"ms_bulletin_checks_possible.nasl\");\n script_require_keys(\"SMB/MS_Bulletin_Checks/Possible\");\n script_require_ports(139, 445, \"Host/patch_management_checks\");\n\n exit(0);\n}\n\ninclude('audit.inc');\ninclude('smb_hotfixes_fcheck.inc');\ninclude('smb_hotfixes.inc');\ninclude('smb_func.inc');\ninclude('misc_func.inc');\n\nget_kb_item_or_exit('SMB/MS_Bulletin_Checks/Possible');\n\nbulletin = \"MS21-09\";\nkbs = make_list('5005627', '5005613');\n\nif (get_kb_item('Host/patch_management_checks')) hotfix_check_3rd_party(bulletin:bulletin, kbs:kbs, severity:SECURITY_HOLE);\n\nget_kb_item_or_exit('SMB/Registry/Enumerated');\nget_kb_item_or_exit('SMB/WindowsVersion', exit_code:1);\n\nif (hotfix_check_sp_range(win81:'0') <= 0) audit(AUDIT_OS_SP_NOT_VULN);\n\n# Windows 8 EOL\nproductname = get_kb_item_or_exit('SMB/ProductName', exit_code:1);\nif (\"Windows 8\" >< productname && \"8.1\" >!< productname)\n audit(AUDIT_OS_SP_NOT_VULN);\n\nshare = hotfix_get_systemdrive(as_share:TRUE, exit_on_fail:TRUE);\nif (!is_accessible_share(share:share)) audit(AUDIT_SHARE_FAIL, share);\n\nif (\n smb_check_rollup(os:\"6.3\",\n sp:0,\n rollup_date:'09_2021',\n bulletin:bulletin,\n rollup_kb_list:[5005627, 5005613])\n)\n{\n replace_kb_item(name:'SMB/Missing/'+bulletin, value:TRUE);\n hotfix_security_hole();\n hotfix_check_fversion_end();\n exit(0);\n}\nelse\n{\n hotfix_check_fversion_end();\n audit(AUDIT_HOST_NOT, hotfix_get_audit_report());\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T15:33:59", "description": "The remote Windows host is missing security update 5005615 or cumulative update 5005633. It is, therefore, affected by multiple vulnerabilities :\n\n - An elevation of privilege vulnerability. An attacker can exploit this to gain elevated privileges.\n (CVE-2021-36955, CVE-2021-36963, CVE-2021-36964, CVE-2021-36968, CVE-2021-38628, CVE-2021-38630, CVE-2021-38633, CVE-2021-38638, CVE-2021-38639, CVE-2021-38667, CVE-2021-38671, CVE-2021-40447)\n\n - An information disclosure vulnerability. An attacker can exploit this to disclose potentially sensitive information. (CVE-2021-36960, CVE-2021-36962, CVE-2021-36969, CVE-2021-38629, CVE-2021-38635, CVE-2021-38636)\n\n - An memory corruption vulnerability exists. An attacker can exploit this to corrupt the memory and cause unexpected behaviors within the system/application.\n (CVE-2021-26435)\n\n - A remote code execution vulnerability. An attacker can exploit this to bypass authentication and execute unauthorized arbitrary commands. (CVE-2021-36965, CVE-2021-36958)\n\n - A denial of service (DoS) vulnerability. An attacker can exploit this issue to cause the affected component to deny system or application services. (CVE-2021-36961)\n\n - A session spoofing vulnerability exists. An attacker can exploit this to perform actions with the privileges of another user. (CVE-2021-36959)", "cvss3": {}, "published": "2021-09-14T00:00:00", "type": "nessus", "title": "KB5005615: Windows 7 and Windows Server 2008 R2 September 2021 Security Update", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2021-26435", "CVE-2021-36955", "CVE-2021-36958", "CVE-2021-36959", "CVE-2021-36960", "CVE-2021-36961", "CVE-2021-36962", "CVE-2021-36963", "CVE-2021-36964", "CVE-2021-36965", "CVE-2021-36968", "CVE-2021-36969", "CVE-2021-38628", "CVE-2021-38629", "CVE-2021-38630", "CVE-2021-38633", "CVE-2021-38635", "CVE-2021-38636", "CVE-2021-38638", "CVE-2021-38639", "CVE-2021-38667", "CVE-2021-38671", "CVE-2021-40447"], "modified": "2022-05-09T00:00:00", "cpe": ["cpe:/o:microsoft:windows"], "id": "SMB_NT_MS21_SEP_5005633.NASL", "href": "https://www.tenable.com/plugins/nessus/153379", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the Microsoft Security Updates API. The text\n# itself is copyright (C) Microsoft Corporation.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(153379);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/05/09\");\n\n script_cve_id(\n \"CVE-2021-26435\",\n \"CVE-2021-36955\",\n \"CVE-2021-36958\",\n \"CVE-2021-36959\",\n \"CVE-2021-36960\",\n \"CVE-2021-36961\",\n \"CVE-2021-36962\",\n \"CVE-2021-36963\",\n \"CVE-2021-36964\",\n \"CVE-2021-36965\",\n \"CVE-2021-36968\",\n \"CVE-2021-36969\",\n \"CVE-2021-38628\",\n \"CVE-2021-38629\",\n \"CVE-2021-38630\",\n \"CVE-2021-38633\",\n \"CVE-2021-38635\",\n \"CVE-2021-38636\",\n \"CVE-2021-38638\",\n \"CVE-2021-38639\",\n \"CVE-2021-38667\",\n \"CVE-2021-38671\",\n \"CVE-2021-40447\"\n );\n script_xref(name:\"MSKB\", value:\"5005615\");\n script_xref(name:\"MSKB\", value:\"5005633\");\n script_xref(name:\"MSFT\", value:\"MS21-5005615\");\n script_xref(name:\"MSFT\", value:\"MS21-5005633\");\n script_xref(name:\"IAVA\", value:\"2021-A-0431-S\");\n script_xref(name:\"IAVA\", value:\"2021-A-0429-S\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2021/11/17\");\n\n script_name(english:\"KB5005615: Windows 7 and Windows Server 2008 R2 September 2021 Security Update\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Windows host is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Windows host is missing security update 5005615\nor cumulative update 5005633. It is, therefore, affected by\nmultiple vulnerabilities :\n\n - An elevation of privilege vulnerability. An attacker can\n exploit this to gain elevated privileges.\n (CVE-2021-36955, CVE-2021-36963, CVE-2021-36964,\n CVE-2021-36968, CVE-2021-38628, CVE-2021-38630,\n CVE-2021-38633, CVE-2021-38638, CVE-2021-38639,\n CVE-2021-38667, CVE-2021-38671, CVE-2021-40447)\n\n - An information disclosure vulnerability. An attacker can\n exploit this to disclose potentially sensitive\n information. (CVE-2021-36960, CVE-2021-36962,\n CVE-2021-36969, CVE-2021-38629, CVE-2021-38635,\n CVE-2021-38636)\n\n - An memory corruption vulnerability exists. An attacker\n can exploit this to corrupt the memory and cause\n unexpected behaviors within the system/application.\n (CVE-2021-26435)\n\n - A remote code execution vulnerability. An attacker can\n exploit this to bypass authentication and execute\n unauthorized arbitrary commands. (CVE-2021-36965, CVE-2021-36958)\n\n - A denial of service (DoS) vulnerability. An attacker can\n exploit this issue to cause the affected component to\n deny system or application services. (CVE-2021-36961)\n\n - A session spoofing vulnerability exists. An attacker can\n exploit this to perform actions with the privileges of\n another user. (CVE-2021-36959)\");\n # https://support.microsoft.com/en-us/topic/september-14-2021-kb5005615-security-only-update-78aa3b33-a4d9-49ad-bb28-1394943a3d7b\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?deeac612\");\n # https://support.microsoft.com/en-us/topic/september-14-2021-kb5005633-monthly-rollup-cc6f560a-86da-4540-8bb1-df118fa45eb8\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?c1c2d7a2\");\n script_set_attribute(attribute:\"solution\", value:\n\"Apply Security Only update KB5005615 or Cumulative Update KB5005633.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-36958\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2021-36965\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/09/14\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/09/14\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/09/14\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:microsoft:windows\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows : Microsoft Bulletins\");\n\n script_copyright(english:\"This script is Copyright (C) 2021-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"smb_check_rollup.nasl\", \"smb_hotfixes.nasl\", \"ms_bulletin_checks_possible.nasl\");\n script_require_keys(\"SMB/MS_Bulletin_Checks/Possible\");\n script_require_ports(139, 445, \"Host/patch_management_checks\");\n\n exit(0);\n}\n\ninclude('audit.inc');\ninclude('smb_hotfixes_fcheck.inc');\ninclude('smb_hotfixes.inc');\ninclude('smb_func.inc');\ninclude('misc_func.inc');\n\nget_kb_item_or_exit('SMB/MS_Bulletin_Checks/Possible');\n\nbulletin = \"MS21-09\";\nkbs = make_list('5005615', '5005633');\n\nif (get_kb_item('Host/patch_management_checks')) hotfix_check_3rd_party(bulletin:bulletin, kbs:kbs, severity:SECURITY_HOLE);\n\nget_kb_item_or_exit('SMB/Registry/Enumerated');\nget_kb_item_or_exit('SMB/WindowsVersion', exit_code:1);\n\nif (hotfix_check_sp_range(win7:'1') <= 0) audit(AUDIT_OS_SP_NOT_VULN);\n\nshare = hotfix_get_systemdrive(as_share:TRUE, exit_on_fail:TRUE);\nif (!is_accessible_share(share:share)) audit(AUDIT_SHARE_FAIL, share);\n\nif (\n smb_check_rollup(os:\"6.1\",\n sp:1,\n rollup_date:'09_2021',\n bulletin:bulletin,\n rollup_kb_list:[5005615, 5005633])\n)\n{\n replace_kb_item(name:'SMB/Missing/'+bulletin, value:TRUE);\n hotfix_security_hole();\n hotfix_check_fversion_end();\n exit(0);\n}\nelse\n{\n hotfix_check_fversion_end();\n audit(AUDIT_HOST_NOT, hotfix_get_audit_report());\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T15:33:12", "description": "The remote Windows host is missing security update 5005607 or cumulative update 5005623. It is, therefore, affected by multiple vulnerabilities :\n\n - An elevation of privilege vulnerability. An attacker can exploit this to gain elevated privileges.\n (CVE-2021-36955, CVE-2021-36963, CVE-2021-36964, CVE-2021-36974, CVE-2021-38628, CVE-2021-38633, CVE-2021-38638, CVE-2021-38639, CVE-2021-38667, CVE-2021-38671, CVE-2021-40447)\n\n - An memory corruption vulnerability exists. An attacker can exploit this to corrupt the memory and cause unexpected behaviors within the system/application.\n (CVE-2021-26435)\n\n - An information disclosure vulnerability. An attacker can exploit this to disclose potentially sensitive information. (CVE-2021-36960, CVE-2021-36962, CVE-2021-36969, CVE-2021-36972, CVE-2021-38629, CVE-2021-38635, CVE-2021-38636)\n\n - A remote code execution vulnerability. An attacker can exploit this to bypass authentication and execute unauthorized arbitrary commands. (CVE-2021-36965, CVE-2021-36958)\n\n - A denial of service (DoS) vulnerability. An attacker can exploit this issue to cause the affected component to deny system or application services. (CVE-2021-36961)\n\n - A session spoofing vulnerability exists. An attacker can exploit this to perform actions with the privileges of another user. (CVE-2021-36959)", "cvss3": {}, "published": "2021-09-14T00:00:00", "type": "nessus", "title": "KB5005607: Windows Server 2012 September 2021 Security Update", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2021-26435", "CVE-2021-36955", "CVE-2021-36958", "CVE-2021-36959", "CVE-2021-36960", "CVE-2021-36961", "CVE-2021-36962", "CVE-2021-36963", "CVE-2021-36964", "CVE-2021-36965", "CVE-2021-36969", "CVE-2021-36972", "CVE-2021-36974", "CVE-2021-38628", "CVE-2021-38629", "CVE-2021-38633", "CVE-2021-38635", "CVE-2021-38636", "CVE-2021-38638", "CVE-2021-38639", "CVE-2021-38667", "CVE-2021-38671", "CVE-2021-40447"], "modified": "2022-05-09T00:00:00", "cpe": ["cpe:/o:microsoft:windows"], "id": "SMB_NT_MS21_SEP_5005623.NASL", "href": "https://www.tenable.com/plugins/nessus/153384", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the Microsoft Security Updates API. The text\n# itself is copyright (C) Microsoft Corporation.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(153384);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/05/09\");\n\n script_cve_id(\n \"CVE-2021-26435\",\n \"CVE-2021-36955\",\n \"CVE-2021-36958\",\n \"CVE-2021-36959\",\n \"CVE-2021-36960\",\n \"CVE-2021-36961\",\n \"CVE-2021-36962\",\n \"CVE-2021-36963\",\n \"CVE-2021-36964\",\n \"CVE-2021-36965\",\n \"CVE-2021-36969\",\n \"CVE-2021-36972\",\n \"CVE-2021-36974\",\n \"CVE-2021-38628\",\n \"CVE-2021-38629\",\n \"CVE-2021-38633\",\n \"CVE-2021-38635\",\n \"CVE-2021-38636\",\n \"CVE-2021-38638\",\n \"CVE-2021-38639\",\n \"CVE-2021-38667\",\n \"CVE-2021-38671\",\n \"CVE-2021-40447\"\n );\n script_xref(name:\"IAVA\", value:\"2021-A-0429-S\");\n script_xref(name:\"IAVA\", value:\"2021-A-0431-S\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2021/11/17\");\n script_xref(name:\"MSKB\", value:\"5005607\");\n script_xref(name:\"MSKB\", value:\"5005623\");\n script_xref(name:\"MSFT\", value:\"MS21-5005607\");\n script_xref(name:\"MSFT\", value:\"MS21-5005623\");\n\n script_name(english:\"KB5005607: Windows Server 2012 September 2021 Security Update\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Windows host is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Windows host is missing security update 5005607\nor cumulative update 5005623. It is, therefore, affected by\nmultiple vulnerabilities :\n\n - An elevation of privilege vulnerability. An attacker can\n exploit this to gain elevated privileges.\n (CVE-2021-36955, CVE-2021-36963, CVE-2021-36964,\n CVE-2021-36974, CVE-2021-38628, CVE-2021-38633,\n CVE-2021-38638, CVE-2021-38639, CVE-2021-38667,\n CVE-2021-38671, CVE-2021-40447)\n\n - An memory corruption vulnerability exists. An attacker\n can exploit this to corrupt the memory and cause\n unexpected behaviors within the system/application.\n (CVE-2021-26435)\n\n - An information disclosure vulnerability. An attacker can\n exploit this to disclose potentially sensitive\n information. (CVE-2021-36960, CVE-2021-36962,\n CVE-2021-36969, CVE-2021-36972, CVE-2021-38629,\n CVE-2021-38635, CVE-2021-38636)\n\n - A remote code execution vulnerability. An attacker can\n exploit this to bypass authentication and execute\n unauthorized arbitrary commands. (CVE-2021-36965, CVE-2021-36958)\n\n - A denial of service (DoS) vulnerability. An attacker can\n exploit this issue to cause the affected component to\n deny system or application services. (CVE-2021-36961)\n\n - A session spoofing vulnerability exists. An attacker can\n exploit this to perform actions with the privileges of\n another user. (CVE-2021-36959)\");\n # https://support.microsoft.com/en-us/topic/september-14-2021-kb5005607-security-only-update-f2cb16bb-7282-4f2e-a43e-50c4163c877c\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?e96fa374\");\n # https://support.microsoft.com/en-us/topic/september-14-2021-kb5005623-monthly-rollup-bcdb6598-517e-4d53-aa7c-dd7fcfdca204\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?adb97de7\");\n script_set_attribute(attribute:\"solution\", value:\n\"Apply Security Only update KB5005607 or Cumulative Update KB5005623.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-36958\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2021-36965\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/09/14\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/09/14\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/09/14\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:microsoft:windows\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows : Microsoft Bulletins\");\n\n script_copyright(english:\"This script is Copyright (C) 2021-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"smb_check_rollup.nasl\", \"smb_hotfixes.nasl\", \"ms_bulletin_checks_possible.nasl\");\n script_require_keys(\"SMB/MS_Bulletin_Checks/Possible\");\n script_require_ports(139, 445, \"Host/patch_management_checks\");\n\n exit(0);\n}\n\ninclude('audit.inc');\ninclude('smb_hotfixes_fcheck.inc');\ninclude('smb_hotfixes.inc');\ninclude('smb_func.inc');\ninclude('misc_func.inc');\n\nget_kb_item_or_exit('SMB/MS_Bulletin_Checks/Possible');\n\nbulletin = \"MS21-09\";\nkbs = make_list('5005607', '5005623');\n\nif (get_kb_item('Host/patch_management_checks')) hotfix_check_3rd_party(bulletin:bulletin, kbs:kbs, severity:SECURITY_HOLE);\n\nget_kb_item_or_exit('SMB/Registry/Enumerated');\nget_kb_item_or_exit('SMB/WindowsVersion', exit_code:1);\n\nif (hotfix_check_sp_range(win8:'0') <= 0) audit(AUDIT_OS_SP_NOT_VULN);\n\n# Windows 8 EOL\nproductname = get_kb_item_or_exit('SMB/ProductName', exit_code:1);\nif (\"Windows 8\" >< productname) audit(AUDIT_OS_SP_NOT_VULN);\n\nshare = hotfix_get_systemdrive(as_share:TRUE, exit_on_fail:TRUE);\nif (!is_accessible_share(share:share)) audit(AUDIT_SHARE_FAIL, share);\n\nif (\n smb_check_rollup(os:\"6.2\",\n sp:0,\n rollup_date:'09_2021',\n bulletin:bulletin,\n rollup_kb_list:[5005607, 5005623])\n)\n{\n replace_kb_item(name:'SMB/Missing/'+bulletin, value:TRUE);\n hotfix_security_hole();\n hotfix_check_fversion_end();\n exit(0);\n}\nelse\n{\n hotfix_check_fversion_end();\n audit(AUDIT_HOST_NOT, hotfix_get_audit_report());\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-17T16:30:50", "description": "The Microsoft Office Products are missing security updates. It is, therefore, affected by multiple vulnerabilities:\n\n - A session spoofing vulnerability exists. An attacker can exploit this to perform actions with the privileges of another user. (CVE-2021-38650)\n\n - A remote code execution vulnerability. An attacker can exploit this to bypass authentication and execute unauthorized arbitrary commands. (CVE-2021-38646, CVE-2021-38655, CVE-2021-38658, CVE-2021-38659, CVE-2021-38660)\n\n - An information disclosure vulnerability in the graphics component. An attacker can exploit this to disclose sensitive information. (CVE-2021-38657)", "cvss3": {}, "published": "2022-06-10T00:00:00", "type": "nessus", "title": "Security Updates for Microsoft Office Products C2R (September 2021)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2021-38646", "CVE-2021-38650", "CVE-2021-38655", "CVE-2021-38657", "CVE-2021-38658", "CVE-2021-38659", "CVE-2021-38660"], "modified": "2023-04-25T00:00:00", "cpe": ["cpe:/a:microsoft:office"], "id": "SMB_NT_MS21_SEP_OFFICE_C2R.NASL", "href": "https://www.tenable.com/plugins/nessus/162054", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the Microsoft Security Updates API. The text\n# itself is copyright (C) Microsoft Corporation.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(162054);\n script_version(\"1.9\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/04/25\");\n\n script_cve_id(\n \"CVE-2021-38646\",\n \"CVE-2021-38650\",\n \"CVE-2021-38655\",\n \"CVE-2021-38657\",\n \"CVE-2021-38658\",\n \"CVE-2021-38659\",\n \"CVE-2021-38660\"\n );\n script_xref(name:\"IAVA\", value:\"2021-A-0428-S\");\n script_xref(name:\"IAVA\", value:\"2021-A-0425-S\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2022/04/18\");\n\n script_name(english:\"Security Updates for Microsoft Office Products C2R (September 2021)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The Microsoft Office Products are affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The Microsoft Office Products are missing security updates. It is, therefore, affected by multiple vulnerabilities:\n\n - A session spoofing vulnerability exists. An attacker can exploit this to perform actions with the\n privileges of another user. (CVE-2021-38650)\n\n - A remote code execution vulnerability. An attacker can exploit this to bypass authentication and execute\n unauthorized arbitrary commands. (CVE-2021-38646, CVE-2021-38655, CVE-2021-38658, CVE-2021-38659,\n CVE-2021-38660)\n\n - An information disclosure vulnerability in the graphics component. An attacker can exploit this to\n disclose sensitive information. (CVE-2021-38657)\");\n # https://docs.microsoft.com/en-us/officeupdates/update-history-microsoft365-apps-by-date\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?fd4508ff\");\n script_set_attribute(attribute:\"solution\", value:\n\"For Office 365, Office 2016 C2R, or Office 2019, ensure automatic\nupdates are enabled or open any office app and manually perform an\nupdate.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:F/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-38660\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/09/14\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/09/14\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/06/10\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:microsoft:office\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows\");\n\n script_copyright(english:\"This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"office_installed.nasl\", \"smb_hotfixes.nasl\", \"ms_bulletin_checks_possible.nasl\");\n script_require_keys(\"SMB/MS_Bulletin_Checks/Possible\");\n script_require_ports(139, 445, \"Host/patch_management_checks\");\n\n exit(0);\n}\n\ninclude('vcf_extras_office.inc');\n\nvar bulletin = 'MS21-09';\n\nvar app_info = vcf::microsoft::office::get_app_info(app:'Microsoft Office');\n\nvar constraints = [\n \n {'product':'Microsoft Office 2016','file':'graph.exe','fixed_version':'16.0.13801.20960','channel': 'Deferred','channel_version': '2102'},\n {'product':'Microsoft Office 2016','file':'graph.exe','fixed_version':'16.0.13127.21766','channel': 'Deferred'},\n {'product':'Microsoft Office 2016','file':'graph.exe','fixed_version':'16.0.12527.22032','channel': 'Microsoft 365 Apps on Windows 7'},\n {'product':'Microsoft Office 2016','file':'graph.exe','fixed_version':'16.0.14228.20324','channel': 'Enterprise Deferred','channel_version': '2107'},\n {'product':'Microsoft Office 2016','file':'graph.exe','fixed_version':'16.0.14131.20384','channel': 'Enterprise Deferred'},\n {'product':'Microsoft Office 2016','file':'graph.exe','fixed_version':'16.0.14326.20404','channel': 'First Release for Deferred'},\n {'product':'Microsoft Office 2016','file':'graph.exe','fixed_version':'16.0.14326.20404','channel': '2016 Retail'},\n {'product':'Microsoft Office 2016','file':'graph.exe','fixed_version':'16.0.14326.20404','channel': 'Current'},\n {'product':'Microsoft Office 2019','file':'graph.exe','fixed_version':'16.0.14326.20404','channel': '2019 Retail'},\n {'product':'Microsoft Office 2019','file':'graph.exe','fixed_version':'16.0.10378.20029','channel': '2019 Volume'}\n];\n\nvcf::microsoft::office::check_version_and_report(\n app_info:app_info,\n constraints:constraints,\n severity:SECURITY_WARNING,\n bulletin:bulletin,\n subproduct:'Office'\n);\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T15:33:51", "description": "The Microsoft Office Products are missing security updates. It is, therefore, affected by multiple vulnerabilities:\n\n - A session spoofing vulnerability exists. An attacker can exploit this to perform actions with the privileges of another user. (CVE-2021-38650)\n\n - A remote code execution vulnerability. An attacker can exploit this to bypass authentication and execute unauthorized arbitrary commands. (CVE-2021-38646, CVE-2021-38655, CVE-2021-38658, CVE-2021-38659, CVE-2021-38660)\n\n - An information disclosure vulnerability in the graphics component. An attacker can exploit this to disclose sensitive information. (CVE-2021-38657)", "cvss3": {}, "published": "2021-09-14T00:00:00", "type": "nessus", "title": "Security Updates for Microsoft Office Products (September 2021)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2021-38646", "CVE-2021-38650", "CVE-2021-38655", "CVE-2021-38657", "CVE-2021-38658", "CVE-2021-38659", "CVE-2021-38660"], "modified": "2023-04-25T00:00:00", "cpe": ["cpe:/a:microsoft:office"], "id": "SMB_NT_MS21_SEP_OFFICE.NASL", "href": "https://www.tenable.com/plugins/nessus/153387", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the Microsoft Security Updates API. The text\n# itself is copyright (C) Microsoft Corporation.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(153387);\n script_version(\"1.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/04/25\");\n\n script_cve_id(\n \"CVE-2021-38646\",\n \"CVE-2021-38650\",\n \"CVE-2021-38655\",\n \"CVE-2021-38657\",\n \"CVE-2021-38658\",\n \"CVE-2021-38659\",\n \"CVE-2021-38660\"\n );\n script_xref(name:\"MSKB\", value:\"4484103\");\n script_xref(name:\"MSKB\", value:\"4484108\");\n script_xref(name:\"MSKB\", value:\"5001958\");\n script_xref(name:\"MSKB\", value:\"5001997\");\n script_xref(name:\"MSKB\", value:\"5002005\");\n script_xref(name:\"MSKB\", value:\"5002007\");\n script_xref(name:\"MSFT\", value:\"MS21-4484103\");\n script_xref(name:\"MSFT\", value:\"MS21-4484108\");\n script_xref(name:\"MSFT\", value:\"MS21-5001958\");\n script_xref(name:\"MSFT\", value:\"MS21-5001997\");\n script_xref(name:\"MSFT\", value:\"MS21-5002005\");\n script_xref(name:\"MSFT\", value:\"MS21-5002007\");\n script_xref(name:\"IAVA\", value:\"2021-A-0428-S\");\n script_xref(name:\"IAVA\", value:\"2021-A-0425-S\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2022/04/18\");\n\n script_name(english:\"Security Updates for Microsoft Office Products (September 2021)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The Microsoft Office Products are affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The Microsoft Office Products are missing security updates. It is, therefore, affected by multiple vulnerabilities:\n\n - A session spoofing vulnerability exists. An attacker can exploit this to perform actions with the\n privileges of another user. (CVE-2021-38650)\n\n - A remote code execution vulnerability. An attacker can exploit this to bypass authentication and execute\n unauthorized arbitrary commands. (CVE-2021-38646, CVE-2021-38655, CVE-2021-38658, CVE-2021-38659,\n CVE-2021-38660)\n\n - An information disclosure vulnerability in the graphics component. An attacker can exploit this to\n disclose sensitive information. (CVE-2021-38657)\");\n # https://support.microsoft.com/en-us/topic/description-of-the-security-update-for-office-2013-september-14-2021-kb5001958-8e7f4884-60d9-4af7-b1aa-3711ba83e697\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?7e88251c\");\n # https://support.microsoft.com/en-us/topic/description-of-the-security-update-for-office-2016-september-14-2021-kb4484103-de2570a1-0fb2-a619-4930-f8836f4ebca2\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?9165ee58\");\n # https://support.microsoft.com/en-us/topic/description-of-the-security-update-for-office-2016-september-14-2021-kb5002005-f9134f02-9c98-41c3-ae31-eaf3f89bc02a\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?bb69974a\");\n # https://support.microsoft.com/en-us/topic/description-of-the-security-update-for-office-2013-september-14-2021-kb5002007-d50c1e46-7854-48ab-8695-4cb244c23a0d\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?babcfa70\");\n # https://support.microsoft.com/en-us/topic/description-of-the-security-update-for-office-2016-september-14-2021-kb5001997-7ee3aeb4-230a-4002-9b50-2099a690e66c\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?3116725f\");\n # https://support.microsoft.com/en-us/topic/description-of-the-security-update-for-office-2013-september-14-2021-kb4484108-c0eccc0b-46e5-6a39-ef33-2b88657e1bf5\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?2e7bac28\");\n # https://docs.microsoft.com/en-us/officeupdates/update-history-office-2019\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?42ab6861\");\n # https://docs.microsoft.com/en-us/officeupdates/update-history-microsoft365-apps-by-date\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?fd4508ff\");\n script_set_attribute(attribute:\"solution\", value:\n\"Microsoft has released the following security updates to address this issue: \n -KB4484103\n -KB4484108\n -KB5001958\n -KB5001997\n -KB5002005\n -KB5002007\n\nFor Office 365, Office 2016 C2R, or Office 2019, ensure automatic\nupdates are enabled or open any office app and manually perform an\nupdate.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:F/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-38660\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/09/14\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/09/14\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/09/14\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:microsoft:office\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows : Microsoft Bulletins\");\n\n script_copyright(english:\"This script is Copyright (C) 2021-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"office_installed.nasl\", \"smb_hotfixes.nasl\", \"ms_bulletin_checks_possible.nasl\");\n script_require_keys(\"SMB/MS_Bulletin_Checks/Possible\");\n script_require_ports(139, 445, \"Host/patch_management_checks\");\n\n exit(0);\n}\n\ninclude('smb_func.inc');\ninclude('smb_hotfixes.inc');\ninclude('smb_hotfixes_fcheck.inc');\ninclude('smb_reg_query.inc');\n\nget_kb_item_or_exit('SMB/MS_Bulletin_Checks/Possible');\n\nvar bulletin = 'MS21-09';\nvar kbs = make_list(\n '5001958',\n '5001997',\n '5002007',\n '5002005',\n '4484108',\n '4484103'\n);\n\nif (get_kb_item('Host/patch_management_checks'))\n hotfix_check_3rd_party(bulletin:bulletin, kbs:kbs, severity:SECURITY_WARNING);\n\nget_kb_item_or_exit('SMB/Registry/Enumerated', exit_code:1);\n\nvar vuln = FALSE;\nvar port = kb_smb_transport();\n\nvar office_vers = hotfix_check_office_version();\n\nvar office_sp, prod, path, kb, file, version;\n\n# Office 2013 SP1\nif (office_vers['15.0'])\n{\n office_sp = get_kb_item('SMB/Office/2013/SP');\n if (!isnull(office_sp) && office_sp == 1)\n {\n prod = 'Microsoft Office 2013 SP1';\n\n path = hotfix_get_officecommonfilesdir(officever:'15.0');\n path = hotfix_append_path(path:path, value:'Microsoft Shared\\\\Office15');\n kb = '5001958';\n file = 'acecore.dll';\n version = '15.0.5349.1000';\n if (hotfix_check_fversion(file:file, version:version, path:path, kb:kb, bulletin:bulletin, product:prod) == HCF_OLDER )\n vuln = TRUE;\n\n path = hotfix_get_officecommonfilesdir(officever:'15.0');\n path = hotfix_append_path(path:path, value:'Microsoft Shared\\\\Office15');\n kb = '5002007';\n file = 'mso.dll';\n version = '15.0.5381.1000';\n if (hotfix_check_fversion(file:file, version:version, path:path, kb:kb, bulletin:bulletin, product:prod) == HCF_OLDER )\n vuln = TRUE;\n \n path = hotfix_get_officeprogramfilesdir(officever:'15.0');\n path = hotfix_append_path(path:path, value:'Microsoft Office\\\\Office15');\n kb = '4484108';\n file = 'osfproxy.dll';\n version = '15.0.5381.1000';\n if (hotfix_check_fversion(file:file, version:version, path:path, kb:kb, bulletin:bulletin, product:prod) == HCF_OLDER )\n vuln = TRUE;\n }\n}\n\n# Office 2016\nif (office_vers['16.0'])\n{\n office_sp = get_kb_item('SMB/Office/2016/SP');\n if (!isnull(office_sp) && office_sp == 0)\n {\n prod = 'Microsoft Office 2016';\n \n path = hotfix_get_officecommonfilesdir(officever:'16.0');\n path = hotfix_append_path(path:path, value:'Microsoft Shared\\\\Office16');\n\n # MSI acecore.dll\n if (hotfix_check_fversion(file:'acecore.dll', version:'16.0.5164.1000', channel:'MSI', channel_product:'Office', path:path, kb:'5001997', bulletin:bulletin, product:prod) == HCF_OLDER)\n vuln = TRUE;\n \n path = hotfix_get_officecommonfilesdir(officever:'16.0');\n path = hotfix_append_path(path:path, value:'Microsoft Shared\\\\Office16');\n\n # MSI mso.dll\n if (hotfix_check_fversion(file:'mso.dll', version:'16.0.5215.1000', channel:'MSI', channel_product:'Office', path:path, kb:'5002005', bulletin:bulletin, product:prod) == HCF_OLDER)\n vuln = TRUE;\n \n path = hotfix_get_officeprogramfilesdir(officever:'16.0');\n path = hotfix_append_path(path:path, value:'Microsoft Office\\\\Office16');\n\n # MSI osfproxy.dll\n if (hotfix_check_fversion(file:'osfproxy.dll', version:'16.0.5215.1000', channel:'MSI', channel_product:'Office', path:path, kb:'4484103', bulletin:bulletin, product:prod) == HCF_OLDER)\n vuln = TRUE;\n }\n}\n\nif (vuln)\n{\n replace_kb_item(name:'SMB/Missing/'+bulletin, value:TRUE);\n hotfix_security_warning();\n hotfix_check_fversion_end();\n exit(0);\n}\nelse\n{\n hotfix_check_fversion_end();\n audit(AUDIT_HOST_NOT, 'affected');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T15:33:40", "description": "The version of Azure Open Management Infrastructure installed on the remote host is prior to 1.6.8.1. It is, therefore, affected by multiple vulnerabilities:\n\n - A remote code execution vulnerability exists in the OMI agent. An unauthenticated, remote attacker can exploit this to bypass authentication and execute arbitrary commands with root privileges. (CVE-2021-38647) \n - Multiple privilege escalation vulnerabilities exists in the OMI agent. An unauthenticated, remote attacker can exploit this, to gain privileged access to the system. (CVE-2021-38645, CVE-2021-38648, CVE-2021-38649)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2021-09-17T00:00:00", "type": "nessus", "title": "Microsoft Open Management Infrastructure < 1.6.8.1 Multiple Vulnerabilities", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2021-38645", "CVE-2021-38647", "CVE-2021-38648", "CVE-2021-38649"], "modified": "2023-02-03T00:00:00", "cpe": ["x-cpe:/a:microsoft:open_management_infrastructure"], "id": "AZURE_OPEN_MGMT_INFRA_1_6_8_1.NASL", "href": "https://www.tenable.com/plugins/nessus/153474", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(153474);\n script_version(\"1.14\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/02/03\");\n\n script_cve_id(\n \"CVE-2021-38645\",\n \"CVE-2021-38647\",\n \"CVE-2021-38648\",\n \"CVE-2021-38649\"\n );\n script_xref(name:\"IAVA\", value:\"2021-A-0433\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2021/11/17\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2021-0044\");\n\n script_name(english:\"Microsoft Open Management Infrastructure < 1.6.8.1 Multiple Vulnerabilities\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Azure Open Management Infrastructure server is affected by multiple vulnerabilities\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of Azure Open Management Infrastructure installed on the remote host is prior to 1.6.8.1. It is, therefore,\naffected by multiple vulnerabilities:\n\n - A remote code execution vulnerability exists in the OMI agent. An unauthenticated, remote attacker can exploit \n this to bypass authentication and execute arbitrary commands with root privileges. (CVE-2021-38647)\n \n - Multiple privilege escalation vulnerabilities exists in the OMI agent. An unauthenticated, remote attacker can\n exploit this, to gain privileged access to the system. (CVE-2021-38645, CVE-2021-38648, CVE-2021-38649)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://github.com/Microsoft/omi/releases/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.wiz.io/blog/omigod-critical-vulnerabilities-in-omi-azure\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Azure Open Management Infrastructure version 1.6.8.1 or later.\");\n script_set_attribute(attribute:\"agent\", value:\"unix\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-38647\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Microsoft OMI Management Interface Authentication Bypass');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:\"CANVAS\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/09/15\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/09/07\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/09/17\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"x-cpe:/a:microsoft:open_management_infrastructure\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Web Servers\");\n\n script_copyright(english:\"This script is Copyright (C) 2021-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"microsoft_omi_nix_installed.nbin\");\n script_require_keys(\"installed_sw/omi\");\n\n exit(0);\n}\n\ninclude('vcf.inc');\n\nvcf::add_separator('-'); # used in parsing version for vcf\napp_info = vcf::combined_get_app_info(app:'omi');\n\nvcf::check_granularity(app_info:app_info, sig_segments:3);\n\nconstraints = [\n { 'fixed_version' : '1.6.8.1' }\n];\n\nvcf::check_version_and_report(app_info:app_info, constraints:constraints, severity:SECURITY_HOLE);\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T15:33:52", "description": "The version of Microsoft Open Management Infrastructure (OMI) package installed on the remote host is prior to 1.6.8-1. It is, therefore, affected by multiple vulnerabilities:\n\n - A remote code execution vulnerability exists in the OMI agent. An unauthenticated, remote attacker can exploit this to bypass authentication and execute arbitrary commands with root privileges. (CVE-2021-38647) \n - Multiple privilege escalation vulnerabilities exists in the OMI agent. An unauthenticated, remote attacker can exploit this, to gain privileged access to the system. (CVE-2021-38645, CVE-2021-38648, CVE-2021-38649)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2021-09-17T00:00:00", "type": "nessus", "title": "Microsoft Open Management Infrastructure (OMI) package < 1.6.8-1 Multiple Vulnerabilities", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2021-38645", "CVE-2021-38647", "CVE-2021-38648", "CVE-2021-38649"], "modified": "2023-02-03T00:00:00", "cpe": ["x-cpe:/a:microsoft:open_management_infrastructure"], "id": "OMI_1_6_8_1.NASL", "href": "https://www.tenable.com/plugins/nessus/153475", "sourceData": "#%NASL_MIN_LEVEL 70300\n\n##\n# (C) Tenable Network Security, Inc.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(153475);\n script_version(\"1.11\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/02/03\");\n\n script_cve_id(\n \"CVE-2021-38645\",\n \"CVE-2021-38647\",\n \"CVE-2021-38648\",\n \"CVE-2021-38649\"\n );\n script_xref(name:\"IAVA\", value:\"2021-A-0433\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2021/11/17\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2021-0044\");\n\n script_name(english:\"Microsoft Open Management Infrastructure (OMI) package < 1.6.8-1 Multiple Vulnerabilities\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"A package installed on the remote host is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of Microsoft Open Management Infrastructure (OMI) package installed on the remote host is prior to\n1.6.8-1. It is, therefore, affected by multiple vulnerabilities:\n\n - A remote code execution vulnerability exists in the OMI agent. An unauthenticated, remote attacker can exploit \n this to bypass authentication and execute arbitrary commands with root privileges. (CVE-2021-38647)\n \n - Multiple privilege escalation vulnerabilities exists in the OMI agent. An unauthenticated, remote attacker can\n exploit this, to gain privileged access to the system. (CVE-2021-38645, CVE-2021-38648, CVE-2021-38649)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-38647\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.wiz.io/blog/omigod-critical-vulnerabilities-in-omi-azure\");\n script_set_attribute(attribute:\"see_also\", value:\"https://github.com/microsoft/omi/releases\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update to version 1.6.8-1 or later.\");\n script_set_attribute(attribute:\"agent\", value:\"unix\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-38647\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Microsoft OMI Management Interface Authentication Bypass');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:\"CANVAS\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/09/14\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/09/08\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/09/17\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"x-cpe:/a:microsoft:open_management_infrastructure\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Misc.\");\n\n script_copyright(english:\"This script is Copyright (C) 2021-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\");\n\n exit(0);\n}\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('rpm.inc');\ninclude('debian_package.inc');\ninclude('ubuntu.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nvar rpm_flag = 0;\n# CentOS Linux\nif (rpm_check(release:'CentOS-7', reference:'omi-1.6.8-1')) rpm_flag++;\nif (rpm_check(release:'CentOS-8', reference:'omi-1.6.8-1')) rpm_flag++;\n# Red Hat Enterprise Linux\nif (rpm_check(release:'RHEL7', reference:'omi-1.6.8-1')) rpm_flag++;\nif (rpm_check(release:'RHEL8', reference:'omi-1.6.8-1')) rpm_flag++;\n# Oracle Enterprise Linux\nif (rpm_check(release:'EL7', reference:'omi-1.6.8-1')) rpm_flag++;\nif (rpm_check(release:'EL8', reference:'omi-1.6.8-1')) rpm_flag++;\n# Amazon Linux\nif (rpm_check(release:'ALA', reference:'omi-1.6.8-1')) rpm_flag++;\nif (rpm_check(release:'AL2', reference:'omi-1.6.8-1')) rpm_flag++;\n# Fedora Core\nif (rpm_check(release:'FC33', reference:'omi-1.6.8-1')) rpm_flag++;\nif (rpm_check(release:'FC34', reference:'omi-1.6.8-1')) rpm_flag++;\n# NewStart CGSL\nif (rpm_check(release:'ZTE CGSL MAIN 4.06', reference:'omi-1.6.8-1')) rpm_flag++;\nif (rpm_check(release:'ZTE CGSL MAIN 5.04', reference:'omi-1.6.8-1')) rpm_flag++;\nif (rpm_check(release:'ZTE CGSL MAIN 6.02', reference:'omi-1.6.8-1')) rpm_flag++;\nif (rpm_check(release:'ZTE CGSL CORE 5.04', reference:'omi-1.6.8-1')) rpm_flag++;\n# Scientifix Linux\nif (rpm_check(release:'SL6', reference:'omi-1.6.8-1')) rpm_flag++;\nif (rpm_check(release:'SL7', reference:'omi-1.6.8-1')) rpm_flag++;\n# OpenSUSE\nif (rpm_check(release:'SUSE15.2', reference:'omi-1.6.8-1')) rpm_flag++;\nif (rpm_check(release:'SUSE15.3', reference:'omi-1.6.8-1')) rpm_flag++;\n# Virtuozzo\nif (rpm_check(release:'Virtuozzo-6', reference:'omi-1.6.8-1')) rpm_flag++;\nif (rpm_check(release:'Virtuozzo-7', reference:'omi-1.6.8-1')) rpm_flag++;\n\nvar deb_flag = 0;\n# Debian Linux\nif (deb_check(release:'8.0', prefix:'omi', reference:'1.6.8-1')) deb_flag++;\nif (deb_check(release:'9.0', prefix:'omi', reference:'1.6.8-1')) deb_flag++;\nif (deb_check(release:'10.0', prefix:'omi', reference:'1.6.8-1')) deb_flag++;\nif (deb_check(release:'11.0', prefix:'omi', reference:'1.6.8-1')) deb_flag++;\n\nvar ubuntu_flag = 0;\n# Ubuntu Linux\nif (ubuntu_check(osver:'14.04', pkgname:'omi', pkgver:'1.6.8-1')) ubuntu_flag++;\nif (ubuntu_check(osver:'16.04', pkgname:'omi', pkgver:'1.6.8-1')) ubuntu_flag++;\nif (ubuntu_check(osver:'18.04', pkgname:'omi', pkgver:'1.6.8-1')) ubuntu_flag++;\nif (ubuntu_check(osver:'20.04', pkgname:'omi', pkgver:'1.6.8-1')) ubuntu_flag++;\nif (ubuntu_check(osver:'21.04', pkgname:'omi', pkgver:'1.6.8-1')) ubuntu_flag++;\n\nif (rpm_flag || deb_flag || ubuntu_flag)\n{\n var extra;\n\n if (rpm_flag)\n extra = rpm_report_get();\n else if (deb_flag)\n extra = deb_report_get();\n else if (ubuntu_flag)\n extra = ubuntu_report_get();\n\n security_report_v4(\n port: 0,\n severity: SECURITY_HOLE,\n extra: extra\n );\n exit(0);\n}\nelse\n audit(AUDIT_HOST_NOT, 'affected');\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T15:33:04", "description": "The Microsoft Visual Studio Products are missing a security update. They are, therefore, affected by multiple vulnerabilities:\n\n - A permission assignment vulnerability exists in Visual Studio after installing the Game development with C++ and selecting the Unreal Engine Installer workload. The system is vulnerable to LPE during the installation it creates a directory with write access to all users. (CVE-2021-26434)\n\n - A code execution vulnerability exists in Visual Studio due to incorrect memory handling. An unauthenticated, local attacker can exploit this to bypass authentication and execute arbitrary commands. (CVE-2021-36952) \n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2021-09-16T00:00:00", "type": "nessus", "title": "Security Updates for Microsoft Visual Studio Products (September 2021)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2021-26434", "CVE-2021-36952"], "modified": "2022-05-09T00:00:00", "cpe": ["cpe:/a:microsoft:visual_studio"], "id": "SMB_NT_MS21_SEP_VISUAL_STUDIO.NASL", "href": "https://www.tenable.com/plugins/nessus/153428", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(153428);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/05/09\");\n\n script_cve_id(\"CVE-2021-26434\", \"CVE-2021-36952\");\n script_xref(name:\"IAVA\", value:\"2021-A-0430-S\");\n\n script_name(english:\"Security Updates for Microsoft Visual Studio Products (September 2021)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The Microsoft Visual Studio Products are missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"The Microsoft Visual Studio Products are missing a security update. They are, therefore, affected by multiple\nvulnerabilities:\n\n - A permission assignment vulnerability exists in Visual Studio after installing the Game development with C++\n and selecting the Unreal Engine Installer workload. The system is vulnerable to LPE during the installation \n it creates a directory with write access to all users. (CVE-2021-26434)\n\n - A code execution vulnerability exists in Visual Studio due to incorrect memory handling. An unauthenticated, \n local attacker can exploit this to bypass authentication and execute arbitrary commands. (CVE-2021-36952) \n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version \nnumber.\");\n # https://docs.microsoft.com/en-us/visualstudio/releases/2019/release-notes#16.11.3\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?1db01a4c\");\n # https://docs.microsoft.com/en-us/visualstudio/releases/2019/release-notes-v16.9#16.9.11\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?c03ca82f\");\n # https://docs.microsoft.com/en-us/visualstudio/releases/2019/release-notes-v16.7#16.7.19\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?ae9fc5ee\");\n # https://docs.microsoft.com/en-us/visualstudio/releases/2019/release-notes-v16.4#16.4.26\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?ee4d9587\");\n # https://docs.microsoft.com/en-us/visualstudio/releasenotes/vs2017-relnotes#15.9.39\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?e51fa707\");\n script_set_attribute(attribute:\"solution\", value:\n\"Microsoft has released the following security updates to address this issue:\n - Update 15.9.39 for Visual Studio 2017\n - Update 16.4.26 for Visual Studio 2019\n - Update 16.7.19 for Visual Studio 2019\n - Update 16.9.11 for Visual Studio 2019\n - Update 16.11.3 for Visual Studio 2019\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-26434\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2021-36952\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/09/14\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/09/14\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/09/16\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:microsoft:visual_studio\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows : Microsoft Bulletins\");\n\n script_copyright(english:\"This script is Copyright (C) 2021-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"microsoft_visual_studio_installed.nbin\");\n script_require_keys(\"installed_sw/Microsoft Visual Studio\", \"SMB/Registry/Enumerated\");\n script_require_ports(139, 445);\n\n exit(0);\n}\ninclude('vcf_extras_visual_studio.inc');\n\nget_kb_item_or_exit('SMB/Registry/Enumerated');\n\nvar app_info = vcf::visual_studio::get_app_info();\n\nvar constraints = [\n {'product': '2017', 'fixed_version': '15.9.28307.1684'},\n {'product': '2019', 'min_version': '16.0', 'fixed_version': '16.4.31709.291'},\n {'product': '2019', 'min_version': '16.5', 'fixed_version': '16.7.31701.349'},\n {'product': '2019', 'min_version': '16.8', 'fixed_version': '16.9.31702.126'},\n {'product': '2019', 'min_version': '16.10', 'fixed_version': '16.11.31702.278'}\n];\n\nvcf::visual_studio::check_version_and_report(\n app_info: app_info, \n constraints: constraints, \n severity: SECURITY_HOLE\n);\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T15:33:03", "description": "The Microsoft SharePoint Server 2013 installation on the remote host is missing security updates. It is, therefore, affected by multiple Server Spoofing Vulnerabilities.\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2021-09-14T00:00:00", "type": "nessus", "title": "Security Updates for Microsoft SharePoint Server 2013 (September 2021)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2021-38651", "CVE-2021-38652"], "modified": "2022-01-26T00:00:00", "cpe": ["cpe:/a:microsoft:sharepoint_server"], "id": "SMB_NT_MS21_SEP_OFFICE_SHAREPOINT_2013.NASL", "href": "https://www.tenable.com/plugins/nessus/153388", "sourceData": "#%NASL_MIN_LEVEL 70300\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(153388);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/01/26\");\n\n script_cve_id(\"CVE-2021-38651\", \"CVE-2021-38652\");\n script_xref(name:\"MSKB\", value:\"5002024\");\n script_xref(name:\"MSFT\", value:\"MS21-5002024\");\n script_xref(name:\"IAVA\", value:\"2021-A-0424-S\");\n\n script_name(english:\"Security Updates for Microsoft SharePoint Server 2013 (September 2021)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The Microsoft SharePoint Server 2013 installation on the remote host is affected by multiple server spoofing vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The Microsoft SharePoint Server 2013 installation on the remote host is missing security updates. \nIt is, therefore, affected by multiple Server Spoofing Vulnerabilities.\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version \nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://support.microsoft.com/en-us/help/5002024\");\n script_set_attribute(attribute:\"solution\", value:\n\"Microsoft has released the following security updates to address this issue: \n -KB5002024\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:S/C:N/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-38652\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/09/14\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/09/14\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/09/14\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:microsoft:sharepoint_server\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows : Microsoft Bulletins\");\n\n script_copyright(english:\"This script is Copyright (C) 2021-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"microsoft_sharepoint_installed.nbin\", \"smb_hotfixes.nasl\", \"ms_bulletin_checks_possible.nasl\");\n script_require_keys(\"SMB/MS_Bulletin_Checks/Possible\");\n script_require_ports(139, 445, \"Host/patch_management_checks\");\n\n exit(0);\n}\n\ninclude('smb_func.inc');\ninclude('smb_hotfixes.inc');\ninclude('smb_hotfixes_fcheck.inc');\ninclude('smb_reg_query.inc');\ninclude('install_func.inc');\n\nget_kb_item_or_exit('SMB/MS_Bulletin_Checks/Possible');\n\nvar bulletin = 'MS21-09';\nvar app_name = 'Microsoft SharePoint Server';\nvar kbs = make_list('5002024');\n\nif (get_kb_item('Host/patch_management_checks'))\n hotfix_check_3rd_party(bulletin:bulletin, kbs:kbs, severity:SECURITY_NOTE);\n\nget_kb_item_or_exit('SMB/Registry/Enumerated', exit_code:1);\n\n# Get path information for Windows.\nvar windir = hotfix_get_systemroot();\nif (isnull(windir)) exit(1, 'Failed to determine the location of %windir%.');\n\nregistry_init();\n\nvar install = get_single_install(app_name:app_name);\n\nvar kb_checks =\n{\n '2013':\n { '1':\n {'Foundation':\n [{\n 'kb' : '5002024',\n 'path' : hotfix_get_commonfilesdir(),\n 'append' : 'microsoft shared\\\\web server extensions\\\\15\\\\bin',\n 'file' : 'onetutil.dll',\n 'version' : '15.0.5381.1000',\n 'product_name' : 'Microsoft SharePoint Foundation Server 2013 SP1'\n }]\n }\n }\n};\n\n# Get the specific product / path\nvar param_list = kb_checks[install['Product']][install['SP']][install['Edition']];\n# audit if not affected\nif(isnull(param_list)) audit(AUDIT_HOST_NOT, 'affected');\nvar port = kb_smb_transport();\n# grab the path otherwise\nforeach var check (param_list)\n{\n if (!isnull(check['version']))\n {\n var path = check['path'];\n if (!empty_or_null(check['append']))\n path = hotfix_append_path(path:check['path'], value:check['append']);\n are_we_vuln = hotfix_check_fversion(\n file:check['file'],\n version:check['version'],\n path:path,\n kb:check['kb'],\n product:check['product_name']\n );\n }\n else\n {\n var report = '\\n';\n if (check['product_name'])\n report += ' Product : ' + check['product_name'] + '\\n';\n if (check['kb'])\n report += ' KB : ' + check['kb'] + '\\n';\n hotfix_add_report(report, kb:check['kb']);\n }\n\n if(are_we_vuln == HCF_OLDER) vuln = TRUE;\n\n}\nif (vuln)\n{\n port = kb_smb_transport();\n replace_kb_item(name:'SMB/Missing/'+bulletin, value:TRUE);\n hotfix_security_note();\n hotfix_check_fversion_end();\n exit(0);\n}\nelse\n{\n hotfix_check_fversion_end();\n audit(AUDIT_INST_VER_NOT_VULN, app_name);\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T15:33:04", "description": "The Microsoft SharePoint Server 2016 installation on the remote host is missing security updates. It is, therefore, affected by multiple Server Spoofing Vulnerabilities.\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2021-09-14T00:00:00", "type": "nessus", "title": "Security Updates for Microsoft Sharepoint 2016 (September 2021)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2021-38651", "CVE-2021-38652"], "modified": "2022-01-26T00:00:00", "cpe": ["cpe:/a:microsoft:sharepoint_server"], "id": "SMB_NT_MS21_SEP_OFFICE_SHAREPOINT_2016.NASL", "href": "https://www.tenable.com/plugins/nessus/153378", "sourceData": "#%NASL_MIN_LEVEL 70300\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(153378);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/01/26\");\n\n script_cve_id(\"CVE-2021-38651\", \"CVE-2021-38652\");\n script_xref(name:\"MSKB\", value:\"5002020\");\n script_xref(name:\"MSFT\", value:\"MS21-5002020\");\n script_xref(name:\"IAVA\", value:\"2021-A-0424-S\");\n\n script_name(english:\"Security Updates for Microsoft Sharepoint 2016 (September 2021)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The Microsoft SharePoint Server 2016 installation on the remote host is affected by multiple server spoofing vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The Microsoft SharePoint Server 2016 installation on the remote host is missing security updates. \nIt is, therefore, affected by multiple Server Spoofing Vulnerabilities.\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version \nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://support.microsoft.com/en-us/help/5002020\");\n script_set_attribute(attribute:\"solution\", value:\n\"Microsoft has released the following security updates to address these issues: \n -KB5002020\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:S/C:N/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-38652\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/09/14\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/09/14\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/09/14\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:microsoft:sharepoint_server\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows : Microsoft Bulletins\");\n\n script_copyright(english:\"This script is Copyright (C) 2021-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"microsoft_sharepoint_installed.nbin\", \"smb_hotfixes.nasl\", \"ms_bulletin_checks_possible.nasl\");\n script_require_keys(\"SMB/MS_Bulletin_Checks/Possible\");\n script_require_ports(139, 445, \"Host/patch_management_checks\");\n\n exit(0);\n}\n\ninclude('smb_func.inc');\ninclude('smb_hotfixes.inc');\ninclude('smb_hotfixes_fcheck.inc');\ninclude('smb_reg_query.inc');\ninclude('install_func.inc');\n\nget_kb_item_or_exit('SMB/MS_Bulletin_Checks/Possible');\n\nvar bulletin = 'MS21-09';\nvar app_name = 'Microsoft SharePoint Server';\nvar kbs = make_list(\n '5002020'\n);\n\nif (get_kb_item('Host/patch_management_checks'))\n hotfix_check_3rd_party(bulletin:bulletin, kbs:kbs, severity:SECURITY_NOTE);\n\nget_kb_item_or_exit('SMB/Registry/Enumerated', exit_code:1);\n\n# Get path information for Windows.\nvar windir = hotfix_get_systemroot();\nif (isnull(windir)) exit(1, 'Failed to determine the location of %windir%.');\n\nregistry_init();\nvar install = get_single_install(app_name:app_name);\nvar kb_checks =\n{\n '2016':\n { '0':\n {'Server':\n [\n {\n 'kb' : '5002020',\n 'path' : hotfix_get_commonfilesdir(),\n 'append' : 'microsoft shared\\\\web server extensions\\\\16\\\\bin',\n 'file' : 'onetutil.dll',\n 'version' : '16.0.5215.1000',\n 'product_name' : 'Microsoft SharePoint Enterprise Server 2016'\n }\n ]\n }\n }\n};\n\n# Get the specific product / path\nvar param_list = kb_checks[install['Product']][install['SP']][install['Edition']];\n# audit if not affected\nif(isnull(param_list)) audit(AUDIT_HOST_NOT, 'affected');\nvar port = kb_smb_transport();\n# grab the path otherwise\nvar check;\nforeach var check (param_list)\n{\n if (!isnull(check['version']))\n {\n var path = check['path'];\n if (!empty_or_null(check['append']))\n path = hotfix_append_path(path:check['path'], value:check['append']);\n are_we_vuln = hotfix_check_fversion(\n file:check['file'],\n version:check['version'],\n path:path,\n kb:check['kb'],\n product:check['product_name']\n );\n }\n else\n {\n var report = '\\n';\n if (check['product_name'])\n report += ' Product : ' + check['product_name'] + '\\n';\n if (check['kb'])\n report += ' KB : ' + check['kb'] + '\\n';\n hotfix_add_report(report, kb:check['kb']);\n }\n\n if(are_we_vuln == HCF_OLDER) vuln = TRUE;\n\n}\nif (vuln)\n{\n port = kb_smb_transport();\n replace_kb_item(name:'SMB/Missing/'+bulletin, value:TRUE);\n hotfix_security_note();\n hotfix_check_fversion_end();\n exit(0);\n}\nelse\n{\n hotfix_check_fversion_end();\n audit(AUDIT_INST_VER_NOT_VULN, app_name);\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-17T16:30:02", "description": "The Microsoft Excel Products are missing security updates.\nIt is, therefore, affected by multiple vulnerabilities:\n\n - A remote code execution vulnerability. An attacker can exploit this to bypass authentication and execute unauthorized arbitrary commands. (CVE-2021-38655, CVE-2021-38660)", "cvss3": {}, "published": "2022-06-10T00:00:00", "type": "nessus", "title": "Security Updates for Microsoft Excel Products C2R (September 2021)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2021-38655", "CVE-2021-38660"], "modified": "2022-12-14T00:00:00", "cpe": ["cpe:/a:microsoft:excel"], "id": "SMB_NT_MS21_SEP_EXCEL_C2R.NASL", "href": "https://www.tenable.com/plugins/nessus/162103", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the Microsoft Security Updates API. The text\n# itself is copyright (C) Microsoft Corporation.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(162103);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/12/14\");\n\n script_cve_id(\"CVE-2021-38655\", \"CVE-2021-38660\");\n script_xref(name:\"IAVA\", value:\"2021-A-0425-S\");\n\n script_name(english:\"Security Updates for Microsoft Excel Products C2R (September 2021)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The Microsoft Excel Products are affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The Microsoft Excel Products are missing security updates.\nIt is, therefore, affected by multiple vulnerabilities:\n\n - A remote code execution vulnerability. An attacker can\n exploit this to bypass authentication and execute\n unauthorized arbitrary commands. (CVE-2021-38655,\n CVE-2021-38660)\");\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?fd4508ff\");\n script_set_attribute(attribute:\"solution\", value:\n\"For Office 365, Office 2016 C2R, or Office 2019, ensure automatic\nupdates are enabled or open any office app and manually perform an\nupdate.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-38655\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/09/14\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/09/14\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/06/10\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:microsoft:excel\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows\");\n\n script_copyright(english:\"This script is Copyright (C) 2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_dependencies(\"office_installed.nasl\", \"microsoft_office_compatibility_pack_installed.nbin\", \"smb_hotfixes.nasl\", \"ms_bulletin_checks_possible.nasl\");\n script_require_keys(\"SMB/MS_Bulletin_Checks/Possible\");\n script_require_ports(139, 445, \"Host/patch_management_checks\");\n\n exit(0);\n}\n\ninclude('vcf_extras_office.inc');\n\nvar bulletin = 'MS21-09';\n\nvar constraints = [\n {'fixed_version':'16.0.13801.20960','channel': 'Deferred','channel_version': '2102'},\n {'fixed_version':'16.0.13127.21766','channel': 'Deferred'},\n {'fixed_version':'16.0.12527.22032','channel': 'Microsoft 365 Apps on Windows 7'},\n {'fixed_version':'16.0.14228.20324','channel': 'Enterprise Deferred','channel_version': '2107'},\n {'fixed_version':'16.0.14131.20384','channel': 'Enterprise Deferred'},\n {'fixed_version':'16.0.14326.20404','channel': 'First Release for Deferred'},\n {'fixed_version':'16.0.14326.20404','channel': '2016 Retail'},\n {'fixed_version':'16.0.14326.20404','channel': 'Current'},\n {'fixed_version':'16.0.10378.20029','channel': '2019 Volume'},\n {'fixed_version':'16.0.14326.20404','channel': '2019 Retail'}\n];\n\nvcf::microsoft::office_product::check_version_and_report(\n constraints:constraints,\n severity:SECURITY_WARNING,\n bulletin:bulletin,\n subproduct:'Excel'\n);\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T15:33:52", "description": "The Microsoft Excel Products are missing security updates.\nIt is, therefore, affected by multiple vulnerabilities:\n\n - A remote code execution vulnerability. An attacker can exploit this to bypass authentication and execute unauthorized arbitrary commands. (CVE-2021-38655, CVE-2021-38660)", "cvss3": {}, "published": "2021-09-14T00:00:00", "type": "nessus", "title": "Security Updates for Microsoft Excel Products (September 2021)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2021-38655", "CVE-2021-38660"], "modified": "2022-06-10T00:00:00", "cpe": ["cpe:/a:microsoft:excel"], "id": "SMB_NT_MS21_SEP_EXCEL.NASL", "href": "https://www.tenable.com/plugins/nessus/153380", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the Microsoft Security Updates API. The text\n# itself is copyright (C) Microsoft Corporation.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(153380);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/06/10\");\n\n script_cve_id(\"CVE-2021-38655\", \"CVE-2021-38660\");\n script_xref(name:\"MSKB\", value:\"5002003\");\n script_xref(name:\"MSKB\", value:\"5002014\");\n script_xref(name:\"MSFT\", value:\"MS21-5002003\");\n script_xref(name:\"MSFT\", value:\"MS21-5002014\");\n script_xref(name:\"IAVA\", value:\"2021-A-0425-S\");\n\n script_name(english:\"Security Updates for Microsoft Excel Products (September 2021)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The Microsoft Excel Products are affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The Microsoft Excel Products are missing security updates.\nIt is, therefore, affected by multiple vulnerabilities:\n\n - A remote code execution vulnerability. An attacker can\n exploit this to bypass authentication and execute\n unauthorized arbitrary commands. (CVE-2021-38655,\n CVE-2021-38660)\");\n # https://support.microsoft.com/en-us/topic/description-of-the-security-update-for-excel-2016-september-14-2021-kb5002003-09ace75e-e6ca-4ad7-8917-86b2daebff09\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?c21830db\");\n # https://support.microsoft.com/en-us/topic/description-of-the-security-update-for-excel-2013-september-14-2021-kb5002014-fcbb4d6b-4aae-407c-923f-d235d6abc95a\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?ca14a662\");\n # https://docs.microsoft.com/en-us/officeupdates/update-history-office-2019\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?42ab6861\");\n # https://docs.microsoft.com/en-us/officeupdates/update-history-microsoft365-apps-by-date\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?fd4508ff\");\n script_set_attribute(attribute:\"solution\", value:\n\"Microsoft has released the following security updates to address this issue: \n -KB5002003\n -KB5002014\n\nFor Office 365, Office 2016 C2R, or Office 2019, ensure automatic\nupdates are enabled or open any office app and manually perform an\nupdate.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-38655\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/09/14\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/09/14\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/09/14\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:microsoft:excel\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows : Microsoft Bulletins\");\n\n script_copyright(english:\"This script is Copyright (C) 2021-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"office_installed.nasl\", \"microsoft_office_compatibility_pack_installed.nbin\", \"smb_hotfixes.nasl\", \"ms_bulletin_checks_possible.nasl\");\n script_require_keys(\"SMB/MS_Bulletin_Checks/Possible\");\n script_require_ports(139, 445, \"Host/patch_management_checks\");\n\n exit(0);\n}\n\ninclude('smb_func.inc');\ninclude('smb_hotfixes.inc');\ninclude('smb_hotfixes_fcheck.inc');\ninclude('smb_reg_query.inc');\n\nget_kb_item_or_exit('SMB/MS_Bulletin_Checks/Possible');\n\nvar bulletin = 'MS21-09';\nvar kbs = make_list(\n '5002003',\n '5002014'\n);\n\nif (get_kb_item('Host/patch_management_checks'))\n hotfix_check_3rd_party(bulletin:bulletin, kbs:kbs, severity:SECURITY_WARNING);\n\nget_kb_item_or_exit('SMB/Registry/Enumerated', exit_code:1);\n\nvar port = kb_smb_transport();\n\nvar checks = make_array(\n '15.0', make_array('sp', 1, 'version', '15.0.5381.1000', 'kb', '5002014'),\n '16.0', make_nested_list(\n make_array('sp', 0, 'version', '16.0.5215.1000', 'channel', 'MSI', 'kb', '5002003')\n )\n);\n\nif (hotfix_check_office_product(product:'Excel', checks:checks, bulletin:bulletin))\n{\n replace_kb_item(name:'SMB/Missing/'+bulletin, value:TRUE);\n hotfix_security_warning();\n hotfix_check_fversion_end();\n exit(0);\n}\nelse\n{\n hotfix_check_fversion_end();\n audit(AUDIT_HOST_NOT, 'affected');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T15:33:28", "description": "The Microsoft Office product installed on the remote host is affected by multiple vulnerabilities, as follows:\n\n - A spoofing vulnerability in Microsoft Office that can be exploited by a remote, low privileged attacker.\n (CVE-2021-38650)\n\n - A remote code execution vulnerability in Microsoft Excel that can be exploited by a local, unprivileged attacker. (CVE-2021-38655)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2021-09-15T00:00:00", "type": "nessus", "title": "Security Updates for Microsoft Office (September 2021) (macOS)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2021-38650", "CVE-2021-38655"], "modified": "2021-10-14T00:00:00", "cpe": ["cpe:/a:microsoft:office", "cpe:/a:microsoft:excel"], "id": "MACOS_MS21_SEP_OFFICE.NASL", "href": "https://www.tenable.com/plugins/nessus/153397", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n##\n\n# The descriptive text and package checks in this plugin were \n# extracted from the Microsoft Security Updates API. The text\n# itself is copyright (C) Microsoft Corporation.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(153397);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/10/14\");\n\n script_cve_id(\"CVE-2021-38650\", \"CVE-2021-38655\");\n script_xref(name:\"IAVA\", value:\"2021-A-0428-S\");\n script_xref(name:\"IAVA\", value:\"2021-A-0425-S\");\n\n script_name(english:\"Security Updates for Microsoft Office (September 2021) (macOS)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The Microsoft Office product installed on the remote host is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The Microsoft Office product installed on the remote host is affected by multiple vulnerabilities, as follows:\n\n - A spoofing vulnerability in Microsoft Office that can be exploited by a remote, low privileged attacker.\n (CVE-2021-38650)\n\n - A remote code execution vulnerability in Microsoft Excel that can be exploited by a local, unprivileged\n attacker. (CVE-2021-38655)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n # https://docs.microsoft.com/en-us/officeupdates/release-notes-office-for-mac#september-14-2021\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?147ff8bb\");\n # https://docs.microsoft.com/en-us/officeupdates/update-history-office-for-mac#september-14-2021\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?3592c47c\");\n script_set_attribute(attribute:\"solution\", value:\n\"Microsoft has released a set of patches for Microsoft Office for Mac.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-38655\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/09/14\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/09/14\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/09/15\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:microsoft:office\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:microsoft:excel\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"MacOS X Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"macosx_office_installed.nbin\");\n script_require_keys(\"Host/MacOSX/Version\", \"installed_sw/Microsoft Excel\");\n\n exit(0);\n}\n\ninclude('vcf.inc');\n\nvar os = get_kb_item_or_exit('Host/MacOSX/Version');\nvar apps = make_list('Microsoft Excel');\nvar report = '';\n\n#2019\nvar min_ver_19 = '16.17.0';\nvar fix_ver_19 = '16.53';\nvar fix_disp_19 = '16.53 (21091200)';\n\nforeach var app (apps)\n{\n var installs = get_installs(app_name:app);\n if (isnull(installs[1]))\n continue;\n\n foreach var install (installs[1])\n {\n var version = install['version'];\n\n if (ver_compare(ver:version, minver:min_ver_19, fix:fix_ver_19, strict:FALSE) < 0)\n {\n var app_label = app + ' for Mac 2019';\n report +=\n '\\n\\n Product : ' + app_label +\n '\\n Installed version : ' + version +\n '\\n Fixed version : ' + fix_disp_19;\n }\n }\n}\nif (empty(report))\n audit(AUDIT_HOST_NOT, 'affected');\n\nif (os =~ \"^Mac OS X 10\\.([0-9]([^0-9]|$)|1[0-3])\")\n report += '\\n Note : Update will require Mac OS X 10.14.0 or later.\\n';\n\nsecurity_report_v4(severity:SECURITY_WARNING, port:0, extra:report);\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T15:33:39", "description": "The Windows 'MPEG-2 Video Extension' app installed on the remote host is affected by a remote code execution vulnerability. An attacker can exploit this to bypass authentication and execute unauthorized arbitrary commands.\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2021-09-14T00:00:00", "type": "nessus", "title": "Microsoft Windows MPEG-2 Video Extension RCE (September 2021)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2021-38644"], "modified": "2022-01-26T00:00:00", "cpe": ["cpe:/o:microsoft:windows"], "id": "SMB_NT_MS21_SEP_MPEG2.NASL", "href": "https://www.tenable.com/plugins/nessus/153382", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from the Microsoft Security Updates API. The text\n# itself is copyright (C) Microsoft Corporation.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(153382);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/01/26\");\n\n script_cve_id(\"CVE-2021-38644\");\n script_xref(name:\"IAVA\", value:\"2021-A-0431-S\");\n script_xref(name:\"IAVA\", value:\"2021-A-0429-S\");\n\n script_name(english:\"Microsoft Windows MPEG-2 Video Extension RCE (September 2021)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The Windows app installed on the remote host is affected by a remote code execution vulnerability.\");\n script_set_attribute(attribute:\"description\", value:\n\"The Windows 'MPEG-2 Video Extension' app installed on the remote host is affected by a remote code execution\nvulnerability. An attacker can exploit this to bypass authentication and execute unauthorized arbitrary commands.\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-38644\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to app version 1.0.42152 or later via the Microsoft Store.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-38644\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/09/14\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/09/14\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/09/14\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:microsoft:windows\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows : Microsoft Bulletins\");\n\n script_copyright(english:\"This script is Copyright (C) 2021-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"smb_hotfixes.nasl\", \"wmi_enum_windows_app_store.nbin\");\n script_require_keys(\"SMB/Registry/Enumerated\", \"WMI/Windows App Store/Enumerated\");\n script_require_ports(139, 445);\n\n exit(0);\n}\n\ninclude('vcf.inc');\ninclude('vcf_extras.inc');\n\nvar apps = ['Microsoft.MPEG2VideoExtension'];\n\nvar app_info = vcf::microsoft_appstore::get_app_info(app_list:apps);\n\nvcf::check_granularity(app_info:app_info, sig_segments:3);\n\nvar constraints = [\n { 'fixed_version' : '1.0.42152.0' }\n];\n\nvcf::check_version_and_report(app_info:app_info, constraints:constraints, severity:SECURITY_WARNING);\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T15:33:38", "description": "The Microsoft Dynamics 365 (on-premises) is missing a security update. It is, therefore, affected by the following vulnerability:\n\n - A cross-site scripting (XSS) vulnerability exists due to improper validation of user-supplied input before returning it to users. An attacker can exploit this by convincing a user to click a specially crafted URL, to execute arbitrary script code in a user's browser session. (CVE-2021-40440)", "cvss3": {}, "published": "2021-09-14T00:00:00", "type": "nessus", "title": "Security Updates for Microsoft Dynamics 365 (on-premises) (September 2021)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2021-40440"], "modified": "2022-11-28T00:00:00", "cpe": ["cpe:/a:microsoft:dynamics_365"], "id": "SMB_NT_MS21_SEP_MICROSOFT_DYNAMICS_365_BC.NASL", "href": "https://www.tenable.com/plugins/nessus/153385", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from the Microsoft Security Updates API. The text\n# itself is copyright (C) Microsoft Corporation.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(153385);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/11/28\");\n\n script_cve_id(\"CVE-2021-40440\");\n script_xref(name:\"MSKB\", value:\"5006075\");\n script_xref(name:\"MSKB\", value:\"5006076\");\n script_xref(name:\"MSFT\", value:\"MS21-5006075\");\n script_xref(name:\"MSFT\", value:\"MS21-5006076\");\n script_xref(name:\"IAVA\", value:\"2021-A-0427-S\");\n\n script_name(english:\"Security Updates for Microsoft Dynamics 365 (on-premises) (September 2021)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The Microsoft Dynamics 365 (on-premises) is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"The Microsoft Dynamics 365 (on-premises) is missing a\nsecurity update. It is, therefore, affected by the following\nvulnerability:\n\n - A cross-site scripting (XSS) vulnerability exists due to\n improper validation of user-supplied input before\n returning it to users. An attacker can exploit this by\n convincing a user to click a specially crafted URL, to\n execute arbitrary script code in a user's browser\n session. (CVE-2021-40440)\");\n # https://support.microsoft.com/en-us/topic/update-17-10-for-microsoft-dynamics-365-business-central-2020-release-wave-2-application-build-17-10-29463-platform-build-17-0-29460-september-14-2021-kb5006075-f24a085e-9dea-4ee5-a48d-87882107a19e\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?d76e3f35\");\n # https://support.microsoft.com/en-us/topic/update-18-5-for-microsoft-dynamics-365-business-central-2021-release-wave-1-application-build-18-5-29545-platform-build-18-0-29486-september-14-2021-kb5006076-ed5b4986-6955-45b8-8037-ddedf3e5bff0\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?fe9bcee0\");\n script_set_attribute(attribute:\"solution\", value:\n\"Microsoft has released the following security updates to address this issue: \n -KB5006075\n -KB5006076\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:S/C:N/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-40440\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/09/14\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/09/14\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/09/14\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:microsoft:dynamics_365\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows : Microsoft Bulletins\");\n\n script_copyright(english:\"This script is Copyright (C) 2021-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"microsoft_dynamics_365_business_central_server_win_installed.nbin\");\n script_require_keys(\"installed_sw/Microsoft Dynamics 365 Business Central Server\");\n script_require_ports(139, 445);\n\n exit(0);\n}\n\ninclude('vcf.inc');\n\nvar app = 'Microsoft Dynamics 365 Business Central Server';\n\nvar app_info = vcf::get_app_info(app:app, win_local:TRUE);\n\nvar constraints = [\n { 'min_version' : '17.0', 'fixed_version' : '17.0.29460.0', 'fixed_display' : 'Update 17.10 for Microsoft Dynamics 365 Business Central 2020 Release Wave 2' },\n { 'min_version' : '18.0', 'fixed_version' : '18.0.29486.0', 'fixed_display' : 'Update 18.5 for Microsoft Dynamics 365 Business Central 2021 Release Wave 1' }\n];\n\nvcf::check_version_and_report(\n app_info:app_info,\n constraints:constraints,\n severity:SECURITY_NOTE,\n flags:{'xss':TRUE}\n);\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T15:33:19", "description": "The Windows 'HEVC Video Extensions' or 'HEVC from Device Manufacturer' app installed on the remote host is affected by a remote code execution vulnerability. An attacker who successfully exploited the vulnerability could execute arbitrary code. Exploitation of the vulnerability requires that a program process a specially crafted file.", "cvss3": {}, "published": "2021-09-14T00:00:00", "type": "nessus", "title": "Microsoft Windows Codecs Library RCE (September 2021)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2021-38661"], "modified": "2021-09-20T00:00:00", "cpe": ["cpe:/o:microsoft:windows"], "id": "SMB_NT_MS21_SEP_HEVC.NASL", "href": "https://www.tenable.com/plugins/nessus/153376", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from the Microsoft Security Updates API. The text\n# itself is copyright (C) Microsoft Corporation.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(153376);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/09/20\");\n\n script_cve_id(\"CVE-2021-38661\");\n\n script_name(english:\"Microsoft Windows Codecs Library RCE (September 2021)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The Windows app installed on the remote host is affected by a remote code execution vulnerability.\");\n script_set_attribute(attribute:\"description\", value:\n\"The Windows 'HEVC Video Extensions' or 'HEVC from Device Manufacturer' app\ninstalled on the remote host is affected by a remote code execution\nvulnerability. An attacker who successfully exploited the\nvulnerability could execute arbitrary code. Exploitation of the\nvulnerability requires that a program process a specially crafted file.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-38661\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to app version 1.0.42091.0, 1.0.42094.0, or later via the Microsoft Store.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-38661\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/09/14\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/09/14\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/09/14\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:microsoft:windows\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows : Microsoft Bulletins\");\n\n script_copyright(english:\"This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"smb_hotfixes.nasl\", \"wmi_enum_windows_app_store.nbin\");\n script_require_keys(\"SMB/Registry/Enumerated\", \"WMI/Windows App Store/Enumerated\");\n script_require_ports(139, 445);\n\n exit(0);\n}\n\ninclude('vcf.inc');\ninclude('vcf_extras.inc');\n\n# Thanks to MS for two nearly identical package identity names:\n# Microsoft.HEVCVideoExtension - HEVC Video Extensions from Device Manufacturer\n# Microsoft.HEVCVideoExtensions - HEVC Video Extensions\nvar apps = ['Microsoft.HEVCVideoExtension', 'Microsoft.HEVCVideoExtensions'];\n\nvar app_info = vcf::microsoft_appstore::get_app_info(app_list:apps);\n\nvcf::check_granularity(app_info:app_info, sig_segments:3);\n\nvar constraints = [\n { 'fixed_version' : '1.0.42091.0', 'fixed_display' : '1.0.42091.0 / 1.0.42094.0'}\n];\n\nvcf::check_version_and_report(app_info:app_info, constraints:constraints, severity:SECURITY_WARNING);\n", "cvss": {"score": 0.0, "vector": "NONE"}}], "adobe": [{"lastseen": "2023-05-23T15:57:04", "description": "Adobe has released security updates for Adobe Acrobat and Reader for Windows and macOS. These updates address multiple [critical](), [important]() and [moderate]() vulnerabilities. Successful exploitation could lead to arbitrary code execution in the context of the current user. \n", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2021-09-09T00:00:00", "type": "adobe", "title": "APSB21-55 Security update available for Adobe Acrobat and Reader", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-35982", "CVE-2021-39836", "CVE-2021-39837", "CVE-2021-39838", "CVE-2021-39839", "CVE-2021-39840", "CVE-2021-39841", "CVE-2021-39842", "CVE-2021-39843", "CVE-2021-39844", "CVE-2021-39845", "CVE-2021-39846", "CVE-2021-39849", "CVE-2021-39850", "CVE-2021-39851", "CVE-2021-39852", "CVE-2021-39853", "CVE-2021-39854", "CVE-2021-39855", "CVE-2021-39856", "CVE-2021-39857", "CVE-2021-39858", "CVE-2021-39859", "CVE-2021-39860", "CVE-2021-39861", "CVE-2021-39863", "CVE-2021-40725", "CVE-2021-40726"], "modified": "2021-09-09T00:00:00", "id": "APSB21-55", "href": "https://helpx.adobe.com/security/products/acrobat/apsb21-55.html", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "thn": [{"lastseen": "2022-05-09T12:37:18", "description": "[![](https://thehackernews.com/images/-n2LTDkSYrUk/YUF8P0ggXPI/AAAAAAAADzE/Jk_5Hbl3Sf4AUwjPizqDaRZLrxWgrDizgCLcBGAsYHQ/s0/windows-update-download.jpg)](<https://thehackernews.com/images/-n2LTDkSYrUk/YUF8P0ggXPI/AAAAAAAADzE/Jk_5Hbl3Sf4AUwjPizqDaRZLrxWgrDizgCLcBGAsYHQ/s0/windows-update-download.jpg>)\n\nA day after [Apple](<https://thehackernews.com/2021/09/apple-issues-urgent-updates-to-fix-new.html>) and [Google](<https://thehackernews.com/2021/09/update-google-chrome-to-patch-2-new.html>) rolled out urgent security updates, Microsoft has [pushed software fixes](<https://msrc.microsoft.com/update-guide/releaseNote/2021-Sep>) as part of its monthly Patch Tuesday release cycle to plug 66 security holes affecting Windows and other components such as Azure, Office, BitLocker, and Visual Studio, including an [actively exploited zero-day](<https://thehackernews.com/2021/09/new-0-day-attack-targeting-windows.html>) in its MSHTML Platform that came to light last week. \n\nOf the 66 flaws, three are rated Critical, 62 are rated Important, and one is rated Moderate in severity. This is aside from the [20 vulnerabilities](<https://docs.microsoft.com/en-us/deployedge/microsoft-edge-relnotes-security>) in the Chromium-based Microsoft Edge browser that the company addressed since the start of the month.\n\nThe most important of the updates concerns a patch for [CVE-2021-40444](<https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-40444>) (CVSS score: 8.8), an actively exploited remote code execution vulnerability in MSHTML that leverages malware-laced Microsoft Office documents, with EXPMON researchers noting \"the exploit uses logical flaws so the exploitation is perfectly reliable.\"\n\nAlso addressed is a publicly disclosed, but not actively exploited, zero-day flaw in Windows DNS. Designated as [CVE-2021-36968](<https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-36968>), the elevation of privilege vulnerability is rated 7.8 in severity.\n\nOther flaws of note resolved by Microsoft involve a number of remote code execution bugs in Open Management Infrastructure ([CVE-2021-38647](<https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-38647>)), Windows WLAN AutoConfig Service ([CVE-2021-36965](<https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-36965>)), Office ([CVE-2021-38659](<https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-38659>)), Visual Studio ([CVE-2021-36952](<https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-36952>)), and Word ([CVE-2021-38656](<https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-38656>)) as well as a memory corruption flaw in Windows Scripting Engine ([CVE-2021-26435](<https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-26435>))\n\nWhat's more, the Windows maker has rectified three privilege escalation flaws newly uncovered in its Print Spooler service ([CVE-2021-38667](<https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-38667>), [CVE-2021-38671](<https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-38671>), and [CVE-2021-40447](<https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-40447>)), while [CVE-2021-36975](<https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-36975>) and [CVE-2021-38639](<https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-38639>) (CVSS scores: 7.8), both of which relate to an elevation of privilege vulnerabilities in Win32k, are listed as 'exploitation more likely,' making it imperative that users move quickly to apply the security updates.\n\n### Software Patches From Other Vendors\n\nBesides Microsoft, patches have also been released by a number of other vendors to address several vulnerabilities, including -\n\n * [Adobe](<https://helpx.adobe.com/security.html/security/security-bulletin.ug.html>)\n * [Android](<https://source.android.com/security/bulletin/2021-09-01>)\n * [Apple](<https://thehackernews.com/2021/09/apple-issues-urgent-updates-to-fix-new.html>)\n * [Cisco](<https://tools.cisco.com/security/center/publicationListing.x>)\n * [Citrix](<https://support.citrix.com/search/#/All%20Products?ct=Software%20Updates,Security%20Bulletins&searchText=&sortBy=Modified%20date&pageIndex=1>)\n * Linux distributions [Oracle Linux](<https://linux.oracle.com/ords/f?p=105:21>), [Red Hat](<https://access.redhat.com/security/security-updates/#/security-advisories?q=&p=2&sort=portal_publication_date%20desc&rows=10&portal_advisory_type=Security%20Advisory&documentKind=Errata>), and [SUSE](<https://lists.suse.com/pipermail/sle-security-updates/2021-September/thread.html>)\n * [SAP](<https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=585106405>)\n * [Schneider Electric](<https://www.se.com/ww/en/work/support/cybersecurity/overview.jsp>), and\n * [Siemens](<https://new.siemens.com/global/en/products/services/cert.html#SecurityPublications>)\n \n\n\nFound this article interesting? Follow THN on [Facebook](<https://www.facebook.com/thehackernews>), [Twitter _\uf099_](<https://twitter.com/thehackersnews>) and [LinkedIn](<https://www.linkedin.com/company/thehackernews/>) to read more exclusive content we post.\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-09-15T05:00:00", "type": "thn", "title": "Microsoft Releases Patch for Actively Exploited Windows Zero-Day Vulnerability", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-26435", "CVE-2021-36952", "CVE-2021-36965", "CVE-2021-36968", "CVE-2021-36975", "CVE-2021-38639", "CVE-2021-38647", "CVE-2021-38656", "CVE-2021-38659", "CVE-2021-38667", "CVE-2021-38671", "CVE-2021-40444", "CVE-2021-40447"], "modified": "2021-09-15T05:00:22", "id": "THN:67ECC712AB360F5A56F2434CDBF6B51F", "href": "https://thehackernews.com/2021/09/microsoft-releases-patch-for-actively.html", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-05-09T12:37:18", "description": "[![Azure Linux VMs](https://thehackernews.com/images/-s5Iv1JAWb9E/YUI9Ecx55CI/AAAAAAAADzc/GZ8B73768Pk8g0hW4maN8O-IOSq9arQIQCLcBGAsYHQ/s728-e1000/azure.gif)](<https://thehackernews.com/images/-s5Iv1JAWb9E/YUI9Ecx55CI/AAAAAAAADzc/GZ8B73768Pk8g0hW4maN8O-IOSq9arQIQCLcBGAsYHQ/s0/azure.gif>)\n\nMicrosoft on Tuesday addressed a quartet of security flaws as part of its [Patch Tuesday updates](<https://thehackernews.com/2021/09/microsoft-releases-patch-for-actively.html>) that could be abused by adversaries to target Azure cloud customers and elevate privileges as well as allow for remote takeover of vulnerable systems.\n\nThe list of flaws, collectively called **OMIGOD** by researchers from Wiz, affect a little-known software agent called Open Management Infrastructure that's automatically deployed in many Azure services -\n\n * [**CVE-2021-38647**](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-38647>) (CVSS score: 9.8) - Open Management Infrastructure Remote Code Execution Vulnerability\n * [**CVE-2021-38648**](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-38648>) (CVSS score: 7.8) - Open Management Infrastructure Elevation of Privilege Vulnerability\n * [**CVE-2021-38645**](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-38645>) (CVSS score: 7.8) - Open Management Infrastructure Elevation of Privilege Vulnerability\n * [**CVE-2021-38649**](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-38649>) (CVSS score: 7.0) - Open Management Infrastructure Elevation of Privilege Vulnerability\n\nOpen Management Infrastructure ([OMI](<https://github.com/microsoft/omi>)) is an open-source [analogous equivalent](<https://cloudblogs.microsoft.com/windowsserver/2012/06/28/open-management-infrastructure/>) of Windows Management Infrastructure (WMI) but designed for Linux and UNIX systems such as CentOS, Debian, Oracle Linux, Red Hat Enterprise Linux Server, SUSE Linux, and Ubuntu that allows for monitoring, inventory management, and syncing configurations across IT environments.\n\nAzure customers on Linux machines, including users of Azure Automation, Azure Automatic Update, Azure Operations Management Suite (OMS), Azure Log Analytics, Azure Configuration Management, and Azure Diagnostics, are at risk of potential exploitation.\n\n\"When users enable any of these popular services, OMI is silently installed on their virtual machine, running at the highest privileges possible,\" Wiz security researcher Nir Ohfeld [said](<https://www.wiz.io/blog/secret-agent-exposes-azure-customers-to-unauthorized-code-execution>). \"This happens without customers' explicit consent or knowledge. Users simply click agree to log collection during set-up and they have unknowingly opted in.\"\n\n\"In addition to Azure cloud customers, other Microsoft customers are affected since OMI can be independently installed on any Linux machine and is frequently used on-premise,\" Ohfeld added.\n\nSince the OMI agent runs as root with the highest privileges, the aforementioned vulnerabilities could be abused by external actors or low-privileged users to remotely execute code on target machines and escalate privileges, thereby enabling the threat actors to take advantage of the elevated permissions to mount sophisticated attacks.\n\n[![Azure Linux VMs](https://thehackernews.com/images/-T0XmM7RcIvQ/YUI8jF03JfI/AAAAAAAADzU/AYwbK2Xv1cAtn6q-McPGNwxtZbKSWYYIwCLcBGAsYHQ/s728-e1000/hack-1.gif)](<https://thehackernews.com/images/-T0XmM7RcIvQ/YUI8jF03JfI/AAAAAAAADzU/AYwbK2Xv1cAtn6q-McPGNwxtZbKSWYYIwCLcBGAsYHQ/s0/hack-1.gif>)\n\nThe most critical of the four flaws is a remote code execution flaw arising out of an internet-exposed HTTPS port like 5986, 5985, or 1270, allowing attackers to obtain initial access to a target Azure environment and subsequently move laterally within the network.\n\n\"This is a textbook RCE vulnerability that you would expect to see in the 90's \u2013 it's highly unusual to have one crop up in 2021 that can expose millions of endpoints,\" Ohfeld said. \"With a single packet, an attacker can become root on a remote machine by simply removing the authentication header. It's that simple.\"\n\n\"OMI is just one example of a 'secret' software agent that's pre-installed and silently deployed in cloud environments. It's important to note that these agents exist not just in Azure but in [Amazon Web Services] and [Google Cloud Platform] as well.\"\n\n**_Update:_** Microsoft on Thursday published additional guidance for the [OMIGOD vulnerabilities](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-38647>), urging customers to apply the updates manually as and when they become available per the schedule outlined [here](<https://msrc-blog.microsoft.com/2021/09/16/additional-guidance-regarding-omi-vulnerabilities-within-azure-vm-management-extensions/>). The security issues impact all versions of OMI below [1.6.8-1](<https://github.com/microsoft/omi/releases/tag/v1.6.8-1>).\n\n\"Several Azure Virtual Machine (VM) management extensions use [the OMI] framework to orchestrate configuration management and log collection on Linux VMs,\" Microsoft Security Response Center said in a bulletin. \"The remote code execution vulnerability only impacts customers using a Linux management solution (on-premises SCOM or Azure Automation State Configuration or Azure Desired State Configuration extension) that enables remote OMI management.\"\n\nThe development comes as Bad Packets [reported](<https://twitter.com/bad_packets/status/1438753415106994179>) [mass scanning](<https://www.greynoise.io/viz/query/?gnql=cve%3ACVE-2021-38647>) of Azure Linux-based servers vulnerable to the remote code execution flaw in an attempt to hijack vulnerable systems and mount further attacks, which, in turn, have been fueled by the [public release](<https://twitter.com/GossiTheDog/status/1438604418212114440>) of a proof-of-concept (PoC) exploit.\n\n \n\n\nFound this article interesting? Follow THN on [Facebook](<https://www.facebook.com/thehackernews>), [Twitter _\uf099_](<https://twitter.com/thehackersnews>) and [LinkedIn](<https://www.linkedin.com/company/thehackernews/>) to read more exclusive content we post.\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-09-15T18:36:00", "type": "thn", "title": "Critical Flaws Discovered in Azure App That Microsoft Secretly Installs on Linux VMs", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-38645", "CVE-2021-38647", "CVE-2021-38648", "CVE-2021-38649"], "modified": "2021-09-17T19:17:45", "id": "THN:69DC54E89A77C1E4E0DFE9C6EA3BAB48", "href": "https://thehackernews.com/2021/09/critical-flaws-discovered-in-azure-app.html", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "threatpost": [{"lastseen": "2021-09-16T18:44:44", "description": "In [September\u2019s Patch Tuesday](<https://msrc.microsoft.com/update-guide/vulnerability>) crop of security fixes, Microsoft released patches for 66 CVEs, three of which are rated critical, and one of which \u2013 the Windows MSHTML zero-day \u2013 has been under active attack for nearly two weeks.\n\nOne other bug is listed as publicly known but isn\u2019t (yet) being exploited. Immersive Labs\u2019 Kevin Breen, director of cyber threat research, observed that with only one CVE under active attack in the wild, it\u2019s \u201cquite a light Patch Tuesday\u201d \u2013 at least on the surface, that is.\n\nThe flaws were found in Microsoft Windows and Windows components, Microsoft Edge (Chromium, iOS, and Android), Azure, Office and Office Components, SharePoint Server, Microsoft Windows DNS and the Windows Subsystem for Linux.\n\n[![Infosec Insiders Newsletter](https://media.threatpost.com/wp-content/uploads/sites/103/2021/07/10165815/infosec_insiders_in_article_promo.png)](<https://threatpost.com/infosec-insider-subscription-page/?utm_source=ART&utm_medium=ART&utm_campaign=InfosecInsiders_Newsletter_Promo/>)\n\nOf the 66 new CVEs patched today, three are rated critical, 62 are rated important, and one is rated moderate in severity.\n\nOver the past nine months of 2021, this is the seventh month in which Microsoft patched fewer than 100 CVEs, in stark contrast to 2020, when Redmond spent eight months gushing out more than 100 CVE patches per month. But while the overall number of vulnerabilities is lighter, the severity ratings have ticked up, as the [Zero Day Initiative](<https://www.zerodayinitiative.com/blog/2021/9/14/the-september-2021-security-update-review-kpgpb>) noted.\n\nSome observers pegged the top patching priority in this month\u2019s batch as being a fix for CVE-2021-40444: An important-rated vulnerability in Microsoft\u2019s MSHTML (Trident) engine that rates 8.8 out of 10 on the CVSS scale.\n\nDisclosed on Sept. 7, it\u2019s a painfully throbbing sore thumb, given that researchers developed a number of proof-of-concept (PoC) exploits showing how drop-dead simple it is to exploit, and attackers have been sharing guides on how to do just that.\n\n## Under Active Attack: CVE-2021-40444\n\nIt\u2019s been nearly two weeks since this serious, simple to exploit bug has been under active attack, and it\u2019s been nearly a week since attackers started to share blueprints on how to carry out an exploit.\n\nMicrosoft said last week that the flaw could let an attacker \u201ccraft a malicious ActiveX control to be used by a Microsoft Office document that hosts the browser rendering engine,\u201d after which \u201cthe attacker would then have to convince the user to open the malicious document.\u201d Unfortunately, malicious macro attacks continue to be prevalent: In July, for example, legacy users of Microsoft Excel were being targeted in a malware campaign that used a [novel malware-obfuscation technique](<https://threatpost.com/microsoft-office-malware-protection-bypass/167652/>) to disable malicious macro warnings and deliver the ZLoader trojan.\n\nAn attacker would need to convince a user to open a specially crafted Microsoft Office document containing the exploit code.\n\nSatnam Narang, staff research engineer at Tenable, noted via email that there have been warnings that this vulnerability will be incorporated into malware payloads and used to distribute ransomware: A solid reason to put the patch at the top of your priority list.\n\n\u201cThere are no indications that this has happened yet, but with the patch now available, organizations should prioritize updating their systems as soon as possible,\u201d Narang told Threatpost.\n\nLast Wednesday, Sept. 8, [Kevin Beaumont](<https://twitter.com/GossiTheDog/status/1435515875025633282>) \u2013 head of the security operations center for U.K. fashion retailer Arcadia Group and a past senior threat intelligence analyst at Microsoft \u2013 [noted](<https://twitter.com/GossiTheDog/status/1435562870331293706>) that the exploit had been in the wild for about a week or more.\n\nIt got worse: Last Thursday, Sept. 9, threat actors began [sharing exploit how-tos](<https://www.bleepingcomputer.com/news/microsoft/windows-mshtml-zero-day-exploits-shared-on-hacking-forums/>) and PoCs for the Windows MSHTML zero-day. BleepingComputer gave it a try and found that the guides are \u201csimple to follow and [allow] anyone to create their own working version\u201d of the exploit, \u201cincluding a Python server to distribute the malicious documents and CAB files.\u201d\n\nIt took the publication all of 15 minutes to recreate the exploit.\n\nA week ago, on Tuesday, Sept. 7, Microsoft and the Cybersecurity and Infrastructure Security Agency (CISA) had [urged mitigations](<https://threatpost.com/microsoft-zero-day-rce-flaw-in-windows/169273/>) of the remote-code execution (RCE) flaw, which is found in all modern Windows operating systems.\n\nLast week, the company didn\u2019t say much about the bug in MSHTML, aka Trident, which is the HTML engine built into Windows since Internet Explorer debuted more than 20 years ago and which allows Windows to read and display HTML files.\n\nMicrosoft did say, however, that it was aware of targeted attacks trying to exploit it via specially crafted Microsoft Office documents.\n\nIn spite of there being no security updates available for the vulnerability at that time, MIcrosoft went ahead and disclosed it, along with mitigations meant to help prevent exploitation.\n\n## Mitigations That Don\u2019t Mitigate\n\nTracked as [CVE-2021-40444](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-40444>), the flaw is serious enough that CISA sent its own advisory, alerting users and administrators and recommending that they use the mitigations and workarounds Microsoft recommended \u2013 mitigations that try to prevent exploitation by blocking ActiveX controls and Word/RTF document previews in Windows Explorer.\n\nEmphasis on \u201ctry to:\u201d Unfortunately, those mitigations proved to be less than foolproof, as researchers, including Beaumont, managed to [modify the exploit](<https://twitter.com/GossiTheDog/status/1435570418623070210>) so that it didn\u2019t use ActiveX, [effectively skirting Microsoft\u2019s mitigations](<https://www.bleepingcomputer.com/news/microsoft/windows-mshtml-zero-day-defenses-bypassed-as-new-info-emerges/>).\n\nThe Zero Day Initiative [said that](<https://www.zerodayinitiative.com/blog/2021/9/14/the-september-2021-security-update-review-kpgpb>) for now, the most-effective defense is \u201cto apply the patch and avoid Office docs you aren\u2019t expecting to receive.\u201d\n\nBe sure to carefully review and install [all the needed patches](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-40444>) for your setup: There\u2019s a long list of updates for specific platforms, and it\u2019s important not to slather on too thin a layer of protection.\n\nCredit for finding this bug goes to Rick Cole of MSTIC; Bryce Abdo, Dhanesh Kizhakkinan and Genwei Jiang, all from Mandiant; and Haifei Li of EXPMON.\n\n## Baddest Bug Award\n\nThe award for baddest bug \u2013 or at least, the one with the highest severity rating, with a CVSS score of 9.8 \u2013 goes to [CVE-2021-38647](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-38647>): a critical remote-code execution (RCE) vulnerability in Open Management Infrastructure.\n\n[OMI is an open-source project](<https://github.com/microsoft/omi>) to further the development of a production-quality implementation of the [DMTF CIM/WBEM](<https://www.dmtf.org/standards/cim>) standards.\n\n\u201cThis vulnerability requires no user interaction or privileges, so an attacker can run their code on an affected system just by sending a specially crafted message to an affected system,\u201d the Zero Day Initiatve explained. That makes it high priority: ZDI recommended that OMI users test and deploy this one quickly.\n\n## Yet More PrintNightmare Patches\n\nMicrosoft also patched three elevation of privilege vulnerabilities in Windows Print Spooler ([CVE-2021-38667](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-38667>), [CVE-2021-38671](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-38671>) and [CVE-2021-40447](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-40447>)), all rated important.\n\nThese are the three latest fixes in a steady [stream](<https://threatpost.com/cisa-mitigation-printnightmare-bug/167515/>) of [patches](<https://threatpost.com/microsoft-unpatched-printnightmare-zero-day/168613/>) for flaws in Windows Print Spooler that followed the [disclosure of PrintNightmare](<https://threatpost.com/poc-exploit-windows-print-spooler-bug/167430/>) in June. This probably won\u2019t be the last patch in that parade: Tenable\u2019s Narang told Threatpost that \u201cresearchers continue to discover ways to exploit Print Spooler\u201d and that the firm expects \u201ccontinued research in this area.\u201d\n\nOnly one \u2013 CVE-2021-38671 \u2013 of today\u2019s patch trio is rated as \u201cexploitation more likely.\u201d Regardless, organizations should prioritize patching these flaws as \u201cthey are extremely valuable to attackers in post-exploitation scenarios,\u201d Narang observed.\n\n## More \u2018Exploitation More Likely\u2019\n\nImmersive\u2019s Breen told Threatpost that a trio of local privilege-escalation vulnerabilities in the Windows Common Log File System Driver ([CVE-2021-36955](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-36955>), [CVE-2021-36963](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-36963>), [CVE-2021-38633](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-38633>)) are also noteworthy, all of them being listed as \u201cexploitation more likely.\u201d\n\n\u201cLocal priv-esc vulnerabilities are a key component of almost every successful cyberattack, especially for the likes of ransomware operators who abuse this kind of exploit to gain the highest level of access,\u201d Breen said via email. \u201cThis allows them to disable antivirus, delete backups and ensure their encryptors can reach even the most sensitive of files.\u201d\n\nOne glaring example of that emerged in May, when hundreds of millions of [Dell users were found to be at risk](<https://threatpost.com/dell-kernel-privilege-bugs/165843/>) from kernel-privilege bugs. The bugs lurked undisclosed for 12 years, and could have allowed attackers to bypass security products, execute code and pivot to other parts of the network for lateral movement.\n\nThe three exploits Microsoft patched on Tuesday aren\u2019t remote, meaning that attackers need to have achieved code execution by other means. One such way would be via CVE-2021-40444.\n\nTwo other vulnerabilities \u2013 [CVE-2021-38639](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-38639>) and [CVE-2021-36975](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-36975>), both Win32k escalation of privilege flaws \u2013 have also been listed as \u201cexploitation more likely\u201d and, together, cover the full range of supported Windows versions.\n\nBreen said that he\u2019s starting to feel like a broken record when it comes to privilege escalation vulnerabilities. They\u2019re not rated as high a severity risk as RCE bugs, but \u201cthese local exploits can be the linchpin in the post-exploitation phases of an experienced attacker,\u201d he asserted. \u201cIf you can block them here you have the potential to significantly limit their damage.\u201d\n\nhe added, \u201cIf we assume a determined attacker will be able to infect a victim\u2019s device through social engineering or other techniques, I would argue that patching priv-esc vulnerabilities is even more important than patching some other remote code-execution vulns,\u201d Breen said.\n\n## Still, This RCE Is Pretty Important\n\nDanny Kim, a principal architect at Virsec who spent time at Microsoft during his graduate work on the OS security development team, wants security teams to pay attention to [CVE-2021-36965](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-36965>) \u2013 an important-rated Windows WLAN AutoConfig Service RCE vulnerability \u2013 given its combination of severity (with a CVSS:3.0 base score of 8.8); no requirement for privilege escalation/user interaction to exploit; and breadth of affected Windows versions.\n\nThe WLAN AutoConfig Service is part of the mechanism that Windows 10 uses to choose the wireless network a computer will connect to, and to the Windows Scripting Engine, respectively.\n\nThe patch fixes a flaw that could allow network-adjacent attackers to run their code on affected systems at system level.\n\nAs the Zero Day Initiative explained, that means an attacker could \u201ccompletely take over the target \u2013 provided they are on an adjacent network.\u201d That would come in quite handy in a [coffee-shop attack](<https://threatpost.com/microsoft-wi-fi-protection/145053/>), where multiple people use an unsecured Wi-Fi network.\n\nThis one \u201cis especially alarming,\u201d Kim said: Think [SolarWinds](<https://threatpost.com/solarwinds-default-password-access-sales/162327/>) and PrintNightmare.\n\n\u201cAs recent trends have shown, remote code execution-based attacks are the most critical vulnerabilities that can lead to the largest negative impact on an enterprise, as we have seen in the Solarwinds and PrintNightmare attacks,\u201d he said in an email.\n\nKim said that in spite of the exploit code maturity being currently unproven, the vulnerability has been confirmed to exist, leaving an opening for attackers.\n\n\u201cIt specifically relies on the attacker being located in the same network, so it would not be surprising to see this vulnerability used in combination with another CVE/attack to achieve an attacker\u2019s end goal,\u201d he predicted. \u201cRemote code execution attacks can lead to unverified processes running on the server workload, only highlighting the need for constant, deterministic runtime monitoring. Without this protection in place, RCE attacks can lead to a total loss of confidentiality and integrity of an enterprise\u2019s data.\u201d\n\nThe Zero Day Initiative also found this one alarming. Even though it requires proximity to a target, it requires no privileges or user interaction, so \u201cdon\u2019t let the adjacent aspect of this bug diminish the severity,\u201d it said. \u201cDefinitely test and deploy this patch quickly.\u201d\n\n## And Don\u2019t Forget to Patch Chrome\n\nBreen told Threatpost via email that security teams should also pay attention to 25 vulnerabilities patched in Chrome and ported over to Microsoft\u2019s Chromium-based Edge.\n\nBrowsers are, after all, windows into things both private, sensitive and valuable to criminals, he said.\n\n\u201cI cannot underestimate the importance of patching your browsers and keeping them up to date,\u201d he stressed. \u201cAfter all, browsers are the way we interact with the internet and web-based services that contain all sorts of highly sensitive, valuable and private information. Whether you\u2019re thinking about your online banking or the data collected and stored by your organization\u2019s web apps, they could all be exposed by attacks that exploit the browser.\u201d\n\n**It\u2019s time to evolve threat hunting into a pursuit of adversaries. **[**JOIN**](<https://threatpost.com/webinars/threat-hunting-catch-adversaries/?utm_source=ART&utm_medium=ART&utm_campaign=September_Cybersixgill_Webinar>)** Threatpost and Cybersixgill for **[**Threat Hunting to Catch Adversaries, Not Just Stop Attacks**](<https://threatpost.com/webinars/threat-hunting-catch-adversaries/?utm_source=ART&utm_medium=ART&utm_campaign=September_Cybersixgill_Webinar>)** and get a guided tour of the dark web and learn how to track threat actors before their next attack. **[**REGISTER NOW**](<https://threatpost.com/webinars/threat-hunting-catch-adversaries/?utm_source=ART&utm_medium=ART&utm_campaign=September_Cybersixgill_Webinar>)** for the LIVE discussion on September 22 at 2 PM EST with Cybersixgill\u2019s Sumukh Tendulkar and Edan Cohen, along with researcher and vCISO Chris Roberts and Threatpost host Becky Bracken.**\n", "cvss3": {}, "published": "2021-09-14T20:29:14", "type": "threatpost", "title": "Microsoft Patches Actively Exploited Windows Zero-Day", "bulletinFamily": "info", "cvss2": {}, "cvelist": ["CVE-2021-36955", "CVE-2021-36963", "CVE-2021-36965", "CVE-2021-36975", "CVE-2021-38633", "CVE-2021-38639", "CVE-2021-38647", "CVE-2021-38667", "CVE-2021-38671", "CVE-2021-40444", "CVE-2021-40447"], "modified": "2021-09-14T20:29:14", "id": "THREATPOST:6D61C560E85ECD0A7A35C55E74849510", "href": "https://threatpost.com/microsoft-patch-tuesday-exploited-windows-zero-day/169459/", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2021-09-16T15:56:08", "description": "Four Microsoft zero-day vulnerabilities in the Azure cloud platform\u2019s Open Management Infrastructure (OMI) \u2014 a software that many don\u2019t know is embedded in a host of services \u2014 show that OMI represents a significant security blind spot, researchers said.\n\nCollectively dubbed \u201cOMIGOD\u201d because of the name and the reaction of the researchers who discovered them, the flaws \u2014 which were zero-day when found \u2014 affect thousands of Azure customers and millions of endpoints, according to a [blog post](<https://www.wiz.io/blog/secret-agent-exposes-azure-customers-to-unauthorized-code-execution>) published this week by cloud infrastructure security firm Wiz.\n\nThough Microsoft patched them this week in its [monthly Patch Tuesday](<https://threatpost.com/microsoft-patch-tuesday-exploited-windows-zero-day/169459/>) raft of updates, their presence in OMI highlights the risk for the supply chain when companies unknowingly run code \u2014 particularly open-source code \u2014 on their systems that allows for exploitation, researchers said.\n\n[![Infosec Insiders Newsletter](https://media.threatpost.com/wp-content/uploads/sites/103/2021/07/10165815/infosec_insiders_in_article_promo.png)](<https://threatpost.com/infosec-insider-subscription-page/?utm_source=ART&utm_medium=ART&utm_campaign=InfosecInsiders_Newsletter_Promo/>)\n\nIndeed, recent high-profile supply-chain attacks such as [SolarWinds](<https://threatpost.com/solarwinds-attackers-dhs-emails/165110/>) and [Kaseya](<https://threatpost.com/kaseya-patches-zero-days-revil-attacks/167670/>) demonstrate how much damage can be done when undetected flaws in third-party software that organizations use in larger systems are exploited.\n\n\u201cOne of the biggest challenges in preventing them is that our digital supply chain is not transparent,\u201d senior security researcher Nir Ohfeld wrote in the Wiz post. \u201cIf you don\u2019t know what\u2019s hidden in the services and products you use every day, how can you manage the risk?\n\nIndeed, the OMIGOD vulnerabilities discovered by Ohfeld and his colleagues present a security danger to potentially millions of unsuspecting customers of cloud computing services, he said.\n\n\u201cIn a small sample of Azure tenants we analyzed, over 65 percent [of Azure customers] were unknowingly at risk,\u201d Ohfeld wrote.\n\nThe vulnerabilities that Wiz researchers discovered include one that allows for remote code execution (RCE), [CVE-2021-38647](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-38647>). The other three are privilege-escalation vulnerabilities ([CVE-2021-38648](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-38648>), [CVE-2021-38645](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-38645>) and [CVE-2021-38649)](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-38649>) of lower risk but which are critical for a full attack chain.\n\n\u201cUnless a patch is applied, attackers can easily exploit these four vulnerabilities to escalate to root privileges and remotely execute malicious code (for instance, encrypting files for ransom),\u201d Ohfeld said.\n\n## **Hidden Cloud Security Danger in OMI**\n\nOne reason for the significant alarm over the flaws is that they are found in OMI, an agent automatically deployed when customers set up a Linux virtual machine (VM) in their cloud and enable certain Azure services, researchers explained.\n\n\u201cThis happens without customers\u2019 explicit consent or knowledge,\u201d Ohfeld wrote. \u201cUsers simply click \u2018agree\u2019 to log collection during setup, and they have unknowingly opted in.\u201d\n\nOMI is a perilous attack surface because Azure provides \u201cvirtually no public documentation\u201d about it, he said. That means most customers have never heard of it and are unaware that it even exists as an exploitable entity in their deployment.\n\nMoreover, the OMI agent runs as root with the highest privileges, so any user can communicate with it using a UNIX socket or via an HTTP API when configured to allow external access, Ohfeld explained.\n\n\u201cAs a result, the vulnerabilities we found would allow external users or low-privileged users to remotely execute code on target machines or escalate privileges,\u201d he wrote.\n\n## **\u2018Textbook RCE Vulnerability\u201d**\n\n** **[CVE-2021-38647](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-38647>), with a 9.8 severity rating, is the most serious of the flaws, allowing for RCE. However, for it to be exploited, the Azure product using OMI would have to be one, such as Configuration Management, that exposes an HTTPS port, or port 5986, for interacting with OMI.\n\n\u201cThat\u2019s what makes RCE possible,\u201d Ohfeld explained. \u201cNote that most Azure services that use OMI deploy it without exposing the HTTPS port.\u201d\n\nCalling the bug \u201ca textbook RCE vulnerability that you would expect to see in the 90s\u201d not in 2021, the flaw can expose millions of endpoints because \u201can attacker could use a single packet to become root on a remote machine by simply removing the authentication header,\u201d Ohfeld wrote.\n\n\u201cThanks to the combination of a simple conditional statement coding mistake and an uninitialized auth struct, any request without an Authorization header has its privileges default to uid=0, gid=0, which is root,\u201d he explained.\n\nIn situations where the OMI ports are accessible to the internet to allow for remote management, threat actors can use the vulnerability co-obtain initial access to a target Azure environment and then move laterally within it, Ohfeld added.\n\n\u201cAn exposed HTTPS port is the holy grail for malicious actors,\u201d he observed. \u201cWith one simple exploit they can get access to new targets, execute commands at the highest privileges and possibly spread to new target machines.\u201d\n\nThe other three flaws\u2014with severity ratings that range from 7.1 to 7.8\u2014can be used as part of attack chains once attackers gain initial low-privileged access to their targets, Ohfeld added.\n\n## **Threat Discovery and Mitigations**\n\nWiz researchers reported the four vulnerabilities to Microsoft through the responsible disclosure process; the company patched them as of Tuesday, researchers said.\n\nUpgrading OMI and thus patch installation happens through the parent Azure service that installed it, they added. \u201cHowever, we urge customers to verify that their environment is indeed patched and they are running the latest version of OMI (Version 1.6.8.1),\u201d Ohfeld wrote.\n\nDifferent Azure services have different port numbers, Microsoft noted in its advisory for CVE-2021-38647. However, for customers who want to check that their Azure Linux Node does not have an exposed port, they should look for the command \u2018_netstat -an | grep <port-number>_\u2018 on most Linux distributions, which will indicate if any processes are listening on an open port, the company said.\n\n**Rule #1 of Linux Security: **No cybersecurity solution is viable if you don\u2019t have the basics down. **[JOIN](<https://threatpost.com/webinars/4-golden-rules-linux-security/?utm_source=ART&utm_medium=ART&utm_campaign=September_Uptycs_Webinar>)** Threatpost and Linux security pros at Uptycs for a LIVE roundtable on the **[4 Golden Rules of Linux Security](<https://threatpost.com/webinars/4-golden-rules-linux-security/?utm_source=ART&utm_medium=ART&utm_campaign=September_Uptycs_Webinar>)**. Your top takeaway will be a Linux roadmap to getting the basics right! **[REGISTER NOW](<https://threatpost.com/webinars/4-golden-rules-linux-security/?utm_source=ART&utm_medium=ART&utm_campaign=September_Uptycs_Webinar>) **and join the **LIVE event on Sept. 29 at Noon EST**. Joining Threatpost is Uptycs\u2019 Ben Montour and Rishi Kant who will spell out Linux security best practices and take your most pressing questions in real time.\n", "cvss3": {}, "published": "2021-09-16T11:37:48", "type": "threatpost", "title": "Azure Zero-Day Bugs Show Lurking Supply-Chain Risk", "bulletinFamily": "info", "cvss2": {}, "cvelist": ["CVE-2021-38645", "CVE-2021-38647", "CVE-2021-38648", "CVE-2021-38649"], "modified": "2021-09-16T11:37:48", "id": "THREATPOST:FD28EAD589B45A1A4A7412632B25CEAB", "href": "https://threatpost.com/azure-zero-day-supply-chain/169508/", "cvss": {"score": 0.0, "vector": "NONE"}}], "rapid7blog": [{"lastseen": "2021-09-26T09:00:50", "description": "![Patch Tuesday - September 2021](https://blog.rapid7.com/content/images/2021/09/patches-2.jpg)\n\nMicrosoft has fixed a total of 60 vulnerabilities this month, including two publicly disclosed 0-days. Fortunately there are only a few issues rated critical this month with the vast majority of the remainder being rated important. Here\u2019s three big things you can go patch right now.\n\n### MSHTML Remote Code Execution 0-day ([CVE-2021-40444](<https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-40444>))\n\nThe hot topic this month is the most recent remote code execution 0-day vulnerability in MSHTML. When it was first discovered it was only being used in a limited number of attacks, however this quickly changed once instructions for exploiting the vulnerability were published online. This vulnerability was severe enough to warrant publishing patches for older operating systems including Windows 7, Windows Server 2008 R2, and Windows Server 2008. Now that updates have been published for this vulnerability they should be applied as soon as possible.\n\n### Windows DNS Local Elevation of Privilege ([CVE-2021-36968](<https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-36968>))\n\nThis is the second publicly disclosed vulnerability updated this month. While the details surrounding this CVE are sparse, we do know that Microsoft has not detected exploitation in the wild. \n\n### Updates to PrintNightmare ([CVE-2021-1678](<https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-1678>))\n\nMicrosoft has made additional patches available for older operating systems. If you were previously unable to patch against this vulnerability you may want to review this new information.\n\n## Summary Graphs\n\n![Patch Tuesday - September 2021](https://blog.rapid7.com/content/images/2021/09/output_26_1.png)![Patch Tuesday - September 2021](https://blog.rapid7.com/content/images/2021/09/output_25_1.png)![Patch Tuesday - September 2021](https://blog.rapid7.com/content/images/2021/09/output_20_2.png)![Patch Tuesday - September 2021](https://blog.rapid7.com/content/images/2021/09/output_18_2-1.png)\n\n## Summary Tables\n\n## Azure Vulnerabilities\n\nCVE | Title | Exploited | Disclosed | CVSS3 | FAQ \n---|---|---|---|---|--- \n[CVE-2021-38647](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-38647>) | Open Management Infrastructure Remote Code Execution Vulnerability | No | No | 9.8 | Yes \n[CVE-2021-38645](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-38645>) | Open Management Infrastructure Elevation of Privilege Vulnerability | No | No | 7.8 | Yes \n[CVE-2021-38648](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-38648>) | Open Management Infrastructure Elevation of Privilege Vulnerability | No | No | 7.8 | Yes \n[CVE-2021-38649](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-38649>) | Open Management Infrastructure Elevation of Privilege Vulnerability | No | No | 7 | Yes \n[CVE-2021-40448](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-40448>) | Microsoft Accessibility Insights for Android Information Disclosure Vulnerability | No | No | 6.3 | Yes \n[CVE-2021-36956](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-36956>) | Azure Sphere Information Disclosure Vulnerability | No | No | 4.4 | Yes \n \n## Browser Vulnerabilities\n\nCVE | Title | Exploited | Disclosed | CVSS3 | FAQ \n---|---|---|---|---|--- \n[CVE-2021-38642](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-38642>) | Microsoft Edge for iOS Spoofing Vulnerability | No | No | 6.1 | No \n[CVE-2021-38641](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-38641>) | Microsoft Edge for Android Spoofing Vulnerability | No | No | 6.1 | No \n[CVE-2021-26439](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-26439>) | Microsoft Edge for Android Information Disclosure Vulnerability | No | No | 4.6 | No \n[CVE-2021-38669](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-38669>) | Microsoft Edge (Chromium-based) Tampering Vulnerability | No | No | 6.4 | Yes \n[CVE-2021-26436](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-26436>) | Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability | No | No | 6.1 | No \n[CVE-2021-36930](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-36930>) | Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability | No | No | 5.3 | No \n[CVE-2021-30632](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-30632>) | Chromium: CVE-2021-30632 Out of bounds write in V8 | No | No | | Yes \n[CVE-2021-30624](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-30624>) | Chromium: CVE-2021-30624 Use after free in Autofill | No | No | | Yes \n[CVE-2021-30623](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-30623>) | Chromium: CVE-2021-30623 Use after free in Bookmarks | No | No | | Yes \n[CVE-2021-30622](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-30622>) | Chromium: CVE-2021-30622 Use after free in WebApp Installs | No | No | | Yes \n[CVE-2021-30621](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-30621>) | Chromium: CVE-2021-30621 UI Spoofing in Autofill | No | No | | Yes \n[CVE-2021-30620](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-30620>) | Chromium: CVE-2021-30620 Insufficient policy enforcement in Blink | No | No | | Yes \n[CVE-2021-30619](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-30619>) | Chromium: CVE-2021-30619 UI Spoofing in Autofill | No | No | | Yes \n[CVE-2021-30618](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-30618>) | Chromium: CVE-2021-30618 Inappropriate implementation in DevTools | No | No | | Yes \n[CVE-2021-30617](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-30617>) | Chromium: CVE-2021-30617 Policy bypass in Blink | No | No | | Yes \n[CVE-2021-30616](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-30616>) | Chromium: CVE-2021-30616 Use after free in Media | No | No | | Yes \n[CVE-2021-30615](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-30615>) | Chromium: CVE-2021-30615 Cross-origin data leak in Navigation | No | No | | Yes \n[CVE-2021-30614](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-30614>) | Chromium: CVE-2021-30614 Heap buffer overflow in TabStrip | No | No | | Yes \n[CVE-2021-30613](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-30613>) | Chromium: CVE-2021-30613 Use after free in Base internals | No | No | | Yes \n[CVE-2021-30612](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-30612>) | Chromium: CVE-2021-30612 Use after free in WebRTC | No | No | | Yes \n[CVE-2021-30611](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-30611>) | Chromium: CVE-2021-30611 Use after free in WebRTC | No | No | | Yes \n[CVE-2021-30610](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-30610>) | Chromium: CVE-2021-30610 Use after free in Extensions API | No | No | | Yes \n[CVE-2021-30609](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-30609>) | Chromium: CVE-2021-30609 Use after free in Sign-In | No | No | | Yes \n[CVE-2021-30608](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-30608>) | Chromium: CVE-2021-30608 Use after free in Web Share | No | No | | Yes \n[CVE-2021-30607](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-30607>) | Chromium: CVE-2021-30607 Use after free in Permissions | No | No | | Yes \n[CVE-2021-30606](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-30606>) | Chromium: CVE-2021-30606 Use after free in Blink | No | No | | Yes \n \n## Developer Tools Vulnerabilities\n\nCVE | Title | Exploited | Disclosed | CVSS3 | FAQ \n---|---|---|---|---|--- \n[CVE-2021-36952](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-36952>) | Visual Studio Remote Code Execution Vulnerability | No | No | 7.8 | No \n[CVE-2021-26434](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-26434>) | Visual Studio Elevation of Privilege Vulnerability | No | No | 7.8 | No \n[CVE-2021-26437](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-26437>) | Visual Studio Code Spoofing Vulnerability | No | No | 5.5 | No \n \n## ESU Vulnerabilities\n\nCVE | Title | Exploited | Disclosed | CVSS3 | FAQ \n---|---|---|---|---|--- \n[CVE-2021-38625](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-38625>) | Windows Kernel Elevation of Privilege Vulnerability | No | No | 7.8 | No \n[CVE-2021-38626](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-38626>) | Windows Kernel Elevation of Privilege Vulnerability | No | No | 7.8 | No \n[CVE-2021-36968](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-36968>) | Windows DNS Elevation of Privilege Vulnerability | No | Yes | 7.8 | No \n \n## Microsoft Dynamics Vulnerabilities\n\nCVE | Title | Exploited | Disclosed | CVSS3 | FAQ \n---|---|---|---|---|--- \n[CVE-2021-40440](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-40440>) | Microsoft Dynamics Business Central Cross-site Scripting Vulnerability | No | No | 5.4 | No \n \n## Microsoft Office Vulnerabilities\n\nCVE | Title | Exploited | Disclosed | CVSS3 | FAQ \n---|---|---|---|---|--- \n[CVE-2021-38656](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-38656>) | Microsoft Word Remote Code Execution Vulnerability | No | No | 7.8 | Yes \n[CVE-2021-38651](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-38651>) | Microsoft SharePoint Server Spoofing Vulnerability | No | No | 7.6 | No \n[CVE-2021-38652](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-38652>) | Microsoft SharePoint Server Spoofing Vulnerability | No | No | 7.6 | No \n[CVE-2021-38653](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-38653>) | Microsoft Office Visio Remote Code Execution Vulnerability | No | No | 7.8 | No \n[CVE-2021-38654](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-38654>) | Microsoft Office Visio Remote Code Execution Vulnerability | No | No | 7.8 | Yes \n[CVE-2021-38650](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-38650>) | Microsoft Office Spoofing Vulnerability | No | No | 7.6 | Yes \n[CVE-2021-38659](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-38659>) | Microsoft Office Remote Code Execution Vulnerability | No | No | 7.8 | Yes \n[CVE-2021-38658](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-38658>) | Microsoft Office Graphics Remote Code Execution Vulnerability | No | No | 7.8 | Yes \n[CVE-2021-38660](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-38660>) | Microsoft Office Graphics Remote Code Execution Vulnerability | No | No | 7.8 | Yes \n[CVE-2021-38657](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-38657>) | Microsoft Office Graphics Component Information Disclosure Vulnerability | No | No | 6.1 | Yes \n[CVE-2021-38646](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-38646>) | Microsoft Office Access Connectivity Engine Remote Code Execution Vulnerability | No | No | 7.8 | Yes \n[CVE-2021-38655](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-38655>) | Microsoft Excel Remote Code Execution Vulnerability | No | No | 7.8 | Yes \n \n## Windows Vulnerabilities\n\nCVE | Title | Exploited | Disclosed | CVSS3 | FAQ \n---|---|---|---|---|--- \n[CVE-2021-36967](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-36967>) | Windows WLAN AutoConfig Service Elevation of Privilege Vulnerability | No | No | 8 | No \n[CVE-2021-36966](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-36966>) | Windows Subsystem for Linux Elevation of Privilege Vulnerability | No | No | 7.8 | No \n[CVE-2021-38637](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-38637>) | Windows Storage Information Disclosure Vulnerability | No | No | 5.5 | Yes \n[CVE-2021-36972](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-36972>) | Windows SMB Information Disclosure Vulnerability | No | No | 5.5 | Yes \n[CVE-2021-36974](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-36974>) | Windows SMB Elevation of Privilege Vulnerability | No | No | 7.8 | No \n[CVE-2021-36973](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-36973>) | Windows Redirected Drive Buffering System Elevation of Privilege Vulnerability | No | No | 7.8 | No \n[CVE-2021-38624](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-38624>) | Windows Key Storage Provider Security Feature Bypass Vulnerability | No | No | 6.5 | Yes \n[CVE-2021-36954](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-36954>) | Windows Bind Filter Driver Elevation of Privilege Vulnerability | No | No | 8.8 | No \n[CVE-2021-36975](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-36975>) | Win32k Elevation of Privilege Vulnerability | No | No | 7.8 | No \n[CVE-2021-38634](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-38634>) | Microsoft Windows Update Client Elevation of Privilege Vulnerability | No | No | 7.1 | No \n[CVE-2021-38644](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-38644>) | Microsoft MPEG-2 Video Extension Remote Code Execution Vulnerability | No | No | 7.8 | Yes \n[CVE-2021-38661](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-38661>) | HEVC Video Extensions Remote Code Execution Vulnerability | No | No | 7.8 | Yes \n[CVE-2021-38632](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-38632>) | BitLocker Security Feature Bypass Vulnerability | No | No | 5.7 | Yes \n \n## Windows ESU Vulnerabilities\n\nCVE | Title | Exploited | Disclosed | CVSS3 | FAQ \n---|---|---|---|---|--- \n[CVE-2021-36965](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-36965>) | Windows WLAN AutoConfig Service Remote Code Execution Vulnerability | No | No | 8.8 | No \n[CVE-2021-26435](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-26435>) | Windows Scripting Engine Memory Corruption Vulnerability | No | No | 8.1 | Yes \n[CVE-2021-36960](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-36960>) | Windows SMB Information Disclosure Vulnerability | No | No | 7.5 | Yes \n[CVE-2021-36969](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-36969>) | Windows Redirected Drive Buffering SubSystem Driver Information Disclosure Vulnerability | No | No | 5.5 | Yes \n[CVE-2021-38635](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-38635>) | Windows Redirected Drive Buffering SubSystem Driver Information Disclosure Vulnerability | No | No | 5.5 | Yes \n[CVE-2021-38636](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-38636>) | Windows Redirected Drive Buffering SubSystem Driver Information Disclosure Vulnerability | No | No | 5.5 | Yes \n[CVE-2021-38667](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-38667>) | Windows Print Spooler Elevation of Privilege Vulnerability | No | No | 7.8 | Yes \n[CVE-2021-38671](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-38671>) | Windows Print Spooler Elevation of Privilege Vulnerability | No | No | 7.8 | No \n[CVE-2021-40447](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-40447>) | Windows Print Spooler Elevation of Privilege Vulnerability | No | No | 7.8 | No \n[CVE-2021-36962](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-36962>) | Windows Installer Information Disclosure Vulnerability | No | No | 5.5 | Yes \n[CVE-2021-36961](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-36961>) | Windows Installer Denial of Service Vulnerability | No | No | 5.5 | No \n[CVE-2021-36964](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-36964>) | Windows Event Tracing Elevation of Privilege Vulnerability | No | No | 7.8 | No \n[CVE-2021-38630](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-38630>) | Windows Event Tracing Elevation of Privilege Vulnerability | No | No | 7.8 | No \n[CVE-2021-36955](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-36955>) | Windows Common Log File System Driver Elevation of Privilege Vulnerability | No | No | 7.8 | No \n[CVE-2021-36963](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-36963>) | Windows Common Log File System Driver Elevation of Privilege Vulnerability | No | No | 7.8 | No \n[CVE-2021-38633](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-38633>) | Windows Common Log File System Driver Elevation of Privilege Vulnerability | No | No | 7.8 | No \n[CVE-2021-36959](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-36959>) | Windows Authenticode Spoofing Vulnerability | No | No | 5.5 | No \n[CVE-2021-38629](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-38629>) | Windows Ancillary Function Driver for WinSock Information Disclosure Vulnerability | No | No | 6.5 | Yes \n[CVE-2021-38628](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-38628>) | Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability | No | No | 7.8 | No \n[CVE-2021-38638](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-38638>) | Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability | No | No | 7.8 | No \n[CVE-2021-38639](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-38639>) | Win32k Elevation of Privilege Vulnerability | No | No | 7.8 | No \n[CVE-2021-40444](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-40444>) | Microsoft MSHTML Remote Code Execution Vulnerability | Yes | Yes | 8.8 | Yes", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 7.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 3.6}, "published": "2021-09-15T03:44:31", "type": "rapid7blog", "title": "Patch Tuesday - September 2021", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-1678", "CVE-2021-26434", "CVE-2021-26435", "CVE-2021-26436", "CVE-2021-26437", "CVE-2021-26439", "CVE-2021-30606", "CVE-2021-30607", "CVE-2021-30608", "CVE-2021-30609", "CVE-2021-30610", "CVE-2021-30611", "CVE-2021-30612", "CVE-2021-30613", "CVE-2021-30614", "CVE-2021-30615", "CVE-2021-30616", "CVE-2021-30617", "CVE-2021-30618", "CVE-2021-30619", "CVE-2021-30620", "CVE-2021-30621", "CVE-2021-30622", "CVE-2021-30623", "CVE-2021-30624", "CVE-2021-30632", "CVE-2021-36930", "CVE-2021-36952", "CVE-2021-36954", "CVE-2021-36955", "CVE-2021-36956", "CVE-2021-36959", "CVE-2021-36960", "CVE-2021-36961", "CVE-2021-36962", "CVE-2021-36963", "CVE-2021-36964", "CVE-2021-36965", "CVE-2021-36966", "CVE-2021-36967", "CVE-2021-36968", "CVE-2021-36969", "CVE-2021-36972", "CVE-2021-36973", "CVE-2021-36974", "CVE-2021-36975", "CVE-2021-38624", "CVE-2021-38625", "CVE-2021-38626", "CVE-2021-38628", "CVE-2021-38629", "CVE-2021-38630", "CVE-2021-38632", "CVE-2021-38633", "CVE-2021-38634", "CVE-2021-38635", "CVE-2021-38636", "CVE-2021-38637", "CVE-2021-38638", "CVE-2021-38639", "CVE-2021-38641", "CVE-2021-38642", "CVE-2021-38644", "CVE-2021-38645", "CVE-2021-38646", "CVE-2021-38647", "CVE-2021-38648", "CVE-2021-38649", "CVE-2021-38650", "CVE-2021-38651", "CVE-2021-38652", "CVE-2021-38653", "CVE-2021-38654", "CVE-2021-38655", "CVE-2021-38656", "CVE-2021-38657", "CVE-2021-38658", "CVE-2021-38659", "CVE-2021-38660", "CVE-2021-38661", "CVE-2021-38667", "CVE-2021-38669", "CVE-2021-38671", "CVE-2021-40440", "CVE-2021-40444", "CVE-2021-40447", "CVE-2021-40448"], "modified": "2021-09-15T03:44:31", "id": "RAPID7BLOG:CC071AA6971D64B0F7A596B2BBD5F046", "href": "https://blog.rapid7.com/2021/09/15/patch-tuesday-september-2021/", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-09-27T08:58:08", "description": "![OMIGOD: How to Automatically Detect and Fix Microsoft Azure\u2019s New OMI Vulnerability](https://blog.rapid7.com/content/images/2021/09/omigod-vuln.jpg)\n\n_**Update**: On September 16, 2021, Microsoft released an updated OMS agent (v1.13.40-0) that addresses these vulnerabilities. You can download the updated version from [Microsoft's GitHub repo here](<https://github.com/microsoft/OMS-Agent-for-Linux/releases/tag/OMSAgent_v1.13.40-0>). In response, our team is updating the pre-built insight in InsightCloudSec to specifically look for versions of the OMS agent that are older than v1.13.40-0._\n\nOn September 14, 2021, security researchers disclosed [new vulnerabilities in Microsoft Azure's](<https://arstechnica.com/information-technology/2021/09/security-researchers-at-wiz-discover-another-major-azure-vulnerability/>) implementation of Open Management Interface (OMI), with one critical unauthorized remote code execution vulnerability ranked 9.8 (CVSS 3.0). \n\nOMI is pre-installed into Azure Linux VM instances as the byproduct of enabling certain logging, reporting, and host management options from the cloud provider\u2019s user interface and APIs. OMI is most commonly used to manage desired-state configuration and is the Linux/Unix equivalent of Windows Management Instrumentation and Remote Management (WMI/WinRM). It normally allows administrators to remotely manage the state of systems including logging and configuration settings.\n\nThe [specific remote code execution OMI vulnerability](<https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-38647>), nicknamed \u201cOMIGOD,\u201d could allow an attacker to gain remote access to Linux machines hosted on Azure via TCP ports 1270, 5985, and 5986. Once they have remote access, the attacker could theoretically escalate privileges, move laterally across the environment, and remotely execute code as root, allowing them to locate and exfiltrate sensitive data within the Azure environment. \n\nNotably, while the vulnerability does allow for remote code execution (RCE) in the most severe cases, by default these services are firewalled off. Proof-of-concept exploit code is readily available, and exploitation in the wild is likely. As of publication, Shodan shows nearly 2.5 million hosts with the affected ports open to the public internet and at risk, including hosts in the IP space for most cloud providers.\n\nFour separate CVEs have been identified but have not been submitted to MITRE as of publishing: [CVE-2021-38647](<https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-38647>), [CVE-2021-38648](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-38648>), [CVE-2021-38645](<https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-38645>), and [CVE-2021-38649](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-38649>). A fix to the vulnerable [OMI library was made available](<https://github.com/microsoft/omi/releases/tag/v1.6.8-1>) (v1.6.8-1) on September 8 and requires end users to patch their Linux instances directly. \n\nAs soon as the vulnerability was announced, our customer success and engineering teams quickly came together to understand how [InsightCloudSec](<https://www.rapid7.com/products/insightcloudsec/>) **\u2014 **which provides continuous monitoring, reporting, and automated remediation of security issues in public cloud environments **\u2014** could help our customers identify signs of this vulnerability in their Azure environments and quickly remediate the potential risk.\n\n## Identifying Azure\u2019s OMI vulnerability\n\nThis morning, just one day after the disclosure of this vulnerability, InsightCloudSec released an update (version 21.6.4) to all customers that includes a pre-built Insight that automatically identifies any Azure Virtual Machines in a running state that have the aforementioned TCP ports exposed to the public internet along with an associated public IP. \n\nWhile native Microsoft Azure Firewall services should provide a layer of protection against this vulnerability, we strongly encourage customers to leverage this Insight to identify potential attack vectors and remediate accordingly.\n\n![OMIGOD: How to Automatically Detect and Fix Microsoft Azure\u2019s New OMI Vulnerability](https://blog.rapid7.com/content/images/2021/09/image3-2.png)\n\nAs you can see in the screenshot above, InsightCloudSec is now able to easily identify virtual machines across all of your Azure subscriptions from a single view. You can build notification workflows around the findings that this Insight identifies and take corrective action to close this attack vector.\n\n## Remediating Azure\u2019s OMI vulnerability\n\nAll of our Insights include the ability to enable remediation workflows. This capability is extremely powerful and provides customers with choices of how to remediate across different areas of their cloud footprint. With a few clicks, an automation workflow can be put in place to not only remediate the current findings but also prevent misconfigurations that could be introduced in the future. It does all of this using our near real-time data collection capabilities.\n\n![OMIGOD: How to Automatically Detect and Fix Microsoft Azure\u2019s New OMI Vulnerability](https://blog.rapid7.com/content/images/2021/09/image2-2.png)\n\nLeveraging the **Create Bot** option above allows the user to define the scope and desired remediation steps. For this particular issue we recommend that customers use the following workflow: \n\n * Flagging the resource as non-compliant\n * Creating a ticket to have the vulnerability addressed (JIRA, ServiceNow, etc.)\n * Sending a notification to the resource owner or technical point of contact that manages the Azure subscription (Slack, MS Teams, Email, etc.)\n * Optional: cleaning up offending security groups by removing the affected ports from their rules \n\n## Looking ahead\n\nMisconfigurations and vulnerabilities such as these continue to be one of the most prevalent attack vectors for malicious users to take advantage of. We recently released a [Cloud Misconfiguration Report](<https://www.rapid7.com/c/cloud-misconfigurations-2021/1/>) that highlights the risk that cloud misconfigurations pose to organizations.\n\nThe rapid innovation of public clouds will continue to require both cloud security vendors and independent security researchers to collaborate and to proactively hunt for security issues and attack vectors across the Cloud Service Provider (CSP) landscape. This won\u2019t be the last issue we see, and it\u2019s a joint effort across all vendors that participate in this exciting space to help our customers consume these public cloud providers with peace of mind. \n\nAs these cloud security disclosures continue to increase in frequency, the speed and efficiency at which security teams can remediate the associated vulnerabilities will become absolutely critical to minimizing risk in complex cloud environments. We\u2019re excited that our customers can quickly gain visibility to the parts of their Azure footprint that are susceptible to this vulnerability, and also have the power to continuously remediate the presence of the misconfiguration both now and in the future.\n\n_Want to learn more about the findings from our research team's 2021 Cloud Misconfigurations Report? [Join our upcoming webinar](<https://information.rapid7.com/gc-insightcloudsec-cloud-misconfigurations-report-webcast-2021-09.html>) to hear directly from those team members about the biggest factors that led to cloud breaches last year._\n\n#### NEVER MISS A BLOG\n\nGet the latest stories, expertise, and news about security today.\n\nSubscribe", "cvss3": {}, "published": "2021-09-15T14:30:57", "type": "rapid7blog", "title": "OMIGOD: How to Automatically Detect and Fix Microsoft Azure\u2019s New OMI Vulnerability", "bulletinFamily": "info", "cvss2": {}, "cvelist": ["CVE-2021-38645", "CVE-2021-38647", "CVE-2021-38648", "CVE-2021-38649"], "modified": "2021-09-15T14:30:57", "id": "RAPID7BLOG:8D4E5743B0CE5246D493CE7356B4972D", "href": "https://blog.rapid7.com/2021/09/15/omigod-how-to-automatically-detect-and-fix-microsoft-azures-new-omi-vulnerability/", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "malwarebytes": [{"lastseen": "2021-09-17T16:35:06", "description": "The September 2021 Patch Tuesday could be remembered as the _final_ patching attempt in the PrintNightmare\u2026 nightmare. The ease with which the vulnerabilities [shrugged off the August patches](<https://blog.malwarebytes.com/exploits-and-vulnerabilities/2021/08/microsofts-printnightmare-continues-shrugs-off-patch-tuesday-fixes/>) doesn\u2019t look to get a rerun. So far we haven\u2019t seen any indications that this patch is so easy to circumvent.\n\nThe total count of fixes for this Patch Tuesday tallies up to 86, including 26 for Microsoft Edge alone. Only a few of these vulnerabilities are listed as zero-days and two of them are "old friends". There is a third, less-likely-to-be-exploited one, and then we get to introduce a whole new set of vulnerabilities nicknamed OMIGOD, for reasons that will become obvious.\n\nAzure was the subject of five CVE\u2019s, one of them listed as critical. The four that affect the Open Management Infrastructure (OMI) were found by researchers, grouped together and received the nickname OMIGOD.\n\n### PrintNightmare\n\nPrintNightmare is the name of a set of vulnerabilities that allow a standard user on a Windows network to execute arbitrary code on an affected machine (including domain controllers) as SYSTEM, allowing them to elevate their privileges as far as domain admin. Users trigger the flaw by simply feeding a malicious printer driver to a vulnerable machine, and could use their new-found superpowers to install programs; view, change, or delete data; or create new accounts with full user rights.\n\nThe problem was made worse by significant [confusion](<https://blog.malwarebytes.com/exploits-and-vulnerabilities/2021/07/patch-now-emergency-fix-for-printnightmare-released-by-microsoft/>) about whether PrintNightmare was a known, patched problem or an entirely new problem, and by repeated, at best partially-successful, attempts to patch it.\n\nThis month, Microsoft patched the remaining Print Spooler vulnerabilities under [CVE-2021-36958](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-36958>). Fingers crossed.\n\n### MSHTML\n\nThis zero-day vulnerability that felt like a ghost from the past (it involved ActiveX, remember that?) was only [found last week](<https://blog.malwarebytes.com/exploits-and-vulnerabilities/2021/09/windows-mshtml-zero-day-actively-exploited-mitigations-required/>), but has attracted significant attention. It was listed as [CVE-2021-40444](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-40444>), a Remote Code Execution (RCE) vulnerability in Microsoft MSHTML. \n\nThreat actors were sharing PoCs, tutorials and exploits on hacking forums, so that every script kiddy and wannabe hacker was able to follow step-by-step instructions in order to launch their own attacks. Microsoft published mitigation instructions that disabled the installation of new ActiveX controls, but this turned out to be easy to work around for attackers.\n\nGiven the short window of opportunity, there was some doubt about whether a fix would be included in this Patch Tuesday, but it looks like Microsoft managed to pull it off.\n\n### DNS elevation of privilege vulnerability\n\nThis vulnerability was listed as [CVE-2021-36968](<https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-36968>) and affects systems running Windows Server 2008 R2 SP1, SP2 and Windows 7 SP1. It exists due to an application that does not properly impose security restrictions in Windows DNS. The vulnerability is listed as a zero-day because it has been publicly disclosed, not because it is actively being exploited.\n\nMicrosoft says that exploitation is \u201cless likely\u201d, perhaps because it requires initial authentication and can only be exploited locally. If these conditions are met this bug can be used to accomplish elevation of privilege (EoP). \n\n### OMIGOD\n\nOMIGOD is the name for a set of four vulnerabilities in the Open Management Infrastructure (OMI) that you will find embedded in many popular Azure services. The CVEs are:\n\n * [CVE-2021-38647](<https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-38647>) OMI RCE Vulnerability with a [CVSS score](<https://blog.malwarebytes.com/malwarebytes-news/2020/05/how-cvss-works-characterizing-and-scoring-vulnerabilities/>) of 9.8 out of 10.\n * [CVE-2021-38648](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-38648>) Open Management Infrastructure Elevation of Privilege Vulnerability\n * [CVE-2021-38645](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-38645>) Open Management Infrastructure Elevation of Privilege Vulnerability\n * [CVE-2021-38649](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-38649>) Open Management Infrastructure Elevation of Privilege Vulnerability\n\nThe [researchers](<https://www.wiz.io/blog/secret-agent-exposes-azure-customers-to-unauthorized-code-execution>) that discovered the vulnerabilities consider OMIGOD to be a result of the supply-chain risks that come with using open-source code:\n\n> Wiz\u2019s research team recently discovered a series of alarming vulnerabilities that highlight the supply chain risk of open source code, particularly for customers of cloud computing services.\n\nOMI runs as root (the highest privilege level) and is activated within Azure when users enable certain services, like distributed logging, or other management tools and services. It's likely that many users aren't even aware they have it running.\n\nThe RCE vulnerability (CVE-2021-38647) can be exploited in situations where the OMI ports are accessible to the Internet to allow for remote management. In this configuration, any user can communicate with it using a UNIX socket or via an HTTP API, and any user can abuse it to remotely execute code or escalate privileges.\n\nA coding mistake means that any incoming request to the service _without_ an authorization header has its privileges default to uid=0, gid=0, which is root. \n \nOMIGOD, right?\n\nThe researchers report that the flaw can only be used to remotely takeover a target when OMI exposes the HTTPS management port externally. This is the default configuration when installed standalone and in Azure Configuration Management or System Center Operations Manager (SCOM). Other Azure services (such as Log Analytics) do not expose this port, so in those cases the scope is limited to local privilege escalation.\n\nThey advise all Azure customers to connect to their Azure VMs and run the commands below in their terminal to ensure OMI is updated to the latest version:\n\n * For Debian systems (e.g., Ubuntu): `dpkg -l omi`\n * For Redhat based system (e.g., Fedora, CentOS, RHEL): `rpm -qa omi`\n\nIf OMI isn\u2019t installed, the commands won't return any results, and your machine isn\u2019t vulnerable. Version 1.6.8.1 is the patched version. All earlier versions need to be patched.\n\n## Update September 17, 2021\n\nAfter a proof-of-concept exploit was published on code hosting website GitHub, attackers we re noticed to be looking for Linux servers running on Microsoft\u2019s Azure cloud infrastructure. These systems are vulnerable to the security flaw called OMIGOD.\n\nAccording to reports from security researchers the attackers use the OMIGOD exploit, to deploy malware that ensnares the hacked server into cryptomining or DDoS botnets.\n\nThe post [[updated] Patch now! PrintNightmare over, MSHTML fixed, a new horror appears \u2026 OMIGOD](<https://blog.malwarebytes.com/exploits-and-vulnerabilities/2021/09/patch-now-printnightmare-over-mshtml-fixed-a-new-horror-appears-omigod/>) appeared first on [Malwarebytes Labs](<https://blog.malwarebytes.com>).", "cvss3": {}, "published": "2021-09-15T13:19:48", "type": "malwarebytes", "title": "[updated] Patch now! PrintNightmare over, MSHTML fixed, a new horror appears \u2026 OMIGOD", "bulletinFamily": "blog", "cvss2": {}, "cvelist": ["CVE-2021-36958", "CVE-2021-36968", "CVE-2021-38645", "CVE-2021-38647", "CVE-2021-38648", "CVE-2021-38649", "CVE-2021-40444"], "modified": "2021-09-15T13:19:48", "id": "MALWAREBYTES:76333D1F0FCAFD79FA2EDD4A4CAFBB38", "href": "https://blog.malwarebytes.com/exploits-and-vulnerabilities/2021/09/patch-now-printnightmare-over-mshtml-fixed-a-new-horror-appears-omigod/", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}], "cisa": [{"lastseen": "2021-11-26T18:09:24", "description": "_(Updated, September 17)_\n\nOn September 16, 2021, Microsoft released [additional guidance](<https://msrc-blog.microsoft.com/2021/09/16/additional-guidance-regarding-omi-vulnerabilities-within-azure-vm-management-extensions/>) on Open Management Infrastructure (OMI) vulnerabilities\u2014[CVE-2021-38645](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-38645>), [CVE-2021-38649](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-38649>), [CVE-2021-38648](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-38648>), and [CVE-2021-38647](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-38647>)\u2014which impact Azure VM Management Extensions. According to Microsoft, \u201c[c]ustomers must update vulnerable extensions for their Cloud and On-Premises deployments as the updates become available\u2026\u201d\n\nCISA encourages organizations to review [Additional Guidance Regarding OMI Vulnerabilities within Azure VM Management Extensions](<https://msrc-blog.microsoft.com/2021/09/16/additional-guidance-regarding-omi-vulnerabilities-within-azure-vm-management-extensions/>) for more information and to:\n\n * ensure automatic updates are applied \n * ensure manual updates are applied, as patches are made available\n * restrict external access to Linux systems that expose OMI ports (TCP 5985, 5986, and 1270)\n\n_(Original, September 16)_\n\nMicrosoft has released an update to address a remote code execution vulnerability\u2014[CVE-2021-38647](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-38647>)\u2014in Azure Linux Open Management Infrastructure (OMI). An attacker could use this vulnerability to take control of an affected system.\n\nCISA encourages users and administrators to review the [Microsoft Security Advisory](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-38647>) to apply the necessary update.\n\nThis product is provided subject to this Notification and this [Privacy & Use](<https://www.dhs.gov/privacy-policy>) policy.\n\n**Please share your thoughts.**\n\nWe recently updated our anonymous [product survey](<https://www.surveymonkey.com/r/CISA-cyber-survey?product=https://us-cert.cisa.gov/ncas/current-activity/2021/09/16/microsoft-releases-security-update-azure-linux-open-management>); we'd welcome your feedback.\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 5.9}, "published": "2021-09-16T00:00:00", "type": "cisa", "title": "Microsoft Releases Security Update for Azure Linux Open Management Infrastructure", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-38645", "CVE-2021-38647", "CVE-2021-38648", "CVE-2021-38649"], "modified": "2021-09-17T00:00:00", "id": "CISA:82FAB13698D3611E1292062AD6C8B405", "href": "https://us-cert.cisa.gov/ncas/current-activity/2021/09/16/microsoft-releases-security-update-azure-linux-open-management", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "msrc": [{"lastseen": "2021-11-26T17:12:13", "description": "Last updated on October 5, 2021: See revision history located at the end of the post for changes. On September 14, 2021, Microsoft released fixes for three Elevation of Privilege (EoP) vulnerabilities and one unauthenticated Remote Code Execution (RCE) vulnerability in the Open Management Infrastructure (OMI) framework: CVE-2021-38645, CVE-2021-38649, CVE-2021-38648, and CVE-2021-38647, respectively. Open Management Infrastructure (OMI) is an open-source Web-Based Enterprise Management (WBEM) \u2026\n\n[ Additional Guidance Regarding OMI Vulnerabilities within Azure VM Management Extensions Read More \u00bb](<https://msrc-blog.microsoft.com/2021/09/16/additional-guidance-regarding-omi-vulnerabilities-within-azure-vm-management-extensions/>)", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 5.9}, "published": "2021-09-17T01:28:04", "type": "msrc", "title": "Additional Guidance Regarding OMI Vulnerabilities within Azure VM Management Extensions", "bulletinFamily": "blog", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-38645", "CVE-2021-38647", "CVE-2021-38648", "CVE-2021-38649"], "modified": "2021-09-17T01:28:04", "id": "MSRC:69CC27233CB7711437A7019644E4AE73", "href": "https://msrc-blog.microsoft.com/2021/09/16/additional-guidance-regarding-omi-vulnerabilities-within-azure-vm-management-extensions/", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-05-23T15:58:15", "description": "\u66f4\u65b0 9 \u6708 17 \u65e5\uff1a 9 \u6708\u306e\u6708\u4f8b\u30bb\u30ad\u30e5\u30ea\u30c6\u30a3\u66f4\u65b0\u65e5\u306b\u516c\u958b\u3057\u305f Open Management Infrastructure (OMI) \u306e\u8106\u5f31\u6027 CVE-2021-38645, CVE-2021-38649, CVE-2021-38648, CVE-2021-38647 \u306b\u95a2\u3057\u3066\u3001\u8ffd\u52a0\u306e\u30ac\u30a4\u30c0\u30f3", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-09-14T07:00:00", "type": "msrc", "title": "2021 \u5e74 9 \u6708\u306e\u30bb\u30ad\u30e5\u30ea\u30c6\u30a3\u66f4\u65b0\u30d7\u30ed\u30b0\u30e9\u30e0 (\u6708\u4f8b)", "bulletinFamily": "blog", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-38645", "CVE-2021-38647", "CVE-2021-38648", "CVE-2021-38649"], "modified": "2021-09-14T07:00:00", "id": "MSRC:768A8F29C87F38A1D05DD51DD3C9B107", "href": "/blog/2021/09/202109-security-updates/", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-05-23T15:58:15", "description": "Last updated on October 5, 2021: See revision history located at the end of the post for changes. On September 14, 2021, Microsoft released fixes for three Elevation of Privilege (EoP) vulnerabilities and one unauthenticated Remote Code Execution (RCE) vulnerability in the Open Management Infrastructure (OMI) framework: CVE-2021-38645, CVE-2021-38649, CVE-2021-38648, and CVE-2021-38647, respectively.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-09-16T07:00:00", "type": "msrc", "title": "Additional Guidance Regarding OMI Vulnerabilities within Azure VM Management Extensions", "bulletinFamily": "blog", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-38645", "CVE-2021-38647", "CVE-2021-38648", "CVE-2021-38649"], "modified": "2021-09-16T07:00:00", "id": "MSRC:898825BF130FA4417637FC463F734C20", "href": "/blog/2021/09/additional-guidance-regarding-omi-vulnerabilities-within-azure-vm-management-extensions/", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "mscve": [{"lastseen": "2023-05-23T16:35:47", "description": "Windows Redirected Drive Buffering SubSystem Driver Information Disclosure Vulnerability This CVE ID is unique from CVE-2021-36969, CVE-2021-38636.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "baseScore": 5.5, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2021-09-14T07:00:00", "type": "mscve", "title": "Windows Redirected Drive Buffering SubSystem Driver Information Disclosure Vulnerability", "bulletinFamily": "microsoft", "cvss2": {"severity": "LOW", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 2.1, "vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-36969", "CVE-2021-38635", "CVE-2021-38636"], "modified": "2021-09-23T07:00:00", "id": "MS:CVE-2021-38635", "href": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-38635", "cvss": {"score": 2.1, "vector": "AV:L/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2023-05-23T16:35:49", "description": "Windows Redirected Drive Buffering SubSystem Driver Information Disclosure Vulnerability This CVE ID is unique from CVE-2021-38635, CVE-2021-38636.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "baseScore": 5.5, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2021-09-14T07:00:00", "type": "mscve", "title": "Windows Redirected Drive Buffering SubSystem Driver Information Disclosure Vulnerability", "bulletinFamily": "microsoft", "cvss2": {"severity": "LOW", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 2.1, "vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-36969", "CVE-2021-38635", "CVE-2021-38636"], "modified": "2021-09-23T07:00:00", "id": "MS:CVE-2021-36969", "href": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-36969", "cvss": {"score": 2.1, "vector": "AV:L/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2023-05-23T16:35:47", "description": "Windows Redirected Drive Buffering SubSystem Driver Information Disclosure Vulnerability This CVE ID is unique from CVE-2021-36969, CVE-2021-38635.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "baseScore": 5.5, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2021-09-14T07:00:00", "type": "mscve", "title": "Windows Redirected Drive Buffering SubSystem Driver Information Disclosure Vulnerability", "bulletinFamily": "microsoft", "cvss2": {"severity": "LOW", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 2.1, "vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-36969", "CVE-2021-38635", "CVE-2021-38636"], "modified": "2021-09-23T07:00:00", "id": "MS:CVE-2021-38636", "href": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-38636", "cvss": {"score": 2.1, "vector": "AV:L/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2023-05-23T16:35:44", "description": "Windows Print Spooler Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2021-38671, CVE-2021-40447.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-09-14T07:00:00", "type": "mscve", "title": "Windows Print Spooler Elevation of Privilege Vulnerability", "bulletinFamily": "microsoft", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 4.6, "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-38667", "CVE-2021-38671", "CVE-2021-40447"], "modified": "2021-09-23T07:00:00", "id": "MS:CVE-2021-38667", "href": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-38667", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-05-23T16:35:44", "description": "Windows Print Spooler Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2021-38667, CVE-2021-40447.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-09-14T07:00:00", "type": "mscve", "title": "Windows Print Spooler Elevation of Privilege Vulnerability", "bulletinFamily": "microsoft", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 4.6, "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-38667", "CVE-2021-38671", "CVE-2021-40447"], "modified": "2021-09-23T07:00:00", "id": "MS:CVE-2021-38671", "href": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-38671", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-05-23T16:35:44", "description": "Windows Print Spooler Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2021-38667, CVE-2021-38671.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-09-14T07:00:00", "type": "mscve", "title": "Windows Print Spooler Elevation of Privilege Vulnerability", "bulletinFamily": "microsoft", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 4.6, "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-38667", "CVE-2021-38671", "CVE-2021-40447"], "modified": "2022-08-16T07:00:00", "id": "MS:CVE-2021-40447", "href": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-40447", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-05-23T16:35:50", "description": "Windows Common Log File System Driver Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2021-36963, CVE-2021-38633.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-09-14T07:00:00", "type": "mscve", "title": "Windows Common Log File System Driver Elevation of Privilege Vulnerability", "bulletinFamily": "microsoft", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 4.6, "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-36955", "CVE-2021-36963", "CVE-2021-38633"], "modified": "2021-09-23T07:00:00", "id": "MS:CVE-2021-36955", "href": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-36955", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-05-23T16:35:49", "description": "Windows Common Log File System Driver Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2021-36955, CVE-2021-38633.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-09-14T07:00:00", "type": "mscve", "title": "Windows Common Log File System Driver Elevation of Privilege Vulnerability", "bulletinFamily": "microsoft", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 4.6, "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-36955", "CVE-2021-36963", "CVE-2021-38633"], "modified": "2021-09-23T07:00:00", "id": "MS:CVE-2021-36963", "href": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-36963", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-05-23T16:35:47", "description": "Windows Common Log File System Driver Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2021-36955, CVE-2021-36963.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-09-14T07:00:00", "type": "mscve", "title": "Windows Common Log File System Driver Elevation of Privilege Vulnerability", "bulletinFamily": "microsoft", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 4.6, "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-36955", "CVE-2021-36963", "CVE-2021-38633"], "modified": "2021-09-23T07:00:00", "id": "MS:CVE-2021-38633", "href": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-38633", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-05-23T16:35:46", "description": "Open Management Infrastructure Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2021-38645, CVE-2021-38648.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-09-14T07:00:00", "type": "mscve", "title": "Open Management Infrastructure Elevation of Privilege Vulnerability", "bulletinFamily": "microsoft", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 4.6, "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-38645", "CVE-2021-38648", "CVE-2021-38649"], "modified": "2021-09-20T07:00:00", "id": "MS:CVE-2021-38649", "href": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-38649", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-05-23T16:35:46", "description": "Open Management Infrastructure Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2021-38648, CVE-2021-38649.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-09-14T07:00:00", "type": "mscve", "title": "Open Management Infrastructure Elevation of Privilege Vulnerability", "bulletinFamily": "microsoft", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 4.6, "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-38645", "CVE-2021-38648", "CVE-2021-38649"], "modified": "2021-09-20T07:00:00", "id": "MS:CVE-2021-38645", "href": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-38645", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-05-23T16:35:46", "description": "Open Management Infrastructure Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2021-38645, CVE-2021-38649.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-09-14T07:00:00", "type": "mscve", "title": "Open Management Infrastructure Elevation of Privilege Vulnerability", "bulletinFamily": "microsoft", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 4.6, "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-38645", "CVE-2021-38648", "CVE-2021-38649"], "modified": "2021-09-20T07:00:00", "id": "MS:CVE-2021-38648", "href": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-38648", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-05-23T16:35:48", "description": "Windows Kernel Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2021-38626.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-09-14T07:00:00", "type": "mscve", "title": "Windows Kernel Elevation of Privilege Vulnerability", "bulletinFamily": "microsoft", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 4.6, "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-38625", "CVE-2021-38626"], "modified": "2021-09-14T07:00:00", "id": "MS:CVE-2021-38625", "href": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-38625", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-05-23T16:35:48", "description": "Windows Kernel Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2021-38625.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-09-14T07:00:00", "type": "mscve", "title": "Windows Kernel Elevation of Privilege Vulnerability", "bulletinFamily": "microsoft", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 4.6, "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-38625", "CVE-2021-38626"], "modified": "2021-09-14T07:00:00", "id": "MS:CVE-2021-38626", "href": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-38626", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-05-23T16:35:45", "description": "Microsoft Office Visio Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-38653.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2021-09-14T07:00:00", "type": "mscve", "title": "Microsoft Office Visio Remote Code Execution Vulnerability", "bulletinFamily": "microsoft", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-38653", "CVE-2021-38654"], "modified": "2021-09-14T07:00:00", "id": "MS:CVE-2021-38654", "href": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-38654", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-05-23T16:35:45", "description": "Microsoft Office Visio Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-38654.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2021-09-14T07:00:00", "type": "mscve", "title": "Microsoft Office Visio Remote Code Execution Vulnerability", "bulletinFamily": "microsoft", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-38653", "CVE-2021-38654"], "modified": "2021-09-14T07:00:00", "id": "MS:CVE-2021-38653", "href": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-38653", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-05-23T16:35:45", "description": "Microsoft SharePoint Server Spoofing Vulnerability This CVE ID is unique from CVE-2021-38652.", "cvss3": {"exploitabilityScore": 2.1, "cvssV3": {"baseSeverity": "LOW", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "LOW", "baseScore": 3.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 1.4}, "published": "2021-09-14T07:00:00", "type": "mscve", "title": "Microsoft SharePoint Server Spoofing Vulnerability", "bulletinFamily": "microsoft", "cvss2": {"severity": "LOW", "exploitabilityScore": 6.8, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 3.5, "vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-38651", "CVE-2021-38652"], "modified": "2021-09-14T07:00:00", "id": "MS:CVE-2021-38651", "href": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-38651", "cvss": {"score": 3.5, "vector": "AV:N/AC:M/Au:S/C:N/I:P/A:N"}}, {"lastseen": "2023-05-23T16:35:45", "description": "Microsoft SharePoint Server Spoofing Vulnerability This CVE ID is unique from CVE-2021-38651.", "cvss3": {"exploitabilityScore": 2.1, "cvssV3": {"baseSeverity": "LOW", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "LOW", "baseScore": 3.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 1.4}, "published": "2021-09-14T07:00:00", "type": "mscve", "title": "Microsoft SharePoint Server Spoofing Vulnerability", "bulletinFamily": "microsoft", "cvss2": {"severity": "LOW", "exploitabilityScore": 6.8, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 3.5, "vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-38651", "CVE-2021-38652"], "modified": "2021-09-14T07:00:00", "id": "MS:CVE-2021-38652", "href": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-38652", "cvss": {"score": 3.5, "vector": "AV:N/AC:M/Au:S/C:N/I:P/A:N"}}, {"lastseen": "2023-05-23T16:35:44", "description": "Microsoft Office Graphics Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-38658.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2021-09-14T07:00:00", "type": "mscve", "title": "Microsoft Office Graphics Remote Code Execution Vulnerability", "bulletinFamily": "microsoft", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-38658", "CVE-2021-38660"], "modified": "2021-09-14T07:00:00", "id": "MS:CVE-2021-38660", "href": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-38660", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-05-23T16:35:44", "description": "Microsoft Office Graphics Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-38660.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2021-09-14T07:00:00", "type": "mscve", "title": "Microsoft Office Graphics Remote Code Execution Vulnerability", "bulletinFamily": "microsoft", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-38658", "CVE-2021-38660"], "modified": "2021-09-14T07:00:00", "id": "MS:CVE-2021-38658", "href": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-38658", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-05-23T16:35:47", "description": "Windows Event Tracing Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2021-36964.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-09-14T07:00:00", "type": "mscve", "title": "Windows Event Tracing Elevation of Privilege Vulnerability", "bulletinFamily": "microsoft", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 4.6, "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-36964", "CVE-2021-38630"], "modified": "2021-09-23T07:00:00", "id": "MS:CVE-2021-38630", "href": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-38630", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-05-23T16:35:49", "description": "Windows Event Tracing Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2021-38630.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-09-14T07:00:00", "type": "mscve", "title": "Windows Event Tracing Elevation of Privilege Vulnerability", "bulletinFamily": "microsoft", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 4.6, "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-36964", "CVE-2021-38630"], "modified": "2021-09-23T07:00:00", "id": "MS:CVE-2021-36964", "href": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-36964", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-05-23T16:35:48", "description": "Windows SMB Information Disclosure Vulnerability This CVE ID is unique from CVE-2021-36960.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "baseScore": 5.5, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2021-09-14T07:00:00", "type": "mscve", "title": "Windows SMB Information Disclosure Vulnerability", "bulletinFamily": "microsoft", "cvss2": {"severity": "LOW", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 2.1, "vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-36960", "CVE-2021-36972"], "modified": "2021-09-23T07:00:00", "id": "MS:CVE-2021-36972", "href": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-36972", "cvss": {"score": 2.1, "vector": "AV:L/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2023-05-23T16:35:50", "description": "Windows SMB Information Disclosure Vulnerability This CVE ID is unique from CVE-2021-36972.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2021-09-14T07:00:00", "type": "mscve", "title": "Windows SMB Information Disclosure Vulnerability", "bulletinFamily": "microsoft", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-36960", "CVE-2021-36972"], "modified": "2021-09-23T07:00:00", "id": "MS:CVE-2021-36960", "href": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-36960", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2023-05-23T16:35:46", "description": "Win32k Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2021-36975.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-09-14T07:00:00", "type": "mscve", "title": "Win32k Elevation of Privilege Vulnerability", "bulletinFamily": "microsoft", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 4.6, "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-36975", "CVE-2021-38639"], "modified": "2021-09-23T07:00:00", "id": "MS:CVE-2021-38639", "href": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-38639", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-05-23T16:35:48", "description": "Win32k Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2021-38639.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-09-14T07:00:00", "type": "mscve", "title": "Win32k Elevation of Privilege Vulnerability", "bulletinFamily": "microsoft", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 4.6, "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-36975", "CVE-2021-38639"], "modified": "2021-09-23T07:00:00", "id": "MS:CVE-2021-36975", "href": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-36975", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-05-23T16:35:46", "description": "Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2021-38628.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-09-14T07:00:00", "type": "mscve", "title": "Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability", "bulletinFamily": "microsoft", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 4.6, "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-38628", "CVE-2021-38638"], "modified": "2021-09-23T07:00:00", "id": "MS:CVE-2021-38638", "href": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-38638", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-05-23T16:35:47", "description": "Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2021-38638.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-09-14T07:00:00", "type": "mscve", "title": "Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability", "bulletinFamily": "microsoft", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 4.6, "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-38628", "CVE-2021-38638"], "modified": "2021-09-23T07:00:00", "id": "MS:CVE-2021-38628", "href": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-38628", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-05-27T14:46:29", "description": "Visual Studio Elevation of Privilege Vulnerability", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-09-14T07:00:00", "type": "mscve", "title": "Visual Studio Elevation of Privilege Vulnerability", "bulletinFamily": "microsoft", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-26434"], "modified": "2021-09-14T07:00:00", "id": "MS:CVE-2021-26434", "href": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-26434", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-05-23T16:35:46", "description": "Microsoft MPEG-2 Video Extension Remote Code Execution Vulnerability", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2021-09-14T07:00:00", "type": "mscve", "title": "Microsoft MPEG-2 Video Extension Remote Code Execution Vulnerability", "bulletinFamily": "microsoft", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-38644"], "modified": "2021-09-14T07:00:00", "id": "MS:CVE-2021-38644", "href": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-38644", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-05-23T16:35:44", "description": "Microsoft Office Graphics Component Information Disclosure Vulnerability", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "baseScore": 5.5, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2021-09-14T07:00:00", "type": "mscve", "title": "Microsoft Office Graphics Component Information Disclosure Vulnerability", "bulletinFamily": "microsoft", "cvss2": {"severity": "LOW", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 2.1, "vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-38657"], "modified": "2021-09-23T07:00:00", "id": "MS:CVE-2021-38657", "href": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-38657", "cvss": {"score": 2.1, "vector": "AV:L/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2023-05-23T16:35:46", "description": "Microsoft Dynamics Business Central Cross-site Scripting Vulnerability", "cvss3": {"exploitabilityScore": 2.3, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "LOW", "baseScore": 5.4, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 2.7}, "published": "2021-09-14T07:00:00", "type": "mscve", "title": "Microsoft Dynamics Business Central Cross-site Scripting Vulnerability", "bulletinFamily": "microsoft", "cvss2": {"severity": "LOW", "exploitabilityScore": 6.8, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 3.5, "vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-40440"], "modified": "2021-09-14T07:00:00", "id": "MS:CVE-2021-40440", "href": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-40440", "cvss": {"score": 3.5, "vector": "AV:N/AC:M/Au:S/C:N/I:P/A:N"}}, {"lastseen": "2023-05-23T16:35:44", "description": "Microsoft Word Remote Code Execution Vulnerability", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2021-09-14T07:00:00", "type": "mscve", "title": "Microsoft Word Remote Code Execution Vulnerability", "bulletinFamily": "microsoft", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-38656"], "modified": "2021-09-14T07:00:00", "id": "MS:CVE-2021-38656", "href": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-38656", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-05-23T16:35:50", "description": "Visual Studio Remote Code Execution Vulnerability", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2021-09-14T07:00:00", "type": "mscve", "title": "Visual Studio Remote Code Execution Vulnerability", "bulletinFamily": "microsoft", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-36952"], "modified": "2021-09-14T07:00:00", "id": "MS:CVE-2021-36952", "href": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-36952", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-05-23T16:35:44", "description": "HEVC Video Extensions Remote Code Execution Vulnerability", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2021-09-14T07:00:00", "type": "mscve", "title": "HEVC Video Extensions Remote Code Execution Vulnerability", "bulletinFamily": "microsoft", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-38661"], "modified": "2021-09-14T07:00:00", "id": "MS:CVE-2021-38661", "href": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-38661", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-05-23T16:35:44", "description": "Microsoft Office Remote Code Execution Vulnerability", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2021-09-14T07:00:00", "type": "mscve", "title": "Microsoft Office Graphics Remote Code Execution Vulnerability", "bulletinFamily": "microsoft", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-38659"], "modified": "2021-09-14T07:00:00", "id": "MS:CVE-2021-38659", "href": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-38659", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-05-23T16:35:47", "description": "BitLocker Security Feature Bypass Vulnerability", "cvss3": {"exploitabilityScore": 0.9, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "PHYSICAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 4.6, "vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2021-09-14T07:00:00", "type": "mscve", "title": "BitLocker Security Feature Bypass Vulnerability", "bulletinFamily": "microsoft", "cvss2": {"severity": "LOW", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 2.1, "vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-38632"], "modified": "2021-09-23T07:00:00", "id": "MS:CVE-2021-38632", "href": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-38632", "cvss": {"score": 2.1, "vector": "AV:L/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2023-05-23T16:35:49", "description": "Windows DNS Elevation of Privilege Vulnerability", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-09-14T07:00:00", "type": "mscve", "title": "Windows DNS Elevation of Privilege Vulnerability", "bulletinFamily": "microsoft", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 4.6, "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-36968"], "modified": "2021-09-14T07:00:00", "id": "MS:CVE-2021-36968", "href": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-36968", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}}], "cve": [{"lastseen": "2023-05-23T15:35:43", "description": "Windows Redirected Drive Buffering SubSystem Driver Information Disclosure Vulnerability This CVE ID is unique from CVE-2021-38635, CVE-2021-38636.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "baseScore": 5.5, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2021-09-15T12:15:00", "type": "cve", "title": "CVE-2021-36969", "cwe": ["NVD-CWE-noinfo"], "bulletinFamily": "NVD", "cvss2": {"severity": "LOW", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 2.1, "vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-36969", "CVE-2021-38635", "CVE-2021-38636"], "modified": "2021-09-25T11:36:00", "cpe": ["cpe:/o:microsoft:windows_10:2004", "cpe:/o:microsoft:windows_10:1809", "cpe:/o:microsoft:windows_server_2019:-", "cpe:/o:microsoft:windows_10:21h1", "cpe:/o:microsoft:windows_8.1:-", "cpe:/o:microsoft:windows_rt_8.1:-", "cpe:/o:microsoft:windows_10:1607", "cpe:/o:microsoft:windows_server_2008:r2", "cpe:/o:microsoft:windows_10:-", "cpe:/o:microsoft:windows_10:20h2", "cpe:/o:microsoft:windows_server_2022:-", "cpe:/o:microsoft:windows_server_2012:-", "cpe:/o:microsoft:windows_7:-", "cpe:/o:microsoft:windows_10:1909", "cpe:/o:microsoft:windows_server_2016:20h2", "cpe:/o:microsoft:windows_server_2016:2004", "cpe:/o:microsoft:windows_server_2016:-"], "id": "CVE-2021-36969", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-36969", "cvss": {"score": 2.1, "vector": "AV:L/AC:L/Au:N/C:P/I:N/A:N"}, "cpe23": ["cpe:2.3:o:microsoft:windows_10:20h2:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:20h2:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1909:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:2004:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:21h1:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2012:-:r2:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2019:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2022:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1607:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_7:-:sp1:*:*:-:*:-:*", "cpe:2.3:o:microsoft:windows_8.1:-:*:*:*:-:*:-:*", "cpe:2.3:o:microsoft:windows_server_2016:2004:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_rt_8.1:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_10:1809:*:*:*:*:*:*:*"]}, {"lastseen": "2023-05-23T15:39:08", "description": "Windows Redirected Drive Buffering SubSystem Driver Information Disclosure Vulnerability This CVE ID is unique from CVE-2021-36969, CVE-2021-38636.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "baseScore": 5.5, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2021-09-15T12:15:00", "type": "cve", "title": "CVE-2021-38635", "cwe": ["NVD-CWE-noinfo"], "bulletinFamily": "NVD", "cvss2": {"severity": "LOW", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 2.1, "vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-36969", "CVE-2021-38635", "CVE-2021-38636"], "modified": "2021-09-28T15:52:00", "cpe": ["cpe:/o:microsoft:windows_10:2004", "cpe:/o:microsoft:windows_10:1809", "cpe:/o:microsoft:windows_server_2019:-", "cpe:/o:microsoft:windows_10:21h1", "cpe:/o:microsoft:windows_8.1:-", "cpe:/o:microsoft:windows_rt_8.1:-", "cpe:/o:microsoft:windows_10:1607", "cpe:/o:microsoft:windows_server_2008:r2", "cpe:/o:microsoft:windows_10:-", "cpe:/o:microsoft:windows_10:20h2", "cpe:/o:microsoft:windows_server_2022:-", "cpe:/o:microsoft:windows_server_2008:-", "cpe:/o:microsoft:windows_server_2012:-", "cpe:/o:microsoft:windows_7:-", "cpe:/o:microsoft:windows_10:1909", "cpe:/o:microsoft:windows_server_2016:20h2", "cpe:/o:microsoft:windows_server_2016:2004", "cpe:/o:microsoft:windows_server_2016:-"], "id": "CVE-2021-38635", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-38635", "cvss": {"score": 2.1, "vector": "AV:L/AC:L/Au:N/C:P/I:N/A:N"}, "cpe23": ["cpe:2.3:o:microsoft:windows_server_2012:-:r2:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2019:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1607:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_8.1:-:*:*:*:-:*:-:*", "cpe:2.3:o:microsoft:windows_server_2016:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:20h2:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1909:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_10:20h2:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2022:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:21h1:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:2004:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_rt_8.1:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:2004:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_7:-:sp1:*:*:-:*:-:*", "cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1809:*:*:*:*:*:*:*"]}, {"lastseen": "2023-05-23T15:39:09", "description": "Windows Redirected Drive Buffering SubSystem Driver Information Disclosure Vulnerability This CVE ID is unique from CVE-2021-36969, CVE-2021-38635.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "baseScore": 5.5, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2021-09-15T12:15:00", "type": "cve", "title": "CVE-2021-38636", "cwe": ["NVD-CWE-noinfo"], "bulletinFamily": "NVD", "cvss2": {"severity": "LOW", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 2.1, "vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-36969", "CVE-2021-38635", "CVE-2021-38636"], "modified": "2021-09-26T21:46:00", "cpe": ["cpe:/o:microsoft:windows_10:2004", "cpe:/o:microsoft:windows_10:1809", "cpe:/o:microsoft:windows_server_2019:-", "cpe:/o:microsoft:windows_10:21h1", "cpe:/o:microsoft:windows_8.1:-", "cpe:/o:microsoft:windows_rt_8.1:-", "cpe:/o:microsoft:windows_10:1607", "cpe:/o:microsoft:windows_server_2008:r2", "cpe:/o:microsoft:windows_10:-", "cpe:/o:microsoft:windows_10:20h2", "cpe:/o:microsoft:windows_server_2022:-", "cpe:/o:microsoft:windows_server_2008:-", "cpe:/o:microsoft:windows_server_2012:-", "cpe:/o:microsoft:windows_7:-", "cpe:/o:microsoft:windows_10:1909", "cpe:/o:microsoft:windows_server_2016:20h2", "cpe:/o:microsoft:windows_server_2016:2004", "cpe:/o:microsoft:windows_server_2016:-"], "id": "CVE-2021-38636", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-38636", "cvss": {"score": 2.1, "vector": "AV:L/AC:L/Au:N/C:P/I:N/A:N"}, "cpe23": ["cpe:2.3:o:microsoft:windows_server_2012:-:r2:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2019:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1607:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_8.1:-:*:*:*:-:*:-:*", "cpe:2.3:o:microsoft:windows_server_2016:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:20h2:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1909:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_10:20h2:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2022:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:21h1:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:2004:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_rt_8.1:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:2004:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_7:-:sp1:*:*:-:*:-:*", "cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1809:*:*:*:*:*:*:*"]}, {"lastseen": "2023-05-23T15:39:13", "description": "Windows Print Spooler Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2021-38667, CVE-2021-40447.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-09-15T12:15:00", "type": "cve", "title": "CVE-2021-38671", "cwe": ["CWE-269"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 4.6, "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-38667", "CVE-2021-38671", "CVE-2021-40447"], "modified": "2021-09-24T18:52:00", "cpe": ["cpe:/o:microsoft:windows_10:2004", "cpe:/o:microsoft:windows_10:1809", "cpe:/o:microsoft:windows_server_2019:-", "cpe:/o:microsoft:windows_10:21h1", "cpe:/o:microsoft:windows_8.1:-", "cpe:/o:microsoft:windows_rt_8.1:-", "cpe:/o:microsoft:windows_10:1607", "cpe:/o:microsoft:windows_server_2008:r2", "cpe:/o:microsoft:windows_10:-", "cpe:/o:microsoft:windows_10:20h2", "cpe:/o:microsoft:windows_server_2022:-", "cpe:/o:microsoft:windows_server_2008:-", "cpe:/o:microsoft:windows_server_2012:-", "cpe:/o:microsoft:windows_7:-", "cpe:/o:microsoft:windows_10:1909", "cpe:/o:microsoft:windows_server_2016:20h2", "cpe:/o:microsoft:windows_server_2016:2004", "cpe:/o:microsoft:windows_server_2016:-"], "id": "CVE-2021-38671", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-38671", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:o:microsoft:windows_server_2012:-:r2:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2019:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1607:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_8.1:-:*:*:*:-:*:-:*", "cpe:2.3:o:microsoft:windows_server_2016:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:20h2:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1909:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_10:20h2:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2022:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:21h1:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:2004:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_rt_8.1:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:2004:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_7:-:sp1:*:*:-:*:-:*", "cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1809:*:*:*:*:*:*:*"]}, {"lastseen": "2023-05-23T15:42:53", "description": "Windows Print Spooler Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2021-38667, CVE-2021-38671.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-09-15T12:15:00", "type": "cve", "title": "CVE-2021-40447", "cwe": ["CWE-269"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 4.6, "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-38667", "CVE-2021-38671", "CVE-2021-40447"], "modified": "2021-09-24T18:41:00", "cpe": ["cpe:/o:microsoft:windows_10:2004", "cpe:/o:microsoft:windows_10:1809", "cpe:/o:microsoft:windows_server_2019:-", "cpe:/o:microsoft:windows_10:21h1", "cpe:/o:microsoft:windows_8.1:-", "cpe:/o:microsoft:windows_rt_8.1:-", "cpe:/o:microsoft:windows_10:1607", "cpe:/o:microsoft:windows_server_2008:r2", "cpe:/o:microsoft:windows_10:-", "cpe:/o:microsoft:windows_10:20h2", "cpe:/o:microsoft:windows_server_2022:-", "cpe:/o:microsoft:windows_server_2008:-", "cpe:/o:microsoft:windows_server_2012:-", "cpe:/o:microsoft:windows_7:-", "cpe:/o:microsoft:windows_10:1909", "cpe:/o:microsoft:windows_server_2016:20h2", "cpe:/o:microsoft:windows_server_2016:2004", "cpe:/o:microsoft:windows_server_2016:-"], "id": "CVE-2021-40447", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-40447", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:o:microsoft:windows_server_2012:-:r2:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2019:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1607:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_8.1:-:*:*:*:-:*:-:*", "cpe:2.3:o:microsoft:windows_server_2016:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:20h2:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1909:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_10:20h2:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2022:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:21h1:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:2004:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_rt_8.1:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:2004:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_7:-:sp1:*:*:-:*:-:*", "cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1809:*:*:*:*:*:*:*"]}, {"lastseen": "2023-05-23T15:39:13", "description": "Windows Print Spooler Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2021-38671, CVE-2021-40447.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-09-15T12:15:00", "type": "cve", "title": "CVE-2021-38667", "cwe": ["CWE-269"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 4.6, "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-38667", "CVE-2021-38671", "CVE-2021-40447"], "modified": "2021-09-24T18:53:00", "cpe": ["cpe:/o:microsoft:windows_10:2004", "cpe:/o:microsoft:windows_10:1809", "cpe:/o:microsoft:windows_server_2019:-", "cpe:/o:microsoft:windows_10:21h1", "cpe:/o:microsoft:windows_8.1:-", "cpe:/o:microsoft:windows_rt_8.1:-", "cpe:/o:microsoft:windows_10:1607", "cpe:/o:microsoft:windows_server_2008:r2", "cpe:/o:microsoft:windows_10:-", "cpe:/o:microsoft:windows_10:20h2", "cpe:/o:microsoft:windows_server_2022:-", "cpe:/o:microsoft:windows_server_2008:-", "cpe:/o:microsoft:windows_server_2012:-", "cpe:/o:microsoft:windows_7:-", "cpe:/o:microsoft:windows_10:1909", "cpe:/o:microsoft:windows_server_2016:20h2", "cpe:/o:microsoft:windows_server_2016:2004", "cpe:/o:microsoft:windows_server_2016:-"], "id": "CVE-2021-38667", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-38667", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:o:microsoft:windows_server_2012:-:r2:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2019:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1607:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_8.1:-:*:*:*:-:*:-:*", "cpe:2.3:o:microsoft:windows_server_2016:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:20h2:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1909:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_10:20h2:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2022:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:21h1:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:2004:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_rt_8.1:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:2004:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_7:-:sp1:*:*:-:*:-:*", "cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1809:*:*:*:*:*:*:*"]}, {"lastseen": "2023-05-23T15:39:07", "description": "Windows Common Log File System Driver Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2021-36955, CVE-2021-36963.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-09-15T12:15:00", "type": "cve", "title": "CVE-2021-38633", "cwe": ["CWE-269"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 4.6, "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-36955", "CVE-2021-36963", "CVE-2021-38633"], "modified": "2021-09-26T21:23:00", "cpe": ["cpe:/o:microsoft:windows_10:2004", "cpe:/o:microsoft:windows_10:1809", "cpe:/o:microsoft:windows_server_2019:-", "cpe:/o:microsoft:windows_10:21h1", "cpe:/o:microsoft:windows_8.1:-", "cpe:/o:microsoft:windows_rt_8.1:-", "cpe:/o:microsoft:windows_10:1607", "cpe:/o:microsoft:windows_server_2008:r2", "cpe:/o:microsoft:windows_10:-", "cpe:/o:microsoft:windows_10:20h2", "cpe:/o:microsoft:windows_server_2022:-", "cpe:/o:microsoft:windows_server_2008:-", "cpe:/o:microsoft:windows_server_2012:-", "cpe:/o:microsoft:windows_7:-", "cpe:/o:microsoft:windows_10:1909", "cpe:/o:microsoft:windows_server_2016:20h2", "cpe:/o:microsoft:windows_server_2016:2004", "cpe:/o:microsoft:windows_server_2016:-"], "id": "CVE-2021-38633", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-38633", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:o:microsoft:windows_server_2012:-:r2:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2019:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1607:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_8.1:-:*:*:*:-:*:-:*", "cpe:2.3:o:microsoft:windows_server_2016:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:20h2:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1909:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_10:20h2:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2022:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:21h1:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:2004:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_rt_8.1:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:2004:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_7:-:sp1:*:*:-:*:-:*", "cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1809:*:*:*:*:*:*:*"]}, {"lastseen": "2023-05-23T15:35:42", "description": "Windows Common Log File System Driver Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2021-36955, CVE-2021-38633.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-09-15T12:15:00", "type": "cve", "title": "CVE-2021-36963", "cwe": ["CWE-269"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 4.6, "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-36955", "CVE-2021-36963", "CVE-2021-38633"], "modified": "2021-09-24T18:15:00", "cpe": ["cpe:/o:microsoft:windows_10:2004", "cpe:/o:microsoft:windows_10:1809", "cpe:/o:microsoft:windows_server_2019:-", "cpe:/o:microsoft:windows_10:21h1", "cpe:/o:microsoft:windows_8.1:-", "cpe:/o:microsoft:windows_rt_8.1:-", "cpe:/o:microsoft:windows_10:1607", "cpe:/o:microsoft:windows_server_2008:r2", "cpe:/o:microsoft:windows_10:-", "cpe:/o:microsoft:windows_10:20h2", "cpe:/o:microsoft:windows_server_2022:-", "cpe:/o:microsoft:windows_server_2008:-", "cpe:/o:microsoft:windows_server_2012:-", "cpe:/o:microsoft:windows_7:-", "cpe:/o:microsoft:windows_10:1909", "cpe:/o:microsoft:windows_server_2016:20h2", "cpe:/o:microsoft:windows_server_2016:2004", "cpe:/o:microsoft:windows_server_2016:-"], "id": "CVE-2021-36963", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-36963", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:o:microsoft:windows_server_2012:-:r2:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2019:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1607:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_8.1:-:*:*:*:-:*:-:*", "cpe:2.3:o:microsoft:windows_server_2016:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:20h2:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1909:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_10:20h2:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2022:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:21h1:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:2004:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_rt_8.1:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:2004:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_7:-:sp1:*:*:-:*:-:*", "cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1809:*:*:*:*:*:*:*"]}, {"lastseen": "2023-05-23T15:35:40", "description": "Windows Common Log File System Driver Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2021-36963, CVE-2021-38633.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-09-15T12:15:00", "type": "cve", "title": "CVE-2021-36955", "cwe": ["CWE-269"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 4.6, "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-36955", "CVE-2021-36963", "CVE-2021-38633"], "modified": "2021-09-24T16:43:00", "cpe": ["cpe:/o:microsoft:windows_10:2004", "cpe:/o:microsoft:windows_10:1809", "cpe:/o:microsoft:windows_server_2019:-", "cpe:/o:microsoft:windows_10:21h1", "cpe:/o:microsoft:windows_8.1:-", "cpe:/o:microsoft:windows_rt_8.1:-", "cpe:/o:microsoft:windows_10:1607", "cpe:/o:microsoft:windows_server_2008:r2", "cpe:/o:microsoft:windows_10:-", "cpe:/o:microsoft:windows_10:20h2", "cpe:/o:microsoft:windows_server_2022:-", "cpe:/o:microsoft:windows_server_2008:-", "cpe:/o:microsoft:windows_server_2012:-", "cpe:/o:microsoft:windows_7:-", "cpe:/o:microsoft:windows_10:1909", "cpe:/o:microsoft:windows_server_2016:20h2", "cpe:/o:microsoft:windows_server_2016:2004", "cpe:/o:microsoft:windows_server_2016:-"], "id": "CVE-2021-36955", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-36955", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:o:microsoft:windows_server_2012:-:r2:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2019:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1607:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_8.1:-:*:*:*:-:*:-:*", "cpe:2.3:o:microsoft:windows_server_2016:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:20h2:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1909:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_10:20h2:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2022:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:21h1:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:2004:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_rt_8.1:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:2004:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_7:-:sp1:*:*:-:*:-:*", "cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1809:*:*:*:*:*:*:*"]}, {"lastseen": "2023-05-23T15:39:09", "description": "Open Management Infrastructure Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2021-38648, CVE-2021-38649.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-09-15T12:15:00", "type": "cve", "title": "CVE-2021-38645", "cwe": ["CWE-269"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 4.6, "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-38645", "CVE-2021-38648", "CVE-2021-38649"], "modified": "2021-09-26T21:30:00", "cpe": ["cpe:/a:microsoft:azure_automation_update_management:-", "cpe:/a:microsoft:azure_automation_state_configuration:-", "cpe:/a:microsoft:azure_diagnostics_\$lad\$:-", "cpe:/a:microsoft:azure_security_center:-", "cpe:/a:microsoft:azure_stack_hub:-", "cpe:/a:microsoft:azure_open_management_infrastructure:-", "cpe:/a:microsoft:azure_sentinel:-", "cpe:/a:microsoft:system_center_operations_manager:-", "cpe:/a:microsoft:container_monitoring_solution:-", "cpe:/a:microsoft:log_analytics_agent:-"], "id": "CVE-2021-38645", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-38645", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:a:microsoft:azure_automation_update_management:-:*:*:*:*:*:*:*", "cpe:2.3:a:microsoft:azure_diagnostics_\$lad\$:-:*:*:*:*:*:*:*", "cpe:2.3:a:microsoft:azure_automation_state_configuration:-:*:*:*:*:*:*:*", "cpe:2.3:a:microsoft:log_analytics_agent:-:*:*:*:*:*:*:*", "cpe:2.3:a:microsoft:azure_sentinel:-:*:*:*:*:*:*:*", "cpe:2.3:a:microsoft:azure_open_management_infrastructure:-:*:*:*:*:*:*:*", "cpe:2.3:a:microsoft:azure_security_center:-:*:*:*:*:*:*:*", "cpe:2.3:a:microsoft:azure_stack_hub:-:*:*:*:*:*:*:*", "cpe:2.3:a:microsoft:container_monitoring_solution:-:*:*:*:*:*:*:*", "cpe:2.3:a:microsoft:system_center_operations_manager:-:*:*:*:*:*:*:*"]}, {"lastseen": "2023-05-23T15:39:11", "description": "Open Management Infrastructure Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2021-38645, CVE-2021-38648.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-09-15T12:15:00", "type": "cve", "title": "CVE-2021-38649", "cwe": ["CWE-269"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 4.6, "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-38645", "CVE-2021-38648", "CVE-2021-38649"], "modified": "2021-09-26T21:29:00", "cpe": ["cpe:/a:microsoft:azure_automation_update_management:-", "cpe:/a:microsoft:azure_automation_state_configuration:-", "cpe:/a:microsoft:azure_diagnostics_\$lad\$:-", "cpe:/a:microsoft:azure_security_center:-", "cpe:/a:microsoft:azure_stack_hub:-", "cpe:/a:microsoft:azure_open_management_infrastructure:-", "cpe:/a:microsoft:azure_sentinel:-", "cpe:/a:microsoft:system_center_operations_manager:-", "cpe:/a:microsoft:container_monitoring_solution:-", "cpe:/a:microsoft:log_analytics_agent:-"], "id": "CVE-2021-38649", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-38649", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:a:microsoft:azure_automation_update_management:-:*:*:*:*:*:*:*", "cpe:2.3:a:microsoft:azure_diagnostics_\$lad\$:-:*:*:*:*:*:*:*", "cpe:2.3:a:microsoft:azure_automation_state_configuration:-:*:*:*:*:*:*:*", "cpe:2.3:a:microsoft:log_analytics_agent:-:*:*:*:*:*:*:*", "cpe:2.3:a:microsoft:azure_sentinel:-:*:*:*:*:*:*:*", "cpe:2.3:a:microsoft:azure_open_management_infrastructure:-:*:*:*:*:*:*:*", "cpe:2.3:a:microsoft:azure_security_center:-:*:*:*:*:*:*:*", "cpe:2.3:a:microsoft:azure_stack_hub:-:*:*:*:*:*:*:*", "cpe:2.3:a:microsoft:container_monitoring_solution:-:*:*:*:*:*:*:*", "cpe:2.3:a:microsoft:system_center_operations_manager:-:*:*:*:*:*:*:*"]}, {"lastseen": "2023-05-23T15:39:10", "description": "Open Management Infrastructure Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2021-38645, CVE-2021-38649.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-09-15T12:15:00", "type": "cve", "title": "CVE-2021-38648", "cwe": ["CWE-287"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 4.6, "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-38645", "CVE-2021-38648", "CVE-2021-38649"], "modified": "2022-07-12T17:42:00", "cpe": ["cpe:/a:microsoft:azure_automation_update_management:-", "cpe:/a:microsoft:azure_automation_state_configuration:-", "cpe:/a:microsoft:azure_diagnostics_\$lad\$:-", "cpe:/a:microsoft:azure_security_center:-", "cpe:/a:microsoft:azure_stack_hub:-", "cpe:/a:microsoft:azure_open_management_infrastructure:-", "cpe:/a:microsoft:azure_sentinel:-", "cpe:/a:microsoft:system_center_operations_manager:-", "cpe:/a:microsoft:container_monitoring_solution:-", "cpe:/a:microsoft:log_analytics_agent:-"], "id": "CVE-2021-38648", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-38648", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:a:microsoft:azure_automation_update_management:-:*:*:*:*:*:*:*", "cpe:2.3:a:microsoft:azure_diagnostics_\$lad\$:-:*:*:*:*:*:*:*", "cpe:2.3:a:microsoft:azure_automation_state_configuration:-:*:*:*:*:*:*:*", "cpe:2.3:a:microsoft:log_analytics_agent:-:*:*:*:*:*:*:*", "cpe:2.3:a:microsoft:azure_sentinel:-:*:*:*:*:*:*:*", "cpe:2.3:a:microsoft:azure_open_management_infrastructure:-:*:*:*:*:*:*:*", "cpe:2.3:a:microsoft:azure_security_center:-:*:*:*:*:*:*:*", "cpe:2.3:a:microsoft:azure_stack_hub:-:*:*:*:*:*:*:*", "cpe:2.3:a:microsoft:container_monitoring_solution:-:*:*:*:*:*:*:*", "cpe:2.3:a:microsoft:system_center_operations_manager:-:*:*:*:*:*:*:*"]}, {"lastseen": "2023-05-23T15:39:07", "description": "Windows Kernel Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2021-38625.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-09-15T12:15:00", "type": "cve", "title": "CVE-2021-38626", "cwe": ["CWE-269"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 4.6, "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-38625", "CVE-2021-38626"], "modified": "2021-09-26T21:17:00", "cpe": ["cpe:/o:microsoft:windows_server_2008:-"], "id": "CVE-2021-38626", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-38626", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:*:*"]}, {"lastseen": "2023-05-23T15:39:09", "description": "Windows Kernel Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2021-38626.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-09-15T12:15:00", "type": "cve", "title": "CVE-2021-38625", "cwe": ["CWE-269"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 4.6, "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-38625", "CVE-2021-38626"], "modified": "2021-09-26T21:05:00", "cpe": ["cpe:/o:microsoft:windows_server_2008:-"], "id": "CVE-2021-38625", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-38625", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:*:*"]}, {"lastseen": "2023-05-23T15:39:11", "description": "Microsoft Office Visio Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-38653.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2021-09-15T12:15:00", "type": "cve", "title": "CVE-2021-38654", "cwe": ["CWE-129"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-38653", "CVE-2021-38654"], "modified": "2021-09-24T19:08:00", "cpe": ["cpe:/a:microsoft:365_apps:-", "cpe:/a:microsoft:office:2019"], "id": "CVE-2021-38654", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-38654", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:a:microsoft:365_apps:-:*:*:*:enterprise:*:*:*", "cpe:2.3:a:microsoft:office:2019:*:*:*:*:*:*:*"]}, {"lastseen": "2023-05-23T15:39:11", "description": "Microsoft Office Visio Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-38654.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2021-09-15T12:15:00", "type": "cve", "title": "CVE-2021-38653", "cwe": ["CWE-787"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-38653", "CVE-2021-38654"], "modified": "2021-09-24T18:33:00", "cpe": ["cpe:/a:microsoft:365_apps:-", "cpe:/a:microsoft:office:2019"], "id": "CVE-2021-38653", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-38653", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:a:microsoft:365_apps:-:*:*:*:enterprise:*:*:*", "cpe:2.3:a:microsoft:office:2019:*:*:*:*:*:*:*"]}, {"lastseen": "2023-05-23T15:39:11", "description": "Microsoft SharePoint Server Spoofing Vulnerability This CVE ID is unique from CVE-2021-38652.", "cvss3": {"exploitabilityScore": 2.1, "cvssV3": {"baseSeverity": "LOW", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "LOW", "baseScore": 3.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 1.4}, "published": "2021-09-15T12:15:00", "type": "cve", "title": "CVE-2021-38651", "cwe": ["NVD-CWE-noinfo"], "bulletinFamily": "NVD", "cvss2": {"severity": "LOW", "exploitabilityScore": 6.8, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 3.5, "vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-38651", "CVE-2021-38652"], "modified": "2021-09-27T18:01:00", "cpe": ["cpe:/a:microsoft:sharepoint_foundation:2013", "cpe:/a:microsoft:sharepoint_enterprise_server:2016", "cpe:/a:microsoft:sharepoint_server:2019"], "id": "CVE-2021-38651", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-38651", "cvss": {"score": 3.5, "vector": "AV:N/AC:M/Au:S/C:N/I:P/A:N"}, "cpe23": ["cpe:2.3:a:microsoft:sharepoint_server:2019:*:*:*:*:*:*:*", "cpe:2.3:a:microsoft:sharepoint_enterprise_server:2016:*:*:*:*:*:*:*", "cpe:2.3:a:microsoft:sharepoint_foundation:2013:sp1:*:*:*:*:*:*"]}, {"lastseen": "2023-05-23T15:39:11", "description": "Microsoft SharePoint Server Spoofing Vulnerability This CVE ID is unique from CVE-2021-38651.", "cvss3": {"exploitabilityScore": 2.1, "cvssV3": {"baseSeverity": "LOW", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "LOW", "baseScore": 3.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 1.4}, "published": "2021-09-15T12:15:00", "type": "cve", "title": "CVE-2021-38652", "cwe": ["NVD-CWE-noinfo"], "bulletinFamily": "NVD", "cvss2": {"severity": "LOW", "exploitabilityScore": 6.8, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 3.5, "vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-38651", "CVE-2021-38652"], "modified": "2021-09-27T18:25:00", "cpe": ["cpe:/a:microsoft:sharepoint_foundation:2013", "cpe:/a:microsoft:sharepoint_enterprise_server:2016"], "id": "CVE-2021-38652", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-38652", "cvss": {"score": 3.5, "vector": "AV:N/AC:M/Au:S/C:N/I:P/A:N"}, "cpe23": ["cpe:2.3:a:microsoft:sharepoint_enterprise_server:2016:*:*:*:*:*:*:*", "cpe:2.3:a:microsoft:sharepoint_foundation:2013:sp1:*:*:*:*:*:*"]}, {"lastseen": "2023-05-23T15:39:12", "description": "Microsoft Office Graphics Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-38660.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2021-09-15T12:15:00", "type": "cve", "title": "CVE-2021-38658", "cwe": ["CWE-843"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-38658", "CVE-2021-38660"], "modified": "2021-09-24T19:07:00", "cpe": ["cpe:/a:microsoft:office:2016", "cpe:/a:microsoft:office:2013", "cpe:/a:microsoft:office:2019"], "id": "CVE-2021-38658", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-38658", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:a:microsoft:office:2016:*:-:*:-:*:-:*", "cpe:2.3:a:microsoft:office:2019:*:*:*:*:*:*:*", "cpe:2.3:a:microsoft:office:2013:sp1:*:*:rt:*:*:*", "cpe:2.3:a:microsoft:office:2013:sp1:*:*:*:*:*:*"]}, {"lastseen": "2023-05-23T15:39:13", "description": "Microsoft Office Graphics Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-38658.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2021-09-15T12:15:00", "type": "cve", "title": "CVE-2021-38660", "cwe": ["NVD-CWE-noinfo"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-38658", "CVE-2021-38660"], "modified": "2021-09-24T19:06:00", "cpe": ["cpe:/a:microsoft:excel:2013"], "id": "CVE-2021-38660", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-38660", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:a:microsoft:excel:2013:sp1:*:*:rt:*:*:*", "cpe:2.3:a:microsoft:excel:2013:sp1:*:*:*:*:*:*"]}, {"lastseen": "2023-05-23T15:35:42", "description": "Windows Event Tracing Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2021-38630.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-09-15T12:15:00", "type": "cve", "title": "CVE-2021-36964", "cwe": ["CWE-269"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 4.6, "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-36964", "CVE-2021-38630"], "modified": "2021-09-24T18:23:00", "cpe": ["cpe:/o:microsoft:windows_10:2004", "cpe:/o:microsoft:windows_10:1809", "cpe:/o:microsoft:windows_server_2019:-", "cpe:/o:microsoft:windows_10:21h1", "cpe:/o:microsoft:windows_8.1:-", "cpe:/o:microsoft:windows_rt_8.1:-", "cpe:/o:microsoft:windows_10:1607", "cpe:/o:microsoft:windows_server_2008:r2", "cpe:/o:microsoft:windows_10:-", "cpe:/o:microsoft:windows_10:20h2", "cpe:/o:microsoft:windows_server_2022:-", "cpe:/o:microsoft:windows_server_2008:-", "cpe:/o:microsoft:windows_server_2012:-", "cpe:/o:microsoft:windows_7:-", "cpe:/o:microsoft:windows_10:1909", "cpe:/o:microsoft:windows_server_2016:20h2", "cpe:/o:microsoft:windows_server_2016:2004", "cpe:/o:microsoft:windows_server_2016:-"], "id": "CVE-2021-36964", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-36964", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:o:microsoft:windows_server_2012:-:r2:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2019:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1607:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_8.1:-:*:*:*:-:*:-:*", "cpe:2.3:o:microsoft:windows_server_2016:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:20h2:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1909:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_10:20h2:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2022:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:21h1:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:2004:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_rt_8.1:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:2004:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_7:-:sp1:*:*:-:*:-:*", "cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1809:*:*:*:*:*:*:*"]}, {"lastseen": "2023-05-23T15:39:07", "description": "Windows Event Tracing Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2021-36964.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-09-15T12:15:00", "type": "cve", "title": "CVE-2021-38630", "cwe": ["CWE-269"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 4.6, "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-36964", "CVE-2021-38630"], "modified": "2021-09-26T21:33:00", "cpe": ["cpe:/o:microsoft:windows_10:2004", "cpe:/o:microsoft:windows_10:1809", "cpe:/o:microsoft:windows_server_2019:-", "cpe:/o:microsoft:windows_10:21h1", "cpe:/o:microsoft:windows_8.1:-", "cpe:/o:microsoft:windows_rt_8.1:-", "cpe:/o:microsoft:windows_10:1607", "cpe:/o:microsoft:windows_server_2008:r2", "cpe:/o:microsoft:windows_10:-", "cpe:/o:microsoft:windows_10:20h2", "cpe:/o:microsoft:windows_server_2022:-", "cpe:/o:microsoft:windows_server_2012:-", "cpe:/o:microsoft:windows_7:-", "cpe:/o:microsoft:windows_10:1909", "cpe:/o:microsoft:windows_server_2016:20h2", "cpe:/o:microsoft:windows_server_2016:2004", "cpe:/o:microsoft:windows_server_2016:-"], "id": "CVE-2021-38630", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-38630", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:o:microsoft:windows_10:20h2:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:20h2:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1909:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:2004:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:21h1:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2012:-:r2:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2019:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2022:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1607:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_7:-:sp1:*:*:-:*:-:*", "cpe:2.3:o:microsoft:windows_8.1:-:*:*:*:-:*:-:*", "cpe:2.3:o:microsoft:windows_server_2016:2004:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_rt_8.1:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_10:1809:*:*:*:*:*:*:*"]}, {"lastseen": "2023-05-23T15:35:42", "description": "Windows SMB Information Disclosure Vulnerability This CVE ID is unique from CVE-2021-36972.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2021-09-15T12:15:00", "type": "cve", "title": "CVE-2021-36960", "cwe": ["NVD-CWE-noinfo"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-36960", "CVE-2021-36972"], "modified": "2021-09-24T16:45:00", "cpe": ["cpe:/o:microsoft:windows_10:2004", "cpe:/o:microsoft:windows_10:1809", "cpe:/o:microsoft:windows_server_2019:-", "cpe:/o:microsoft:windows_10:21h1", "cpe:/o:microsoft:windows_8.1:-", "cpe:/o:microsoft:windows_rt_8.1:-", "cpe:/o:microsoft:windows_10:1607", "cpe:/o:microsoft:windows_server_2008:r2", "cpe:/o:microsoft:windows_10:-", "cpe:/o:microsoft:windows_10:20h2", "cpe:/o:microsoft:windows_server_2022:-", "cpe:/o:microsoft:windows_server_2012:-", "cpe:/o:microsoft:windows_7:-", "cpe:/o:microsoft:windows_10:1909", "cpe:/o:microsoft:windows_server_2016:20h2", "cpe:/o:microsoft:windows_server_2016:2004", "cpe:/o:microsoft:windows_server_2016:-"], "id": "CVE-2021-36960", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-36960", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}, "cpe23": ["cpe:2.3:o:microsoft:windows_10:20h2:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:20h2:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1909:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:2004:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:21h1:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2012:-:r2:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2019:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2022:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1607:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_7:-:sp1:*:*:-:*:-:*", "cpe:2.3:o:microsoft:windows_8.1:-:*:*:*:-:*:-:*", "cpe:2.3:o:microsoft:windows_server_2016:2004:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_rt_8.1:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_10:1809:*:*:*:*:*:*:*"]}, {"lastseen": "2023-05-23T15:35:43", "description": "Windows SMB Information Disclosure Vulnerability This CVE ID is unique from CVE-2021-36960.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "baseScore": 5.5, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2021-09-15T12:15:00", "type": "cve", "title": "CVE-2021-36972", "cwe": ["NVD-CWE-noinfo"], "bulletinFamily": "NVD", "cvss2": {"severity": "LOW", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 2.1, "vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-36960", "CVE-2021-36972"], "modified": "2021-09-25T11:31:00", "cpe": ["cpe:/o:microsoft:windows_10:2004", "cpe:/o:microsoft:windows_10:1809", "cpe:/o:microsoft:windows_server_2019:-", "cpe:/o:microsoft:windows_10:21h1", "cpe:/o:microsoft:windows_8.1:-", "cpe:/o:microsoft:windows_rt_8.1:-", "cpe:/o:microsoft:windows_10:1607", "cpe:/o:microsoft:windows_10:20h2", "cpe:/o:microsoft:windows_10:-", "cpe:/o:microsoft:windows_server_2022:-", "cpe:/o:microsoft:windows_server_2012:-", "cpe:/o:microsoft:windows_10:1909", "cpe:/o:microsoft:windows_server_2016:20h2", "cpe:/o:microsoft:windows_server_2016:2004", "cpe:/o:microsoft:windows_server_2016:-"], "id": "CVE-2021-36972", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-36972", "cvss": {"score": 2.1, "vector": "AV:L/AC:L/Au:N/C:P/I:N/A:N"}, "cpe23": ["cpe:2.3:o:microsoft:windows_10:20h2:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:20h2:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1909:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:2004:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:21h1:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2012:-:r2:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2019:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2022:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1607:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_8.1:-:*:*:*:-:*:-:*", "cpe:2.3:o:microsoft:windows_server_2016:2004:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_rt_8.1:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1809:*:*:*:*:*:*:*"]}, {"lastseen": "2023-05-23T15:35:44", "description": "Win32k Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2021-38639.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-09-15T12:15:00", "type": "cve", "title": "CVE-2021-36975", "cwe": ["CWE-269"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 4.6, "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-36975", "CVE-2021-38639"], "modified": "2021-09-26T21:08:00", "cpe": ["cpe:/o:microsoft:windows_10:2004", "cpe:/o:microsoft:windows_10:1809", "cpe:/o:microsoft:windows_server_2019:-", "cpe:/o:microsoft:windows_10:21h1", "cpe:/o:microsoft:windows_server_2022:-", "cpe:/o:microsoft:windows_10:20h2", "cpe:/o:microsoft:windows_10:1909", "cpe:/o:microsoft:windows_server_2016:20h2", "cpe:/o:microsoft:windows_server_2016:2004"], "id": "CVE-2021-36975", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-36975", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:o:microsoft:windows_10:20h2:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:20h2:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1909:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:2004:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:21h1:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2019:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2022:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:2004:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1809:*:*:*:*:*:*:*"]}, {"lastseen": "2023-05-23T15:39:09", "description": "Win32k Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2021-36975.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-09-15T12:15:00", "type": "cve", "title": "CVE-2021-38639", "cwe": ["CWE-269"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 4.6, "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-36975", "CVE-2021-38639"], "modified": "2021-09-26T21:31:00", "cpe": ["cpe:/o:microsoft:windows_10:2004", "cpe:/o:microsoft:windows_10:1809", "cpe:/o:microsoft:windows_server_2019:-", "cpe:/o:microsoft:windows_10:21h1", "cpe:/o:microsoft:windows_8.1:-", "cpe:/o:microsoft:windows_rt_8.1:-", "cpe:/o:microsoft:windows_10:1607", "cpe:/o:microsoft:windows_server_2008:r2", "cpe:/o:microsoft:windows_10:-", "cpe:/o:microsoft:windows_10:20h2", "cpe:/o:microsoft:windows_server_2022:-", "cpe:/o:microsoft:windows_server_2008:-", "cpe:/o:microsoft:windows_server_2012:-", "cpe:/o:microsoft:windows_7:-", "cpe:/o:microsoft:windows_10:1909", "cpe:/o:microsoft:windows_server_2016:20h2", "cpe:/o:microsoft:windows_server_2016:2004", "cpe:/o:microsoft:windows_server_2016:-"], "id": "CVE-2021-38639", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-38639", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:o:microsoft:windows_server_2012:-:r2:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2019:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1607:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_8.1:-:*:*:*:-:*:-:*", "cpe:2.3:o:microsoft:windows_server_2016:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:20h2:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1909:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_10:20h2:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2022:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:21h1:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:2004:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_rt_8.1:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:2004:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_7:-:sp1:*:*:-:*:-:*", "cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1809:*:*:*:*:*:*:*"]}, {"lastseen": "2023-05-23T15:39:07", "description": "Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2021-38638.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-09-15T12:15:00", "type": "cve", "title": "CVE-2021-38628", "cwe": ["CWE-269"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 4.6, "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-38628", "CVE-2021-38638"], "modified": "2021-09-26T21:44:00", "cpe": ["cpe:/o:microsoft:windows_10:2004", "cpe:/o:microsoft:windows_10:1809", "cpe:/o:microsoft:windows_server_2019:-", "cpe:/o:microsoft:windows_10:21h1", "cpe:/o:microsoft:windows_8.1:-", "cpe:/o:microsoft:windows_rt_8.1:-", "cpe:/o:microsoft:windows_10:1607", "cpe:/o:microsoft:windows_server_2008:r2", "cpe:/o:microsoft:windows_10:-", "cpe:/o:microsoft:windows_10:20h2", "cpe:/o:microsoft:windows_server_2022:-", "cpe:/o:microsoft:windows_server_2008:-", "cpe:/o:microsoft:windows_server_2012:-", "cpe:/o:microsoft:windows_7:-", "cpe:/o:microsoft:windows_10:1909", "cpe:/o:microsoft:windows_server_2016:20h2", "cpe:/o:microsoft:windows_server_2016:2004", "cpe:/o:microsoft:windows_server_2016:-"], "id": "CVE-2021-38628", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-38628", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:o:microsoft:windows_server_2012:-:r2:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2019:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1607:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_8.1:-:*:*:*:-:*:-:*", "cpe:2.3:o:microsoft:windows_server_2016:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:20h2:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1909:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_10:20h2:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2022:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:21h1:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:2004:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_rt_8.1:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:2004:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_7:-:sp1:*:*:-:*:-:*", "cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1809:*:*:*:*:*:*:*"]}, {"lastseen": "2023-05-23T15:39:09", "description": "Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2021-38628.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-09-15T12:15:00", "type": "cve", "title": "CVE-2021-38638", "cwe": ["CWE-269"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 4.6, "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-38628", "CVE-2021-38638"], "modified": "2021-09-26T21:43:00", "cpe": ["cpe:/o:microsoft:windows_10:2004", "cpe:/o:microsoft:windows_10:1809", "cpe:/o:microsoft:windows_server_2019:-", "cpe:/o:microsoft:windows_10:21h1", "cpe:/o:microsoft:windows_8.1:-", "cpe:/o:microsoft:windows_rt_8.1:-", "cpe:/o:microsoft:windows_10:1607", "cpe:/o:microsoft:windows_server_2008:r2", "cpe:/o:microsoft:windows_10:-", "cpe:/o:microsoft:windows_10:20h2", "cpe:/o:microsoft:windows_server_2022:-", "cpe:/o:microsoft:windows_server_2008:-", "cpe:/o:microsoft:windows_server_2012:-", "cpe:/o:microsoft:windows_7:-", "cpe:/o:microsoft:windows_10:1909", "cpe:/o:microsoft:windows_server_2016:20h2", "cpe:/o:microsoft:windows_server_2016:2004", "cpe:/o:microsoft:windows_server_2016:-"], "id": "CVE-2021-38638", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-38638", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:o:microsoft:windows_server_2012:-:r2:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2019:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1607:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_8.1:-:*:*:*:-:*:-:*", "cpe:2.3:o:microsoft:windows_server_2016:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:20h2:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1909:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_10:20h2:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2022:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:21h1:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:2004:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_rt_8.1:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:2004:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_7:-:sp1:*:*:-:*:-:*", "cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1809:*:*:*:*:*:*:*"]}, {"lastseen": "2023-05-27T14:31:48", "description": "Visual Studio Elevation of Privilege Vulnerability", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-09-15T12:15:00", "type": "cve", "title": "CVE-2021-26434", "cwe": ["CWE-732"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-26434"], "modified": "2022-05-03T16:04:00", "cpe": ["cpe:/a:microsoft:visual_studio_2019:16.11", "cpe:/a:microsoft:visual_studio_2017:15.9"], "id": "CVE-2021-26434", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-26434", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}, "cpe23": ["cpe:2.3:a:microsoft:visual_studio_2017:15.9:*:*:*:*:*:*:*", "cpe:2.3:a:microsoft:visual_studio_2019:16.11:*:*:*:*:*:*:*"]}, {"lastseen": "2023-05-23T15:39:12", "description": "Microsoft MPEG-2 Video Extension Remote Code Execution Vulnerability", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2021-09-15T12:15:00", "type": "cve", "title": "CVE-2021-38644", "cwe": ["NVD-CWE-noinfo"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-38644"], "modified": "2021-09-24T19:13:00", "cpe": [], "id": "CVE-2021-38644", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-38644", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "cpe23": []}, {"lastseen": "2023-05-23T15:41:44", "description": "Acrobat Reader DC versions 2021.005.20060 (and earlier), 2020.004.30006 (and earlier) and 2017.011.30199 (and earlier) are affected by a Null pointer dereference vulnerability. An unauthenticated attacker could leverage this vulnerability to achieve an application denial-of-service in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 5.5, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 3.6}, "published": "2021-09-29T16:15:00", "type": "cve", "title": "CVE-2021-39849", "cwe": ["CWE-476"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-39849"], "modified": "2021-10-06T21:02:00", "cpe": ["cpe:/a:adobe:acrobat_reader_dc:21.005.20060", "cpe:/a:adobe:acrobat_dc:21.005.20058", "cpe:/a:adobe:acrobat_dc:21.005.20060", "cpe:/a:adobe:acrobat:17.011.30199", "cpe:/a:adobe:acrobat_reader:20.004.30006", "cpe:/a:adobe:acrobat:20.004.30006", "cpe:/a:adobe:acrobat_reader:17.011.30199", "cpe:/a:adobe:acrobat_reader_dc:21.005.20058"], "id": "CVE-2021-39849", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-39849", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}, "cpe23": ["cpe:2.3:a:adobe:acrobat_dc:21.005.20058:*:*:*:continuous:*:*:*", "cpe:2.3:a:adobe:acrobat_reader:17.011.30199:*:*:*:classic:*:*:*", "cpe:2.3:a:adobe:acrobat_dc:21.005.20060:*:*:*:continuous:*:*:*", "cpe:2.3:a:adobe:acrobat:17.011.30199:*:*:*:classic:*:*:*", "cpe:2.3:a:adobe:acrobat_reader:20.004.30006:*:*:*:classic:*:*:*", "cpe:2.3:a:adobe:acrobat:20.004.30006:*:*:*:classic:*:*:*", "cpe:2.3:a:adobe:acrobat_reader_dc:21.005.20058:*:*:*:continuous:*:*:*", "cpe:2.3:a:adobe:acrobat_reader_dc:21.005.20060:*:*:*:continuous:*:*:*"]}, {"lastseen": "2023-05-23T15:41:43", "description": "Acrobat Reader DC versions 2021.005.20060 (and earlier), 2020.004.30006 (and earlier) and 2017.011.30199 (and earlier) are affected by a Type Confusion vulnerability. An attacker could leverage this vulnerability to execute arbitrary code in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2021-09-29T16:15:00", "type": "cve", "title": "CVE-2021-39841", "cwe": ["CWE-843"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-39841"], "modified": "2021-10-06T21:05:00", "cpe": ["cpe:/a:adobe:acrobat_reader_dc:21.005.20060", "cpe:/a:adobe:acrobat_dc:21.005.20058", "cpe:/a:adobe:acrobat_dc:21.005.20060", "cpe:/a:adobe:acrobat:17.011.30199", "cpe:/a:adobe:acrobat_reader:20.004.30006", "cpe:/a:adobe:acrobat:20.004.30006", "cpe:/a:adobe:acrobat_reader:17.011.30199", "cpe:/a:adobe:acrobat_reader_dc:21.005.20058"], "id": "CVE-2021-39841", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-39841", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:a:adobe:acrobat_dc:21.005.20058:*:*:*:continuous:*:*:*", "cpe:2.3:a:adobe:acrobat_reader:17.011.30199:*:*:*:classic:*:*:*", "cpe:2.3:a:adobe:acrobat_dc:21.005.20060:*:*:*:continuous:*:*:*", "cpe:2.3:a:adobe:acrobat:17.011.30199:*:*:*:classic:*:*:*", "cpe:2.3:a:adobe:acrobat_reader:20.004.30006:*:*:*:classic:*:*:*", "cpe:2.3:a:adobe:acrobat:20.004.30006:*:*:*:classic:*:*:*", "cpe:2.3:a:adobe:acrobat_reader_dc:21.005.20058:*:*:*:continuous:*:*:*", "cpe:2.3:a:adobe:acrobat_reader_dc:21.005.20060:*:*:*:continuous:*:*:*"]}, {"lastseen": "2023-05-23T15:41:46", "description": "Acrobat Reader DC versions 2021.005.20060 (and earlier), 2020.004.30006 (and earlier) and 2017.011.30199 (and earlier) are affected by a Buffer Overflow vulnerability when parsing a specially crafted PDF file. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2021-09-29T16:15:00", "type": "cve", "title": "CVE-2021-39863", "cwe": ["CWE-122"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-39863"], "modified": "2021-10-06T16:45:00", "cpe": ["cpe:/a:adobe:acrobat_reader_dc:21.005.20060", "cpe:/a:adobe:acrobat_dc:21.005.20058", "cpe:/a:adobe:acrobat_dc:21.005.20060", "cpe:/a:adobe:acrobat_reader_2017:17.011.30199", "cpe:/a:adobe:acrobat_reader:20.004.30006", "cpe:/a:adobe:acrobat_2017:17.011.30199", "cpe:/a:adobe:acrobat:20.004.30006"], "id": "CVE-2021-39863", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-39863", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:a:adobe:acrobat_reader_2017:17.011.30199:*:*:*:classic_2017:*:*:*", "cpe:2.3:a:adobe:acrobat_dc:21.005.20058:*:*:*:continuous:*:*:*", "cpe:2.3:a:adobe:acrobat_dc:21.005.20060:*:*:*:continuous:*:*:*", "cpe:2.3:a:adobe:acrobat_reader:20.004.30006:*:*:*:classic:*:*:*", "cpe:2.3:a:adobe:acrobat:20.004.30006:*:*:*:classic:*:*:*", "cpe:2.3:a:adobe:acrobat_2017:17.011.30199:*:*:*:classic_2017:*:*:*", "cpe:2.3:a:adobe:acrobat_reader_dc:21.005.20060:*:*:*:continuous:*:*:*"]}, {"lastseen": "2023-05-23T15:41:45", "description": "Acrobat Reader DC versions 2021.005.20060 (and earlier), 2020.004.30006 (and earlier) and 2017.011.30199 (and earlier) are affected by a Null pointer dereference vulnerability. An unauthenticated attacker could leverage this vulnerability to achieve an application denial-of-service in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 5.5, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 3.6}, "published": "2021-09-29T16:15:00", "type": "cve", "title": "CVE-2021-39853", "cwe": ["CWE-476"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-39853"], "modified": "2021-10-06T19:09:00", "cpe": ["cpe:/a:adobe:acrobat_reader_dc:21.005.20060", "cpe:/a:adobe:acrobat_dc:21.005.20058", "cpe:/a:adobe:acrobat_dc:21.005.20060", "cpe:/a:adobe:acrobat_reader:20.004.30006", "cpe:/a:adobe:acrobat:20.004.30006"], "id": "CVE-2021-39853", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-39853", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}, "cpe23": ["cpe:2.3:a:adobe:acrobat_dc:21.005.20058:*:*:*:continuous:*:*:*", "cpe:2.3:a:adobe:acrobat_dc:21.005.20060:*:*:*:continuous:*:*:*", "cpe:2.3:a:adobe:acrobat_reader:20.004.30006:*:*:*:classic:*:*:*", "cpe:2.3:a:adobe:acrobat:20.004.30006:*:*:*:classic:*:*:*", "cpe:2.3:a:adobe:acrobat_reader_dc:21.005.20060:*:*:*:continuous:*:*:*"]}, {"lastseen": "2023-05-23T15:41:45", "description": "Adobe Acrobat Reader DC add-on for Internet Explorer versions 2021.005.20060 (and earlier), 2020.004.30006 (and earlier) and 2017.011.30199 (and earlier) are affected by an Information Disclosure vulnerability. An unauthenticated attacker could leverage this vulnerability to check for existence of local files. Exploitation of this issue requires user interaction in that a victim must visit an attacker controlled web page.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 4.3, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 1.4}, "published": "2021-09-29T16:15:00", "type": "cve", "title": "CVE-2021-39857", "cwe": ["CWE-200"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-39857"], "modified": "2021-10-07T00:18:00", "cpe": ["cpe:/a:adobe:acrobat_reader_dc:21.005.20060", "cpe:/a:adobe:acrobat_dc:21.005.20058", "cpe:/a:adobe:acrobat_dc:21.005.20060", "cpe:/a:adobe:acrobat:17.011.30199", "cpe:/a:adobe:acrobat_reader:20.004.30006", "cpe:/a:adobe:acrobat:20.004.30006", "cpe:/a:adobe:acrobat_reader:17.011.30199", "cpe:/a:adobe:acrobat_reader_dc:21.005.20058"], "id": "CVE-2021-39857", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-39857", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}, "cpe23": ["cpe:2.3:a:adobe:acrobat_dc:21.005.20058:*:*:*:continuous:*:*:*", "cpe:2.3:a:adobe:acrobat_reader:17.011.30199:*:*:*:classic:*:*:*", "cpe:2.3:a:adobe:acrobat_dc:21.005.20060:*:*:*:continuous:*:*:*", "cpe:2.3:a:adobe:acrobat:17.011.30199:*:*:*:classic:*:*:*", "cpe:2.3:a:adobe:acrobat_reader:20.004.30006:*:*:*:classic:*:*:*", "cpe:2.3:a:adobe:acrobat:20.004.30006:*:*:*:classic:*:*:*", "cpe:2.3:a:adobe:acrobat_reader_dc:21.005.20058:*:*:*:continuous:*:*:*", "cpe:2.3:a:adobe:acrobat_reader_dc:21.005.20060:*:*:*:continuous:*:*:*"]}, {"lastseen": "2023-05-23T15:41:48", "description": "Acrobat Reader DC versions 2021.005.20060 (and earlier), 2020.004.30006 (and earlier) and 2017.011.30199 (and earlier) are affected by a Null pointer dereference vulnerability. An unauthenticated attacker could leverage this vulnerability to achieve an application denial-of-service in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 5.5, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 3.6}, "published": "2021-09-29T16:15:00", "type": "cve", "title": "CVE-2021-39852", "cwe": ["CWE-476"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-39852"], "modified": "2021-10-06T20:59:00", "cpe": ["cpe:/a:adobe:acrobat_reader_dc:21.005.20060", "cpe:/a:adobe:acrobat_dc:21.005.20058", "cpe:/a:adobe:acrobat_dc:21.005.20060", "cpe:/a:adobe:acrobat:17.011.30199", "cpe:/a:adobe:acrobat_reader:20.004.30006", "cpe:/a:adobe:acrobat:20.004.30006", "cpe:/a:adobe:acrobat_reader:17.011.30199", "cpe:/a:adobe:acrobat_reader_dc:21.005.20058"], "id": "CVE-2021-39852", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-39852", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}, "cpe23": ["cpe:2.3:a:adobe:acrobat_dc:21.005.20058:*:*:*:continuous:*:*:*", "cpe:2.3:a:adobe:acrobat_reader:17.011.30199:*:*:*:classic:*:*:*", "cpe:2.3:a:adobe:acrobat_dc:21.005.20060:*:*:*:continuous:*:*:*", "cpe:2.3:a:adobe:acrobat:17.011.30199:*:*:*:classic:*:*:*", "cpe:2.3:a:adobe:acrobat_reader:20.004.30006:*:*:*:classic:*:*:*", "cpe:2.3:a:adobe:acrobat:20.004.30006:*:*:*:classic:*:*:*", "cpe:2.3:a:adobe:acrobat_reader_dc:21.005.20058:*:*:*:continuous:*:*:*", "cpe:2.3:a:adobe:acrobat_reader_dc:21.005.20060:*:*:*:continuous:*:*:*"]}, {"lastseen": "2023-05-23T15:41:43", "description": "Acrobat Reader DC versions 2021.005.20060 (and earlier), 2020.004.30006 (and earlier) and 2017.011.30199 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2021-09-29T16:15:00", "type": "cve", "title": "CVE-2021-39843", "cwe": ["CWE-787"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-39843"], "modified": "2021-10-06T21:07:00", "cpe": ["cpe:/a:adobe:acrobat_reader_dc:21.005.20060", "cpe:/a:adobe:acrobat_dc:21.005.20058", "cpe:/a:adobe:acrobat_dc:21.005.20060", "cpe:/a:adobe:acrobat:17.011.30199", "cpe:/a:adobe:acrobat_reader:20.004.30006", "cpe:/a:adobe:acrobat:20.004.30006", "cpe:/a:adobe:acrobat_reader:17.011.30199", "cpe:/a:adobe:acrobat_reader_dc:21.005.20058"], "id": "CVE-2021-39843", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-39843", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:a:adobe:acrobat_dc:21.005.20058:*:*:*:continuous:*:*:*", "cpe:2.3:a:adobe:acrobat_reader:17.011.30199:*:*:*:classic:*:*:*", "cpe:2.3:a:adobe:acrobat_dc:21.005.20060:*:*:*:continuous:*:*:*", "cpe:2.3:a:adobe:acrobat:17.011.30199:*:*:*:classic:*:*:*", "cpe:2.3:a:adobe:acrobat_reader:20.004.30006:*:*:*:classic:*:*:*", "cpe:2.3:a:adobe:acrobat:20.004.30006:*:*:*:classic:*:*:*", "cpe:2.3:a:adobe:acrobat_reader_dc:21.005.20058:*:*:*:continuous:*:*:*", "cpe:2.3:a:adobe:acrobat_reader_dc:21.005.20060:*:*:*:continuous:*:*:*"]}, {"lastseen": "2023-05-23T15:41:44", "description": "Acrobat Reader DC versions 2021.005.20060 (and earlier), 2020.004.30006 (and earlier) and 2017.011.30199 (and earlier) are affected by a Null pointer dereference vulnerability. An unauthenticated attacker could leverage this vulnerability to achieve an application denial-of-service in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 5.5, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 3.6}, "published": "2021-09-29T16:15:00", "type": "cve", "title": "CVE-2021-39851", "cwe": ["CWE-476"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-39851"], "modified": "2021-10-06T21:08:00", "cpe": ["cpe:/a:adobe:acrobat_reader_dc:21.005.20060", "cpe:/a:adobe:acrobat_dc:21.005.20058", "cpe:/a:adobe:acrobat_dc:21.005.20060", "cpe:/a:adobe:acrobat:17.011.30199", "cpe:/a:adobe:acrobat_reader:20.004.30006", "cpe:/a:adobe:acrobat:20.004.30006", "cpe:/a:adobe:acrobat_reader:17.011.30199", "cpe:/a:adobe:acrobat_reader_dc:21.005.20058"], "id": "CVE-2021-39851", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-39851", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}, "cpe23": ["cpe:2.3:a:adobe:acrobat_dc:21.005.20058:*:*:*:continuous:*:*:*", "cpe:2.3:a:adobe:acrobat_reader:17.011.30199:*:*:*:classic:*:*:*", "cpe:2.3:a:adobe:acrobat_dc:21.005.20060:*:*:*:continuous:*:*:*", "cpe:2.3:a:adobe:acrobat:17.011.30199:*:*:*:classic:*:*:*", "cpe:2.3:a:adobe:acrobat_reader:20.004.30006:*:*:*:classic:*:*:*", "cpe:2.3:a:adobe:acrobat:20.004.30006:*:*:*:classic:*:*:*", "cpe:2.3:a:adobe:acrobat_reader_dc:21.005.20058:*:*:*:continuous:*:*:*", "cpe:2.3:a:adobe:acrobat_reader_dc:21.005.20060:*:*:*:continuous:*:*:*"]}, {"lastseen": "2023-05-23T15:41:45", "description": "Acrobat Reader DC versions 2021.005.20060 (and earlier), 2020.004.30006 (and earlier) and 2017.011.30199 (and earlier) are affected by a Null pointer dereference vulnerability. An unauthenticated attacker could leverage this vulnerability to achieve an application denial-of-service in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 5.5, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 3.6}, "published": "2021-09-29T16:15:00", "type": "cve", "title": "CVE-2021-39854", "cwe": ["CWE-476"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-39854"], "modified": "2021-10-06T18:43:00", "cpe": ["cpe:/a:adobe:acrobat_reader_dc:21.005.20060", "cpe:/a:adobe:acrobat_dc:21.005.20058", "cpe:/a:adobe:acrobat_dc:21.005.20060", "cpe:/a:adobe:acrobat:17.011.30199", "cpe:/a:adobe:acrobat_reader:20.004.30006", "cpe:/a:adobe:acrobat:20.004.30006", "cpe:/a:adobe:acrobat_reader:17.011.30199"], "id": "CVE-2021-39854", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-39854", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}, "cpe23": ["cpe:2.3:a:adobe:acrobat_dc:21.005.20058:*:*:*:continuous:*:*:*", "cpe:2.3:a:adobe:acrobat_reader:17.011.30199:*:*:*:classic:*:*:*", "cpe:2.3:a:adobe:acrobat_dc:21.005.20060:*:*:*:continuous:*:*:*", "cpe:2.3:a:adobe:acrobat:17.011.30199:*:*:*:classic:*:*:*", "cpe:2.3:a:adobe:acrobat_reader:20.004.30006:*:*:*:classic:*:*:*", "cpe:2.3:a:adobe:acrobat:20.004.30006:*:*:*:classic:*:*:*", "cpe:2.3:a:adobe:acrobat_reader_dc:21.005.20060:*:*:*:continuous:*:*:*"]}, {"lastseen": "2023-05-23T15:41:45", "description": "Acrobat Reader DC ActiveX Control versions 2021.005.20060 (and earlier), 2020.004.30006 (and earlier) and 2017.011.30199 (and earlier) are affected by an Information Disclosure vulnerability. An unauthenticated attacker could leverage this vulnerability to obtain NTLMv2 credentials. Exploitation of this issue requires user interaction in that a victim must visit an attacker controlled web page.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 6.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 3.6}, "published": "2021-09-29T16:15:00", "type": "cve", "title": "CVE-2021-39856", "cwe": ["CWE-200"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-39856"], "modified": "2022-02-05T02:17:00", "cpe": ["cpe:/a:adobe:acrobat_reader_dc:21.005.20060", "cpe:/a:adobe:acrobat_dc:21.005.20058", "cpe:/a:adobe:acrobat_dc:21.005.20060", "cpe:/a:adobe:acrobat:17.011.30199", "cpe:/a:adobe:acrobat_reader:20.004.30006", "cpe:/a:adobe:acrobat:20.004.30006", "cpe:/a:adobe:acrobat_reader:17.011.30199", "cpe:/a:adobe:acrobat_reader_dc:21.005.20058"], "id": "CVE-2021-39856", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-39856", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}, "cpe23": ["cpe:2.3:a:adobe:acrobat_dc:21.005.20058:*:*:*:continuous:*:*:*", "cpe:2.3:a:adobe:acrobat_reader:17.011.30199:*:*:*:classic:*:*:*", "cpe:2.3:a:adobe:acrobat_dc:21.005.20060:*:*:*:continuous:*:*:*", "cpe:2.3:a:adobe:acrobat:17.011.30199:*:*:*:classic:*:*:*", "cpe:2.3:a:adobe:acrobat_reader:20.004.30006:*:*:*:classic:*:*:*", "cpe:2.3:a:adobe:acrobat:20.004.30006:*:*:*:classic:*:*:*", "cpe:2.3:a:adobe:acrobat_reader_dc:21.005.20058:*:*:*:continuous:*:*:*", "cpe:2.3:a:adobe:acrobat_reader_dc:21.005.20060:*:*:*:continuous:*:*:*"]}, {"lastseen": "2023-05-23T15:41:45", "description": "Acrobat Reader DC ActiveX Control versions 2021.005.20060 (and earlier), 2020.004.30006 (and earlier) and 2017.011.30199 (and earlier) are affected by an Information Disclosure vulnerability. An unauthenticated attacker could leverage this vulnerability to obtain NTLMv2 credentials. Exploitation of this issue requires user interaction in that a victim must open a maliciously crafted Microsoft Office file, or visit an attacker controlled web page.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 6.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 3.6}, "published": "2021-09-29T16:15:00", "type": "cve", "title": "CVE-2021-39855", "cwe": ["CWE-200"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-39855"], "modified": "2022-02-05T02:17:00", "cpe": ["cpe:/a:adobe:acrobat_reader_dc:21.005.20060", "cpe:/a:adobe:acrobat_dc:21.005.20058", "cpe:/a:adobe:acrobat_dc:21.005.20060", "cpe:/a:adobe:acrobat:17.011.30199", "cpe:/a:adobe:acrobat_reader:20.004.30006", "cpe:/a:adobe:acrobat:20.004.30006", "cpe:/a:adobe:acrobat_reader:17.011.30199", "cpe:/a:adobe:acrobat_reader_dc:21.005.20058"], "id": "CVE-2021-39855", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-39855", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}, "cpe23": ["cpe:2.3:a:adobe:acrobat_dc:21.005.20058:*:*:*:continuous:*:*:*", "cpe:2.3:a:adobe:acrobat_reader:17.011.30199:*:*:*:classic:*:*:*", "cpe:2.3:a:adobe:acrobat_dc:21.005.20060:*:*:*:continuous:*:*:*", "cpe:2.3:a:adobe:acrobat:17.011.30199:*:*:*:classic:*:*:*", "cpe:2.3:a:adobe:acrobat_reader:20.004.30006:*:*:*:classic:*:*:*", "cpe:2.3:a:adobe:acrobat:20.004.30006:*:*:*:classic:*:*:*", "cpe:2.3:a:adobe:acrobat_reader_dc:21.005.20058:*:*:*:continuous:*:*:*", "cpe:2.3:a:adobe:acrobat_reader_dc:21.005.20060:*:*:*:continuous:*:*:*"]}, {"lastseen": "2023-05-23T15:39:12", "description": "Microsoft Office Graphics Component Information Disclosure Vulnerability", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "baseScore": 5.5, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2021-09-15T12:15:00", "type": "cve", "title": "CVE-2021-38657", "cwe": ["NVD-CWE-noinfo"], "bulletinFamily": "NVD", "cvss2": {"severity": "LOW", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 2.1, "vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-38657"], "modified": "2021-09-24T19:02:00", "cpe": ["cpe:/a:microsoft:365_apps:-"], "id": "CVE-2021-38657", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-38657", "cvss": {"score": 2.1, "vector": "AV:L/AC:L/Au:N/C:P/I:N/A:N"}, "cpe23": ["cpe:2.3:a:microsoft:365_apps:-:*:*:*:enterprise:*:*:*"]}, {"lastseen": "2023-05-23T15:42:50", "description": "Microsoft Dynamics Business Central Cross-site Scripting Vulnerability", "cvss3": {"exploitabilityScore": 2.3, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "LOW", "baseScore": 5.4, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 2.7}, "published": "2021-09-15T12:15:00", "type": "cve", "title": "CVE-2021-40440", "cwe": ["CWE-79"], "bulletinFamily": "NVD", "cvss2": {"severity": "LOW", "exploitabilityScore": 6.8, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 3.5, "vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-40440"], "modified": "2021-09-24T18:45:00", "cpe": ["cpe:/a:microsoft:dynamics_365_business_central:2020", "cpe:/a:microsoft:dynamics_365_business_central:2021"], "id": "CVE-2021-40440", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-40440", "cvss": {"score": 3.5, "vector": "AV:N/AC:M/Au:S/C:N/I:P/A:N"}, "cpe23": ["cpe:2.3:a:microsoft:dynamics_365_business_central:2021:update_18.5:release_wave_1:*:*:*:*:*", "cpe:2.3:a:microsoft:dynamics_365_business_central:2020:update_17.10:release_wave_2:*:*:*:*:*"]}, {"lastseen": "2023-05-23T15:41:45", "description": "Acrobat Pro DC versions 2021.005.20060 (and earlier), 2020.004.30006 (and earlier) and 2017.011.30199 (and earlier) are affected by a Null pointer dereference vulnerability. An unauthenticated attacker could leverage this vulnerability to disclose sensitive user memory. Exploitation of this issue requires user interaction in that a victim must open a malicious file.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 5.5, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 3.6}, "published": "2021-09-29T16:15:00", "type": "cve", "title": "CVE-2021-39860", "cwe": ["CWE-476"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-39860"], "modified": "2022-02-05T02:17:00", "cpe": ["cpe:/a:adobe:acrobat_reader_dc:21.005.20060", "cpe:/a:adobe:acrobat_dc:21.005.20058", "cpe:/a:adobe:acrobat_dc:21.005.20060", "cpe:/a:adobe:acrobat:17.011.30199", "cpe:/a:adobe:acrobat_reader:20.004.30006", "cpe:/a:adobe:acrobat:20.004.30006", "cpe:/a:adobe:acrobat_reader:17.011.30199", "cpe:/a:adobe:acrobat_reader_dc:21.005.20058"], "id": "CVE-2021-39860", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-39860", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}, "cpe23": ["cpe:2.3:a:adobe:acrobat_dc:21.005.20058:*:*:*:continuous:*:*:*", "cpe:2.3:a:adobe:acrobat_reader:17.011.30199:*:*:*:classic:*:*:*", "cpe:2.3:a:adobe:acrobat_dc:21.005.20060:*:*:*:continuous:*:*:*", "cpe:2.3:a:adobe:acrobat:17.011.30199:*:*:*:classic:*:*:*", "cpe:2.3:a:adobe:acrobat_reader:20.004.30006:*:*:*:classic:*:*:*", "cpe:2.3:a:adobe:acrobat:20.004.30006:*:*:*:classic:*:*:*", "cpe:2.3:a:adobe:acrobat_reader_dc:21.005.20058:*:*:*:continuous:*:*:*", "cpe:2.3:a:adobe:acrobat_reader_dc:21.005.20060:*:*:*:continuous:*:*:*"]}, {"lastseen": "2023-05-23T15:41:43", "description": "Acrobat Reader DC versions 2021.005.20060 (and earlier), 2020.004.30006 (and earlier) and 2017.011.30199 (and earlier) are affected by a stack overflow vulnerability due to insecure handling of a crafted PDF file, potentially resulting in memory corruption in the context of the current user. Exploitation requires user interaction in that a victim must open a crafted PDF file in Acrobat Reader.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "LOW", "privilegesRequired": "NONE", "baseScore": 6.1, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 4.2}, "published": "2021-09-29T16:15:00", "type": "cve", "title": "CVE-2021-39845", "cwe": ["CWE-121"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 5.8, "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 4.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-39845"], "modified": "2022-02-05T02:17:00", "cpe": ["cpe:/a:adobe:acrobat_reader_dc:21.005.20060", "cpe:/a:adobe:acrobat_dc:21.005.20058", "cpe:/a:adobe:acrobat_dc:21.005.20060", "cpe:/a:adobe:acrobat:17.011.30199", "cpe:/a:adobe:acrobat_reader:20.004.30006", "cpe:/a:adobe:acrobat:20.004.30006", "cpe:/a:adobe:acrobat_reader:17.011.30199", "cpe:/a:adobe:acrobat_reader_dc:21.005.20058"], "id": "CVE-2021-39845", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-39845", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:P"}, "cpe23": ["cpe:2.3:a:adobe:acrobat_dc:21.005.20058:*:*:*:continuous:*:*:*", "cpe:2.3:a:adobe:acrobat_reader:17.011.30199:*:*:*:classic:*:*:*", "cpe:2.3:a:adobe:acrobat_dc:21.005.20060:*:*:*:continuous:*:*:*", "cpe:2.3:a:adobe:acrobat:17.011.30199:*:*:*:classic:*:*:*", "cpe:2.3:a:adobe:acrobat_reader:20.004.30006:*:*:*:classic:*:*:*", "cpe:2.3:a:adobe:acrobat:20.004.30006:*:*:*:classic:*:*:*", "cpe:2.3:a:adobe:acrobat_reader_dc:21.005.20058:*:*:*:continuous:*:*:*", "cpe:2.3:a:adobe:acrobat_reader_dc:21.005.20060:*:*:*:continuous:*:*:*"]}, {"lastseen": "2023-05-23T15:41:43", "description": "Acrobat Reader DC versions 2021.005.20060 (and earlier), 2020.004.30006 (and earlier) and 2017.011.30199 (and earlier) are affected by a use-after-free vulnerability when processing AcroForms that could result in arbitrary code execution in the context of the current user. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2021-09-29T16:15:00", "type": "cve", "title": "CVE-2021-39840", "cwe": ["CWE-416"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-39840"], "modified": "2021-10-06T23:02:00", "cpe": ["cpe:/a:adobe:acrobat_reader_dc:21.005.20060", "cpe:/a:adobe:acrobat_dc:21.005.20058", "cpe:/a:adobe:acrobat_dc:21.005.20060", "cpe:/a:adobe:acrobat:17.011.30199", "cpe:/a:adobe:acrobat_reader:20.004.30006", "cpe:/a:adobe:acrobat:20.004.30006", "cpe:/a:adobe:acrobat_reader:17.011.30199", "cpe:/a:adobe:acrobat_reader_dc:21.005.20058"], "id": "CVE-2021-39840", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-39840", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:a:adobe:acrobat_dc:21.005.20058:*:*:*:continuous:*:*:*", "cpe:2.3:a:adobe:acrobat_reader:17.011.30199:*:*:*:classic:*:*:*", "cpe:2.3:a:adobe:acrobat_dc:21.005.20060:*:*:*:continuous:*:*:*", "cpe:2.3:a:adobe:acrobat:17.011.30199:*:*:*:classic:*:*:*", "cpe:2.3:a:adobe:acrobat_reader:20.004.30006:*:*:*:classic:*:*:*", "cpe:2.3:a:adobe:acrobat:20.004.30006:*:*:*:classic:*:*:*", "cpe:2.3:a:adobe:acrobat_reader_dc:21.005.20058:*:*:*:continuous:*:*:*", "cpe:2.3:a:adobe:acrobat_reader_dc:21.005.20060:*:*:*:continuous:*:*:*"]}, {"lastseen": "2023-05-23T15:41:44", "description": "Acrobat Reader DC versions 2021.005.20060 (and earlier), 2020.004.30006 (and earlier) and 2017.011.30199 (and earlier) are affected by a stack overflow vulnerability due to insecure handling of a crafted PDF file, potentially resulting in memory corruption in the context of the current user. Exploitation requires user interaction in that a victim must open a crafted PDF file in Acrobat Reader.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "LOW", "privilegesRequired": "NONE", "baseScore": 6.1, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 4.2}, "published": "2021-09-29T16:15:00", "type": "cve", "title": "CVE-2021-39846", "cwe": ["CWE-787"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 5.8, "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 4.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-39846"], "modified": "2022-02-05T02:17:00", "cpe": ["cpe:/a:adobe:acrobat_reader_dc:21.005.20060", "cpe:/a:adobe:acrobat_dc:21.005.20058", "cpe:/a:adobe:acrobat_dc:21.005.20060", "cpe:/a:adobe:acrobat:17.011.30199", "cpe:/a:adobe:acrobat_reader:20.004.30006", "cpe:/a:adobe:acrobat:20.004.30006", "cpe:/a:adobe:acrobat_reader:17.011.30199", "cpe:/a:adobe:acrobat_reader_dc:21.005.20058"], "id": "CVE-2021-39846", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-39846", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:P"}, "cpe23": ["cpe:2.3:a:adobe:acrobat_dc:21.005.20058:*:*:*:continuous:*:*:*", "cpe:2.3:a:adobe:acrobat_reader:17.011.30199:*:*:*:classic:*:*:*", "cpe:2.3:a:adobe:acrobat_dc:21.005.20060:*:*:*:continuous:*:*:*", "cpe:2.3:a:adobe:acrobat:17.011.30199:*:*:*:classic:*:*:*", "cpe:2.3:a:adobe:acrobat_reader:20.004.30006:*:*:*:classic:*:*:*", "cpe:2.3:a:adobe:acrobat:20.004.30006:*:*:*:classic:*:*:*", "cpe:2.3:a:adobe:acrobat_reader_dc:21.005.20058:*:*:*:continuous:*:*:*", "cpe:2.3:a:adobe:acrobat_reader_dc:21.005.20060:*:*:*:continuous:*:*:*"]}, {"lastseen": "2023-05-23T15:41:44", "description": "Acrobat Reader DC versions 2021.005.20060 (and earlier), 2020.004.30006 (and earlier) and 2017.011.30199 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of arbitrary memory information in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "LOW", "confidentialityImpact": "LOW", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 3.3, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 1.4}, "published": "2021-09-29T16:15:00", "type": "cve", "title": "CVE-2021-39844", "cwe": ["CWE-125"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-39844"], "modified": "2021-10-06T21:04:00", "cpe": ["cpe:/a:adobe:acrobat_reader_dc:21.005.20060", "cpe:/a:adobe:acrobat_dc:21.005.20058", "cpe:/a:adobe:acrobat_dc:21.005.20060", "cpe:/a:adobe:acrobat:17.011.30199", "cpe:/a:adobe:acrobat_reader:20.004.30006", "cpe:/a:adobe:acrobat:20.004.30006", "cpe:/a:adobe:acrobat_reader:17.011.30199", "cpe:/a:adobe:acrobat_reader_dc:21.005.20058"], "id": "CVE-2021-39844", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-39844", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}, "cpe23": ["cpe:2.3:a:adobe:acrobat_dc:21.005.20058:*:*:*:continuous:*:*:*", "cpe:2.3:a:adobe:acrobat_reader:17.011.30199:*:*:*:classic:*:*:*", "cpe:2.3:a:adobe:acrobat_dc:21.005.20060:*:*:*:continuous:*:*:*", "cpe:2.3:a:adobe:acrobat:17.011.30199:*:*:*:classic:*:*:*", "cpe:2.3:a:adobe:acrobat_reader:20.004.30006:*:*:*:classic:*:*:*", "cpe:2.3:a:adobe:acrobat:20.004.30006:*:*:*:classic:*:*:*", "cpe:2.3:a:adobe:acrobat_reader_dc:21.005.20058:*:*:*:continuous:*:*:*", "cpe:2.3:a:adobe:acrobat_reader_dc:21.005.20060:*:*:*:continuous:*:*:*"]}, {"lastseen": "2023-05-23T15:41:44", "description": "Acrobat Reader DC versions 2021.005.20060 (and earlier), 2020.004.30006 (and earlier) and 2017.011.30199 (and earlier) are affected by a Null pointer dereference vulnerability. An unauthenticated attacker could leverage this vulnerability to achieve an application denial-of-service in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 5.5, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 3.6}, "published": "2021-09-29T16:15:00", "type": "cve", "title": "CVE-2021-39850", "cwe": ["CWE-476"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-39850"], "modified": "2021-10-06T21:13:00", "cpe": ["cpe:/a:adobe:acrobat_reader_dc:21.005.20060", "cpe:/a:adobe:acrobat_dc:21.005.20058", "cpe:/a:adobe:acrobat_dc:21.005.20060", "cpe:/a:adobe:acrobat:17.011.30199", "cpe:/a:adobe:acrobat_reader:20.004.30006", "cpe:/a:adobe:acrobat:20.004.30006", "cpe:/a:adobe:acrobat_reader:17.011.30199", "cpe:/a:adobe:acrobat_reader_dc:21.005.20058"], "id": "CVE-2021-39850", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-39850", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}, "cpe23": ["cpe:2.3:a:adobe:acrobat_dc:21.005.20058:*:*:*:continuous:*:*:*", "cpe:2.3:a:adobe:acrobat_reader:17.011.30199:*:*:*:classic:*:*:*", "cpe:2.3:a:adobe:acrobat_dc:21.005.20060:*:*:*:continuous:*:*:*", "cpe:2.3:a:adobe:acrobat:17.011.30199:*:*:*:classic:*:*:*", "cpe:2.3:a:adobe:acrobat_reader:20.004.30006:*:*:*:classic:*:*:*", "cpe:2.3:a:adobe:acrobat:20.004.30006:*:*:*:classic:*:*:*", "cpe:2.3:a:adobe:acrobat_reader_dc:21.005.20058:*:*:*:continuous:*:*:*", "cpe:2.3:a:adobe:acrobat_reader_dc:21.005.20060:*:*:*:continuous:*:*:*"]}, {"lastseen": "2023-05-23T15:41:46", "description": "Acrobat Reader DC versions 2021.005.20060 (and earlier), 2020.004.30006 (and earlier) and 2017.011.30199 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of arbitrary memory information in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 5.5, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 3.6}, "published": "2021-09-29T16:15:00", "type": "cve", "title": "CVE-2021-39861", "cwe": ["CWE-125"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-39861"], "modified": "2022-02-05T02:17:00", "cpe": ["cpe:/a:adobe:acrobat_reader_dc:21.005.20060", "cpe:/a:adobe:acrobat_dc:21.005.20058", "cpe:/a:adobe:acrobat_dc:21.005.20060", "cpe:/a:adobe:acrobat_reader_2017:17.011.30199", "cpe:/a:adobe:acrobat_2017:17.011.30199", "cpe:/a:adobe:acrobat_reader:20.004.30006", "cpe:/a:adobe:acrobat:20.004.30006"], "id": "CVE-2021-39861", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-39861", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}, "cpe23": ["cpe:2.3:a:adobe:acrobat_reader_2017:17.011.30199:*:*:*:classic_2017:*:*:*", "cpe:2.3:a:adobe:acrobat_dc:21.005.20058:*:*:*:continuous:*:*:*", "cpe:2.3:a:adobe:acrobat_dc:21.005.20060:*:*:*:continuous:*:*:*", "cpe:2.3:a:adobe:acrobat_reader:20.004.30006:*:*:*:classic:*:*:*", "cpe:2.3:a:adobe:acrobat:20.004.30006:*:*:*:classic:*:*:*", "cpe:2.3:a:adobe:acrobat_2017:17.011.30199:*:*:*:classic_2017:*:*:*", "cpe:2.3:a:adobe:acrobat_reader_dc:21.005.20060:*:*:*:continuous:*:*:*"]}, {"lastseen": "2023-05-23T15:41:46", "description": "Acrobat Reader DC versions 2021.005.20060 (and earlier), 2020.004.30006 (and earlier) and 2017.011.30199 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of arbitrary memory information in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "LOW", "confidentialityImpact": "LOW", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 3.3, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 1.4}, "published": "2021-09-29T16:15:00", "type": "cve", "title": "CVE-2021-39858", "cwe": ["CWE-125"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-39858"], "modified": "2021-10-06T17:14:00", "cpe": ["cpe:/a:adobe:acrobat_reader_dc:21.005.20060", "cpe:/a:adobe:acrobat_dc:21.005.20058", "cpe:/a:adobe:acrobat_dc:21.005.20060", "cpe:/a:adobe:acrobat_reader_2017:17.011.30199", "cpe:/a:adobe:acrobat_2017:17.011.30199", "cpe:/a:adobe:acrobat_reader:20.004.30006", "cpe:/a:adobe:acrobat:20.004.30006"], "id": "CVE-2021-39858", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-39858", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}, "cpe23": ["cpe:2.3:a:adobe:acrobat_reader_2017:17.011.30199:*:*:*:classic_2017:*:*:*", "cpe:2.3:a:adobe:acrobat_dc:21.005.20058:*:*:*:continuous:*:*:*", "cpe:2.3:a:adobe:acrobat_dc:21.005.20060:*:*:*:continuous:*:*:*", "cpe:2.3:a:adobe:acrobat_reader:20.004.30006:*:*:*:classic:*:*:*", "cpe:2.3:a:adobe:acrobat:20.004.30006:*:*:*:classic:*:*:*", "cpe:2.3:a:adobe:acrobat_2017:17.011.30199:*:*:*:classic_2017:*:*:*", "cpe:2.3:a:adobe:acrobat_reader_dc:21.005.20060:*:*:*:continuous:*:*:*"]}, {"lastseen": "2023-05-23T15:39:12", "description": "Microsoft Word Remote Code Execution Vulnerability", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2021-09-15T12:15:00", "type": "cve", "title": "CVE-2021-38656", "cwe": ["CWE-416"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-38656"], "modified": "2021-09-24T19:09:00", "cpe": ["cpe:/a:microsoft:365_apps:-"], "id": "CVE-2021-38656", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-38656", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:a:microsoft:365_apps:-:*:*:*:enterprise:*:*:*"]}, {"lastseen": "2023-05-23T15:41:42", "description": "Acrobat Reader DC versions 2021.005.20060 (and earlier), 2020.004.30006 (and earlier) and 2017.011.30199 (and earlier) are affected by a use-after-free vulnerability in the processing of the AcroForm buttonGetCaption action that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2021-09-29T16:15:00", "type": "cve", "title": "CVE-2021-39838", "cwe": ["CWE-416"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-39838"], "modified": "2021-10-06T23:04:00", "cpe": ["cpe:/a:adobe:acrobat_reader_dc:21.005.20060", "cpe:/a:adobe:acrobat_dc:21.005.20058", "cpe:/a:adobe:acrobat_dc:21.005.20060", "cpe:/a:adobe:acrobat:17.011.30199", "cpe:/a:adobe:acrobat_reader:20.004.30006", "cpe:/a:adobe:acrobat:20.004.30006", "cpe:/a:adobe:acrobat_reader:17.011.30199", "cpe:/a:adobe:acrobat_reader_dc:21.005.20058"], "id": "CVE-2021-39838", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-39838", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:a:adobe:acrobat_dc:21.005.20058:*:*:*:continuous:*:*:*", "cpe:2.3:a:adobe:acrobat_reader:17.011.30199:*:*:*:classic:*:*:*", "cpe:2.3:a:adobe:acrobat_dc:21.005.20060:*:*:*:continuous:*:*:*", "cpe:2.3:a:adobe:acrobat:17.011.30199:*:*:*:classic:*:*:*", "cpe:2.3:a:adobe:acrobat_reader:20.004.30006:*:*:*:classic:*:*:*", "cpe:2.3:a:adobe:acrobat:20.004.30006:*:*:*:classic:*:*:*", "cpe:2.3:a:adobe:acrobat_reader_dc:21.005.20058:*:*:*:continuous:*:*:*", "cpe:2.3:a:adobe:acrobat_reader_dc:21.005.20060:*:*:*:continuous:*:*:*"]}, {"lastseen": "2023-05-23T15:41:42", "description": "Acrobat Reader DC versions 2021.005.20060 (and earlier), 2020.004.30006 (and earlier) and 2017.011.30199 (and earlier) are affected by a use-after-free vulnerability in the processing of the AcroForm getItem action that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2021-09-29T16:15:00", "type": "cve", "title": "CVE-2021-39839", "cwe": ["CWE-416"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-39839"], "modified": "2021-10-06T23:12:00", "cpe": ["cpe:/a:adobe:acrobat_reader_dc:21.005.20060", "cpe:/a:adobe:acrobat_dc:21.005.20058", "cpe:/a:adobe:acrobat_dc:21.005.20060", "cpe:/a:adobe:acrobat:17.011.30199", "cpe:/a:adobe:acrobat_reader:20.004.30006", "cpe:/a:adobe:acrobat:20.004.30006", "cpe:/a:adobe:acrobat_reader:17.011.30199", "cpe:/a:adobe:acrobat_reader_dc:21.005.20058"], "id": "CVE-2021-39839", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-39839", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:a:adobe:acrobat_dc:21.005.20058:*:*:*:continuous:*:*:*", "cpe:2.3:a:adobe:acrobat_reader:17.011.30199:*:*:*:classic:*:*:*", "cpe:2.3:a:adobe:acrobat_dc:21.005.20060:*:*:*:continuous:*:*:*", "cpe:2.3:a:adobe:acrobat:17.011.30199:*:*:*:classic:*:*:*", "cpe:2.3:a:adobe:acrobat_reader:20.004.30006:*:*:*:classic:*:*:*", "cpe:2.3:a:adobe:acrobat:20.004.30006:*:*:*:classic:*:*:*", "cpe:2.3:a:adobe:acrobat_reader_dc:21.005.20058:*:*:*:continuous:*:*:*", "cpe:2.3:a:adobe:acrobat_reader_dc:21.005.20060:*:*:*:continuous:*:*:*"]}, {"lastseen": "2023-05-23T15:39:13", "description": "HEVC Video Extensions Remote Code Execution Vulnerability", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2021-09-15T12:15:00", "type": "cve", "title": "CVE-2021-38661", "cwe": ["NVD-CWE-noinfo"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-38661"], "modified": "2021-09-24T18:56:00", "cpe": [], "id": "CVE-2021-38661", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-38661", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "cpe23": []}, {"lastseen": "2023-05-23T15:35:40", "description": "Visual Studio Remote Code Execution Vulnerability", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2021-09-15T12:15:00", "type": "cve", "title": "CVE-2021-36952", "cwe": ["CWE-787"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-36952"], "modified": "2021-09-24T17:40:00", "cpe": ["cpe:/a:microsoft:visual_studio_2017:15.9", "cpe:/a:microsoft:visual_studio_2019:16.7"], "id": "CVE-2021-36952", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-36952", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:a:microsoft:visual_studio_2017:15.9:*:*:*:*:*:*:*", "cpe:2.3:a:microsoft:visual_studio_2019:16.7:*:*:*:*:*:*:*"]}, {"lastseen": "2023-05-23T15:39:13", "description": "Microsoft Office Remote Code Execution Vulnerability", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2021-09-15T12:15:00", "type": "cve", "title": "CVE-2021-38659", "cwe": ["NVD-CWE-noinfo"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-38659"], "modified": "2021-09-24T19:03:00", "cpe": ["cpe:/a:microsoft:365_apps:-"], "id": "CVE-2021-38659", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-38659", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:a:microsoft:365_apps:-:*:*:*:enterprise:*:*:*"]}, {"lastseen": "2023-05-23T15:39:11", "description": "BitLocker Security Feature Bypass Vulnerability", "cvss3": {"exploitabilityScore": 0.9, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "PHYSICAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 4.6, "vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2021-09-15T12:15:00", "type": "cve", "title": "CVE-2021-38632", "cwe": ["NVD-CWE-noinfo"], "bulletinFamily": "NVD", "cvss2": {"severity": "LOW", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 2.1, "vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-38632"], "modified": "2021-09-27T17:59:00", "cpe": ["cpe:/o:microsoft:windows_10:2004", "cpe:/o:microsoft:windows_10:1809", "cpe:/o:microsoft:windows_server_2019:-", "cpe:/o:microsoft:windows_10:21h1", "cpe:/o:microsoft:windows_10:1607", "cpe:/o:microsoft:windows_10:20h2", "cpe:/o:microsoft:windows_server_2022:-", "cpe:/o:microsoft:windows_10:1909", "cpe:/o:microsoft:windows_server_2016:20h2", "cpe:/o:microsoft:windows_server_2016:2004", "cpe:/o:microsoft:windows_server_2016:-"], "id": "CVE-2021-38632", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-38632", "cvss": {"score": 2.1, "vector": "AV:L/AC:L/Au:N/C:P/I:N/A:N"}, "cpe23": ["cpe:2.3:o:microsoft:windows_10:20h2:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:20h2:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1909:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:2004:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:21h1:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2019:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2022:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1607:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:2004:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1809:*:*:*:*:*:*:*"]}], "krebs": [{"lastseen": "2021-09-26T09:25:20", "description": "**Microsoft** today pushed software updates to plug dozens of security holes in Windows and related products, including a vulnerability that is already being exploited in active attacks. Also, **Apple** has issued an emergency update to fix a flaw that's reportedly been abused to install spyware on **iOS** products, and **Google**'s got a new version of **Chrome** that tackles two zero-day flaws. Finally, Adobe has released critical security updates for **Acrobat**, **Reader** and a slew of other software.\n\n![](https://krebsonsecurity.com/wp-content/uploads/2021/07/windupate.png)\n\nFour of the flaws fixed in this patch batch earned Microsoft's most-dire "critical" rating, meaning they could be exploited by miscreants or malware to remotely compromise a Windows PC with little or no help from the user.\n\nTop of the critical heap is [CVE-2021-40444](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-40444>), which affects the \u201cMSHTML\u201d component of **Internet Explorer** (IE) on **Windows 10** and many **Windows Server** versions. In [a security advisory last week](<https://krebsonsecurity.com/2021/09/microsoft-attackers-exploiting-windows-zero-day-flaw/>), Microsoft warned attackers already are exploiting the flaw through **Microsoft Office** applications as well as IE.\n\nThe critical bug [CVE-2021-36965](<https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-36965>) is interesting, as it involves a remote code execution flaw in "WLAN AutoConfig," the component in Windows 10 and many Server versions that handles auto-connections to Wi-Fi networks. One mitigating factor here is that the attacker and target would have to be on the same network, although many systems are configured to auto-connect to Wi-Fi network names with which they have previously connected.\n\n**Allan Liska**, senior security architect at [Recorded Future](<https://www.recordedfuture.com>), said a similar vulnerability -- [CVE-2021-28316](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-28316>) -- was announced in April.\n\n"CVE-2021-28316 was a security bypass vulnerability, not remote code execution, and it has never been reported as publicly exploited," Liska said. "That being said, the ubiquity of systems deployed with WLAN AutoConfig enabled could make it an attractive target for exploitation."\n\nAnother critical weakness that enterprises using Azure should prioritize is [CVE-2021-38647](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-38647>), which is a remote code execution bug in Azure Open Management Infrastructure (OMI) that has a CVSS Score of 9.8 (10 is the worst). It was [reported and detailed](<https://www.wiz.io/blog/secret-agent-exposes-azure-customers-to-unauthorized-code-execution>) by researchers at **Wiz.io**, who said CVE-2021-38647 was one of four bugs in Azure OMI they found that Microsoft patched this week.\n\n"We conservatively estimate that thousands of Azure customers and millions of endpoints are affected," Wiz.io's [Nir Ohfeld](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-38647>) wrote. "In a small sample of Azure tenants we analyzed, over 65% were unknowingly at risk."\n\nKevin** Breen** of [Immersive Labs](<https://www.immersivelabs.com/>) calls attention to several "privilege escalation" flaws fixed by Microsoft this month, noting that while these bugs carry lesser severity ratings, Microsoft considers them more likely to be exploited by bad guys and malware.\n\n"[CVE-2021-38639](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-38639>) and [CVE-2021-36975](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-36975>) have also been listed as 'exploitation more likely' and together cover the full range of supported Windows versions," Breem wrote. "I am starting to feel like a broken record when talking about privilege escalation vulnerabilities. They typically have a lower CVSS score than something like Remote Code Execution, but these local exploits can be the linchpin in the post-exploitation phases of an experienced attacker. If you can block them here you have the potential to significantly limit their damage. If we assume a determined attacker will be able to infect a victim\u2019s device through social engineering or other techniques, I would argue that patching these is even more important than patching some other Remote Code execution vulnerabilities."\n\nApple on Monday pushed out [an urgent security update](<https://support.apple.com/en-us/HT212807>) to fix a "zero-click" iOS vulnerability ([CVE-2021-30860](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30860>)) reported by researchers at **Citizen Lab** that allows commands to be run when files are opened on certain Apple devices. [Citizen Lab found](<https://citizenlab.ca/2021/09/forcedentry-nso-group-imessage-zero-click-exploit-captured-in-the-wild/>) that an exploit for CVE-2021-30860 was being used by the [NSO Group](<https://en.wikipedia.org/wiki/NSO_Group>), an Israeli tech company whose spyware enables the remote surveillance of smartphones.\n\n**Google** also released [a new version](<https://chromereleases.googleblog.com/2021/09/stable-channel-update-for-desktop.html>) of its **Chrome** browser on Monday to fix nine vulnerabilities, including two that are under active attack. If you're running Chrome, keep a lookout for when you see an "Update" tab appear to the right of the address bar. If it's been a while since you closed the browser, you might see the Update button turn from green to orange and then red. Green means an update has been available for two days; orange means four days have elapsed, and red means your browser is a week or more behind on important updates. Completely close and restart the browser to install any pending updates.\n\nAs it usually does on Patch Tuesday, Adobe also released new versions of Reader, Acrobat and [a large number of other products](<https://helpx.adobe.com/security.html>). Adobe says it is not aware of any exploits in the wild for any of the issues addressed in its updates today.\n\nFor a complete rundown of all patches released today and indexed by severity, check out the [always-useful Patch Tuesday roundup](<https://isc.sans.edu/forums/diary/Microsoft+September+2021+Patch+Tuesday/27834/>) from the **SANS Internet Storm Center**. And it\u2019s not a bad idea to hold off updating for a few days until Microsoft works out any kinks in the updates: [AskWoody.com](<https://www.askwoody.com/2021/september-2021-its-patch-day/>) usually has the lowdown on any patches that are causing problems for Windows users.\n\nOn that note, before you update _please_ make sure you have backed up your system and/or important files. It\u2019s not uncommon for a Windows update package to hose one\u2019s system or prevent it from booting properly, and some updates have been known to erase or corrupt files.\n\nSo do yourself a favor and backup before installing any patches. Windows 10 even has some [built-in tools](<https://lifehacker.com/how-to-back-up-your-computer-automatically-with-windows-1762867473>) to help you do that, either on a per-file/folder basis or by making a complete and bootable copy of your hard drive all at once.\n\nAnd if you wish to ensure Windows has been set to pause updating so you can back up your files and/or system before the operating system decides to reboot and install patches on its own schedule, [see this guide](<https://www.computerworld.com/article/3543189/check-to-make-sure-you-have-windows-updates-paused.html>).\n\nIf you experience glitches or problems installing any of these patches this month, please consider leaving a comment about it below; there\u2019s a decent chance other readers have experienced the same and may chime in here with useful tips.", "cvss3": {"exploitabilityScore": 0.9, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "PHYSICAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 4.6, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 3.6}, "published": "2021-09-14T21:00:42", "type": "krebs", "title": "Microsoft Patch Tuesday, September 2021 Edition", "bulletinFamily": "blog", "cvss2": {"severity": "LOW", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 2.1, "vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-28316", "CVE-2021-30860", "CVE-2021-36965", "CVE-2021-36975", "CVE-2021-38639", "CVE-2021-38647", "CVE-2021-40444"], "modified": "2021-09-14T21:00:42", "id": "KREBS:2EC42B845847A6DCFE50ECEB9FF61C29", "href": "https://krebsonsecurity.com/2021/09/microsoft-patch-tuesday-september-2021-edition/", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "attackerkb": [{"lastseen": "2023-05-25T17:11:49", "description": "Windows Common Log File System Driver Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2021-36963, CVE-2021-38633.\n\n \n**Recent assessments:** \n \n**gwillcox-r7** at September 18, 2021 12:23am UTC reported:\n\nHmm so this is quite an interesting one. This is similar to CVE-2021-36963 and CVE-2021-38633, both of which are marked as low complexity for being exploited and which will likely get you SYSTEM access, however if you look at the advisory for this bug at <https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-36955> it is the only one where the \u201cExploit Code Maturity\u201d is marked as \u201cFunctional\u201d in other words Microsoft has verified that code exists to exploit this vulnerability and it works under most scenarios.\n\nAgain this is still only local privilege escalation so this isn\u2019t triggerable remotely, hence why the severity is high due to M.S saying this is easy to form an exploit for and the fact that functional exploit code exists according to M.S, however it isn\u2019t Very High since you still need access to an account on the target to exploit this.\n\nGiven that this gives SYSTEM level code access and its not hard to make an exploit for it according to Microsoft I would patch this sooner rather than later along with CVE-2021-36963 and CVE-2021-38633. I am still investigating this deeper to figure out what was patched but here is the list of functions within clfs.sys that I believe were patched as part of fixing this bug:\n \n \n 00012\t1c00299b4\tprivate: long CClfsBaseFilePersisted::CreateContainer(struct _UNICODE_STRING const &,unsigned __int64 const &,unsigned long,unsigned char,unsigned char,class CClfsContainer * &)\t1c0028824\tprivate: long CClfsBaseFilePersisted::CreateContainer(struct _UNICODE_STRING const &,unsigned __int64 const &,unsigned long,unsigned char,unsigned char,class CClfsContainer * &)\t0.990\t62\t61\tPerfect match, same name\n 00013\t1c0029d74\tpublic: long CClfsContainer::Create(struct _UNICODE_STRING &,unsigned __int64 const &,struct _CLFS_FILTER_CONTEXT const &,void * const,unsigned char,unsigned char &)\t1c0028bdc\tpublic: long CClfsContainer::Create(struct _UNICODE_STRING &,unsigned __int64 const &,struct _CLFS_FILTER_CONTEXT const &,void * const,unsigned char,unsigned char &)\t0.950\t50\t49\tPerfect match, same name\n 00024\t1c0031a68\tpublic: long CClfsBaseFile::GetSymbol(long,unsigned char,struct _CLFS_CLIENT_CONTEXT * *)\t1c00308c8\tpublic: long CClfsBaseFile::GetSymbol(long,unsigned char,struct _CLFS_CLIENT_CONTEXT * *)\t0.950\t14\t17\tPerfect match, same name\n 00026\t1c0032550\tClfsCreateLogFile\t1c00313d0\tClfsCreateLogFile\t0.910\t169\t164\tPerfect match, same name\n 00025\t1c0032420\tpublic: long CClfsBaseFile::GetSymbol(long,unsigned long,struct _CLFS_CONTAINER_CONTEXT * *)\t1c0031290\tpublic: long CClfsBaseFile::GetSymbol(long,unsigned long,struct _CLFS_CONTAINER_CONTEXT * *)\t0.870\t17\t20\tPerfect match, same name\n 00047\t1c004f3d8\tprivate: long CClfsBaseFilePersisted::ExtendMetadataBlockDescriptor(unsigned long,unsigned long)\t1c004e238\tprivate: long CClfsBaseFilePersisted::ExtendMetadataBlockDescriptor(unsigned long,unsigned long)\t0.740\t41\t46\tPerfect match, same name\n \n\nMore details to come when I get the analysis finished some more.\n\nSo far that the function `Feature_Servicing_2103c_ClfsStatusPrivilegeNotHeld_31093721__private_IsEnabled()` was removed from the new build of `clfs.sys`, and also from the `CClfsBaseFilePersisted::CreateContainer` call where it was called from. Now it directly checks the return code from `CClfsContainer::Create(_UNICODE_STRING &,unsigned __int64 const &,_CLFS_FILTER_CONTEXT const &,void * const,uchar,uchar &)` to see if it returned the status code `STATUS_PRIVILEGE_NOT_HELD` whereas before it would check the return code of `Feature_Servicing_2103c_ClfsStatusPrivilegeNotHeld_31093721__private_IsEnabled()` for this status.\n\nAssessed Attacker Value: 4 \nAssessed Attacker Value: 4Assessed Attacker Value: 0\n", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-09-15T00:00:00", "type": "attackerkb", "title": "CVE-2021-36955", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 4.6, "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-36955", "CVE-2021-36963", "CVE-2021-38633"], "modified": "2021-09-25T00:00:00", "id": "AKB:86B09C61-4CEE-48AD-9C51-8E9476DAE9F1", "href": "https://attackerkb.com/topics/Ftp2XNmtf4/cve-2021-36955", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-06-03T05:15:29", "description": "Windows Common Log File System Driver Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2021-36955, CVE-2021-36963.\n\n \n**Recent assessments:** \n \nAssessed Attacker Value: 0 \nAssessed Attacker Value: 0Assessed Attacker Value: 0\n", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-09-15T00:00:00", "type": "attackerkb", "title": "CVE-2021-38633", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 4.6, "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-36955", "CVE-2021-36963", "CVE-2021-38633"], "modified": "2021-09-27T00:00:00", "id": "AKB:35FD7D35-F3F0-4CE6-A919-5DE145C48A21", "href": "https://attackerkb.com/topics/klyxyRRj9Z/cve-2021-38633", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-05-23T17:20:59", "description": "Open Management Infrastructure Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2021-38645, CVE-2021-38649.\n\n \n**Recent assessments:** \n \n**zeroSteiner** at October 27, 2021 5:59pm UTC reported:\n\nA locally exploitable vulnerability exists within Microsoft\u2019s OMI management server in versions prior to 1.6.8-1 that can allow a local attacker to execute operating system commands as `root`. Exploitation consists of sending crafted binary messages to the local UNIX socket on which the service listens. Under normal circumstances, clients (typically `omicli`) will send an authentication frame via this interface however the authentication frame can be omitted. In this case, the default values which are initialized to 0 are used and happen to correspond to the UID and GID of the root user and group.\n\nThe service must be running in order for this vulnerability to be exploited. The socket file is located at `/var/opt/omi/run/omiserver.sock` and can be connected to by anyone using a socket of the `AF_UNIX` family.\n\nThe `strace` utility can be used to view the standard exchange of authentication information:\n \n \n root@3ad6908bf1bc:/opt/omi/bin# strace -v -f -xx -e trace=socket,connect,write,writev,close /opt/omi/bin/omicli iv root/scx { SCX_OperatingSystem } ExecuteShellCommand { command 'id' timeout 0 }\n ...\n [pid 1271] socket(AF_UNIX, SOCK_STREAM, 0) = 6\n [pid 1271] connect(6, {sa_family=AF_UNIX, sun_path=\"\\x2f\\x76\\x61\\x72\\x2f\\x6f\\x70\\x74\\x2f\\x6f\\x6d\\x69\\x2f\\x72\\x75\\x6e\\x2f\\x6f\\x6d\\x69\\x73\\x65\\x72\\x76\\x65\\x72\\x2e\\x73\\x6f\\x63\\x6b\"}, 110) = 0\n [pid 1271] writev(6, [{iov_base=\"\\x2f\\x7e\\xa8\\xb1\\x08\\x06\\x01\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x08\\xd5\\x83\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\"..., iov_len=48}, {iov_base=\"\\xd8\\xd5\\x83\\x01\\x00\\x00\\x00\\x00\\xd0\\xd8\\x83\\x01\\x00\\x00\\x00\\x00\\xd0\\xd4\\x83\\x01\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\"..., iov_len=248}], 2) = 296\n [pid 1271] write(5, \"\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\", 8) = 8\n [pid 1271] close(7) = 0\n [pid 1272] writev(6, [{iov_base=\"\\x2f\\x7e\\xa8\\xb1\\x08\\x06\\x01\\x00\\x00\\x00\\x00\\x00\\x05\\x00\\x00\\x00\\x88\\x33\\x83\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\"..., iov_len=112}, {iov_base=\"\\x57\\x99\\x2b\\x46\\x01\\x00\\x00\\x00\\x0f\\x00\\x00\\x00\\x5f\\x4f\\x4d\\x49\\x5f\\x4f\\x70\\x74\\x69\\x6f\\x6e\\x53\\x65\\x74\\x00\\x00\\x00\\x00\\x00\\x00\"..., iov_len=188}, {iov_base=\"\\x60\\xea\\x6a\\xb2\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xa0\\x0b\\x61\\x57\\x46\\x7f\\x00\\x00\\xe8\\x34\\x83\\x01\\x00\\x00\\x00\\x00\"..., iov_len=80}, {iov_base=\"\\x60\\xea\\x6a\\xb2\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xa0\\x0b\\x61\\x57\\x46\\x7f\\x00\\x00\\xe8\\x34\\x83\\x01\\x00\\x00\\x00\\x00\"..., iov_len=1360}, {iov_base=\"\\x57\\x99\\x2b\\x46\\x02\\x00\\x00\\x00\\x14\\x00\\x00\\x00\\x53\\x43\\x58\\x5f\\x4f\\x70\\x65\\x72\\x61\\x74\\x69\\x6e\\x67\\x53\\x79\\x73\\x74\\x65\\x6d\\x00\"..., iov_len=108}, {iov_base=\"\\xd0\\x86\\x83\\x01\\x00\\x00\\x00\\x00\\x70\\x8a\\x83\\x01\\x00\\x00\\x00\\x00\\x80\\x8a\\x83\\x01\\x00\\x00\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\"..., iov_len=1008}], 6) = 2856\n [pid 1272] write(1, \"\\x69\\x6e\\x73\\x74\\x61\\x6e\\x63\\x65\\x20\\x6f\\x66\\x20\\x45\\x78\\x65\\x63\\x75\\x74\\x65\\x53\\x68\\x65\\x6c\\x6c\\x43\\x6f\\x6d\\x6d\\x61\\x6e\\x64\\x0a\", 32instance of ExecuteShellCommand\n ) = 32\n [pid 1272] write(1, \"\\x7b\\x0a\", 2{\n ) = 2\n [pid 1272] write(1, \"\\x20\\x20\\x20\\x20\\x52\\x65\\x74\\x75\\x72\\x6e\\x56\\x61\\x6c\\x75\\x65\\x3d\\x74\\x72\\x75\\x65\\x0a\", 21 ReturnValue=true\n ) = 21\n [pid 1272] write(1, \"\\x20\\x20\\x20\\x20\\x52\\x65\\x74\\x75\\x72\\x6e\\x43\\x6f\\x64\\x65\\x3d\\x30\\x0a\", 17 ReturnCode=0\n ) = 17\n [pid 1272] write(1, \"\\x20\\x20\\x20\\x20\\x53\\x74\\x64\\x4f\\x75\\x74\\x3d\\x75\\x69\\x64\\x3d\\x30\\x28\\x72\\x6f\\x6f\\x74\\x29\\x20\\x67\\x69\\x64\\x3d\\x30\\x28\\x72\\x6f\\x6f\"..., 50 StdOut=uid=0(root) gid=0(root) groups=0(root)\n ) = 50\n [pid 1272] write(1, \"\\x0a\", 1\n ) = 1\n [pid 1272] write(1, \"\\x20\\x20\\x20\\x20\\x53\\x74\\x64\\x45\\x72\\x72\\x3d\\x0a\", 12 StdErr=\n ) = 12\n [pid 1272] write(1, \"\\x7d\\x0a\", 2}\n ) = 2\n [pid 1271] write(5, \"\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\", 8) = 8\n [pid 1272] close(6) = 0\n ...\n +++ exited with 0 +++\n \n\nBy following the `writev` calls, the standard exchange can be viewed. The frames starting with `\\x2f\\x7e\\xa8\\xb1` are [header frames](<https://github.com/microsoft/omi/blob/e4d72481fa2f805148c9c8f4d0183b3e2d7814a8/Unix/protocol/header.h#L31>). All of the data sent as part of the first request can be omitted, leaving the second which contains the command to execute within the binary structure. The results of the operating system command can be read from the socket, though they must be extracted from the binary response. The commands are executed within the context of a subshell.\n\nThis vulnerability can be exploited in the default configuration and was patched in version 1.6.8-1 which was [released](<https://github.com/microsoft/omi/releases/tag/v1.6.8-1>) on September 8th 2021.\n\nAssessed Attacker Value: 3 \nAssessed Attacker Value: 3Assessed Attacker Value: 5\n", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-09-15T00:00:00", "type": "attackerkb", "title": "CVE-2021-38648", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 4.6, "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-38645", "CVE-2021-38648", "CVE-2021-38649"], "modified": "2021-09-27T00:00:00", "id": "AKB:135864DA-C379-4CF4-A283-6C03BDA859D9", "href": "https://attackerkb.com/topics/VrYz48szMN/cve-2021-38648", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-05-23T17:21:00", "description": "Open Management Infrastructure Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2021-38645, CVE-2021-38648.\n\n \n**Recent assessments:** \n \nAssessed Attacker Value: 0 \nAssessed Attacker Value: 0Assessed Attacker Value: 0\n", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-09-15T00:00:00", "type": "attackerkb", "title": "CVE-2021-38649", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 4.6, "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-38645", "CVE-2021-38648", "CVE-2021-38649"], "modified": "2021-09-27T00:00:00", "id": "AKB:9AEB3380-7185-402B-B0D2-BE10A1E7F0D9", "href": "https://attackerkb.com/topics/7TgQlyluE2/cve-2021-38649", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-05-23T17:21:00", "description": "Open Management Infrastructure Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2021-38648, CVE-2021-38649.\n\n \n**Recent assessments:** \n \nAssessed Attacker Value: 0 \nAssessed Attacker Value: 0Assessed Attacker Value: 0\n", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-09-15T00:00:00", "type": "attackerkb", "title": "CVE-2021-38645", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 4.6, "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-38645", "CVE-2021-38648", "CVE-2021-38649"], "modified": "2021-09-27T00:00:00", "id": "AKB:9FA3DEAE-7284-4BC4-9B9E-31A739E6FABE", "href": "https://attackerkb.com/topics/u2ilzKORPG/cve-2021-38645", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}}], "mskb": [{"lastseen": "2023-05-19T10:47:38", "description": "None\n## Summary\n\nThis security update resolves Microsoft SharePoint Server spoofing vulnerabilities. To learn more about the vulnerabilities, see [Microsoft Common Vulnerabilities and Exposures CVE-2021-38651](<https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-38651>) and [Microsoft Common Vulnerabilities and Exposures CVE-2021-38652](<https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-38652>).\n\n**Note: **To apply this security update, you must have the release version of [Service Pack 1 for Microsoft SharePoint Foundation 2013 ](<http://support.microsoft.com/kb/2880551>)installed on the computer.\n\n## Improvements and fixes\n\nThis update contains fixes for the following nonsecurity issues:\n\n * Fixes an issue in which the Appinv.aspx page can't be displayed in an iFrame. After you apply this update, you can follow the steps that are provided in KB 5005546 to add the trusted domains to the **AllowIframeAppAuthorizePageDomains **in the farm to be able to display the Appinv.aspx page in an iFrame.\n * Fixes an issue in which Web Parts that depend on **WPProperty **don't work correctly. To enable the Web Parts to work, you have to also follow the steps that are provided in KB 5003528 to declare the affected .NET types to be allowed to access **WPProperty **in the Web.config file.\n\n## How to get and install the update\n\n### Method 1: Microsoft Update\n\nThis update is available from Microsoft Update. When you turn on automatic updating, this update will be downloaded and installed automatically. For more information about how to get security updates automatically, see [Windows Update: FAQ](<https://support.microsoft.com/help/12373/windows-update-faq>).\n\n### Method 2: Microsoft Update Catalog\n\nTo get the standalone package for this update, go to the [Microsoft Update Catalog](<http://www.catalog.update.microsoft.com/Search.aspx?q=KB5002024>) website.\n\n### Method 3: Microsoft Download Center\n\nYou can get the standalone update package through the Microsoft Download Center. Follow the installation instructions on the download page to install the update.\n\n * [Download security update 5002024 for the 64-bit version of SharePoint Foundation 2013](<http://www.microsoft.com/download/details.aspx?familyid=72430a0d-cdc6-45a1-a04d-9fac31ecf1b2>)\n\n## More information\n\n### Security update deployment information\n\nFor deployment information about this update, see Security update deployment information: September 14, 2021 (KB5005848).\n\n### Security update replacement information\n\nThis security update replaces previously released security update [5001992](<https://support.microsoft.com/kb/5001992>).\n\n### File hash information\n\nFile name| SHA256 hash \n---|--- \nsts2013-kb5002024-fullfile-x64-glb.exe| 348E118EDAB6B48B80C59B7CB21402BDDADBD0D579B9154E2A943984374623AF \n \n### File information\n\nThe English (United States) version of this software update installs files that have the attributes that are listed in the following table. The dates and times for these files are listed in Coordinated Universal Time (UTC). The dates and times for these files on your local computer are displayed in your local time together with your current daylight saving time (DST) bias. Additionally, the dates and times may change when you perform certain operations on the files.\n\n#### \n\n__\n\nFor all supported x64-based versions of SharePoint Foundation 2013\n\nFile identifier| File name| File version| File size| Date| Time \n---|---|---|---|---|--- \nmenu.debug.js| menu.debug.js| | 101574| 17-Aug-21| 08:19 \nmenu.htc| menu.htc| | 21872| 17-Aug-21| 08:19 \nmenu.js_0001| menu.js| | 51332| 17-Aug-21| 08:19 \nmenubar.htc| menubar.htc| | 13961| 17-Aug-21| 08:19 \nmquery.debug.js| mquery.debug.js| | 59856| 17-Aug-21| 08:19 \nmquery.js| mquery.js| | 22239| 17-Aug-21| 08:19 \nmquery.xml| mquery.xml| | 89| 17-Aug-21| 08:19 \noffline.debug.js| offline.debug.js| | 7585| 17-Aug-21| 08:19 \noffline.js| offline.js| | 3595| 17-Aug-21| 08:19 \nows.debug.js| ows.debug.js| | 511037| 17-Aug-21| 08:19 \nows.js| ows.js| | 265328| 17-Aug-21| 08:19 \nows.xml| ows.xml| | 85| 17-Aug-21| 08:19 \nowsbrows.debug.js| owsbrows.debug.js| | 9579| 17-Aug-21| 08:19 \nowsbrows.js| owsbrows.js| | 6113| 17-Aug-21| 08:19 \npickerhierarchycontrol.js| pickerhierarchycontrol.js| | 85910| 17-Aug-21| 08:19 \npivotcontrol.debug.js| pivotcontrol.debug.js| | 16089| 17-Aug-21| 08:19 \npivotcontrol.js| pivotcontrol.js| | 8700| 17-Aug-21| 08:19 \nquicklaunch.debug.js| quicklaunch.debug.js| | 130124| 17-Aug-21| 08:19 \nquicklaunch.js| quicklaunch.js| | 69543| 17-Aug-21| 08:19 \nquicklaunch.js.xml| quicklaunch.xml| | 120| 17-Aug-21| 08:19 \nradiobuttonwithchildren.js| radiobuttonwithchildren.js| | 3208| 17-Aug-21| 08:19 \nroamingapps.debug.js| roamingapps.debug.js| | 46291| 17-Aug-21| 08:19 \nroamingapps.js| roamingapps.js| | 19190| 17-Aug-21| 08:19 \nroamingapp.xml| roamingapps.xml| | 93| 17-Aug-21| 08:19 \nsharing.debug.js| sharing.debug.js| | 71639| 17-Aug-21| 08:19 \nsharing.js| sharing.js| | 27124| 17-Aug-21| 08:19 \nsharing.xml| sharing.xml| | 171| 17-Aug-21| 08:19 \nsiteupgrade.debug.js| siteupgrade.debug.js| | 1135| 17-Aug-21| 08:19 \nsiteupgrade.debug.js_14| siteupgrade.debug.js| | 1135| 17-Aug-21| 08:19 \nsiteupgrade.js| siteupgrade.js| | 808| 17-Aug-21| 08:19 \nsiteupgrade.js_14| siteupgrade.js| | 808| 17-Aug-21| 08:19 \nsp.core.debug.js| sp.core.debug.js| | 73924| 17-Aug-21| 08:19 \nsp.core.js| sp.core.js| | 40446| 17-Aug-21| 08:19 \nsp.core.xml| sp.core.xml| | 150| 17-Aug-21| 08:19 \nsp.datetimeutil.debug.js| sp.datetimeutil.debug.js| | 115909| 17-Aug-21| 08:19 \nsp.datetimeutil.debug.js.x64| sp.datetimeutil.debug.js| | 115909| 17-Aug-21| 08:19 \nsp.datetimeutil.js| sp.datetimeutil.js| | 69042| 17-Aug-21| 08:19 \nsp.datetimeutil.js.x64| sp.datetimeutil.js| | 69042| 17-Aug-21| 08:19 \nsp.datetimeutil.xml| sp.datetimeutil.xml| | 69| 17-Aug-21| 08:19 \nsp.debug.js| sp.debug.js| | 1003478| 17-Aug-21| 08:19 \nsp.debug.js.x64| sp.debug.js| | 1003478| 17-Aug-21| 08:19 \nsp.exp.debug.js| sp.exp.debug.js| | 40770| 17-Aug-21| 08:19 \nsp.exp.js| sp.exp.js| | 24528| 17-Aug-21| 08:19 \nsp.exp.xml| sp.exp.xml| | 48| 17-Aug-21| 08:19 \nsp.init.debug.js| sp.init.debug.js| | 55563| 17-Aug-21| 08:19 \nsp.init.js| sp.init.js| | 32205| 17-Aug-21| 08:19 \nsp.js| sp.js| | 625818| 17-Aug-21| 08:19 \nsp.js.x64| sp.js| | 625818| 17-Aug-21| 08:19 \nspmap.debug.js| sp.map.debug.js| | 15227| 17-Aug-21| 08:19 \nspmap.js| sp.map.js| | 8235| 17-Aug-21| 08:19 \nspmap.xml| sp.map.xml| | 65| 17-Aug-21| 08:19 \nsp.requestexecutor.debug.js| sp.requestexecutor.debug.js| | 81202| 17-Aug-21| 08:19 \nsp.requestexecutor.debug.js.x64| sp.requestexecutor.debug.js| | 81202| 17-Aug-21| 08:19 \nsp.requestexecutor.js| sp.requestexecutor.js| | 51541| 17-Aug-21| 08:19 \nsp.requestexecutor.js.x64| sp.requestexecutor.js| | 51541| 17-Aug-21| 08:19 \nsp.requestexecutor.xml| sp.requestexecutor.xml| | 46| 17-Aug-21| 08:19 \nsp.ribbon.debug.js| sp.ribbon.debug.js| | 363159| 17-Aug-21| 08:19 \nsp.ribbon.js| sp.ribbon.js| | 224039| 17-Aug-21| 08:19 \nsp.ribbon.xml| sp.ribbon.xml| | 321| 17-Aug-21| 08:19 \nsp.runtime.debug.js| sp.runtime.debug.js| | 185617| 17-Aug-21| 08:19 \nsp.runtime.debug.js.x64| sp.runtime.debug.js| | 185617| 17-Aug-21| 08:19 \nsp.runtime.js| sp.runtime.js| | 111493| 17-Aug-21| 08:19 \nsp.runtime.js.x64| sp.runtime.js| | 111493| 17-Aug-21| 08:19 \nsp.runtime.xml| sp.runtime.xml| | 46| 17-Aug-21| 08:19 \nsp.storefront.debug.js| sp.storefront.debug.js| | 425498| 17-Aug-21| 08:19 \nsp.storefront.js| sp.storefront.js| | 296609| 17-Aug-21| 08:19 \nsp.storefront.xml| sp.storefront.xml| | 346| 17-Aug-21| 08:19 \nsp.ui.admin.debug.js| sp.ui.admin.debug.js| | 18342| 17-Aug-21| 08:19 \nsp.ui.admin.js| sp.ui.admin.js| | 11378| 17-Aug-21| 08:19 \nsp.ui.allapps.debug.js| sp.ui.allapps.debug.js| | 42395| 17-Aug-21| 08:19 \nsp.ui.allapps.js| sp.ui.allapps.js| | 26257| 17-Aug-21| 08:19 \nsp.ui.applicationpages.calendar.debug.js| sp.ui.applicationpages.calendar.debug.js| | 277454| 17-Aug-21| 08:19 \nsp.ui.applicationpages.calendar.js| sp.ui.applicationpages.calendar.js| | 144914| 17-Aug-21| 08:19 \nsp.ui.applicationpages.calendar.xml| sp.ui.applicationpages.calendar.xml| | 225| 17-Aug-21| 08:19 \nsp.ui.applicationpages.debug.js| sp.ui.applicationpages.debug.js| | 10163| 17-Aug-21| 08:19 \nsp.ui.applicationpages.js| sp.ui.applicationpages.js| | 6953| 17-Aug-21| 08:19 \nsp.ui.applicationpages.xml| sp.ui.applicationpages.xml| | 213| 17-Aug-21| 08:19 \nsp.ui.bdcadminpages.debug.js| sp.ui.bdcadminpages.debug.js| | 16063| 17-Aug-21| 08:19 \nsp.ui.bdcadminpages.js| sp.ui.bdcadminpages.js| | 11315| 17-Aug-21| 08:19 \nspblogd.js| sp.ui.blogs.debug.js| | 50644| 17-Aug-21| 08:19 \nspblog.js| sp.ui.blogs.js| | 31017| 17-Aug-21| 08:19 \nsp.ui.blogs.xml| sp.ui.blogs.xml| | 94| 17-Aug-21| 08:19 \nsp.ui.combobox.debug.js| sp.ui.combobox.debug.js| | 99428| 17-Aug-21| 08:19 \nsp.ui.combobox.js| sp.ui.combobox.js| | 52107| 17-Aug-21| 08:19 \nsp.ui.combobox.xml| sp.ui.combobox.xml| | 54| 17-Aug-21| 08:19 \nsp.ui.controls.debug.js| sp.ui.controls.debug.js| | 55987| 17-Aug-21| 08:19 \nsp.ui.controls.js| sp.ui.controls.js| | 38359| 17-Aug-21| 08:19 \nsp.ui.dialog.debug.js| sp.ui.dialog.debug.js| | 69292| 17-Aug-21| 08:19 \nsp.ui.dialog.js| sp.ui.dialog.js| | 40375| 17-Aug-21| 08:19 \nsp.ui.dialog.xml| sp.ui.dialog.xml| | 90| 17-Aug-21| 08:19 \nspdiscd.js| sp.ui.discussions.debug.js| | 136506| 17-Aug-21| 08:19 \nspdisc.js| sp.ui.discussions.js| | 82216| 17-Aug-21| 08:19 \nsp.ui.discussions.xml| sp.ui.discussions.xml| | 94| 17-Aug-21| 08:19 \nspimgcd.js| sp.ui.imagecrop.debug.js| | 27973| 17-Aug-21| 08:19 \nspimgc.js| sp.ui.imagecrop.js| | 27973| 17-Aug-21| 08:19 \nspui_rid.js| sp.ui.relateditems.debug.js| | 28006| 17-Aug-21| 08:19 \nspui_ri.js| sp.ui.relateditems.js| | 17626| 17-Aug-21| 08:19 \nsp.ui.ri.xml| sp.ui.relateditems.xml| | 114| 17-Aug-21| 08:19 \nsp.ui.rte.debug.js| sp.ui.rte.debug.js| | 1012976| 17-Aug-21| 08:19 \nsp.ui.rte.js| sp.ui.rte.js| | 584834| 17-Aug-21| 08:19 \nsp.ui.rte.xml| sp.ui.rte.xml| | 74| 17-Aug-21| 08:19 \nsp.ui.tileview.debug.js| sp.ui.tileview.debug.js| | 65203| 17-Aug-21| 08:19 \nsp.ui.tileview.js| sp.ui.tileview.js| | 40240| 17-Aug-21| 08:19 \nsp.ui.tileview.xml| sp.ui.tileview.xml| | 129| 17-Aug-21| 08:19 \nspui_tld.js| sp.ui.timeline.debug.js| | 434522| 17-Aug-21| 08:19 \nspui_tl.js| sp.ui.timeline.js| | 240067| 17-Aug-21| 08:19 \nspstl.xml| sp.ui.timeline.xml| | 111| 17-Aug-21| 08:19 \nsp.xml| sp.xml| | 106| 17-Aug-21| 08:19 \nspgantt.debug.js| spgantt.debug.js| | 183484| 17-Aug-21| 08:19 \nspgantt.js| spgantt.js| | 66168| 17-Aug-21| 08:19 \nspgantt.xml| spgantt.xml| | 159| 17-Aug-21| 08:19 \nspgridview.debug.js| spgridview.debug.js| | 7321| 17-Aug-21| 08:19 \nspgridvw.js| spgridview.js| | 4593| 17-Aug-21| 08:19 \nspgridview.xml| spgridview.xml| | 92| 17-Aug-21| 08:19 \nstart.debug.js| start.debug.js| | 174744| 17-Aug-21| 08:19 \nstart.js| start.js| | 95780| 17-Aug-21| 08:19 \nstrings.xml| strings.xml| | 140| 17-Aug-21| 08:19 \nsuitelinks.debug.js| suitelinks.debug.js| | 32558| 17-Aug-21| 08:19 \nsuitelnk.js| suitelinks.js| | 13795| 17-Aug-21| 08:19 \nsuitelinks.xml| suitelinks.xml| | 134| 17-Aug-21| 08:19 \nsuitenav.js| suitenav.js| | 34319| 17-Aug-21| 08:19 \ntimecard.debug.js| timecard.debug.js| | 36906| 17-Aug-21| 08:19 \ntimecard.js| timecard.js| | 20888| 17-Aug-21| 08:19 \nwpadder.debug.js| wpadder.debug.js| | 49576| 17-Aug-21| 08:19 \nwpadder.js| wpadder.js| | 31031| 17-Aug-21| 08:19 \nwpcm.debug.js| wpcm.debug.js| | 6894| 17-Aug-21| 08:19 \nwpcm.js| wpcm.js| | 3509| 17-Aug-21| 08:19 \nmain.xsl| main.xsl| | 5791| 17-Aug-21| 08:19 \nallitems.asx_0086| allitems.aspx| | 2463| 17-Aug-21| 08:19 \ndispform.asx_0071| dispform.aspx| | 4190| 17-Aug-21| 08:19 \neditform.asx_0071| editform.aspx| | 4167| 17-Aug-21| 08:19 \nmyitems.asx_0008| myitems.aspx| | 2718| 17-Aug-21| 08:19 \nnewform.asx_0055| newform.aspx| | 4197| 17-Aug-21| 08:19 \nschema.xml_0012| schema.xml| | 253482| 17-Aug-21| 08:19 \nallitems.asx_0089| allitems.aspx| | 2463| 17-Aug-21| 08:19 \ndispform.asx_0083| dispform.aspx| | 4190| 17-Aug-21| 08:19 \neditform.asx_0083| editform.aspx| | 4167| 17-Aug-21| 08:19 \nmyitems.asx_0009| myitems.aspx| | 2718| 17-Aug-21| 08:19 \nnewform.asx_0062| newform.aspx| | 4197| 17-Aug-21| 08:19 \nschema.xml_0027| schema.xml| | 245825| 17-Aug-21| 08:19 \nmtgredir.asx_0001| mtgredir.aspx| | 1436| 17-Aug-21| 08:19 \nnewmws.asx| newmws.aspx| | 18858| 17-Aug-21| 08:19 \nmovetodt.asx| movetodt.aspx| | 3075| 17-Aug-21| 08:19 \nschema.xml_0079| schema.xml| | 79705| 17-Aug-21| 08:19 \nallitems.asx_0088| allitems.aspx| | 2463| 17-Aug-21| 08:19 \ndispform.asx_0082| dispform.aspx| | 4190| 17-Aug-21| 08:19 \neditform.asx_0082| editform.aspx| | 4167| 17-Aug-21| 08:19 \nnewform.asx_0061| newform.aspx| | 4197| 17-Aug-21| 08:19 \nschema.xml_0026| schema.xml| | 127795| 17-Aug-21| 08:19 \nallitems.asx_0087| allitems.aspx| | 2463| 17-Aug-21| 08:19 \ndispform.asx_0072| dispform.aspx| | 4190| 17-Aug-21| 08:19 \neditform.asx_0072| editform.aspx| | 4167| 17-Aug-21| 08:19 \nmanagea.asx| managea.aspx| | 2718| 17-Aug-21| 08:19 \nnewform.asx_0056| newform.aspx| | 5954| 17-Aug-21| 08:19 \nschema.xml_0021| schema.xml| | 255145| 17-Aug-21| 08:19 \ndefault.aspx_mps| default.aspx| | 4102| 17-Aug-21| 08:19 \nspstd1.asx_0004| spstd1.aspx| | 4134| 17-Aug-21| 08:19 \nallitems.asx_0032| allitems.aspx| | 2463| 17-Aug-21| 08:19 \ndispform.asx_0038| dispform.aspx| | 4190| 17-Aug-21| 08:19 \neditform.asx_0040| editform.aspx| | 4167| 17-Aug-21| 08:19 \nnewform.asx_0021| newform.aspx| | 4197| 17-Aug-21| 08:19 \nschema.xml_0039| schema.xml| | 42852| 17-Aug-21| 08:19 \nallitems.asx_0090| allitems.aspx| | 2463| 17-Aug-21| 08:19 \ndispform.asx_0084| dispform.aspx| | 4190| 17-Aug-21| 08:19 \neditform.asx_0084| editform.aspx| | 4167| 17-Aug-21| 08:19 \nmyitems.asx_0001| myitems.aspx| | 2718| 17-Aug-21| 08:19 \nnewform.asx_0063| newform.aspx| | 4197| 17-Aug-21| 08:19 \nschema.xml_0028| schema.xml| | 245557| 17-Aug-21| 08:19 \nschema.xml_0033| schema.xml| | 51432| 17-Aug-21| 08:19 \nonet.xml_mps| onet.xml| | 20985| 17-Aug-21| 08:19 \nnotif.clbk.typ.xml| notificationcallbacktypes.xml| | 1267| 17-Aug-21| 08:19 \nform.asp_pages_form| form.aspx| | 4065| 17-Aug-21| 08:19 \nview.asp_pages_viewpage| viewpage.aspx| | 2718| 17-Aug-21| 08:19 \nview.asp_pages_webfldr| webfldr.aspx| | 2521| 17-Aug-21| 08:19 \nresxscriptx.xsd| resxscriptx.xsd| | 1229| 17-Aug-21| 08:19 \nsvrfiles.xml| serverfiles.xml| | 213| 17-Aug-21| 08:19 \nshrulee.xsd| sitehealthruleregistrationerror.xsd| | 1909| 17-Aug-21| 08:19 \nshrulew.xsd| sitehealthruleregistrationwarning.xsd| | 1911| 17-Aug-21| 08:19 \nsitehcwss.xml| sitehealthwssrules.xml| | 1010| 17-Aug-21| 08:19 \nsitehcwss.xml_14| sitehealthwssrules.xml| | 1010| 17-Aug-21| 08:19 \nspkvp.xsd| spkeyvaluepairs.xsd| | 1727| 17-Aug-21| 08:19 \nspmtlprm.xsd| spmetalparameters.xsd| | 3857| 17-Aug-21| 08:19 \nappmng.sql| appmng.sql| | 289219| 17-Aug-21| 08:19 \nappmngup.sql| appmngup.sql| | 282966| 17-Aug-21| 08:19 \nbdc.sql| bdc.sql| | 558446| 17-Aug-21| 08:19 \nconfigdb.sql| configdb.sql| | 189484| 17-Aug-21| 08:19 \nconfigup.sql| configup.sql| | 48486| 17-Aug-21| 08:19 \ncfgupddl.sql| configupddl.sql| | 131| 17-Aug-21| 08:19 \nusgdiag.sql| diagnostics.sql| | 19977| 17-Aug-21| 08:19 \nsigcfg.cer| sigconfigdb.cer| | 689| 17-Aug-21| 08:19 \nsigcfg.dll| sigconfigdb.dll| | 8832| 17-Aug-21| 08:19 \nsigstore.cer| sigstore.cer| | 689| 17-Aug-21| 08:19 \nsigstore.dll| sigstore.dll| | 8816| 17-Aug-21| 08:19 \nstore.sql| store.sql| | 6504340| 17-Aug-21| 08:19 \nstoreup.sql| storeup.sql| | 512275| 17-Aug-21| 08:19 \nstoupddl.sql| storeupddl.sql| | 131| 17-Aug-21| 08:19 \nsubscr.sql| subscriptionsettings.sql| | 33788| 17-Aug-21| 08:19 \nusagedb.sql| usagedb.sql| | 81583| 17-Aug-21| 08:19 \nusgdbup.sql| usgdbup.sql| | 81392| 17-Aug-21| 08:19 \naddbact.asx| addbdcaction.aspx| | 13019| 17-Aug-21| 08:19 \naddbapp.asx| addbdcapplication.aspx| | 9266| 17-Aug-21| 08:19 \naddiurl.asx| addincomingurl.aspx| | 4473| 17-Aug-21| 08:19 \nadmin.smp| admin.sitemap| | 15577| 17-Aug-21| 08:19 \nadmcfgc.asx| adminconfigceip.aspx| | 7764| 17-Aug-21| 08:19 \nadmcfgi.asx| adminconfigintro.aspx| | 8689| 17-Aug-21| 08:19 \nadmcfgr.asx| adminconfigresults.aspx| | 5038| 17-Aug-21| 08:19 \nadmcfgs.asx| adminconfigservices.aspx| | 9937| 17-Aug-21| 08:19 \nadmcfgsr.asx| adminconfigservicesresults.aspx| | 4998| 17-Aug-21| 08:19 \nadminweb.cfg| adminweb.config| | 899| 17-Aug-21| 08:19 \nallappprincipals.asx| allappprincipals.aspx| | 6808| 17-Aug-21| 08:19 \nalturls.asx| alternateurlcollections.aspx| | 7122| 17-Aug-21| 08:19 \nappassoc.asx| applicationassociations.aspx| | 5259| 17-Aug-21| 08:19 \nappasdlg.asx| applicationassociationsdialog.aspx| | 3519| 17-Aug-21| 08:19 \nappcreat.asx| applicationcreated.aspx| | 4106| 17-Aug-21| 08:19 \nauthen.asx| authentication.aspx| | 13828| 17-Aug-21| 08:19 \nauthprov.asx| authenticationproviders.aspx| | 4939| 17-Aug-21| 08:19 \navadmin.asx| avadmin.aspx| | 9653| 17-Aug-21| 08:19 \nbackup.asx| backup.aspx| | 15389| 17-Aug-21| 08:19 \nbackhis.asx| backuphistory.aspx| | 20577| 17-Aug-21| 08:19 \nbackset.asx| backupsettings.aspx| | 8689| 17-Aug-21| 08:19 \nbackupst.asx| backupstatus.aspx| | 10643| 17-Aug-21| 08:19 \nbdcapps.asx| bdcapplications.aspx| | 14415| 17-Aug-21| 08:19 \nbdclobs.asx| bdclobsettings.aspx| | 7037| 17-Aug-21| 08:19 \nblkftyp.asx| blockedfiletype.aspx| | 4045| 17-Aug-21| 08:19 \ncaaapplm.asx| ca_allapplicensesmanagement.aspx| | 8267| 17-Aug-21| 08:19 \ncasapplm.asx| ca_specificapplicensemanagement.aspx| | 29344| 17-Aug-21| 08:19 \ncntdbadm.asx| cntdbadm.aspx| | 6042| 17-Aug-21| 08:19 \nconfgssc.asx| configssc.aspx| | 22075| 17-Aug-21| 08:19 \nconfgapp.asx| configureappsettings.aspx| | 7246| 17-Aug-21| 08:19 \ncreatecorpcatalog.asx| createcorporatecatalog.aspx| | 18174| 17-Aug-21| 08:19 \ncreatexu.asx| createexternalurl.aspx| | 4182| 17-Aug-21| 08:19 \ncreatsit.asx| createsite.aspx| | 17064| 17-Aug-21| 08:19 \ndbstats.asx| databasestatus.aspx| | 5023| 17-Aug-21| 08:19 \ndeacfadm.asx| deactivatefeature.aspx| | 3184| 17-Aug-21| 08:19 \ndftcntdb.asx| defaultcontentdb.aspx| | 6455| 17-Aug-21| 08:19 \ndelstcfg.asx| deletesiteconfig.aspx| | 12279| 17-Aug-21| 08:19 \ndelapp.asx| deletewebapplication.aspx| | 6619| 17-Aug-21| 08:19 \ndelsite.asx| delsite.aspx| | 7267| 17-Aug-21| 08:19 \ndplysoln.asx| deploysolution.aspx| | 10122| 17-Aug-21| 08:19 \ndmscmd.aspx| dmscmd.aspx| | 5593| 17-Aug-21| 08:19 \ndtcusta.asx| doctrancustomizeadmin.aspx| | 7789| 17-Aug-21| 08:19 \ndoctrana.asx| doctransadmin.aspx| | 7797| 17-Aug-21| 08:19 \ndspset.asx| dspsettings.aspx| | 14863| 17-Aug-21| 08:19 \neditacct.asx| editaccount.aspx| | 18305| 17-Aug-21| 08:19 \neditbact.asx| editbdcaction.aspx| | 12661| 17-Aug-21| 08:19 \neditiurl.asx| editincomingurl.aspx| | 4683| 17-Aug-21| 08:19 \neditourl.asx| editoutboundurls.aspx| | 7203| 17-Aug-21| 08:19 \nexpbapp.asx| exportbdcapplication.aspx| | 8043| 17-Aug-21| 08:19 \nextendvs.asx| extendvs.aspx| | 7113| 17-Aug-21| 08:19 \nextvsopt.asx| extendvsoption.aspx| | 5077| 17-Aug-21| 08:19 \nextwebfm.asx| extendwebfarm.aspx| | 5418| 17-Aug-21| 08:19 \nfarmjoin.asx| farmconfigjoinintro.aspx| | 8354| 17-Aug-21| 08:19 \nfarmcred.asx| farmcredentialmanagement.aspx| | 7541| 17-Aug-21| 08:19 \nfarmsvrs.asx| farmservers.aspx| | 4910| 17-Aug-21| 08:19 \ngemlcnfg.asx| globalemailconfig.aspx| | 8560| 17-Aug-21| 08:19 \ngmobcnfg.asx| globalxmsconfig.aspx| | 8407| 17-Aug-21| 08:19 \nhealrepo.asx| healthreport.aspx| | 6265| 17-Aug-21| 08:19 \nhtadmin.asx| htmltransadmin.aspx| | 10141| 17-Aug-21| 08:19 \nincemail.asx| incomingemail.aspx| | 22300| 17-Aug-21| 08:19 \nirmadmin.asx| irmadmin.aspx| | 8837| 17-Aug-21| 08:19 \njobedit.asx| jobedit.aspx| | 8303| 17-Aug-21| 08:19 \nlogusage.asx| logusage.aspx| | 14424| 17-Aug-21| 08:19 \nlropsta.asx| lroperationstatus.aspx| | 4915| 17-Aug-21| 08:19 \nmgbdcper.asx| managebdcpermissions.aspx| | 5485| 17-Aug-21| 08:19 \nmgbdcapp.asx| managebdcserviceapp.aspx| | 6684| 17-Aug-21| 08:19 \nmgappinf.asx| managebdcserviceappstateinfo.aspx| | 4613| 17-Aug-21| 08:19 \nmngcorpcatalog.asx| managecorporatecatalog.aspx| | 9289| 17-Aug-21| 08:19 \nmngaccts.asx| managedaccounts.aspx| | 5952| 17-Aug-21| 08:19 \nmngffeat.asx| managefarmfeatures.aspx| | 3273| 17-Aug-21| 08:19 \nmktplset.asx| managemarketplacesettings.aspx| | 7972| 17-Aug-21| 08:19 \nmngqtmpl.asx| managequotatemplate.aspx| | 18002| 17-Aug-21| 08:19 \nmngsftru.asx| manageservicefarmtrust.aspx| | 4743| 17-Aug-21| 08:19 \nmngtrust.asx| managetrust.aspx| | 6911| 17-Aug-21| 08:19 \nmngwfeat.asx| managewebappfeatures.aspx| | 4334| 17-Aug-21| 08:19 \nmetrics.asx| metrics.aspx| | 15273| 17-Aug-21| 08:19 \nadmin.mas| admin.master| | 29828| 17-Aug-21| 08:19 \nappascvw.asc| applicationassociationsview.ascx| | 4379| 17-Aug-21| 08:19 \napppool.asc| applicationpoolsection.ascx| | 8668| 17-Aug-21| 08:19 \nbsqmopt.asc| browserceipsection.ascx| | 2776| 17-Aug-21| 08:19 \ncerstsec.asc| certificatesettingsection.ascx| | 10758| 17-Aug-21| 08:19 \ncntdbsec.asc| contentdatabasesection.ascx| | 7964| 17-Aug-21| 08:19 \nidprosec.asc| identityprovidersettingsection.ascx| | 16007| 17-Aug-21| 08:19 \niiswsapp.asc| iiswebserviceapplicationpoolsection.ascx| | 8772| 17-Aug-21| 08:19 \niiswbste.asc| iiswebsitesection.ascx| | 14966| 17-Aug-21| 08:19 \npopup.mas| popup.master| | 3088| 17-Aug-21| 08:19 \nproxysel.asx| proxyselectionsection.ascx| | 5393| 17-Aug-21| 08:19 \nregacctl.asc| registeraccountcontrol.ascx| | 10073| 17-Aug-21| 08:19 \nrunjobs.asc| runningtimerjobs.ascx| | 4696| 17-Aug-21| 08:19 \nschedjob.asc| scheduledtimerjobs.ascx| | 3583| 17-Aug-21| 08:19 \ntjobhist.asc| timerjobhistory.ascx| | 5114| 17-Aug-21| 08:19 \ntopology.asc| topologyview.ascx| | 4091| 17-Aug-21| 08:19 \ntstgesec.asc| trustgeneralsettingsection.ascx| | 3656| 17-Aug-21| 08:19 \nnewappmngsvcapp.asx| newappmngserviceapp.aspx| | 6664| 17-Aug-21| 08:19 \nnewcntdb.asx| newcntdb.aspx| | 7208| 17-Aug-21| 08:19 \nofadmin.asx| officialfileadmin.aspx| | 13569| 17-Aug-21| 08:19 \noldcntdb.asx| oldcntdb.aspx| | 13658| 17-Aug-21| 08:19 \nowners.asx| owners.aspx| | 5602| 17-Aug-21| 08:19 \npwdset.asx| passwordsettings.aspx| | 8443| 17-Aug-21| 08:19 \npatchstt.asx| patchstatus.aspx| | 7285| 17-Aug-21| 08:19 \npolc.asx| policy.aspx| | 14387| 17-Aug-21| 08:19 \npolcanon.asx| policyanon.aspx| | 7109| 17-Aug-21| 08:19 \npolcrl.asx| policyrole.aspx| | 116092| 17-Aug-21| 08:19 \npolcrle.asx| policyroleedit.aspx| | 116100| 17-Aug-21| 08:19 \npolcrls.asx| policyroles.aspx| | 10688| 17-Aug-21| 08:19 \npolcusr.asx| policyuser.aspx| | 10142| 17-Aug-21| 08:19 \npolcusre.asx| policyuseredit.aspx| | 12411| 17-Aug-21| 08:19 \nprivacy.asx| privacy.aspx| | 8269| 17-Aug-21| 08:19 \nmicrosoft.cobaltcore.dll| microsoft.cobaltcore.dll| 15.0.4991.1000| 1211112| 17-Aug-21| 08:18 \ncsisrv.dll| csisrv.dll| 15.0.5233.1000| 1410656| 17-Aug-21| 08:19 \ncsisrvexe.exe| csisrvexe.exe| 15.0.5233.1000| 203664| 17-Aug-21| 08:19 \nonfda.dll| onfda.dll| 15.0.5233.1000| 2151312| 17-Aug-21| 08:19 \njsapiextensibilitymanager.debug.js| jsapiextensibilitymanager.debug.js| | 20163| 17-Aug-21| 08:19 \nganttsharepointapishim.generated.debug.js| ganttapishim.generated.debug.js| | 6812| 17-Aug-21| 08:19 \nganttsharedapi.generated.debug.js| ganttsharedapi.generated.debug.js| | 4617| 17-Aug-21| 08:19 \ntimelinesharepointapishim.generated.debug.js| timelineapishim.generated.debug.js| | 1842| 17-Aug-21| 08:19 \ntimelinesharedapi.generated.debug.js| timelinesharedapi.generated.debug.js| | 3420| 17-Aug-21| 08:19 \nmsoidclil.dll| msoidclil.dll| 7.250.4556.0| 1446248| 17-Aug-21| 08:18 \nmsoidclil.dll.x64| msoidclil.dll| 7.250.4556.0| 1446248| 17-Aug-21| 08:18 \nmsoidres.dll| msoidres.dll| 7.250.4556.0| 830864| 17-Aug-21| 08:18 \nmsoidres.dll.x64| msoidres.dll| 7.250.4556.0| 830864| 17-Aug-21| 08:18 \nmsoidclil.dll| msoidclil.dll| 7.250.4556.0| 1220456| 17-Aug-21| 08:18 \nmsoidclil.dll.x86| msoidclil.dll| 7.250.4556.0| 1220456| 17-Aug-21| 08:18 \nmsoidres.dll| msoidres.dll| 7.250.4556.0| 830864| 17-Aug-21| 08:18 \nmsoidres.dll.x86| msoidres.dll| 7.250.4556.0| 830864| 17-Aug-21| 08:18 \ncompat.bro| compat.browser| | 14781| 17-Aug-21| 08:19 \nmicrosoft.naturallanguage.keywordextraction.resources.en.dll| microsoft.naturallanguage.keywordextraction.resources.dll| 15.0.5363.1000| 2745760| 17-Aug-21| 08:18 \ndevdash15.png| devdash15.png| | 699| 18-Aug-21| 08:24 \ndevsitegettingstarted.png| devsitegettingstarted.png| | 4798| 18-Aug-21| 08:24 \ngettingstarted.png| gettingstarted.png| | 4260| 18-Aug-21| 08:24 \ngettingstartedwithappcatalogsite.png| gettingstartedwithappcatalogsite.png| | 1518| 18-Aug-21| 08:24 \nspcommon.png| spcommon.png| | 19434| 18-Aug-21| 08:24 \nspimn.png| spimn.png| | 4248| 18-Aug-21| 08:24 \nspnav.png| spnav.png| | 651| 18-Aug-21| 08:24 \nsproaming.png| sproaming.png| | 8717| 18-Aug-21| 08:24 \nspstorefront.png| spstorefront.png| | 4785| 18-Aug-21| 08:24 \nspstorefrontbkg.png| spstorefrontbkg.png| | 239| 18-Aug-21| 08:24 \nacatrb16.png| stsappcatalogribbon16x16.png| | 475| 18-Aug-21| 08:24 \nacatrb32.png| stsappcatalogribbon32x32.png| | 790| 18-Aug-21| 08:24 \nattach16.png| attach16.png| | 261| 18-Aug-21| 08:24 \nwac.livebooks.notetags.intl.112_16_n.png_1025| 112_16_n.16x16x32.png| | 261| 18-Aug-21| 08:24 \nwac.livebooks.notetags.intl.112_16_n.png_1026| 112_16_n.16x16x32.png| | 261| 18-Aug-21| 08:24 \nwac.livebooks.notetags.intl.112_16_n.png_1027| 112_16_n.16x16x32.png| | 261| 18-Aug-21| 08:24 \nwac.livebooks.notetags.intl.112_16_n.png_1028| 112_16_n.16x16x32.png| | 261| 18-Aug-21| 08:24 \nwac.livebooks.notetags.intl.112_16_n.png_1029| 112_16_n.16x16x32.png| | 261| 18-Aug-21| 08:24 \nwac.livebooks.notetags.intl.112_16_n.png_1030| 112_16_n.16x16x32.png| | 261| 18-Aug-21| 08:24 \nwac.livebooks.notetags.intl.112_16_n.png_1031| 112_16_n.16x16x32.png| | 261| 18-Aug-21| 08:24 \nwac.livebooks.notetags.intl.112_16_n.png_1032| 112_16_n.16x16x32.png| | 261| 18-Aug-21| 08:24 \nwac.livebooks.notetags.intl.112_16_n.png_1033| 112_16_n.16x16x32.png| | 261| 18-Aug-21| 08:24 \nwac.livebooks.notetags.intl.112_16_n.png_1035| 112_16_n.16x16x32.png| | 261| 18-Aug-21| 08:24 \nwac.livebooks.notetags.intl.112_16_n.png_1036| 112_16_n.16x16x32.png| | 261| 18-Aug-21| 08:24 \nwac.livebooks.notetags.intl.112_16_n.png_1037| 112_16_n.16x16x32.png| | 261| 18-Aug-21| 08:24 \nwac.livebooks.notetags.intl.112_16_n.png_1038| 112_16_n.16x16x32.png| | 261| 18-Aug-21| 08:24 \nwac.livebooks.notetags.intl.112_16_n.png_1040| 112_16_n.16x16x32.png| | 261| 18-Aug-21| 08:24 \nwac.livebooks.notetags.intl.112_16_n.png_1041| 112_16_n.16x16x32.png| | 261| 18-Aug-21| 08:24 \nwac.livebooks.notetags.intl.112_16_n.png_1042| 112_16_n.16x16x32.png| | 261| 18-Aug-21| 08:24 \nwac.livebooks.notetags.intl.112_16_n.png_1043| 112_16_n.16x16x32.png| | 261| 18-Aug-21| 08:24 \nwac.livebooks.notetags.intl.112_16_n.png_1044| 112_16_n.16x16x32.png| | 261| 18-Aug-21| 08:24 \nwac.livebooks.notetags.intl.112_16_n.png_1045| 112_16_n.16x16x32.png| | 261| 18-Aug-21| 08:24 \nwac.livebooks.notetags.intl.112_16_n.png_1046| 112_16_n.16x16x32.png| | 261| 18-Aug-21| 08:24 \nwac.livebooks.notetags.intl.112_16_n.png_1048| 112_16_n.16x16x32.png| | 261| 18-Aug-21| 08:24 \nwac.livebooks.notetags.intl.112_16_n.png_1049| 112_16_n.16x16x32.png| | 261| 18-Aug-21| 08:24 \nwac.livebooks.notetags.intl.112_16_n.png_1050| 112_16_n.16x16x32.png| | 261| 18-Aug-21| 08:24 \nwac.livebooks.notetags.intl.112_16_n.png_1051| 112_16_n.16x16x32.png| | 261| 18-Aug-21| 08:24 \nwac.livebooks.notetags.intl.112_16_n.png_1053| 112_16_n.16x16x32.png| | 261| 18-Aug-21| 08:24 \nwac.livebooks.notetags.intl.112_16_n.png_1054| 112_16_n.16x16x32.png| | 261| 18-Aug-21| 08:24 \nwac.livebooks.notetags.intl.112_16_n.png_1055| 112_16_n.16x16x32.png| | 261| 18-Aug-21| 08:24 \nwac.livebooks.notetags.intl.112_16_n.png_1057| 112_16_n.16x16x32.png| | 261| 18-Aug-21| 08:24 \nwac.livebooks.notetags.intl.112_16_n.png_1058| 112_16_n.16x16x32.png| | 261| 18-Aug-21| 08:24 \nwac.livebooks.notetags.intl.112_16_n.png_1060| 112_16_n.16x16x32.png| | 261| 18-Aug-21| 08:24 \nwac.livebooks.notetags.intl.112_16_n.png_1061| 112_16_n.16x16x32.png| | 261| 18-Aug-21| 08:24 \nwac.livebooks.notetags.intl.112_16_n.png_1062| 112_16_n.16x16x32.png| | 261| 18-Aug-21| 08:24 \nwac.livebooks.notetags.intl.112_16_n.png_1063| 112_16_n.16x16x32.png| | 261| 18-Aug-21| 08:24 \nwac.livebooks.notetags.intl.112_16_n.png_1066| 112_16_n.16x16x32.png| | 261| 18-Aug-21| 08:24 \nwac.livebooks.notetags.intl.112_16_n.png_1069| 112_16_n.16x16x32.png| | 261| 18-Aug-21| 08:24 \nwac.livebooks.notetags.intl.112_16_n.png_1071| 112_16_n.16x16x32.png| | 261| 18-Aug-21| 08:24 \nwac.livebooks.notetags.intl.112_16_n.png_1081| 112_16_n.16x16x32.png| | 261| 18-Aug-21| 08:24 \nwac.livebooks.notetags.intl.112_16_n.png_1086| 112_16_n.16x16x32.png| | 261| 18-Aug-21| 08:24 \nwac.livebooks.notetags.intl.112_16_n.png_1087| 112_16_n.16x16x32.png| | 261| 18-Aug-21| 08:24 \nwac.livebooks.notetags.intl.112_16_n.png_1106| 112_16_n.16x16x32.png| | 261| 18-Aug-21| 08:24 \nwac.livebooks.notetags.intl.112_16_n.png_1110| 112_16_n.16x16x32.png| | 261| 18-Aug-21| 08:24 \nwac.livebooks.notetags.intl.112_16_n.png_2052| 112_16_n.16x16x32.png| | 261| 18-Aug-21| 08:24 \nwac.livebooks.notetags.intl.112_16_n.png_2070| 112_16_n.16x16x32.png| | 261| 18-Aug-21| 08:24 \nwac.livebooks.notetags.intl.112_16_n.png_2074| 112_16_n.16x16x32.png| | 261| 18-Aug-21| 08:24 \nwac.livebooks.notetags.intl.112_16_n.png_2108| 112_16_n.16x16x32.png| | 261| 18-Aug-21| 08:24 \nwac.livebooks.notetags.intl.112_16_n.png_3082| 112_16_n.16x16x32.png| | 261| 18-Aug-21| 08:24 \nwac.livebooks.notetags.intl.112_16_n.png_3098| 112_16_n.16x16x32.png| | 261| 18-Aug-21| 08:24 \nmb_taskhome.png| mb_taskhome.png| | 266| 18-Aug-21| 08:24 \nwac.livebooks.notetags.intl.23_16_n.png_1025| 23_16_n.16x16x32.png| | 266| 18-Aug-21| 08:24 \nwac.livebooks.notetags.intl.23_16_n.png_1026| 23_16_n.16x16x32.png| | 266| 18-Aug-21| 08:24 \nwac.livebooks.notetags.intl.23_16_n.png_1027| 23_16_n.16x16x32.png| | 266| 18-Aug-21| 08:24 \nwac.livebooks.notetags.intl.23_16_n.png_1028| 23_16_n.16x16x32.png| | 266| 18-Aug-21| 08:24 \nwac.livebooks.notetags.intl.23_16_n.png_1029| 23_16_n.16x16x32.png| | 266| 18-Aug-21| 08:24 \nwac.livebooks.notetags.intl.23_16_n.png_1030| 23_16_n.16x16x32.png| | 266| 18-Aug-21| 08:24 \nwac.livebooks.notetags.intl.23_16_n.png_1031| 23_16_n.16x16x32.png| | 266| 18-Aug-21| 08:24 \nwac.livebooks.notetags.intl.23_16_n.png_1032| 23_16_n.16x16x32.png| | 266| 18-Aug-21| 08:24 \nwac.livebooks.notetags.intl.23_16_n.png_1033| 23_16_n.16x16x32.png| | 266| 18-Aug-21| 08:24 \nwac.livebooks.notetags.intl.23_16_n.png_1035| 23_16_n.16x16x32.png| | 266| 18-Aug-21| 08:24 \nwac.livebooks.notetags.intl.23_16_n.png_1036| 23_16_n.16x16x32.png| | 266| 18-Aug-21| 08:24 \nwac.livebooks.notetags.intl.23_16_n.png_1037| 23_16_n.16x16x32.png| | 266| 18-Aug-21| 08:24 \nwac.livebooks.notetags.intl.23_16_n.png_1038| 23_16_n.16x16x32.png| | 266| 18-Aug-21| 08:24 \nwac.livebooks.notetags.intl.23_16_n.png_1040| 23_16_n.16x16x32.png| | 266| 18-Aug-21| 08:24 \nwac.livebooks.notetags.intl.23_16_n.png_1041| 23_16_n.16x16x32.png| | 266| 18-Aug-21| 08:24 \nwac.livebooks.notetags.intl.23_16_n.png_1042| 23_16_n.16x16x32.png| | 266| 18-Aug-21| 08:24 \nwac.livebooks.notetags.intl.23_16_n.png_1043| 23_16_n.16x16x32.png| | 266| 18-Aug-21| 08:24 \nwac.livebooks.notetags.intl.23_16_n.png_1044| 23_16_n.16x16x32.png| | 266| 18-Aug-21| 08:24 \nwac.livebooks.notetags.intl.23_16_n.png_1045| 23_16_n.16x16x32.png| | 266| 18-Aug-21| 08:24 \nwac.livebooks.notetags.intl.23_16_n.png_1046| 23_16_n.16x16x32.png| | 266| 18-Aug-21| 08:24 \nwac.livebooks.notetags.intl.23_16_n.png_1048| 23_16_n.16x16x32.png| | 266| 18-Aug-21| 08:24 \nwac.livebooks.notetags.intl.23_16_n.png_1049| 23_16_n.16x16x32.png| | 266| 18-Aug-21| 08:24 \nwac.livebooks.notetags.intl.23_16_n.png_1050| 23_16_n.16x16x32.png| | 266| 18-Aug-21| 08:24 \nwac.livebooks.notetags.intl.23_16_n.png_1051| 23_16_n.16x16x32.png| | 266| 18-Aug-21| 08:24 \nwac.livebooks.notetags.intl.23_16_n.png_1053| 23_16_n.16x16x32.png| | 266| 18-Aug-21| 08:24 \nwac.livebooks.notetags.intl.23_16_n.png_1054| 23_16_n.16x16x32.png| | 266| 18-Aug-21| 08:24 \nwac.livebooks.notetags.intl.23_16_n.png_1055| 23_16_n.16x16x32.png| | 266| 18-Aug-21| 08:24 \nwac.livebooks.notetags.intl.23_16_n.png_1057| 23_16_n.16x16x32.png| | 266| 18-Aug-21| 08:24 \nwac.livebooks.notetags.intl.23_16_n.png_1058| 23_16_n.16x16x32.png| | 266| 18-Aug-21| 08:24 \nwac.livebooks.notetags.intl.23_16_n.png_1060| 23_16_n.16x16x32.png| | 266| 18-Aug-21| 08:24 \nwac.livebooks.notetags.intl.23_16_n.png_1061| 23_16_n.16x16x32.png| | 266| 18-Aug-21| 08:24 \nwac.livebooks.notetags.intl.23_16_n.png_1062| 23_16_n.16x16x32.png| | 266| 18-Aug-21| 08:24 \nwac.livebooks.notetags.intl.23_16_n.png_1063| 23_16_n.16x16x32.png| | 266| 18-Aug-21| 08:24 \nwac.livebooks.notetags.intl.23_16_n.png_1066| 23_16_n.16x16x32.png| | 266| 18-Aug-21| 08:24 \nwac.livebooks.notetags.intl.23_16_n.png_1069| 23_16_n.16x16x32.png| | 266| 18-Aug-21| 08:24 \nwac.livebooks.notetags.intl.23_16_n.png_1071| 23_16_n.16x16x32.png| | 266| 18-Aug-21| 08:24 \nwac.livebooks.notetags.intl.23_16_n.png_1081| 23_16_n.16x16x32.png| | 266| 18-Aug-21| 08:24 \nwac.livebooks.notetags.intl.23_16_n.png_1086| 23_16_n.16x16x32.png| | 266| 18-Aug-21| 08:24 \nwac.livebooks.notetags.intl.23_16_n.png_1087| 23_16_n.16x16x32.png| | 266| 18-Aug-21| 08:24 \nwac.livebooks.notetags.intl.23_16_n.png_1106| 23_16_n.16x16x32.png| | 266| 18-Aug-21| 08:24 \nwac.livebooks.notetags.intl.23_16_n.png_1110| 23_16_n.16x16x32.png| | 266| 18-Aug-21| 08:24 \nwac.livebooks.notetags.intl.23_16_n.png_2052| 23_16_n.16x16x32.png| | 266| 18-Aug-21| 08:24 \nwac.livebooks.notetags.intl.23_16_n.png_2070| 23_16_n.16x16x32.png| | 266| 18-Aug-21| 08:24 \nwac.livebooks.notetags.intl.23_16_n.png_2074| 23_16_n.16x16x32.png| | 266| 18-Aug-21| 08:24 \nwac.livebooks.notetags.intl.23_16_n.png_2108| 23_16_n.16x16x32.png| | 266| 18-Aug-21| 08:24 \nwac.livebooks.notetags.intl.23_16_n.png_3082| 23_16_n.16x16x32.png| | 266| 18-Aug-21| 08:24 \nwac.livebooks.notetags.intl.23_16_n.png_3098| 23_16_n.16x16x32.png| | 266| 18-Aug-21| 08:24 \nsz256_icaccdb.png| 256_icaccdb.png| | 3163| 18-Aug-21| 08:24 \nsz256_icdocm.png| 256_icdocm.png| | 4691| 18-Aug-21| 08:24 \nsz256_icdocx.png| 256_icdocx.png| | 3496| 18-Aug-21| 08:24 \nsz256_icdotm.png| 256_icdotm.png| | 4571| 18-Aug-21| 08:24 \nsz256_icdotx.png| 256_icdotx.png| | 3286| 18-Aug-21| 08:24 \nsz256_icmpd.png| 256_icmpd.png| | 2843| 18-Aug-21| 08:24 \nsz256_icmpp.png| 256_icmpp.png| | 2920| 18-Aug-21| 08:24 \nsz256_icmpt.png| 256_icmpt.png| | 2840| 18-Aug-21| 08:24 \nsz256_icnotebk.png| 256_icnotebk.png| | 2801| 18-Aug-21| 08:24 \nsz256_icodp.png| 256_icodp.png| | 4326| 18-Aug-21| 08:24 \nsz256_icods.png| 256_icods.png| | 4778| 18-Aug-21| 08:24 \nsz256_icodt.png| 256_icodt.png| | 4894| 18-Aug-21| 08:24 \nsz256_icone.png| 256_icone.png| | 2553| 18-Aug-21| 08:24 \nsz256_iconp.png| 256_iconp.png| | 2601| 18-Aug-21| 08:24 \nsz256_icont.png| 256_icont.png| | 2801| 18-Aug-21| 08:24 \nsz256_icpotm.png| 256_icpotm.png| | 4812| 18-Aug-21| 08:24 \nsz256_icpotx.png| 256_icpotx.png| | 3571| 18-Aug-21| 08:24 \nsz256_icpps.png| 256_icpps.png| | 4436| 18-Aug-21| 08:24 \nsz256_icppsm.png| 256_icppsm.png| | 5074| 18-Aug-21| 08:24 \nsz256_icppsx.png| 256_icppsx.png| | 3888| 18-Aug-21| 08:24 \nsz256_icpptm.png| 256_icpptm.png| | 4916| 18-Aug-21| 08:24 \nsz256_icpptx.png| 256_icpptx.png| | 3721| 18-Aug-21| 08:24 \nsz256_icpub.png| 256_icpub.png| | 2844| 18-Aug-21| 08:24 \nsz256_icvdx.png| 256_icvdx.png| | 4317| 18-Aug-21| 08:24 \nsz256_icvsx.png| 256_icvsx.png| | 2932| 18-Aug-21| 08:24 \nsz256_icvtx.png| 256_icvtx.png| | 4256| 18-Aug-21| 08:24 \nsz256_icxlsb.png| 256_icxlsb.png| | 3236| 18-Aug-21| 08:24 \nsz256_icxlsm.png| 256_icxlsm.png| | 4694| 18-Aug-21| 08:24 \nsz256_icxltm.png| 256_icxltm.png| | 4561| 18-Aug-21| 08:24 \nsz256_icxltx.png| 256_icxltx.png| | 3227| 18-Aug-21| 08:24 \nsz256_icxsn.png| 256_icxsn.png| | 2466| 18-Aug-21| 08:24 \naddhero.20x20x32.png| addhero.20x20x32.png| | 437| 18-Aug-21| 08:24 \naddimagecamera.11x11x32.png| addimagecamera.11x11x32.png| | 236| 18-Aug-21| 08:24 \naddimagecamera.16x16x32.png| addimagecamera.16x16x32.png| | 289| 18-Aug-21| 08:24 \naddlink.11x11x32.png| addlink.11x11x32.png| | 210| 18-Aug-21| 08:24 \naddlink.16x16x32.png| addlink.16x16x32.png| | 267| 18-Aug-21| 08:24 \naddr_getmap.16x16x32.png| addr_getmap.16x16x32.png| | 603| 18-Aug-21| 08:24 \naddrbook.png| addressbook.png| | 235| 18-Aug-21| 08:24 \naddtasktotimeline.png| addtasktotimeline.png| | 236| 18-Aug-21| 08:24 \npwa.images.addtasktotimeline.png| addtasktotimeline.png| | 236| 18-Aug-21| 08:24 \nannouncements.11x11x32.png| announcements.11x11x32.png| | 320| 18-Aug-21| 08:24 \naskmeaboutupdated.11x11x32.png| askmeaboutupdated.11x11x32.png| | 199| 18-Aug-21| 08:24 \nattractmodefollowstar.128x128x32.png| attractmodefollowstar.128x128x32.png| | 1398| 18-Aug-21| 08:24 \naudiopreview.png| audiopreview.png| | 13196| 18-Aug-21| 08:24 \nbirthday.11x11x32.png| birthday.11x11x32.png| | 156| 18-Aug-21| 08:24 \nblogabout96.png| blogabout96.png| | 1390| 18-Aug-21| 08:24 \ncancelglyph.16x16x32.png| cancelglyph.16x16x32.png| | 183| 18-Aug-21| 08:24 \ncentraladmin_apps.48x48x32.png| centraladmin_apps.48x48x32.png| | 585| 18-Aug-21| 08:24 \ncentraladmin_apps_appmanagement.32x32x32.png| centraladmin_apps_appmanagement.32x32x32.png| | 721| 18-Aug-21| 08:24 \ncentraladmin_apps_marketplace.32x32x32.png| centraladmin_apps_marketplace.32x32x32.png| | 515| 18-Aug-21| 08:24 \ncentraladmin_office365.32x32x24.png| centraladmin_office365.32x32x24.png| | 395| 18-Aug-21| 08:24 \ncentraladmin_office365.48x48x24.png| centraladmin_office365.48x48x24.png| | 546| 18-Aug-21| 08:24 \nchecknames.png| checknames.png| | 379| 18-Aug-21| 08:24 \ncoauth_placeholderneedrefresh.16x16x32.png| coauth_placeholderneedrefresh.16x16x32.png| | 283| 18-Aug-21| 08:24 \ncoauth_placeholderneedrefresh.24x24x32.png| coauth_placeholderneedrefresh.24x24x32.png| | 378| 18-Aug-21| 08:24 \ncommentcollapse12.png| commentcollapse12.png| | 164| 18-Aug-21| 08:24 \ncommentcollapse12rtl.png| commentcollapse12rtl.png| | 166| 18-Aug-21| 08:24 \ncommentexpand12.png| commentexpand12.png| | 238| 18-Aug-21| 08:24 \ncommentexpand12rtl.png| commentexpand12rtl.png| | 222| 18-Aug-21| 08:24 \ndeletefilterglyph.png| deletefilterglyph.png| | 352| 18-Aug-21| 08:24 \ndisableddeletefilterglyph.png| disableddeletefilterglyph.png| | 352| 18-Aug-21| 08:24 \ndwnarsml.png| downarrowsmall.11x7x32.png| | 272| 18-Aug-21| 08:24 \necbtn.png| ecbbutton.png| | 132| 18-Aug-21| 08:24 \necbtnr.png| ecbbuttonrtl.png| | 118| 18-Aug-21| 08:24 \nellipsis.11x11x32.png| ellipsis.11x11x32.png| | 140| 18-Aug-21| 08:24 \nellipsis.16x16x32.png| ellipsis.16x16x32.png| | 161| 18-Aug-21| 08:24 \nerrorbck.png| errorbck.png| | 318| 18-Aug-21| 08:24 \nexit.png| exit.png| | 249| 18-Aug-21| 08:24 \nexit.png_14| exit.png| | 249| 18-Aug-21| 08:24 \nfirstrundocmove48.png| firstrundocmove48.png| | 834| 18-Aug-21| 08:24 \nfirstrunfoldersync48.png| firstrunfoldersync48.png| | 816| 18-Aug-21| 08:24 \nfirstrunfollow48.png| firstrunfollow48.png| | 1262| 18-Aug-21| 08:24 \nfirstrunmobile48.png| firstrunmobile48.png| | 530| 18-Aug-21| 08:24 \nfirstrunprivacyemail48.png| firstrunprivacyemail48.png| | 1070| 18-Aug-21| 08:24 \nfirstrunprivacysettings48.png| firstrunprivacysettings48.png| | 1117| 18-Aug-21| 08:24 \nfirstrunupdateprofile48.png| firstrunupdateprofile48.png| | 617| 18-Aug-21| 08:24 \nmb_folder.png| mb_folder.png| | 323| 18-Aug-21| 08:24 \nfolder.gif_0001| folder.gif| | 73| 18-Aug-21| 08:24 \nhelpbullet.5x15x32.png| helpbullet.5x15x32.png| | 99| 18-Aug-21| 08:24 \nhelpscrolldown.15x15x32.png| helpscrolldown.15x15x32.png| | 109| 18-Aug-21| 08:24 \nhelpscrollleft.15x15x32.png| helpscrollleft.15x15x32.png| | 107| 18-Aug-21| 08:24 \nhelpscrollright.15x15x32.png| helpscrollright.15x15x32.png| | 108| 18-Aug-21| 08:24 \nhelpscrollup.15x15x32.png| helpscrollup.15x15x32.png| | 108| 18-Aug-21| 08:24 \nicaccdb.png| icaccdb.png| | 1376| 18-Aug-21| 08:24 \nicaccde.png| icaccde.png| | 1376| 18-Aug-21| 08:24 \nicdoc.png| icdoc.png| | 1375| 18-Aug-21| 08:24 \nicdocm.png| icdocm.png| | 1474| 18-Aug-21| 08:24 \nicdocx.png| icdocx.png| | 1398| 18-Aug-21| 08:24 \nicdot.png| icdot.png| | 1329| 18-Aug-21| 08:24 \nicdotm.png| icdotm.png| | 1414| 18-Aug-21| 08:24 \nicdotx.png| icdotx.png| | 1360| 18-Aug-21| 08:24 \nicgen.gif| icgen.gif| | 90| 18-Aug-21| 08:24 \nicmpd.png| icmpd.png| | 1394| 18-Aug-21| 08:24 \nicmpp.png| icmpp.png| | 1387| 18-Aug-21| 08:24 \nicmpt.png| icmpt.png| | 1356| 18-Aug-21| 08:24 \nicnotebk.png| icnotebk.png| | 1332| 18-Aug-21| 08:24 \nicodp.png| icodp.png| | 1535| 18-Aug-21| 08:24 \nicods.png| icods.png| | 1603| 18-Aug-21| 08:24 \nicodt.png| icodt.png| | 1545| 18-Aug-21| 08:24 \nicone.png| icone.png| | 1339| 18-Aug-21| 08:24 \niconp.png| iconp.png| | 1382| 18-Aug-21| 08:24 \nicont.png| icont.png| | 1332| 18-Aug-21| 08:24 \nicpdf.png| icpdf.png| | 236| 18-Aug-21| 08:24 \nicpot.png| icpot.png| | 1343| 18-Aug-21| 08:24 \nicpotm.png| icpotm.png| | 1441| 18-Aug-21| 08:24 \nicpotx.png| icpotx.png| | 1373| 18-Aug-21| 08:24 \nicppa.png| icppa.png| | 1278| 18-Aug-21| 08:24 \nicppam.png| icppam.png| | 1309| 18-Aug-21| 08:24 \nicpps.png| icpps.png| | 1394| 18-Aug-21| 08:24 \nicppsm.png| icppsm.png| | 1425| 18-Aug-21| 08:24 \nicppsx.png| icppsx.png| | 1335| 18-Aug-21| 08:24 \nicppt.png| icppt.png| | 1395| 18-Aug-21| 08:24 \nicpptm.png| icpptm.png| | 1464| 18-Aug-21| 08:24 \nicpptx.png| icpptx.png| | 1413| 18-Aug-21| 08:24 \nicpub.png| icpub.png| | 1395| 18-Aug-21| 08:24 \nicspdgeneric.png| icspdgeneric.png| | 1430| 18-Aug-21| 08:24 \nicvdx.png| icvdx.png| | 1407| 18-Aug-21| 08:24 \nicvisiogeneric.png| icvisiogeneric.png| | 1407| 18-Aug-21| 08:24 \nicvsx.png| icvsx.png| | 1321| 18-Aug-21| 08:24 \nicvtx.png| icvtx.png| | 1376| 18-Aug-21| 08:24 \nicxla.png| icxla.png| | 1362| 18-Aug-21| 08:24 \nicxlam.png| icxlam.png| | 1373| 18-Aug-21| 08:24 \nicxls.png| icxls.png| | 1460| 18-Aug-21| 08:24 \nicxlsb.png| icxlsb.png| | 1430| 18-Aug-21| 08:24 \nicxlsm.png| icxlsm.png| | 1535| 18-Aug-21| 08:24 \nicxlsx.png| icxlsx.png| | 1474| 18-Aug-21| 08:24 \nicxlt.png| icxlt.png| | 1428| 18-Aug-21| 08:24 \nicxltm.png| icxltm.png| | 1470| 18-Aug-21| 08:24 \nicxltx.png| icxltx.png| | 1409| 18-Aug-21| 08:24 \nicxsn.png| icxsn.png| | 1326| 18-Aug-21| 08:24 \nmb_picture.png| mb_picture.png| | 469| 18-Aug-21| 08:24 \nitagnda.png| itagnda.png| | 220| 18-Aug-21| 08:24 \nitann.png| itann.png| | 392| 18-Aug-21| 08:24 \nitappcat.png| itappcatalog.png| | 265| 18-Aug-21| 08:24 \nitappreq.png| itapprequests.png| | 294| 18-Aug-21| 08:24 \nitcat.gif| itcat.gif| | 115| 18-Aug-21| 08:24 \nitcommcat.png| itcommcat.png| | 271| 18-Aug-21| 08:24 \nitcommem.png| itcommem.png| | 280| 18-Aug-21| 08:24 \nitcommnt.gif| itcommnt.gif| | 189| 18-Aug-21| 08:24 \nitcontct.gif| itcontct.gif| | 208| 18-Aug-21| 08:24 \nitcontct.png| itcontct.png| | 280| 18-Aug-21| 08:24 \nitdatash.png| itdatash.png| | 165| 18-Aug-21| 08:24 \nitdecis.png| itdecis.png| | 300| 18-Aug-21| 08:24 \nitdisc.png| itdisc.png| | 298| 18-Aug-21| 08:24 \nitdl.png| itdl.png| | 277| 18-Aug-21| 08:24 \nitebl.png| itebl.png| | 224| 18-Aug-21| 08:24 \nitevent.png| itevent.png| | 223| 18-Aug-21| 08:24 \nitfl.png| itfl.png| | 177| 18-Aug-21| 08:24 \nitgbcall.gif| itgbcall.gif| | 308| 18-Aug-21| 08:24 \nitgbfaci.gif| itgbfaci.gif| | 127| 18-Aug-21| 08:24 \nitgbwher.gif| itgbwher.gif| | 222| 18-Aug-21| 08:24 \nitgen.png| itgen.png| | 165| 18-Aug-21| 08:24 \nitil.png| itil.png| | 292| 18-Aug-21| 08:24 \nitime.png| itime.png| | 177| 18-Aug-21| 08:24 \nitiss.png| itiss.png| | 345| 18-Aug-21| 08:24 \nitissue.png| itissue.png| | 343| 18-Aug-21| 08:24 \nlg_vsl.gif| lg_icvsl.gif| | 482| 17-Aug-21| 12:26 \nlg_vss.gif| lg_icvss.gif| | 468| 17-Aug-21| 12:26 \nlg_vst.gif| lg_icvst.gif| | 502| 17-Aug-21| 12:26 \nlg_vstx.gif| lg_icvstx.gif| | 502| 17-Aug-21| 12:26 \nlg_vsx.gif| lg_icvsx.gif| | 468| 17-Aug-21| 12:26 \nlg_vtx.gif| lg_icvtx.gif| | 502| 17-Aug-21| 12:26 \nlg_xddo.gif| lg_icxddoc.gif| | 337| 17-Aug-21| 12:26 \nlg_xsn.gif| lg_icxsn.gif| | 323| 17-Aug-21| 12:26 \nopenfold.gif| openfold.gif| | 142| 17-Aug-21| 12:26 \nituser.gif| ituser.gif| | 1595| 17-Aug-21| 08:20 \nblueprintmtpro.eot| blueprintmtpro.eot| | 24734| 17-Aug-21| 12:26 \nblueprintmtpro.svg| blueprintmtpro.svg| | 105256| 17-Aug-21| 12:26 \nblueprintmtpro.ttf| blueprintmtpro.ttf| | 49468| 17-Aug-21| 12:26 \nblueprintmtpro.woff| blueprintmtpro.woff| | 31724| 17-Aug-21| 12:26 \nblueprintmtprolarge.png| blueprintmtprolarge.png| | 1563| 17-Aug-21| 12:26 \nblueprintmtprosmall.png| blueprintmtprosmall.png| | 1326| 17-Aug-21| 12:26 \ncalibri.eot| calibri.eot| | 167788| 17-Aug-21| 12:26 \ncalibri.svg| calibri.svg| | 365292| 17-Aug-21| 12:26 \ncalibri.ttf| calibri.ttf| | 350124| 17-Aug-21| 12:26 \ncalibri.woff| calibri.woff| | 184156| 17-Aug-21| 12:26 \ncalibrilarge.png| calibrilarge.png| | 1318| 17-Aug-21| 12:26 \ncalibrismall.png| calibrismall.png| | 1170| 17-Aug-21| 12:26 \ncenturygothic.eot| centurygothic.eot| | 60600| 17-Aug-21| 12:26 \ncenturygothic.svg| centurygothic.svg| | 165961| 17-Aug-21| 12:26 \ncenturygothic.ttf| centurygothic.ttf| | 124584| 17-Aug-21| 12:26 \ncenturygothic.woff| centurygothic.woff| | 79732| 17-Aug-21| 12:26 \ncenturygothiclarge.png| centurygothiclarge.png| | 1589| 17-Aug-21| 12:26 \ncenturygothicsmall.png| centurygothicsmall.png| | 1351| 17-Aug-21| 12:26 \ncorbel.eot| corbel.eot| | 96453| 17-Aug-21| 12:26 \ncorbel.svg| corbel.svg| | 185947| 17-Aug-21| 12:26 \ncorbel.ttf| corbel.ttf| | 200316| 17-Aug-21| 12:26 \ncorbel.woff| corbel.woff| | 106184| 17-Aug-21| 12:26 \ncorbellarge.png| corbellarge.png| | 1351| 17-Aug-21| 12:26 \ncorbelsmall.png| corbelsmall.png| | 1171| 17-Aug-21| 12:26 \nimpact.eot| impact.eot| | 56550| 17-Aug-21| 12:26 \nimpact.svg| impact.svg| | 162607| 17-Aug-21| 12:26 \nimpact.ttf| impact.ttf| | 129012| 17-Aug-21| 12:26 \nimpact.woff| impact.woff| | 76992| 17-Aug-21| 12:26 \nimpactlarge.png| impactlarge.png| | 1304| 17-Aug-21| 12:26 \nimpactsmall.png| impactsmall.png| | 1150| 17-Aug-21| 12:26 \nshellicons.eot| shellicons.eot| | 47960| 17-Aug-21| 08:19 \nshellicons.svg| shellicons.svg| | 57730| 17-Aug-21| 08:20 \nshellicons.ttf| shellicons.ttf| | 47768| 17-Aug-21| 08:19 \nshellicons.woff| shellicons.woff| | 26452| 17-Aug-21| 08:20 \ntypewriterelite.eot| typewriterelite.eot| | 27328| 17-Aug-21| 12:26 \ntypewriterelite.svg| typewriterelite.svg| | 77944| 17-Aug-21| 12:26 \ntypewriterelite.ttf| typewriterelite.ttf| | 51708| 17-Aug-21| 12:26 \ntypewriterelite.woff| typewriterelite.woff| | 30976| 17-Aug-21| 12:26 \ntypewriterelitelarge.png| typewriterelitelarge.png| | 1548| 17-Aug-21| 12:26 \ntypewriterelitesmall.png| typewriterelitesmall.png| | 1296| 17-Aug-21| 12:26 \nhelp.xml| microsoft.sharepoint.powershell.dll-help.xml| | 3657496| 17-Aug-21| 08:20 \nwsshelp.xml_1025| microsoft.sharepoint.powershell.dll-help.xml| | 3657496| 17-Aug-21| 08:19 \nwsshelp.xml_1026| microsoft.sharepoint.powershell.dll-help.xml| | 3657496| 17-Aug-21| 08:20 \nwsshelp.xml_1029| microsoft.sharepoint.powershell.dll-help.xml| | 3657496| 17-Aug-21| 08:19 \nwsshelp.xml_1030| microsoft.sharepoint.powershell.dll-help.xml| | 3657496| 17-Aug-21| 08:20 \nwsshelp.xml_1032| microsoft.sharepoint.powershell.dll-help.xml| | 3657496| 17-Aug-21| 08:19 \nwsshelp.xml_1033| microsoft.sharepoint.powershell.dll-help.xml| | 3657496| 17-Aug-21| 08:20 \nwsshelp.xml_1035| microsoft.sharepoint.powershell.dll-help.xml| | 3657496| 17-Aug-21| 08:19 \nwsshelp.xml_1037| microsoft.sharepoint.powershell.dll-help.xml| | 3657496| 17-Aug-21| 08:20 \nwsshelp.xml_1038| microsoft.sharepoint.powershell.dll-help.xml| | 3657496| 17-Aug-21| 08:19 \nwsshelp.xml_1043| microsoft.sharepoint.powershell.dll-help.xml| | 3657496| 17-Aug-21| 08:20 \nwsshelp.xml_1044| microsoft.sharepoint.powershell.dll-help.xml| | 3657496| 17-Aug-21| 08:19 \nwsshelp.xml_1045| microsoft.sharepoint.powershell.dll-help.xml| | 3657496| 17-Aug-21| 08:20 \nwsshelp.xml_1048| microsoft.sharepoint.powershell.dll-help.xml| | 3657496| 17-Aug-21| 08:19 \nwsshelp.xml_1050| microsoft.sharepoint.powershell.dll-help.xml| | 3657496| 17-Aug-21| 08:20 \nwsshelp.xml_1051| microsoft.sharepoint.powershell.dll-help.xml| | 3657496| 17-Aug-21| 08:19 \nwsshelp.xml_1053| microsoft.sharepoint.powershell.dll-help.xml| | 3657496| 17-Aug-21| 08:20 \nwsshelp.xml_1054| microsoft.sharepoint.powershell.dll-help.xml| | 3657496| 17-Aug-21| 08:19 \nwsshelp.xml_1055| microsoft.sharepoint.powershell.dll-help.xml| | 3657496| 17-Aug-21| 08:20 \nwsshelp.xml_1057| microsoft.sharepoint.powershell.dll-help.xml| | 3657496| 17-Aug-21| 08:19 \nwsshelp.xml_1058| microsoft.sharepoint.powershell.dll-help.xml| | 3657496| 17-Aug-21| 08:20 \nwsshelp.xml_1060| microsoft.sharepoint.powershell.dll-help.xml| | 3657496| 17-Aug-21| 08:19 \nwsshelp.xml_1061| microsoft.sharepoint.powershell.dll-help.xml| | 3657496| 17-Aug-21| 08:20 \nwsshelp.xml_1062| microsoft.sharepoint.powershell.dll-help.xml| | 3657496| 17-Aug-21| 08:19 \nwsshelp.xml_1063| microsoft.sharepoint.powershell.dll-help.xml| | 3657496| 17-Aug-21| 08:20 \nwsshelp.xml_1066| microsoft.sharepoint.powershell.dll-help.xml| | 3657496| 17-Aug-21| 08:19 \nwsshelp.xml_1081| microsoft.sharepoint.powershell.dll-help.xml| | 3657496| 17-Aug-21| 08:20 \nwsshelp.xml_1086| microsoft.sharepoint.powershell.dll-help.xml| | 3657496| 17-Aug-21| 08:19 \nwsshelp.xml_1087| microsoft.sharepoint.powershell.dll-help.xml| | 3657496| 17-Aug-21| 08:20 \nwsshelp.xml_2070| microsoft.sharepoint.powershell.dll-help.xml| | 3657496| 17-Aug-21| 08:19 \nwsshelp.xml_2074| microsoft.sharepoint.powershell.dll-help.xml| | 3657496| 17-Aug-21| 08:20 \nicvsdm.gif_14| icvsdm.gif| | 1290| 17-Aug-21| 08:19 \nicvsdx.gif_14| icvsdx.gif| | 1288| 17-Aug-21| 08:19 \nlg_icvsdm.gif_14| lg_icvsdm.gif| | 577| 17-Aug-21| 08:19 \nlg_icvsdx.gif_14| lg_icvsdx.gif| | 540| 17-Aug-21| 08:19 \npickerhierarchycontrol.js_14| pickerhierarchycontrol.js| | 126114| 17-Aug-21| 08:19 \nfldswss3.xml_14| fieldswss3.xml| | 50728| 17-Aug-21| 08:19 \ndispform.aspx_piclib_14| dispform.aspx| | 14311| 17-Aug-21| 08:19 \nmicrosoft.sharepoint.client.silverlight.dll_14| microsoft.sharepoint.client.silverlight.dll| 14.0.7006.1000| 273016| 17-Aug-21| 08:19 \nmicrosoft.sharepoint.client.silverlight.runtime.dll_14| microsoft.sharepoint.client.silverlight.runtime.dll| 14.0.7007.1000| 146040| 17-Aug-21| 08:19 \nblog.xsl_14| blog.xsl| | 40342| 17-Aug-21| 08:19 \nviewcategory.asp_blog_categories_14| viewcategory.aspx| | 13786| 17-Aug-21| 08:19 \nschema.xml_blog_comments_14| schema.xml| | 39634| 17-Aug-21| 08:19 \nviewcomment.asp_blog_comments_14| viewcomment.aspx| | 13786| 17-Aug-21| 08:19 \nviewpost.asp_blog_posts_14| viewpost.aspx| | 13786| 17-Aug-21| 08:19 \ndmslstdispform_aspx_14| dispform.aspx| | 13786| 17-Aug-21| 08:19 \ndepl.xsd_14| deploymentmanifest.xsd| | 74297| 17-Aug-21| 08:19 \ndocicon.xml_14| docicon.xml| | 14475| 17-Aug-21| 08:19 \nfldtypes.xsl_14| fldtypes.xsl| | 128231| 17-Aug-21| 08:19 \ndatepicker.debug.js_14| datepicker.debug.js| | 30848| 17-Aug-21| 08:19 \ndatepick.js_14| datepicker.js| | 20413| 17-Aug-21| 08:19 \nentityeditor.debug.js_14| entityeditor.debug.js| | 59260| 17-Aug-21| 08:19 \nentityeditor.js_14| entityeditor.js| | 38002| 17-Aug-21| 08:19 \ninplview.debug.js_14| inplview.debug.js| | 57512| 17-Aug-21| 08:19 \ninplview.js_14| inplview.js| | 39415| 17-Aug-21| 08:19 \njsgrid.debug.js_14| jsgrid.debug.js| | 785068| 17-Aug-21| 08:19 \njsgrid.js_14| jsgrid.js| | 400019| 17-Aug-21| 08:19 \nsp.debug.js_14| sp.debug.js| | 575930| 17-Aug-21| 08:19 \nsp.js_14| sp.js| | 390757| 17-Aug-21| 08:19 \nsp.ribbon.debug.js_14| sp.ribbon.debug.js| | 325227| 17-Aug-21| 08:19 \nsp.runtime.debug.js_14| sp.runtime.debug.js| | 110347| 17-Aug-21| 08:19 \nsp.runtime.js_14| sp.runtime.js| | 68791| 17-Aug-21| 08:19 \nsp.ui.rte.debug.js_14| sp.ui.rte.debug.js| | 594574| 17-Aug-21| 08:19 \nsp.ui.rte.js_14| sp.ui.rte.js| | 365926| 17-Aug-21| 08:19 \nspgantt.debug.js_14| spgantt.debug.js| | 39173| 17-Aug-21| 08:19 \nspgantt.js_14| spgantt.js| | 19338| 17-Aug-21| 08:19 \ndispform.asx_0071_14| dispform.aspx| | 13786| 17-Aug-21| 08:19 \ndispform.asx_0083_14| dispform.aspx| | 13786| 17-Aug-21| 08:19 \ndispform.asx_0082_14| dispform.aspx| | 13786| 17-Aug-21| 08:19 \ndispform.asx_0072_14| dispform.aspx| | 13786| 17-Aug-21| 08:19 \ndispform.asx_0038_14| dispform.aspx| | 13786| 17-Aug-21| 08:19 \ndispform.asx_0084_14| dispform.aspx| | 13786| 17-Aug-21| 08:19 \ndefformt.asc_14| defaulttemplates.ascx| | 170271| 17-Aug-21| 08:19 \nactredir.asx_14| actionredirect.aspx| | 896| 17-Aug-21| 08:19 \naggsetngs.asx_14| aggregationsettings.aspx| | 8163| 17-Aug-21| 08:19 \nctmark.asx_14| calltrackmark.aspx| | 211| 17-Aug-21| 08:19 \nclcnfm.asx_14| circulationconfirm.aspx| | 216| 17-Aug-21| 08:19 \ncreate.asx_14| create.aspx| | 33257| 17-Aug-21| 08:19 \ndeacfeat.asx_14| deactivatefeature.aspx| | 4240| 17-Aug-21| 08:19 \ndeletemu.asx_14| deletemu.aspx| | 188| 17-Aug-21| 08:19 \nfilter.asx_14| filter.aspx| | 1793| 17-Aug-21| 08:19 \ngbredir.asx_14| groupboardredirect.aspx| | 216| 17-Aug-21| 08:19 \niframe.asx_14| iframe.aspx| | 1494| 17-Aug-21| 08:19 \nlistedit.asx_14| listedit.aspx| | 46078| 17-Aug-21| 08:19 \nmngct.asx_14| managecontenttype.aspx| | 10409| 17-Aug-21| 08:19 \nmngfeat.asx_14| managefeatures.aspx| | 4911| 17-Aug-21| 08:19 \nmngsubwb.asx_14| mngsubwebs.aspx| | 12291| 17-Aug-21| 08:19 \ndefault.asx_mobile_14| default.aspx| | 1513| 17-Aug-21| 08:19 \nmbllogin.asx_mobile_14| mbllogin.aspx| | 5337| 17-Aug-21| 08:19 \nmblwiki.asx_mobile_14| mblwiki.aspx| | 3598| 17-Aug-21| 08:19 \nmblwp.asx_mobile_14| mblwp.aspx| | 3603| 17-Aug-21| 08:19 \npickerdialog.mas_14| pickerdialog.master| | 8739| 17-Aug-21| 08:19 \nrtedlg.mas_14| rtedialog.master| | 3153| 17-Aug-21| 08:19 \npicker.asx_14| picker.aspx| | 8613| 17-Aug-21| 08:19 \npckrrst.asx_14| pickerresult.aspx| | 3| 17-Aug-21| 08:19 \nprjsetng.asx_14| prjsetng.aspx| | 16037| 17-Aug-21| 08:19 \nreqfeat.asx_14| reqfeatures.aspx| | 3750| 17-Aug-21| 08:19 \nsrchrslt.asx_14| searchresults.aspx| | 6013| 17-Aug-21| 08:19 \nsettings.asx_14| settings.aspx| | 9565| 17-Aug-21| 08:19 \nsetwa.asx_14| setwhereabouts.aspx| | 212| 17-Aug-21| 08:19 \nsurvedit.asx_14| survedit.aspx| | 36103| 17-Aug-21| 08:19 \nvwgrpprm.asx_14| viewgrouppermissions.aspx| | 5046| 17-Aug-21| 08:19 \nviewlsts.asx_14| viewlsts.aspx| | 16520| 17-Aug-21| 08:19 \nvwstyles.xsl_14| vwstyles.xsl| | 121144| 17-Aug-21| 08:19 \ncui.debug.js| cui.debug.js| | 646903| 17-Aug-21| 08:19 \ncui.js| cui.js| | 362624| 17-Aug-21| 08:19 \nmicrosoft.web.commandui.dll| microsoft.web.commandui.dll| 15.0.5085.1000| 134976| 18-Aug-21| 08:24 \nmicrosoft.web.commandui.dll_0001| microsoft.web.commandui.dll| 15.0.5085.1000| 134976| 18-Aug-21| 08:24 \nxlsrv.commandui.dll| microsoft.web.commandui.dll| 15.0.5085.1000| 134976| 18-Aug-21| 08:24 \nitlink.png| itlink.png| | 482| 18-Aug-21| 08:24 \nitobject.png| itobject.png| | 307| 18-Aug-21| 08:24 \nitposts.gif| itposts.gif| | 81| 18-Aug-21| 08:24 \nittask.png| ittask.png| | 343| 18-Aug-21| 08:24 \nitthgbrg.png| itthgbrg.png| | 323| 18-Aug-21| 08:24 \nitwp.png| itwp.png| | 590| 18-Aug-21| 08:24 \nmb_gear.png| mb_gear.png| | 455| 18-Aug-21| 08:24 \nmb_audio.png| mb_audio.png| | 671| 18-Aug-21| 08:24 \nlg_icdoc.png| lg_icdoc.png| | 1542| 18-Aug-21| 08:24 \nlg_icdocm.png| lg_icdocm.png| | 1874| 18-Aug-21| 08:24 \nlg_icdocx.png| lg_icdocx.png| | 1656| 18-Aug-21| 08:24 \nlg_icdot.png| lg_icdot.png| | 1492| 18-Aug-21| 08:24 \nlg_icdotm.png| lg_icdotm.png| | 1779| 18-Aug-21| 08:24 \nlg_icdotx.png| lg_icdotx.png| | 1573| 18-Aug-21| 08:24 \nlg_gen.gif| lg_icgen.gif| | 171| 18-Aug-21| 08:24 \nlg_mpd.png| lg_icmpd.png| | 1587| 18-Aug-21| 08:24 \nlg_mpp.png| lg_icmpp.png| | 1583| 18-Aug-21| 08:24 \nlg_mpt.png| lg_icmpt.png| | 1552| 18-Aug-21| 08:24 \nlg_icodp.png| lg_icodp.png| | 1786| 18-Aug-21| 08:24 \nlg_icods.png| lg_icods.png| | 1845| 18-Aug-21| 08:24 \nlg_icodt.png| lg_icodt.png| | 1861| 18-Aug-21| 08:24 \nlg_icone.png| lg_icone.png| | 1484| 18-Aug-21| 08:24 \nlg_iconp.png| lg_iconp.png| | 1558| 18-Aug-21| 08:24 \nlg_icont.png| lg_icont.png| | 1544| 18-Aug-21| 08:24 \nlg_icpdf.png| lg_icpdf.png| | 451| 18-Aug-21| 08:24 \nlg_icpot.png| lg_icpot.png| | 1495| 18-Aug-21| 08:24 \nlg_icpotm.png| lg_icpotm.png| | 1785| 18-Aug-21| 08:24 \nlg_icpotx.png| lg_icpotx.png| | 1593| 18-Aug-21| 08:24 \nlg_icppa.png| lg_icppa.png| | 1397| 18-Aug-21| 08:24 \nlg_icppam.png| lg_icppam.png| | 1506| 18-Aug-21| 08:24 \nlg_icpps.png| lg_icpps.png| | 1696| 18-Aug-21| 08:24 \nlg_icppsm.png| lg_icppsm.png| | 1823| 18-Aug-21| 08:24 \nlg_icppsx.png| lg_icppsx.png| | 1603| 18-Aug-21| 08:24 \nlg_icppt.png| lg_icppt.png| | 1607| 18-Aug-21| 08:24 \nlg_icpptm.png| lg_icpptm.png| | 1894| 18-Aug-21| 08:24 \nlg_icpptx.png| lg_icpptx.png| | 1709| 18-Aug-21| 08:24 \nlg_pub.png| lg_icpub.png| | 1587| 18-Aug-21| 08:24 \nlgvdw.gif| lg_icvdw.gif| | 464| 18-Aug-21| 08:24 \nlg_vdx.png| lg_icvdx.png| | 1839| 18-Aug-21| 08:24 \nlg_vsdm.gif| lg_icvsdm.gif| | 577| 18-Aug-21| 08:24 \nlg_vsdx.gif| lg_icvsdx.gif| | 540| 18-Aug-21| 08:24 \nlg_vssm.gif| lg_icvssm.gif| | 468| 18-Aug-21| 08:24 \nlg_vssx.gif| lg_icvssx.gif| | 468| 18-Aug-21| 08:24 \nlg_vstm.gif| lg_icvstm.gif| | 502| 18-Aug-21| 08:24 \nlg_vsx.png| lg_icvsx.png| | 1549| 18-Aug-21| 08:24 \nlg_vtx.png| lg_icvtx.png| | 1686| 18-Aug-21| 08:24 \nlg_icxla.png| lg_icxla.png| | 1553| 18-Aug-21| 08:24 \nlg_icxlam.png| lg_icxlam.png| | 1579| 18-Aug-21| 08:24 \nlg_icxls.png| lg_icxls.png| | 1558| 18-Aug-21| 08:24 \nlg_icxlsb.png| lg_icxlsb.png| | 1598| 18-Aug-21| 08:24 \nlg_icxlsm.png| lg_icxlsm.png| | 1856| 18-Aug-21| 08:24 \nlg_icxlsx.png| lg_icxlsx.png| | 1635| 18-Aug-21| 08:24 \nlg_icxlt.png| lg_icxlt.png| | 1498| 18-Aug-21| 08:24 \nlg_icxltm.png| lg_icxltm.png| | 1783| 18-Aug-21| 08:24 \nlg_xltx.gif| lg_icxltx.gif| | 377| 18-Aug-21| 08:24 \nlg_icxltx.png| lg_icxltx.png| | 1570| 18-Aug-21| 08:24 \nlg_xsn.png| lg_icxsn.png| | 1418| 18-Aug-21| 08:24 \nlink.gif| link.gif| | 359| 18-Aug-21| 08:24 \nltagnda.png| ltagnda.png| | 594| 18-Aug-21| 08:24 \nltann.png| ltann.png| | 905| 18-Aug-21| 08:24 \nltappcat.png| ltappcatalog.png| | 1167| 18-Aug-21| 08:24 \nltappreq.png| ltapprequests.png| | 1504| 18-Aug-21| 08:24 \nltcat.gif| ltcat.gif| | 402| 18-Aug-21| 08:24 \nltcommcat.png| ltcommcat.png| | 492| 18-Aug-21| 08:24 \nltcommem.png| ltcommem.png| | 589| 18-Aug-21| 08:24 \nltcommnt.gif| ltcommnt.gif| | 375| 18-Aug-21| 08:24 \nltcontct.gif| ltcontct.gif| | 409| 18-Aug-21| 08:24 \nltcontct.png| ltcontct.png| | 579| 18-Aug-21| 08:24 \nltdatash.png| ltdatash.png| | 195| 18-Aug-21| 08:24 \nltdecis.png| ltdecis.png| | 785| 18-Aug-21| 08:24 \nltdisc.png| ltdisc.png| | 472| 18-Aug-21| 08:24 \nltdl.png| ltdl.png| | 417| 18-Aug-21| 08:24 \nltebl.png| ltebl.png| | 459| 18-Aug-21| 08:24 \nltevent.png| ltevent.png| | 209| 18-Aug-21| 08:24 \nltfl.png| ltfl.png| | 409| 18-Aug-21| 08:24 \nltgbcall.gif| ltgbcall.gif| | 396| 18-Aug-21| 08:24 \nltgbfaci.gif| ltgbfaci.gif| | 390| 18-Aug-21| 08:24 \nltgbwher.gif| ltgbwher.gif| | 422| 18-Aug-21| 08:24 \nltgen.png| ltgen.png| | 195| 18-Aug-21| 08:24 \nltil.png| ltil.png| | 543| 18-Aug-21| 08:24 \nltime.png| ltime.png| | 346| 18-Aug-21| 08:24 \nltiss.png| ltiss.png| | 1426| 18-Aug-21| 08:24 \nltissue.png| ltissue.png| | 681| 18-Aug-21| 08:24 \nltlink.png| ltlink.png| | 2074| 18-Aug-21| 08:24 \nltobject.png| ltobject.png| | 821| 18-Aug-21| 08:24 \nltposts.gif| ltposts.gif| | 385| 18-Aug-21| 08:24 \nltsurvey.png| ltsurvey.png| | 225| 18-Aug-21| 08:24 \nlttask.png| lttask.png| | 1176| 18-Aug-21| 08:24 \nltthgbrg.png| ltthgbrg.png| | 754| 18-Aug-21| 08:24 \nltwp.png| ltwp.png| | 706| 18-Aug-21| 08:24 \nmb_video.png| mb_video.png| | 209| 18-Aug-21| 08:24 \nmappushpin.25x39x32.png| mappushpin.25x39x32.png| | 1070| 18-Aug-21| 08:24 \nmappushpindisabled.25x39x32.png| mappushpindisabled.25x39x32.png| | 1026| 18-Aug-21| 08:24 \nmappushpinhover.25x39x32.png| mappushpinhover.25x39x32.png| | 1037| 18-Aug-21| 08:24 \nmapview.31x22x32.png| mapview.31x22x32.png| | 672| 18-Aug-21| 08:24 \nmb_button_bg.png| mb_button_bg.png| | 194| 18-Aug-21| 08:24 \nmention.11x11x32.png| mention.11x11x32.png| | 274| 18-Aug-21| 08:24 \nmtagnda.png| mtagnda.png| | 413| 18-Aug-21| 08:24 \nmtann.png| mtann.png| | 520| 18-Aug-21| 08:24 \nmtappcat.png| mtappcatalog.png| | 414| 18-Aug-21| 08:24 \nmtappreq.png| mtapprequests.png| | 548| 18-Aug-21| 08:24 \nmtcat.gif| mtcat.gif| | 197| 18-Aug-21| 08:24 \nmtcommcat.png| mtcommcat.png| | 330| 18-Aug-21| 08:24 \nmtcommem.png| mtcommem.png| | 388| 18-Aug-21| 08:24 \nmtcommnt.gif| mtcommnt.gif| | 193| 18-Aug-21| 08:24 \nmtcontct.gif| mtcontct.gif| | 137| 18-Aug-21| 08:24 \nmtcontct.png| mtcontct.png| | 293| 18-Aug-21| 08:24 \nmtdatash.png| mtdatash.png| | 129| 18-Aug-21| 08:24 \nmtdecis.png| mtdecis.png| | 516| 18-Aug-21| 08:24 \nmtdisc.png| mtdisc.png| | 307| 18-Aug-21| 08:24 \nmtdl.png| mtdl.png| | 252| 18-Aug-21| 08:24 \nmtebl.png| mtebl.png| | 245| 18-Aug-21| 08:24 \nmtevent.png| mtevent.png| | 135| 18-Aug-21| 08:24 \nmtfl.png| mtfl.png| | 227| 18-Aug-21| 08:24 \nmtgbcall.gif| mtgbcall.gif| | 396| 18-Aug-21| 08:24 \nmtgbfaci.gif| mtgbfaci.gif| | 377| 18-Aug-21| 08:24 \nmtgbwher.gif| mtgbwher.gif| | 390| 18-Aug-21| 08:24 \nmtgen.png| mtgen.png| | 129| 18-Aug-21| 08:24 \nmtil.png| mtil.png| | 280| 18-Aug-21| 08:24 \nmtime.png| mtime.png| | 188| 18-Aug-21| 08:24 \nmtiss.png| mtiss.png| | 534| 18-Aug-21| 08:24 \nmtissue.png| mtissue.png| | 447| 18-Aug-21| 08:24 \nmtlink.png| mtlink.png| | 565| 18-Aug-21| 08:24 \nmtobject.png| mtobject.png| | 460| 18-Aug-21| 08:24 \nmtposts.gif| mtposts.gif| | 197| 18-Aug-21| 08:24 \nmtsurvey.png| mtsurvey.png| | 141| 18-Aug-21| 08:24 \nmttask.png| mttask.png| | 405| 18-Aug-21| 08:24 \nmtthgbrg.png| mtthgbrg.png| | 526| 18-Aug-21| 08:24 \nmtwp.png| mtwp.png| | 391| 18-Aug-21| 08:24 \nmb_file.png| mb_file.png| | 215| 18-Aug-21| 08:24 \nnowfollowing.11x11x32.png| nowfollowing.11x11x32.png| | 257| 18-Aug-21| 08:24 \no365brandsuite.png| o365brandsuite.png| | 2122| 18-Aug-21| 08:24 \npersonplaceholder200.png| personplaceholder.200x150x32.png| | 2438| 18-Aug-21| 08:24 \npersonplaceholder32.png| personplaceholder.32x32x32.png| | 737| 18-Aug-21| 08:24 \npersonplaceholder42.png| personplaceholder.42x42x32.png| | 728| 18-Aug-21| 08:24 \npersonplaceholder96.png| personplaceholder.96x96x32.png| | 1500| 18-Aug-21| 08:24 \nprojectmanagedeliverables.16x16x32.png| projectmanagedeliverables.16x16x32.png| | 219| 18-Aug-21| 08:24 \npromotedsitetile.150x150x32.png| promotedsitetile.150x150x32.png| | 2530| 18-Aug-21| 08:24 \nrepliedto.11x11x32.png| repliedto.11x11x32.png| | 257| 18-Aug-21| 08:24 \nmb_excel.png| mb_excel.png| | 572| 18-Aug-21| 08:24 \nmb_onenote.png| mb_onenote.png| | 456| 18-Aug-21| 08:24 \nmb_text.png| mb_text.png| | 268| 18-Aug-21| 08:24 \nmb_ppt.png| mb_ppt.png| | 577| 18-Aug-21| 08:24 \nmb_word.png| mb_word.png| | 535| 18-Aug-21| 08:24 \nmb_site.png| mb_siteworkspace.png| | 822| 18-Aug-21| 08:24 \nselectioncheckmarkcolumn.10x10x32.png| selectioncheckmarkcolumn.10x10x32.png| | 229| 18-Aug-21| 08:24 \nsharepointfoundation16.png| sharepointfoundation16.png| | 560| 18-Aug-21| 08:24 \nfavicon.ico| favicon.ico| | 7886| 18-Aug-21| 08:24 \nsharepointdesigner32.png| sharepointdesigner32.png| | 1613| 18-Aug-21| 08:24 \nsharepointmetroapptile.png| sharepointmetroapptile.png| | 3992| 18-Aug-21| 08:24 \nsiteicon.png| siteicon.png| | 2345| 18-Aug-21| 08:24 \naccsrv.images.progcircle16.gif| hig_progcircle_loading16.gif| | 420| 18-Aug-21| 08:24 \nloadingcirclests16.gif| loadingcirclests16.gif| | 420| 18-Aug-21| 08:24 \naccsrv.images.progcircle24.gif| hig_progcircle_loading24.gif| | 878| 18-Aug-21| 08:24 \ngears_anv4.gif_0001| gears_anv4.gif| | 878| 18-Aug-21| 08:24 \nloadin24.gif| hig_progcircle_loading24.gif| | 878| 18-Aug-21| 08:24 \nloadin24.png| hig_progcircle_loading24.gif| | 878| 18-Aug-21| 08:24 \nprogress_circle_24.gif| progress-circle-24.gif| | 878| 18-Aug-21| 08:24 \nmb_navigation.png| mb_navigation.png| | 255| 18-Aug-21| 08:24 \nspstorefrontappdefault.16x16x32.png| spstorefrontappdefault.16x16x32.png| | 296| 18-Aug-21| 08:24 \nspstorefrontappdefault.96x96x32.png| spstorefrontappdefault.96x96x32.png| | 1036| 18-Aug-21| 08:24 \ntag.11x11x32.png| tag.11x11x32.png| | 228| 18-Aug-21| 08:24 \nupdatelink.16x16x32.png| updatelink.16x16x32.png| | 320| 18-Aug-21| 08:24 \nusquig.png| usersquiggle.png| | 150| 18-Aug-21| 08:24 \nvideopreview.png| videopreview.png| | 7110| 18-Aug-21| 08:24 \nmb_page.png| mb_page.png| | 710| 18-Aug-21| 08:24 \nmb_xml.png| mb_xml.png| | 464| 18-Aug-21| 08:24 \nbusdata.dll| microsoft.businessdata.dll| 15.0.5345.1000| 128920| 17-Aug-21| 08:18 \nbusdatar.dll| microsoft.businessdata.dll| 15.0.5345.1000| 128920| 17-Aug-21| 08:18 \nmicrosoft_web_design_server.dll| microsoft.web.design.server.dll| 15.0.5345.1000| 395160| 17-Aug-21| 08:19 \nmicrosoft_web_design_server_intl.dll| microsoft.web.design.server.intl.dll| 15.0.4420.1017| 21640| 17-Aug-21| 08:19 \nbdcmdsch.xsd| bdcmetadata.xsd| | 26300| | \nbdcmeta.xsd| bdcmetadata.xsd| | 26300| 17-Aug-21| 08:18 \nbdcmdsc2.xsd| bdcmetadataresource.xsd| | 13089| | \nbdcmetar.xsd| bdcmetadataresource.xsd| | 13089| 17-Aug-21| 08:18 \nonetnative.dll| onetnative.dll| 15.0.5223.1000| 517008| 17-Aug-21| 08:18 \nxlsrv.onetnative.dll| onetnative.dll| 15.0.5223.1000| 517008| 17-Aug-21| 08:18 \nonetutil.dll| onetutil.dll| 15.0.5381.1000| 2617752| 17-Aug-21| 08:19 \noffice_extension_manager_js| sp.officeextensionmanager.js| | 35154| 17-Aug-21| 08:19 \nosfserver_client_dll| microsoft.sharepoint.client.workflowservices.dll| 15.0.4599.1000| 39128| 17-Aug-21| 08:19 \nosfserver_silverlight_dll| microsoft.sharepoint.client.workflowservices.silverlight.dll| 15.0.4599.1000| 39152| 17-Aug-21| 08:19 \nosfserver_serverproxy_dll| microsoft.sharepoint.workflowservices.serverproxy.dll| 15.0.4599.1000| 110280| 17-Aug-21| 08:19 \nosfserver_shared_dll| microsoft.sharepoint.workflowservicesbase.dll| 15.0.4877.1000| 88360| 17-Aug-21| 08:19 \nosfserver_shared_dll_intl| microsoft.sharepoint.workflowservicesbase.intl.dll| 15.0.4420.1017| 12464| 17-Aug-21| 08:19 \nproxylibrary.osfserver.xml| proxylibrary.osfserver.xml| | 164| 17-Aug-21| 08:19 \nosfserver_clientdbg_js| sp.workflowservices.debug.js| | 58451| 17-Aug-21| 08:19 \nosfserver_clientdbg_js.x64| sp.workflowservices.debug.js| | 58451| 17-Aug-21| 08:19 \nosfserver_client_js| sp.workflowservices.js| | 34083| 17-Aug-21| 08:19 \nosfserver_client_js.x64| sp.workflowservices.js| | 34083| 17-Aug-21| 08:19 \naddwrkfl.aspx| addwrkfl.aspx| | 61362| 17-Aug-21| 08:19 \nassocwrkfl.aspx| assocwrkfl.aspx| | 4655| 17-Aug-21| 08:19 \navailableworkflow.aspx| availableworkflow.aspx| | 7966| 17-Aug-21| 08:19 \nmytasks.aspx| mytasks.aspx| | 6818| 17-Aug-21| 08:19 \noextnmgr.aspx| officeextensionmanager.aspx| | 2196| 17-Aug-21| 08:19 \nremwrkfl.aspx| remwrkfl.aspx| | 16619| 17-Aug-21| 08:19 \nosfserver.resx| osfserver.resx| | 45025| 17-Aug-21| 08:19 \nrunningworkflows.aspx| runningworkflows.aspx| | 8570| 17-Aug-21| 08:19 \nvalidapp.osfsrv.xml| validappendpoints.osfserver.xml| | 1245| 17-Aug-21| 08:19 \nwfstart.asx| wfstart.aspx| | 202| 17-Aug-21| 08:19 \nworkflow.asx| workflow.aspx| | 25914| 17-Aug-21| 08:19 \nworkflowtaskpane.aspx| workflowtaskpane.aspx| | 1180| 17-Aug-21| 08:19 \nwrksetng.aspx| wrksetng.aspx| | 15843| 17-Aug-21| 08:19 \nwrkstat.aspx| wrkstat.aspx| | 27940| 17-Aug-21| 08:19 \nosfextap.dll| microsoft.sharepoint.officeextension.applicationpages.dll| 15.0.5207.1000| 16480| 17-Aug-21| 08:19 \nwfform.js| wfformtemplates.js| | 5024| 17-Aug-21| 08:19 \nosfap.dll| microsoft.sharepoint.workflowservices.applicationpages.dll| 15.0.4755.1000| 96880| 17-Aug-21| 08:19 \nwebconfig.osfserver.xml| webconfig.osfserver.xml| | 504| 17-Aug-21| 08:19 \naddgallery.xap_silverlight| addgallery.xap| | 368387| 17-Aug-21| 08:19 \nmicrosoft.sharepoint.client.xap| microsoft.sharepoint.client.xap| | 223743| 17-Aug-21| 08:19 \nosscadmn.dll| microsoft.search.server.comadmin.dll| | 36232| 17-Aug-21| 08:19 \nwsstlb.net| microsoft.sharepoint.search.administration.mssitlb.dll| | 90792| 17-Aug-21| 08:19 \nsearchom.dll_0003| microsoft.sharepoint.search.dll| 15.0.5129.1000| 3601488| 17-Aug-21| 08:19 \nsearchom.dll_0005| microsoft.sharepoint.search.dll| 15.0.5129.1000| 3601488| 17-Aug-21| 08:19 \nsrchomnt.dll_1| microsoft.sharepoint.search.native.dll| 15.0.5377.1000| 472456| 17-Aug-21| 08:19 \nwsrchps.dll| microsoft.sharepoint.search.powershell.dll| 15.0.4937.1000| 31520| 17-Aug-21| 08:19 \ncontrol_defaultresult.js| control_searchresults.js| | 32312| 17-Aug-21| 08:19 \nfilter_refinement.js| filter_default.js| | 21014| 17-Aug-21| 08:19 \nfilter_multirefinement.js| filter_multivalue.js| | 6263| 17-Aug-21| 08:19 \ngroup_content.js| group_content.js| | 2159| 17-Aug-21| 08:19 \ngroup_defaultgroup.js| group_default.js| | 6616| 17-Aug-21| 08:19 \nhoverpanel_commonactions.js| item_commonhoverpanel_actions.js| | 12766| 17-Aug-21| 08:19 \nhoverpanel_commonbody.js| item_commonhoverpanel_body.js| | 7771| 17-Aug-21| 08:19 \nhoverpanel_community.js| item_community_hoverpanel.js| | 11080| 17-Aug-21| 08:19 \nhoverpanel_default.js| item_default_hoverpanel.js| | 4222| 17-Aug-21| 08:19 \nhoverpanel_microblog.js| item_microblog_hoverpanel.js| | 17457| 17-Aug-21| 08:19 \nhoverpanel_site.js| item_site_hoverpanel.js| | 7582| 17-Aug-21| 08:19 \nhoverpanel_webpage.js| item_webpage_hoverpanel.js| | 6608| 17-Aug-21| 08:19 \nitem_commonbody.js| item_commonitem_body.js| | 8742| 17-Aug-21| 08:19 \nitem_communityportal.js| item_communityportal.js| | 9225| 17-Aug-21| 08:19 \nitem_microblog.js| item_microblog.js| | 17108| 17-Aug-21| 08:19 \nitem_pdf.js| item_pdf.js| | 4102| 17-Aug-21| 08:19 \nitem_people.js| item_person.js| | 24413| 17-Aug-21| 08:19 \nitem_peopleintent.js| item_person_compacthorizontal.js| | 27705| 17-Aug-21| 08:19 \nitem_site.js| item_site.js| | 4544| 17-Aug-21| 08:19 \nitem_webpage.js| item_webpage.js| | 3827| 17-Aug-21| 08:19 \nitem_word.js| item_word.js| | 4157| 17-Aug-21| 08:19 \nsearch.web.parts.feature.xml| feature.xml| | 5405| 17-Aug-21| 08:19 \nsearch.web.parts.dwpfiles.xml| webpartdwpfiles.xml| | 68278| 17-Aug-21| 08:19 \nwss.searchpowershell.types.ps1xml| wsssearchpowershell.types.ps1xml| | 10901| 17-Aug-21| 08:19 \nwss.intl.dll| microsoft.sharepoint.search.intl.dll| 15.0.5197.1000| 563296| 17-Aug-21| 08:19 \nsetup.exe| setup.exe| 15.0.5337.1000| 1080216| 17-Aug-21| 08:18 \nsvrsetup.exe| setup.exe| 15.0.5337.1000| 1080216| 17-Aug-21| 08:18 \nwsssetup.dll| wsssetup.dll| 15.0.5381.1000| 10405272| 17-Aug-21| 08:19 \ndevftr.xml| feature.xml| | 1225| 17-Aug-21| 08:19 \nappdev.dll| microsoft.sharepoint.appdevelopment.dll| 15.0.5027.1000| 71384| 17-Aug-21| 08:19 \nstsapa.dll| microsoft.sharepoint.applicationpages.administration.dll| 15.0.5163.1000| 662120| 17-Aug-21| 08:19 \nwssadmop.dll_0001| microsoft.sharepoint.administrationoperation.dll| 15.0.5297.1000| 1039768| 17-Aug-21| 08:19 \nwssadmin.exe_0001| wssadmin.exe| 15.0.4420.1017| 17088| 17-Aug-21| 08:19 \nappmng.svc| appmng.svc| | 375| 17-Aug-21| 08:19 \nappmngclient.config| client.config| | 2159| 17-Aug-21| 08:19 \nappmngweb.config| web.config| | 2641| 17-Aug-21| 08:19 \nbgximg.png| bgximg.png| | 1770| 17-Aug-21| 08:19 \nbgyimg.png| bgyimg.png| | 68| 17-Aug-21| 08:19 \nclient.svc| client.svc| | 402| 17-Aug-21| 08:19 \nadmwcfg.xml| adminwebconfig.sts.xml| | 3530| 17-Aug-21| 08:19 \napppermissionprovider.bdcconnection.xml| apppermissionprovider.bdcconnection.xml| | 232| 17-Aug-21| 08:19 \napppermissionprovider.content.xml| apppermissionprovider.content.xml| | 706| 17-Aug-21| 08:19 \ncapabilitycheckers.sts.xml| capabilitycheckers.sts.xml| | 2789| 17-Aug-21| 08:19 \ndocexflt.xml| docextflt.xml| | 4439| 17-Aug-21| 08:19 \ndocparse.xml| docparse.xml| | 2293| 17-Aug-21| 08:19 \ngbwupgrade.xml| gbwupgrade.xml| | 4055| 17-Aug-21| 08:19 \ngbwupgradeb2b.xml| gbwupgradeb2b.xml| | 311| 17-Aug-21| 08:19 \nmdocview.xml| mdocview.xml| | 6975| 17-Aug-21| 08:19 \nmpsupgrade.xml| mpsupgrade.xml| | 15459| 17-Aug-21| 08:19 \nmpsupgradeb2b.xml| mpsupgradeb2b.xml| | 102| 17-Aug-21| 08:19 \nmredirection.xml| mredirection.xml| | 4660| 17-Aug-21| 08:19 \nproxylibrary.stsom.xml| proxylibrary.stsom.xml| | 217| 17-Aug-21| 08:19 \nrgnldflt.xml| rgnldflt.xml| | 81253| 17-Aug-21| 08:19 \ntaupgrade.xml| tenantadminupgrade.xml| | 437| 17-Aug-21| 08:19 \ntimezone.xml| timezone.xml| | 99866| 17-Aug-21| 08:19 \nwebconfig_identitymodel_add| webconfig.identitymodel.add.xml| | 7529| 17-Aug-21| 08:19 \nwebconfig_identitymodel_remove| webconfig.identitymodel.remove.xml| | 3122| 17-Aug-21| 08:19 \nwssupgrade.xml| wssupgrade.xml| | 9043| 17-Aug-21| 08:19 \nwssupgradeb2b.xml| wssupgradeb2b.xml| | 4719| 17-Aug-21| 08:19 \noleprsx.dll| oleparser.dll| 15.0.4454.1000| 31880| 17-Aug-21| 08:19 \nmicrosoft.sharepoint.dotnetinterceptor.dll| microsoft.sharepoint.dotnetinterceptor.dll| 15.0.5271.1000| 15768| 17-Aug-21| 08:19 \nmicrosoft.sharepoint.dotnetinterceptor.dll_001| microsoft.sharepoint.dotnetinterceptor.dll| 15.0.5271.1000| 15768| 17-Aug-21| 08:19 \nmicrosoft_sharepoint_dsp.dll| microsoft.sharepoint.dsp.dll| 15.0.4420.1017| 48248| 17-Aug-21| 08:19 \nmicrosoft_sharepoint_dsp_oledb.dll| microsoft.sharepoint.dsp.oledb.dll| 15.0.4420.1017| 112768| 17-Aug-21| 08:19 \nmicrosoft_sharepoint_dsp_soappt.dll| microsoft.sharepoint.dsp.soappt.dll| 15.0.4420.1017| 75912| 17-Aug-21| 08:19 \nmicrosoft_sharepoint_dsp_sts.dll| microsoft.sharepoint.dsp.sts.dll| 15.0.4420.1017| 93312| 17-Aug-21| 08:19 \nmicrosoft_sharepoint_dsp_xmlurl.dll| microsoft.sharepoint.dsp.xmlurl.dll| 15.0.5351.1000| 78232| 17-Aug-21| 08:19 \nschema.xml_accreq| schema.xml| | 21500| 17-Aug-21| 08:19 \naccreq.xml| accessrequests.xml| | 681| 17-Aug-21| 08:19 \nfeature.xml_accreq| feature.xml| | 497| 17-Aug-21| 08:19 \napplications.xml| applications.xml| | 8249| 17-Aug-21| 08:19 \napps.xml| apps.xml| | 3078| 17-Aug-21| 08:19 \nbackups.xml| backups.xml| | 4398| 17-Aug-21| 08:19 \nconfigurationwizards.xml| configurationwizards.xml| | 912| 17-Aug-21| 08:19 \ndefault.xml| default.xml| | 12609| 17-Aug-21| 08:19 \nfeature.xml_sts| feature.xml| | 1712| 17-Aug-21| 08:19 \ngenappsettings.xml| generalapplicationsettings.xml| | 1989| 17-Aug-21| 08:19 \nmonitoring.xml| monitoring.xml| | 3736| 17-Aug-21| 08:19 \no365configuration.xml| office365configuration.xml| | 405| 17-Aug-21| 08:19 \nquicklaunch.xml| quicklaunch.xml| | 555| 17-Aug-21| 08:19 \nsecurity.xml| security.xml| | 5954| 17-Aug-21| 08:19 \nsystemsettings.xml| systemsettings.xml| | 5280| 17-Aug-21| 08:19 \nupgradeandmigration.xml| upgradeandmigration.xml| | 1630| 17-Aug-21| 08:19 \nschema.xml_announce| schema.xml| | 26227| 17-Aug-21| 08:19 \nannounce.xml| announcements.xml| | 456| 17-Aug-21| 08:19 \nfeature.xml_announce| feature.xml| | 500| 17-Aug-21| 08:19 \napplockdown.xml| applockdown.xml| | 2321| 17-Aug-21| 08:19 \nfeature.xml_apploc| feature.xml| | 400| 17-Aug-21| 08:19 \nappreglinks.xml| appregistrationlinks.xml| | 793| 17-Aug-21| 08:19 \nfeature.xml_appreg| feature.xml| | 554| 17-Aug-21| 08:19 \nschema.xml_apprequestslist| schema.xml| | 10229| 17-Aug-21| 08:19 \napprequestscontenttypes.xml_apprequestslist| apprequestscontenttypes.xml| | 1748| 17-Aug-21| 08:19 \napprequestsfields.xml_apprequestslist| apprequestsfields.xml| | 5336| 17-Aug-21| 08:19 \napprequestslistinstance.xml_apprequestslist| apprequestslistinstance.xml| | 403| 17-Aug-21| 08:19 \napprequestslisttemplate.xml_apprequestslist| apprequestslisttemplate.xml| | 627| 17-Aug-21| 08:19 \nfeature.xml_apprequestslist| feature.xml| | 1516| 17-Aug-21| 08:19 \nautohostedlicensing_fields.xml_autohostedapplicensing| autohostedapplicensingfields.xml| | 771| 17-Aug-21| 08:19 \nfeature.xml_autohostedapplicensing| feature.xml| | 744| 17-Aug-21| 08:19 \nautohostedlicensing_controls.xml_autohostedapplicensing| resourcebar.xml| | 412| 17-Aug-21| 08:19 \nfeature.xml_autohostedapplicensingstapling| feature.xml| | 487| 17-Aug-21| 08:19 \nelements.xml_autohostedapplicensingstapling| staplingelements.xml| | 223| 17-Aug-21| 08:19 \nblog.dwp_admintools| blogadmin.dwp| | 468| 17-Aug-21| 08:19 \nblog.dwp_archives| blogarchives.dwp| | 462| 17-Aug-21| 08:19 \nblog.webpart_notifications| blognotifications.webpart| | 883| 17-Aug-21| 08:19 \nelements.xml_basicwebparts| elements.xml| | 1652| 17-Aug-21| 08:19 \nelements14.xml_basicwebparts| elements14.xml| | 629| 17-Aug-21| 08:19 \nelements15.xml_basicwebparts| elements15.xml| | 1407| 17-Aug-21| 08:19 \nfeature.xml_basicwebparts| feature.xml| | 3149| 17-Aug-21| 08:19 \ngettingstarted.webpart_basicwebparts| gettingstarted.webpart| | 834| 17-Aug-21| 08:19 \nmscontenteditor.dwp_basicwebparts| mscontenteditor.dwp| | 506| 17-Aug-21| 08:19 \nmsimage.dwp_basicwebparts| msimage.dwp| | 483| 17-Aug-21| 08:19 \nmsmembers.dwp_basicwebparts| msmembers.dwp| | 487| 17-Aug-21| 08:19 \nmspageviewer.dwp_basicwebparts| mspageviewer.dwp| | 498| 17-Aug-21| 08:19 \nmspiclibslideshow.webpart_basicwebparts| mspicturelibraryslideshow.webpart| | 733| 17-Aug-21| 08:19 \nmsscripteditor.webpart_basicwebparts| msscripteditor.webpart| | 739| 17-Aug-21| 08:19 \nmssimpleform.dwp_basicwebparts| mssimpleform.dwp| | 799| 17-Aug-21| 08:19 \nmsuserdocs.dwp_basicwebparts| msuserdocs.dwp| | 492| 17-Aug-21| 08:19 \nmsusertasks.dwp_basicwebparts| msusertasks.dwp| | 495| 17-Aug-21| 08:19 \nmsxml.dwp_basicwebparts| msxml.dwp| | 475| 17-Aug-21| 08:19 \nsilverlight.webpart_basicwebparts| silverlight.webpart| | 669| 17-Aug-21| 08:19 \ntimeline.webpart_basicwebparts| timeline.webpart| | 831| 17-Aug-21| 08:19 \nextsubsh_feature.xml| feature.xml| | 570| 17-Aug-21| 08:19 \nallcategories.asp_blog_categories| allcategories.aspx| | 2718| 17-Aug-21| 08:19 \neditcategory.asp_blog_categories| editcategory.aspx| | 4167| 17-Aug-21| 08:19 \nmycategories.asp_blog_categories| mycategories.aspx| | 2718| 17-Aug-21| 08:19 \nnewcategory.asp_blog_categories| newcategory.aspx| | 4197| 17-Aug-21| 08:19 \nschema.xml_blog_categories| schema.xml| | 18153| 17-Aug-21| 08:19 \nviewcategory.asp_blog_categories| viewcategory.aspx| | 4190| 17-Aug-21| 08:19 \nallcomments.asp_blog_comments| allcomments.aspx| | 2718| 17-Aug-21| 08:19 \nbyauthor.asp_blog_comments| byauthor.aspx| | 2718| 17-Aug-21| 08:19 \neditcomment.asp_blog_comments| editcomment.aspx| | 4167| 17-Aug-21| 08:19 \nmycomments.asp_blog_comments| mycomments.aspx| | 2718| 17-Aug-21| 08:19 \nnewcomment.asp_blog_comments| newcomment.aspx| | 4197| 17-Aug-21| 08:19 \nschema.xml_blog_comments| schema.xml| | 35968| 17-Aug-21| 08:19 \nviewcomment.asp_blog_comments| viewcomment.aspx| | 4190| 17-Aug-21| 08:19 \nallposts.asp_blog_posts| allposts.aspx| | 2718| 17-Aug-21| 08:19 \narchive.asp_blog_posts| archive.aspx| | 2718| 17-Aug-21| 08:19 \nbyauthor.asp_blog_posts| byauthor.aspx| | 2718| 17-Aug-21| 08:19 \nbycategory.asp_blog_posts| bycategory.aspx| | 2718| 17-Aug-21| 08:19 \ncalendar.asp_blog_posts| calendar.aspx| | 2718| 17-Aug-21| 08:19 \neditpost.asp_blog_posts| editpost.aspx| | 4167| 17-Aug-21| 08:19 \nmyposts.asp_blog_posts| myposts.aspx| | 2718| 17-Aug-21| 08:19 \nnewpost.asp_blog_posts| newpost.aspx| | 4197| 17-Aug-21| 08:19 \nschema.xml_blog_posts| schema.xml| | 81082| 17-Aug-21| 08:19 \nviewpost.asp_blog_posts| viewpost.aspx| | 4190| 17-Aug-21| 08:19 \nelements.xml_blog| elements.xml| | 1207| 17-Aug-21| 08:19 \nfeature.xml_blog| feature.xml| | 1326| 17-Aug-21| 08:19 \ncategory.asp_blogcon| category.aspx| | 2649| 17-Aug-21| 08:19 \ndate.asp_blog_blogcon| date.aspx| | 2643| 17-Aug-21| 08:19 \nelements.xml_blogcon| elements.xml| | 29090| 17-Aug-21| 08:19 \nfeature.xml_blogcon| feature.xml| | 517| 17-Aug-21| 08:19 \nmonthlyarchive.asp_blogcon| monthlyarchive.aspx| | 2737| 17-Aug-21| 08:19 \npost.asp_blogcon| post.aspx| | 3153| 17-Aug-21| 08:19 \nsummary.asp_blog_blogcon| summary.aspx| | 3200| 17-Aug-21| 08:19 \ndefault.asp_blog_bloghp| default.aspx| | 2682| 17-Aug-21| 08:19 \nelements.xml_bloghp| elements.xml| | 8483| 17-Aug-21| 08:19 \nfeature.xml_bloghp| feature.xml| | 501| 17-Aug-21| 08:19 \nschema.xml_calltrack| schema.xml| | 314515| 17-Aug-21| 08:19 \ncalltrack.xml| calltracklist.xml| | 5563| 17-Aug-21| 08:19 \nfeature.xml_calltrack| feature.xml| | 1178| 17-Aug-21| 08:19 \nschema.xml_circulation| schema.xml| | 313711| 17-Aug-21| 08:19 \ncirculation.xml| circulationlist.xml| | 6489| 17-Aug-21| 08:19 \nfeature.xml_circulation| feature.xml| | 1196| 17-Aug-21| 08:19 \nschema.xml_contacts| schema.xml| | 8715| 17-Aug-21| 08:19 \ncontacts.xml| contacts.xml| | 451| 17-Aug-21| 08:19 \nfeature.xml_contacts| feature.xml| | 480| 17-Aug-21| 08:19 \nsrcharea.xml| searcharea.xml| | 1279| 17-Aug-21| 08:19 \nfeature.xml_0004| feature.xml| | 527| 17-Aug-21| 08:19 \ncontenttypesettings.xml| co